Privacy Policy

The purpose of this policy is to allow data subjects to understand how their personal data are collected, stored, used and protected, as well as to know their rights in respect of such data.

The Bulgarian Deposit Insurance Fund (BDIF) guarantees in utmost degree the protection of personal data processed or made available in connection with BDIF performance of its mandate in accordance with the requirements of the Law on Bank Deposit Guarantee (LBDG), the Law on Bank Bankruptcy (LBB) and the Law on the Recovery and Resolution of Credit Institutions and Investment Firms (LRRCIIF).

BDIF fulfils the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), having further developed its overall data protection framework, which is an integral part of BDIF internal regulations on BDIF information security management.

This Privacy Policy applies to individuals whose personal data are processed by BDIF in fulfilment of its mandate, while protecting its legitimate interests or protecting the public interest.

Who Processes and Bears Responsibility for Personal Data

The BDIF is a personal data controller within the meaning of the General Data Protection Regulation and the Law for Protection of Personal Data.
For any questions relating to the processing of your personal data, you can contact us at our headquarters in 1606 Sofia, 27 Vladayska Str., or by email at the BDIF Data Protection Officer’s email:
Dimitar Tsekov
e-mail: dpo@dif.bg

Supervisory authority:
Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia
Call centre – tel.: +359 2 9153 518

Personal Data Processed by BDIF

BDIF does not collect nor processes more or different type of personal data than those required to perform its activities in accordance with the requirements of the LBDG, the LBB and the LRRCIIF, as well as those used in the performance of its contractual relations with an explicit consent provided.

Purposes for Processing Personal Data

BDIF receives, collects, processes, stores and uses personal data for the following purposes under its legal obligations:

  • Processing of personal data required for the payout of covered deposits, the testing of the deposit guarantee system and the effective restructuring of credit institutions;
  • Processing of personal data to fulfil its mandate under the Law on Bank Bankruptcy;
  • Processing of personal data on a contractual basis, necessary for concluding or executing contracts between BDIF and third parties related to BDIF activities;
  • Processing of personal data where an explicit consent by individuals is in place;
  • Protection of legitimate interest of BDIF and of the public interest.

Storage Limitation of Personal Data

The duration of storage of personal data depends on the processing purposes for which they are collected:

  • The personal data processed for the purposes of payout of covered deposits, the support of the effective restructuring of credit institutions and the fulfilment of BDIF mandate, as required by the Law on Bank Bankruptcy, are kept for a period consistent with the process of payout of covered deposits and conclusion of the bankruptcy proceedings, as well as with the requirements of the Accountancy Act and the Tax and Social Insurance Procedure Code;
  • Personal data processed for the purpose of testing the deposit guarantee system shall not be kept longer than the time required to conduct the tests and shall be destroyed once the test has been completed;
  • Personal data of the representatives of BDIF counterparties are kept for a period consistent with the requirements for storing accounting documents as stated in the Accountancy Act and the Tax and Social Insurance Procedure Code;
  • Personal data contained in the inquiries by depositors whose deposits are being paid out/have been paid out by BDIF, as well as in inquiries of creditors of banks in bankruptcy, are kept for up to one year from the date the particular inquiry was received. The personal data processed in relation to general inquiries and their respective replies are kept for a period of up to one month from the date the response was sent;
  • The inquiries sent to the e-mail of BDIF’s DPO and their respective replies are kept for up to one month since the date the response was sent. The correspondence relating to requests for exercise of rights of an individual who is a subject of data processed by BDIF is kept for a period of up to one year since the DPO sent reply with the information about the actions undertaken regarding the particular request.

Rights of Data Subjects Related to Personal Data Processing

  • Right to access
    • Any individual who is a subject of data processed by BDIF is entitled to obtain information about the personal data concerning him which BDIF processes;
  • Right to erasure or rectification
    • Any individual who is a subject of data processed by BDIF is entitled to request erasure or rectification of his personal data, where they are inaccurate or shall be amended, or their processing is not compliant with the Law on Personal Data Protection when grounds for that are in place;
  • Right to restriction of personal data processing
    • Any individual who is a subject of data processed by BDIF is entitled to request restriction of personal data processing when grounds for that are in place.
  • Right to object personal data processing
    • Any individual who is a subject of data processed by BDIF is entitled to object the processing, if he/she considers that the data are unlawfully processed.

Transfer of Personal Data

BDIF provides personal data to the respective servicing banks for the purpose of payout of covered deposits.

BDIF provides personal data to state authorities and institutions where such an obligation under special legal regulations is in place.

BDIF may provide personal data to individuals outside Bulgaria in an EU Member State if the bank for which the covered deposits are paid has a branch in the respective Member State.

Public Access to Personal Data

In compliance with the requirements of Art. 62, para 12 of the Law on Credit Institutions BDIF has published on its website the following lists containing personal data:

  • natural and legal persons and the amount of their loans in default at the date of disclosure;
  • consultancy contracts, rental contracts and other non gratuitous and gratuitous transactions between the bank and the persons under Art. 2, paras 1 and 3 of the Law on Publicity of Property owned by Persons Occupying High State Positions, members of management and supervisory boards of the bank in bankruptcy;
  • the amount of the deposits and loans of natural persons under Art. 2, paras 1 and 3 of the Law on Publicity of Property owned by Persons Occupying High State Positions, members of management and supervisory boards of the bank in bankruptcy, drawn up on the basis of information provided on the grounds of Art. 15, para 15 of the Law on Credit Institutions by the President of the National Audit Office
  • the amount of the deposits and loans of legal persons, drawn up on the basis of information provided on the grounds of Art. 15, para 15 of the Law on Credit Institutions by the President of the National Audit Office
  • the amount of deposits and loans of political parties, drawn up on the basis of information on political parties provided by Sofia City Court;
  • credit transactions where: no collateral has been contracted or the value of the contracted collateral is lower than the amount of the utilised loan; the contracted collateral is not properly established; upon a proper establishment of the collateral, the rights of the pledge creditor thereon have not been reserved under the procedure provided for by law, including in the cases where entries of registered pledges have not been renewed, the subject of the real pledge has not been submitted to the creditor or is missing on the date of the disclosure; loans have been renegotiated regarding the deadline, the amount and the type of collateral if not agreed in the host contract;
  • credit transactions, where property originating from the bank under § 1, item 6 of the Additional Provisions of the Law on Bank Bankruptcy has been provided by a borrower to other parties and the amount of each transaction exceeds BGN 50,000, with the persons being disclosed consecutively; the threshold requirements shall not apply to persons under Art. 2, paras 1 and 3 of the Law on Publicity of Property Owned by Persons Occupying High State Positions;
  • natural and legal persons who announced their transfer of receivables or made a setoff statement after the bank had been placed under special supervision;
  • natural and legal persons and the amount of their loans who have been granted preferential interest rates in deviation from the terms and conditions announced by the bank in bankruptcy to be applied to all its borrowers for a period of two years before the date of insolvency;
  • natural and legal persons and the amount of their deposits under § 1, item 1 of the Additional Provisions of the Law on Bank Deposit Guarantee, who have been granted preferential interest rates in deviation from the terms and conditions announced by the bank in bankruptcy to be applied to all its depositors for a period of two years before the date of insolvency;
  • natural and legal persons and the amount of their deposits under § 1, item 1 of the Additional Provisions of the Law on Bank Deposit Guarantee, who have been granted preferential interest rates in deviation from the terms and conditions announced by the bank to be applied to all its depositors, if those persons conducted transactions with their deposits after the bank had been placed under special supervision.

‘Cookies’ Policy

  • Cookies

In order to increase efficiency, the electronic platform of BDIF website uses a limited range of ‘cookie’ data files (cookies).

Cookies are small text files for temporarily storing information about user actions, preferences, or other activity when visiting a website.

  • Types of cookies

BDIF website uses one or several of the following types of cookies:

  • Systemically required cookies and functionality cookies. These are cookies without which the functioning of the website is impossible or is put at high risk, as well as those facilitating the user when using the website and taking into account his individual preferences. Systemically required cookies are also ensuring security of connection and protection from unsolicited external intervention. Systemically required cookies include such for device recognition, language and font preferences retention, etc. Systemically required cookies are often referred to as temporary or session cookies. Functionality cookies can be stored for a longer time on the device, they can be used in more than one session of the browser and are called persistent;
  • Efficiency cookies and analytics. They serve to collect statistical information on the basis of which general conclusions and recommendations can be made on the effectiveness of the website in view of the user purposes. For better accuracy BDIF website uses Google Analytics.
  • Deactivation of cookies

Users of BDIF website (www.dif.bg) may control the cookies used, delete the saved ones, as well as disable the use of cookies in the future. Instructions for different browsers and operational systems may be found at http://www.aboutcookies.org/.

Links from BDIF website to other websites

BDIF website may include links to other websites that are not under the control of the BDIF. BDIF is not responsible for the protection of personal data or for the content of other websites, but offers these links to facilitate visitors in finding more information about other institutions in Bulgaria, foreign deposit insurance organisations and international financial institutions.