Privacy Policy

1. Personal data that we process

We process the following categories of data on the basis of a contract or prior to entering into a contract, i.e., on a pre-contractual basis (ref. art. 6, para 1, (b) of GDPR):

1.1. Data contained in your (respectively your company’s / employer’s) Customer Account at Bravo that is created for you (respectively your company / employer) after entering into an informal contractual obligation with the Controller by accepting the General Terms and Conditions (GTC) governing Customer’s access to and use of Bravo Next Services:

• Account name(s)
• Account e-mail address
• Password
• Company name
• Billing address – country, city, province/region/state, ZIP (postal code), other address details/lines
• Subscription plan selection/cancelation
• Payment method (bank/payment card details) – cardholder names, card number, valid thru / expiration date, CVC, ZIP (postal code)
• Issued invoice(s) and payment / due date(s)
• (Customized) Account subdomain (e.g., subdomain “ABC” means “ABC.bravo-next.com”)

1.2. Data contained in User profile(s) associated with / created under your (respectively your company’s / employer’s) Customer Account at Bravo:

• Name(s) / nickname(s) of User(s)
• User e-mail address
• Password
• Status – active, inactive/disabled, etc.

1.3. Data provided by you (respectively your company / employer) when inputting variety of criteria in Bravo during use of Bravo Next Services (when in some way data pertains to individuals, e.g., Customer drivers, employees, contact persons, representatives, consultants, etc.):

• Name(s) / nickname(s) of Customer driver(s) – Bravo Next strongly advises its Customers to substitute the data in Name(s) / nickname(s) with data on type(s) or other general descriptor(s) of Customer driver(s) instead, e.g., long/short-haul driver(s), etc.
• Cost(s) / expense(s) – e.g., wages, social security payments, taxes, bonuses, penalties, fuel cost, parts / consumables (e.g., tyres), etc.
• Route(s) / location data – included elements (elements selected by Customer and expanded or not with inputted data), such as stop points, locations, marks, etc.) and excluded elements (elements excluded / marked to be avoided by Customer), such as toll roads, ferries, tunnels, difficult turns / U-turns, certain countries, etc.
• Transportation vehicles details – e.g., vehicle registration/licence plate(s), type / composition elements (trailers, trucks, etc.), weight, etc.
• Working activity / availability specifications – e.g., working hours/days of Customer drivers, external teams, etc.
• Other logistical and transportation management / planning data – depending on available functionalities in Bravo, subscription plan(s), Customer use, etc.

2. We process the following data based on your consent (ref. art. 6, para 1, (a) of GDPR) expressed through a deliberate action - entering of an optional set data and / or free choice of specific options:

2.1. Data contained in Customer Account at Bravo:

Customized Account subdomain (e.g., subdomain “ABC” means “ABC.bravo-next.com”)

2.2. Contact data and data contained in a sent message, video (e.g., VoIP), voice communication or a published comment, provided by completing a contact form of the Website/Bravo or by sending us an email, conventional mail, telegram, fax, telephone call, sending SMS, posting a comment on а blog (if/when such is available) and/or other forms of communication and/or expression (data dependent on the communication / comment place/avenue):

• Name(s)
• E-mail address(es)
• Phone number(s)
• Fax number(s)
• Address(es)
• Website(s)
• Content of the comment, communication (message, picture, video, voice, etc. content)

You may withdraw any of the aforementioned consents through Website/Bravo’s settings or the form and manner prescribed in this Policy. Upon withdrawal of consent, the processing of the relevant personal data for the stated purposes is discontinued. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.

3. We process the following data for compliance with legal obligations in accordance with the local and EU legislature (ref. art. 6, para 1, (c) of GDPR):

3.1. Data contained in your (respectively your company’s / employer’s) Customer Account at Bravo:

• Account name(s)
• Account e-mail address
• Password
• Company name
• Billing address – country, city, province/region/state, ZIP (postal code), other address details/lines
• Subscription plan selection/cancelation
• Payment method (bank/payment card details) – cardholder names, card number, valid thru / expiration date, CVC, ZIP (postal code)
• Issued invoice(s) and payment / due date(s)
• (Customized) Account subdomain (e.g., subdomain “ABC” means “ABC.bravo-next.com”)

3.2. Data contained in User profile(s) associated with / created under your (respectively your company’s / employer’s) Customer Account at Bravo:

• Name(s) / nickname(s) of User(s)
• User e-mail address
• Password
• Status – active, inactive/disabled, etc.

3.3. Data provided by you (respectively your company / employer) when inputting variety of criteria in Bravo during use of Bravo Next Services (when in some way data pertains to individuals, e.g., Customer drivers, employees, contact persons, representatives, consultants, etc.):

• Name(s) / nickname(s) of Customer driver(s) – Bravo Next strongly advises its Customers to substitute the data in Name(s) / nickname(s) with data on type(s) or other general descriptor(s) of Customer driver(s) instead, e.g., long/short-haul driver(s), etc.
• Cost(s) / expense(s) – e.g., wages, social security payments, taxes, bonuses, penalties, fuel cost, parts / consumables (e.g., tyres), etc.
• Route(s) / location data – included elements (elements selected by Customer and expanded or not with inputted data), such as stop points, locations, marks, etc.) and excluded elements (elements excluded / marked to be avoided by Customer), such as toll roads, ferries, tunnels, difficult turns / U-turns, certain countries, etc.
• Transportation vehicles details – e.g., vehicle registration/licence plate(s), type / composition elements (trailers, trucks, etc.), weight, etc.
• Working activity / availability specifications – e.g., working hours/days of Customer drivers, external teams, etc.
• Other logistical and transportation management / planning data – depending on available functionalities in Bravo, subscription plan(s), Customer use, etc.

3.4. Contact data and data contained in a sent message, video (e.g., VoIP), voice communication or a published comment, provided by completing a contact form of the Website/Bravo or by sending us an email, conventional mail, telegram, fax, telephone call, sending SMS, posting a comment on а blog (if/when such is available) and/or other forms of communication and/or expression (data dependent on the communication / comment place/avenue):

• Name(s)
• E-mail address(es)
• Phone number(s)
• Fax number(s)
• Address(es)
• Website(s)
• Content of the comment, communication (message, picture, video, voice, etc. content)
• Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication)

4. We process the following data on the basis of legitimate interest(s) (ref. art. 6, para 1, (f) of GDPR):

4.1. Data contained in your (respectively your company’s / employer’s) Customer Account at Bravo:

• Account name(s)
• Account e-mail address
• Password
• Company name
• Billing address – country, city, province/region/state, ZIP (postal code), other address details/lines
• Subscription plan selection/cancelation
• Payment method (bank/payment card details) – cardholder names, card number, valid thru / expiration date, CVC, ZIP (postal code)
• Issued invoice(s) and payment / due date(s)
• (Customized) Account subdomain (e.g., subdomain “ABC” means “ABC.bravo-next.com”)

4.2. Data contained in User profile(s) associated with / created under your (respectively your company’s / employer’s) Customer Account at Bravo:

• Name(s) / nickname(s) of User(s)
• User e-mail address
• Password
• Status – active, inactive/disabled, etc.

4.3. Data provided by you (respectively your company / employer) when inputting variety of criteria in Bravo during use of Bravo Next Services (when in some way data pertains to individuals, e.g., Customer drivers, employees, contact persons, representatives, consultants, etc.):

• Name(s) / nickname(s) of Customer driver(s) – Bravo Next strongly advises its Customers to substitute the data in Name(s) / nickname(s) with data on type(s) or other general descriptor(s) of Customer driver(s) instead, e.g., long/short-haul driver(s), etc.
• Cost(s) / expense(s) – e.g., wages, social security payments, taxes, bonuses, penalties, fuel cost, parts / consumables (e.g., tyres), etc.
• Route(s) / location data – included elements (elements selected by Customer and expanded or not with inputted data), such as stop points, locations, marks, etc.) and excluded elements (elements excluded / marked to be avoided by Customer), such as toll roads, ferries, tunnels, difficult turns / U-turns, certain countries, etc.
• Transportation vehicles details – e.g., vehicle registration/licence plate(s), type / composition elements (trailers, trucks, etc.), weight, etc.
• Working activity / availability specifications – e.g., working hours/days of Customer drivers, external teams, etc.
• Other logistical and transportation management / planning data – depending on available functionalities in Bravo, subscription plan(s), Customer use, etc.

4.4. Contact data and data contained in a sent message, video (e.g., VoIP), voice communication or a published comment, provided by completing a contact form of the Website/Bravo or by sending us an email, conventional mail, telegram, fax, telephone call, sending SMS, posting a comment on а blog (if/when such is available) and/or other forms of communication and/or expression (data dependent on the communication / comment place/avenue):

• Name(s)
• E-mail address(es)
• Phone number(s)
• Fax number(s)
• Address(es)
• Website(s)
• Content of the comment, communication (message, picture, video, voice, etc. content)
• Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication)

5. Purposes of the processing of personal data

5.1. The data contained in your (respectively your company’s / employer’s) Customer Account at Bravo and/or in User profile(s) associated with said Account are being processed for the following purposes:

• Entering into contractual relations
• Accountability of the Controller by recording legally significant data in electronic protocols – e.g., technical logs, etc.
• Delivery of Bravo Next Services
• Provision of support for technical malfunctions, providing Customers/Users with information via our support, responding to complaints, tracking Bravo Next Services, subscription plans, payments, etc.
• Verifying Account/User data (e.g., by sending an email to ensure the security of access or for resetting password(s), etc.), if/when such is available
• Authentication when signing in the Account/User
• Charging payment methods, execution of subscription plans, issuance of invoices/ billing, (initial / basic) verification / validation of payment card details, refunding of payments (when a claim has been received and/or in case of overpayment / mistaken bank/Stripe transfers, etc.), other payment related processing, including, but not limited to, provision to payment service providers (PSPs), such as Stripe, bank(s), etc. for processing of payments / charging, verification / validation, etc.
• Easing the use of provided payment method via storage of the card details at the respective Account and/or automation of payments towards respective Customer subscription plan
• Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services
• Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications (if/when such are available) in connection with use of respective Bravo Next Services or changes in the relevant terms and conditions / policies
• Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules, etc.
• Implementation / operation of a management information system (Enterprise resource planning, ERP), if/when such is available
• Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings

5.2. The data provided by you (respectively your company / employer) when inputting variety of criteria in Bravo during use of Bravo Next Services are being processed for the following purposes:

• Accountability of the Controller by recording legally significant data in electronic protocols – e.g., technical logs, etc.
• Delivery of Bravo Next Services
• Provision of support for technical malfunctions, providing Customers/Users with information via our support, responding to complaints, tracking Bravo Next Services, subscription plans, payments, etc.
• Verifying Account/User data (e.g., by sending an email to ensure the security of access or for resetting password(s), etc.), if/when such is available
• Authentication when signing in the Account/User
• Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services
• Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications (if/when such are available) in connection with use of respective Bravo Next Services or changes in the relevant terms and conditions / policies, including, but not limited to, provision to email service providers, such as Mailtrap, etc.
• Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules, etc.
• Loss prevention as well as detecting and preventing misuse in filing, registering and/or delivering Bravo Next Services
• Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings
• Map / terrain depiction(s) in relation to route(s), location data, other logistical and transportation management / planning optimization(s), including, but not limited to, provision to maps / routes service providers, such as Here Maps API, Maptiler, Maplibre, Openstreetmap, etc.
• Route(s), logistical and transportation management / planning optimization(s) and general or custom cost(s)/ expense(s) improvement suggestions to Customers via Bravo Next Services (if/when such are available)
• Use of route / location data after sufficient anonymization for improvement and/or development of Bravo Next Services (if/when such are available)

5.3. The contact data and data contained in a sent message, video (e.g., VoIP), voice communication or a published comment are being processed for the following purposes:

• Identify you as sender / author of a message or a posted comment
• Establishing communication with you, incl. notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications (if/when such are available) in connection with use of respective Bravo Next Services or changes in the relevant terms and conditions / policies
• Improvement and quality control of customer service
• Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings

6. Third parties with access to your personal information for the fulfillment of their duties

6.1. We use the following service providers for cloud services, hosting, reverse proxy, CDN, servers / clusters and/or collocation:

• Cloud service providers / colocation providers, such as the providers of DigitalOcean (www.digitalocean.com), Ploi.io (www.ploi.io), etc. More about them can be found on their respective websites.
• Cloudflare, Inc. – provides reverse proxy, DNS and CDN (content delivery network). Their privacy policy is available at https://www.cloudflare.com/security-policy/

6.2. Consultants and suppliers in different spheres for the purposes of protecting our legitimate interests in maintaining and improving the quality of the services we provide to you, to meet legal requirements, to protect legal rights and interests in judicial, pre-trial and administrative proceedings. In addition to engaged Bravo Next’s affiliates, i.e., subsidiary companies/entities, such as TT Union EOOD, registered in Bulgaria under reg. # (UIC) 205142685, etc., lawyers, tax consultants, accountants, etc., we use the following entities on regular bases:

• Mailtrap (www.mailtrap.io), etc. - email service provider(s) of technical connectivity in regards to the sending of marketing/notification/authentication/other messages (via email). More about them can be found on their respective website(s).
• Maps / routes service providers, such as the providers of Here Maps API (www.here.com), Maptiler (www.maptiler.com), Maplibre (www.maplibre.org), Openstreetmap (www.openstreetmap.org), etc. More about them can be found on their respective websites.
• Payment service providers, such as the provider(s) of Stripe (www.stripe.com), bank(s), etc. More about them can be found on their respective websites.

6.3. State authorities and institutions in connection with inquiries carried out by them in accordance with legal requirements and restrictions;

In regards to the usage of private entities, we require and enforce these third parties to apply all adequate technical and organizational measures in order to protect your data.

7. Your personal data is processed for the following time periods

7.1. Data provided on a contractual basis:

Account/User profile data, as well as data provided during use of Bravo Next Services – up to 5 years from the date of the last use of Bravo Next Services; in the absence of use - until the Account/User profile is deleted/removed (requested by Customer/User for erasure) through Bravo’s functionalities or 5 years from the date of your (respectively your company / employer) last login, whichever is happens first. The data is being erased from all backups (if any) within 30 days of the request for erasure / expiration of the respective time limitation above.

7.2. Data on the collection and verification of accounting data and accounting compliance – accounting records and financial statements, including tax audit, audit and subsequent financial inspection documents, shall be kept for 10 years from 1st of January of the reporting period following the reporting period to which they refer; all other holders of accounting information - three years from 1st of January of the reporting period following the reporting period to which they refer. The data is being erased from all backups (if any) within 30 days of the request for erasure / expiration of the respective time limitation above.

7.3. Data provided on the basis of consent – until the withdrawal, as provided, including through the functionality of Bravo or by deletion, as well as upon expiration of 5 years from the date of your last login, whichever happens first; data related to the comments you posted is exercise of your constitutional right to free expression. Therefore, no deadline is set after the expiration of which processing ceases, and instead you are given the opportunity to remove the published content by exercising your data subject rights in the form and manner prescribed in this Policy. The data is being erased from all backups (if any) within 30 days of the request for erasure / expiration of the respective time limitation above.

When the content of a specific comment contains offensive words or phrases, disgraceful, libelous and/or damaging claims, the Controller has the legitimate right to remove the content of the comment from its site.

Once the data is deleted it cannot be recovered or used anymore. The data shall not be deleted but will continue to be processed only for the purpose of protecting our legitimate rights and legitimate interests or in the fulfilment of our legal obligations, if at the date of expiration of that period, there is a pending legal, administrative and pre-trial proceedings or a misconduct, admitted or brought to our knowledge, complaints and potential violations – until their completion.

8. Your rights in relation to your personal data

8.1. Right of access, including the right to copy the data under processing. You have the right to request information about the personal data we hold on you at any time. You may contact us and, based on a written request and authentication of your identity, the data will be provided to you.

8.2. Right to rectification. You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed. You can do so through your account/profile or by writing to us, after duly authenticating your identity

8.3. Right to erasure ("Right to be forgotten") in the following cases:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
• Withdrawal of consent when processing is based on consent
• Illegal data processing
• Legal obligation to delete

The right to be forgotten is not an absolute right and may not be granted in the cases provided for by the law or due to a lack of proper authentication of your identity.

8.4. Right to restriction when:

• you object to a processing based on Controller’s legitimate interest, the Controller shall restrict all processing of such data pending the verification of the legitimate interest
• you have claim that your personal data is incorrect, the Controller must restrict all processing of such data pending the verification of the accuracy of the personal data
• the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
• if the Controller no longer needs the personal data but it is required by you to defend legal claims.

In the case of rectification, erasure or restriction of processing, we will inform any recipient to whom personal data have been disclosed, unless this is impossible or involves a disproportionate effort.

8.5. The portability of machine-readable data, according to which we will:

• provide the data directly to you
• If requested by you and technical possibility, the data is provided to another controller of your choice

8.6. Right to object to processing based on a legitimate interest. You may object to the processing of your personal data based on the legitimate interest of the Controller or a third party. The Controller will not continue to process your personal data unless it is proven that there are compelling legal bases that have priority over your interests and rights or due to litigation and other procedural and extra-procedural actions.

8.7. Right to object to direct marketing. You have the right to object to the receipt of marketing communications, including profiling and analysis for direct marketing purposes.

8.8. Right to complain with a supervisory authority in the Member State of habitual residence, place of work or place of suspected violation if you consider that the processing of your personal data is in breach of the provisions of Regulation (EC) 2016/679. On the territory of the Republic of Bulgaria, where the Controller’s headquarter is located, the supervisory authority is the Personal Data Protection Commission.

The aforementioned rights shall be exercised by written request in the form determined by the Controller, which you can get at the seat of the Controller or electronically upon request to the Data Protection Officer of the Controller and filling the received in response electronic form by applying the necessary documents.

You will receive an answer to your request within one month of receipt of your written request.

9. On “Cookie” usage

9.1. What are “cookies”? “Cookies” are small-size text files stored in the directory of the internet browser used by the users. The cookies are used in order to enable the users to effectively use the websites and certain functionalities. The cookies play a key role in simplifying and enhancing the usability of the websites which is why, if deleted or rejected, some website or certain functionalities may become unavailable for the users.

9.2. How do we use “cookies”? Our Website/Bravo use "cookies" in order to enhance its usability, to provide certain functionalities (e.g. remembering the users preferences, settings, etc.), to improve its operation as well as to analyze information about the user behavior when using the Website/Bravo.

The information collected through the "cookies" for the Website/Bravo is used in aggregated form which allows us to optimize the Website/Bravo as well as to improve its structure, functionalities and content.

9.3. What “cookies” do we use? For the Website/Bravo we use some or all of the following “cookies”, falling into three main categories – basic, statistical and marketing:

• Google Analytics – statistical / marketing – data is stored up to 26 months (more information provided below)
• LocalStorage – statistical – data is stored until manual erasure, application update or data subject’s removal request
• Session and authentication cookies – basic – data is stored until termination of session / internet browser closure

9.4. “Third party cookies” It is possible for the Website/Bravo to contain some links to other websites or embedded content from other websites (e.g., Instagram, Facebook/Meta, Google, etc.). When visiting these websites or accessing such content it is possible that certain cookies are placed on your device by websites other than this one. Such cookies are generally referred to as "third party cookies". We have no control over the generation or the management of third-party cookies. For more information regarding the purpose or content of such third-party cookies, please find and familiarize yourselves with the privacy policies or the cookie policies adopted by the respective third parties.

Here is a link where you can learn more about Google Analytics cookie policy: https://policies.google.com/technologies/cookies.

9.5. Management of the “cookies” used by us. Most of the generally available surfing programs (browsers) are set to accept cookies by default. If you prefer, you may alter the settings of your browser so as to have all existing cookies deleted or to automatically reject the placement of cookies (including third party cookies). Please be informed, however, that should you choose to delete or reject the cookies, this may negatively impact the availability or functionality of the sites.

More information regarding the cookies, including regarding the possibilities for their management, is available at: http://www.allaboutcookies.org/manage-cookies/.

Please be informed that the content of http://www.allaboutcookies.org/manage-cookies/ is only available in the following languages: English, German, Spanish and French.

You can use the Google Analytics cookie opt-out option, located at the following address: https://tools.google.com/dlpage/gaoptout/. By following the described Google Analytics cookie removal steps, you will install an add-on overlay on your browser, which will essentially block the Google Analytics’ cookie functionality.

To opt out of Facebook/Meta: please see: https://www.facebook.com/ads/preferences.

You can also stop the access to certain selected cookies through this link: http://www.youronlinechoices.com/bg/your-subscription portal.