Matilde Foundation

Privacy Policy

We are Matilde Foundation and this is the Privacy Policy drafted pursuant to Art. 13 EU Reg. 679/2016 (“GDPR”) in which we explain how we process, protect and store the data of each visitor (“the User”) collected through the domain (“the Site”).

1. Who processes your data?
Who is the data controller?.

The data controller is the natural or legal person who determines the purposes and means of data processing. It is, in fact, the person who collects and manages your personal data, assuming legal responsibility for it.

The Data Controller is Matilde Foundation (hereinafter referred to as the “Data Controller” or “Matilde Foundation”) with registered office in Sofia 1000,  Sredets district,  10 Stefan Karadzha Street, fl.3

2. What data do we process?

    • Navigation data including:
      IP address, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment (“Browsing Data”).
    • Data provided by the user including:
      first name, last name, email address, message.
    • Payment details including: IBAN, information relating to the User’s bank (“Payment Data”) History of services purchased (“Transaction History”).

In the event that the interested party prefers not to communicate data that is obligatory and/or necessary for the fulfilment of certain purposes, Matilde Foundation reserves the right not to provide the service

3. Assumptions and purposes for which we process your data What is the legal basis of the processing?.

The legal basis is the condition by which Matilde Foundation can lawfully process personal data. For more details you can read Article 6 of Regulation (EU) 2016/679 (“GDPR”) at this link.

 On what legal basis do we base the processing?

There can be several legal bases for the processing of data.

  • Consent: data processing takes place because the user has given consent.
  • Execution of a contract: Data processing is necessary to conclude or execute our contract.
  • Legal obligation: Data processing is required by a specific legal provision.
  • Legitimate interest: Data processing is necessary to satisfy a legitimate interest of ours.

For each processing based on this legal basis we have carefully checked that your rights and interests do not override our own.

A) Contact and response to requests

Matilde Foundation will process the User’s Contact Data. Legal basis: Contract art. 6.1(b) of the GDPR

B) Creating and managing the User’s account

Matilde Foundation will process User’s first name, last name, email address and professional information as well as Payment Data Legal basis: Contract art. 6.1(b) of GDPR

C) Managing the provision of services & Customer care;

Matilde Foundation will process User Contact Data, Payment Data as well as Transaction History. Legal basis: Contract art. 6.1(b) of the GDPR..

D) Send newsletter

Matilde Foundation will process Users’ first name, last name and email address. Legal basis: Consent art.6.1(a) of GDPR

E) Sending materials for communication and marketing purposes

Matilde Foundation will process User’s name, surname and email address Legal basis: Consent art.6.1(a) of GDPR

F) Carry out profiling aimed at the personalisation of direct marketing and behavioural advertising;

Matilde Foundation will process Users’ Contact Data and Transaction History. Legal basis: Consent art 6.1(a) of the GDPR..

G) Send communications in relation to services similar and contiguous to those purchased

Matilde Foundation will process Users’ Contact Data. Legal basis: Legitimate interest art 6.1(f) of the GDPR

H) Improve the website by analysing how Visitors or Users navigate and/or use the website.

Matilde Foundation collects and stores User Navigation Data. Legal basis: Legitimate interest art 6.1(f) of the GDPR.

I) To enable the Data Controller to comply with formalities required by law, including those of a fiscal nature.

Matilde Foundation will process the User’s Contact Data Legal basis: Legal obligation art.6.1 (c) of the GDPR

L) Detecting or preventing fraudulent activities and exercising the Controller’s rights in court

Matilde Foundation will process User Contact Data Legal basis: Legitimate interest art 6.1(f) of the GDPR

M) Proceeding to personnel selection

Matilde Foundation will process name, surname, email address, professional and CV information Legal basis: Contract art. 6.1(b) of GDPR

4. Processing methods

The processing is carried out using automated and/or manual computer and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorised use of the data.

5. Place of data processing

Personal data are processed at the Controller’s head office as well as on the servers hosting the website Personal data are stored on servers located in the EU territory and shall not be transferred outside the EU under any circumstances. The Data Controller ensures that when using cloud providers, services or platforms established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided by the GDPR.

6. For how long may we process your data?

We retain your data for:

    • the period necessary to respond in relation to the sending of communications and responses to requests relating to Matilde Foundation’s business and in any case never for a period exceeding 12 months;
    • until consent is withdrawn regarding the sending of newsletters and/or other materials for marketing communication purposes and in any case never for a period exceeding 24 months;
    • until consent is withdrawn in relation to profiling and in any case never for a period exceeding 12 months;
    • under applicable law to allow the Controller to fulfil formalities required by law, including those of a fiscal nature for a maximum period of 10 years;
    • 10 years to detect or prevent fraudulent activities and to exercise the Holder’s rights in court.
    • 2 years for recruitment activities

After this period has expired, we shall delete or anonymise the data completely.

7. With whom do we share your data?

The subjects who may become aware of your personal data, within the limits strictly necessary to fulfil the purposes indicated in paragraph 3, are subjects formally appointed by Matilde Foundation. In addition to internal staff – specifically authorised under art. 29 GDPR – to ensure the provision of the service, your personal data may be communicated to external parties who may act as autonomous data controllers or processors. In particular, your data may be communicated to:

Internet service providers and platforms used by the Data Controller as organisational tools, communication and/or promotion channels as well as video platforms for web conferences; authorities whose right to access personal data is expressly recognised by law, regulations or measures issued by the competent authorities.

Relationships with the subjects listed above are – and will be – formalised by means of a contract pursuant to Article 28 GDPR (Appointment as Data Processor). To find out who are the data processors appointed by Matilde Foundation you can contact us at

8. Your privacy rights
What are privacy rights?.

The GDPR recognises important rights that you can exercise by contacting the Data Controller. To find out more about your rights you can read chapter 3 of the GDPR at this link.

You may exercise the following rights:.

    • Right of access to data;
    • Right to rectification;
    • Right to be forgotten or erased;
    • Right to restriction of processing;
    • Right to portability;
    • Right to object;
    • Right to lodge a complaint with the competent national authority (Data Protection Authority);

9. Who you can contact

For any communication relating to the processing of your data, including the exercise of your rights, you can write to us by e-mail at:

10. Modifications

Matilde Foundation reserves the right to modify or simply update its content, either partially or completely, including due to changes in applicable legislation. Matilde Foundation will inform users of these changes as soon as they are introduced and they will be binding as soon as they are published on its website or otherwise transmitted to them. Matilde Foundation therefore invites its clients to pay attention to the latest version of the information displayed through these channels so that they are always up to date with the data collected and how it is used by Matilde Foundation.

Last updated: 03 April 2023