GuideSofia Privacy Policy
Effective Date: January 9, 2025
Last updated: July 11, 2025
1. Introduction
GuideSofia, a product of Brandly Collective ltd. registered in Bulgaria with VAT BG206206347, legal address 7 Boris Arsov str. Sofia, Bulgaria, is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data in compliance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”).
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person (“data subject”).
- Processing: Any operation performed on personal data, whether automated or not (e.g., collection, storage, use).
- Controller: The entity determining the purposes and means of processing personal data.
- Processor: The entity processing personal data on behalf of the Controller.
- Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes.
3. Data Controller
Brandly Collective ltd.
Registered Address: 7 Boris Arsov str., Sofia 1700, Bulgaria
Email: brandly@brandlycollective.com
4. Categories of Personal Data Collected
4.1 Location Data
• Precise geolocation (GPS, Wi‑Fi, cell tower) when using the App.
4.2 Usage and Interaction Data
• POIs viewed, audio tours played, in‑App searches, feedback, ratings.
4.3 Device and Technical Data
• Device model, operating system version, unique identifiers (e.g., advertising ID), IP address, language settings.
4.4 Log and Diagnostic Data
• Crash reports, performance metrics, timestamps.
5. Purposes and Legal Bases for Processing
Purpose | Legal Basis (GDPR Article) |
---|---|
Provide core App functionality (map display, POI recommendations, audio tours) | Performance of a contract (Art. 6(1)(b)) |
Personalize content based on location and preferences | Legitimate interests (Art. 6(1)(f)) |
Obtain consent for location services and marketing communications | Consent (Art. 6(1)(a)) |
Analyze usage patterns and improve App | Legitimate interests (Art. 6(1)(f)) |
Engage in direct marketing (email, notifications) | Consent (Art. 6(1)(a)) |
Comply with legal obligations (e.g., record‑keeping) | Legal obligation (Art. 6(1)(c)) |
6. Consent Management
You may withdraw your consent to processing at any time via your device settings or by emailing brandly@brandlycollective.com. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
7. Data Recipients and Disclosure
7.1 Service Providers: We engage processors (e.g., cloud hosting, analytics, customer support) under GDPR-compliant Data Processing Agreements (Art. 28).
7.2 Legal and Regulatory Authorities: When required by law, court order, or to protect rights and safety (Art. 6(1)(c), Art. 6(1)(d)).
7.3 Business Transfers: In connection with mergers, acquisitions, or asset sales; data subject to confidentiality commitments.
8. International Transfers
Where processing occurs outside the European Economic Area (EEA), we implement appropriate safeguards (e.g., Standard Contractual Clauses) in accordance with Chapter V of the GDPR.
9. Data Retention
We retain personal data only as long as necessary for processing purposes or to comply with legal obligations.
- Location & Interaction Data: Retained for a maximum of 2 years, then anonymized or deleted.
- Account Information: Retained while your account is active, plus any statutory retention period.
10. Data Security
We employ technical and organizational measures, including encryption (in transit and at rest), access controls, regular security assessments, and incident response procedures, to protect personal data against unauthorized access, alteration, or destruction.
11. Data Subject Rights
Under Chapters II and III of the GDPR, you have the right to:
- Access your personal data (Art. 15).
- Rectify inaccurate or incomplete data (Art. 16).
- Erase data under certain conditions (Art. 17).
- Restrict processing (Art. 18).
- Data portability (Art. 20).
- Object to processing based on legitimate interests or direct marketing (Art. 21).
- Withdraw consent at any time (Art. 7(3)).
To exercise these rights, contact brandly@brandlycollective.com. We will respond within one month, extendable by two months for complex requests (Art. 12(3)).
12. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, such as the Bulgarian Commission for Personal Data Protection (https://www.cpdp.bg), if you believe your data rights have been violated (Art. 77).
13. Children’s Privacy
Our App is not directed to children under 13. We do not knowingly collect data from children under 13. If we become aware of such collection, we will delete the data immediately.
14. Changes to This Policy
We may update this Policy. We will post changes on this page and, if material, notify you via in‑App notice or email. Please review this Policy periodically.
15. Contact Information
Email: brandly@brandlycollective.com