PRIVACY POLICY DECLARATION 

"Microinvest" Ltd. ("Company") is aware of the need to implement adequate protection of the personal data of data subjects, striving to respect their privacy. This Privacy Policy Declaration ("Declaration") has been created to help data subjects understand how and for what purposes the Company processes, uses and protects their personal data. 

 

For the purposes of its activities, the Company processes personal data in strict accordance with Regulation (EU) 2016/679 ("General Data Protection Regulation", "GDPR"), the Personal Data Protection Act and other applicable regulatory enactments and the Declaration. 

 

This Declaration provides information regarding: 

  • Definitions 

  • Scope of this Declaration 

  • Data which identifies the Administrator and contact details 

  • Categories of personal data 

  • Data subjects whose personal data is processed 

  • For what purposes is personal data processed 

  • The legal basis on which personal data is processed 

  • Recipients of personal data 

  • Periods for storing personal data 

  • Rights of data subjects and how to exercise them 

  • Giving consent and withdrawing consent 

  • Right to complain to the supervisory authority 

  • Personal data security measures 

 

Definitions: 

"Personal data" means any information relating to a specific individual or an individual who can be directly or indirectly identified; 

 

"Processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means; 

 

"Administrator" means "Microinvest" Ltd., which alone or jointly with others determines the purposes and means of the processing of personal data; 

 

"Personal data processor" means an individual or legal body, public authority, agency or other body which processes personal data on behalf of the administrator; 

 

"Recipient" means an individual or legal body, public authority, agency or other body to whom the personal data is disclosed, whether a third party or not; 

 

"User" means an individual or legal body, who has a created user Account and is a user of the services on the Microinvest platform; 

 

"Visitor" means an individual which visits www.microinvest.net; 

 

"Data Subject" means a user or visitor to the Microinvest platform; 

 

"Microinvest" means an online contents located on the website: www.microinvest.net or pos.microinvest.net; 

 

Scope of this Declaration 

This Privacy Policy Declaration applies to the relationship between Microinvest Ltd. on the one hand and Microinvest users and visitors on the other. The purpose of the Declaration is to inform data subjects of their rights in accordance with Art. 12 et seq. of Regulation (EU) 2016/679. 

 

Data which identifies the Administrator and contact details 

The administrator of personal data is "Microinvest" Ltd. UIC 831826092, address: Republic of Bulgaria, Sofia, Ovcha Kupel district, 12 Boycho Boychev Str., e-mail: office@microinvest.net, phone +35929555515 

 

Personal data categories 

The Company collects the following categories of personal data directly from data subjects: 

  • Upon registration of Users in Microinvest: When a data subject registers and creates their own user Account in Microinvest, they provides the Administrator with the following categories of personal data: name, address, telephone number, individual tax number, e-mail, username, password, IP address. If the user Account is inactive for 18 months, the user Account is automatically deleted. 

  • When requesting services from Users in Microinvest: When using the services of Microinvest, the data subject provides the following categories of personal data: name, address, telephone number, individual tax number, bank/credit card details in order to make a payment for using the service. 

 

The Company has integrated the MyPOS and Stripe platforms into Microinvest as a payment instrument for performing money transfers by Users registered on the platform. When applying to use the services on the platform, the following information is required from these Users: name of the holder, credit card number, expiration date and CVV code. This personal data is not processed by the Company. This personal data is received from MyPOS and Stripe via an encrypted connection. Microinvest has no control and does not access this personal data in any way. The Company does not store the bank card number and its three-digit code of a User registered on the platform. This data is sent to and stored by Stripe. For more information about the grounds and purposes of processing personal data by Stripe, read here. 

  • For Microinvest Visitors: Visitors can browse Microinvest and use its functionalities according to their access, in which case IP address data is collected. 

  • Upon request sending: When a data subject sends a request to the Administrator via the contact form, they provide their name, email address and a comment to their request. 

  • When filling in the data of Users’ counterparties using the services of Microinvest: When Users use the services of Microinvest, for example when compiling and filling in data in an invoice for their counterparty, a physical entity or legal representatives of legal entities, the following data is submitted: names, address and personal identification code. 

  • Protection of legal interests: In the event of legal disputes, the Company may process the following categories of personal data of data subjects: names, personal identification code, address, e-mail and other data from the registration form. 

  • Marketing goals: 

The Company processes Users' data for internal purposes. It can be used entirely to improve Microinvest services in order to obtain better and faster services. The Administrator may process personal data for external marketing purposes, where applicable. In this case, it requires the consent of the Users and collects names and e-mail addresses from them in an appropriate manner. 

When personal data is provided by the data subject to the Personal Data Administrator without any legal basis under Art. 6, paragraph 1 of Regulation (EU) 2016/679 or in contradiction with the principles under Art. 5 of the same regulation, within one month of becoming aware of them, the Company returns them, and if this is impossible or requires disproportionate effort, is shall delete or destroy this data. The deletion and destruction are documented. 

 

Data subjects whose personal data is being processed 

The Administrator processes personal data of the following categories of data subjects: 

  • Microinvest Users 

  • Microinvest Visitors 

  • Counterparties 

 

For what purposes is personal data processed? 

The Company processes personal data for the following purposes: 

  • For the purposes of entering into and performing a contract to which the User is a party. This includes, but is not limited to, the provision of access to and use of Microinvest services; 

  • For compliance with a legal obligation applicable to the Administrator; 

  • For marketing purposes; 

  • For the protection of the Administrator's legitimate interests, including administrative activities such as: legal services and information services and consumption analysis, information security, etc. 

 

On what legal basis is personal data processed? 

The Company processes personal data of data subjects on the following lawful grounds: 

  • Processing is necessary for the performance of a contract to which the User is a party, or to take steps at the request of the data subject prior to entering into a contract; 

  • Processing is necessary for compliance with a legal obligation to which the Administrator is subject. Such an obligation may be an explicit request by law enforcement authorities to provide information; 

  • Processing is necessary for the purposes of the legitimate interests of the Administrator or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data; 

  • The data subject has consented to the processing of his or her personal data for one or more specific purposes. 

 

Recipients of personal data 

The Company may share the personal data of data subjects with the following recipients: 

  • State institutions and bodies with governmental powers, when by law the Administrator is obliged to provide personal data; 

  • Business partners who serve the Administrator, in their capacity as personal data processors, to maintain information security and provide services related to the Microinvest platform; 

  • Employees of the Administrator who process personal data in accordance with their assigned official/labour functions according to their job description and employment contract. 

Microinvest may include links to third-party websites, plug-ins and applications. Clicking on or activating these links may allow third parties to collect or share data about the data subject. The Company does not control these third-party websites and is not responsible for their privacy statements. When the data subject leaves Microinvest, they should carefully read the privacy statement of each website he visits. 

 

Periods for storing personal data 

The Company implements the appropriate technical and organizational protection measures to safeguard the rights and freedoms of data subjects in accordance with the principle of "integrity and confidentiality". In particular, the Administrator selects appropriate recipients who have taken the necessary safeguards to protect the personal data provided to them and, in view of the risks involved, to ensure an appropriate level of security, including where appropriate: 

  • Pseudonymisation and encryption of personal data; 

  • Ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services; 

  • Ability to promptly restore the availability and access to personal data in the event of a physical or technical incident; 

  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure the security of processing. 

The Administrator may provide personal data to countries outside the European Union. The provision of personal data in this case may be carried out in compliance with the requirements under Chapter V of Regulation (EU) 2016/679 and the applicable international agreements between the European Union and third countries. For this purpose, the Company may freely transfer personal data to countries outside the European Union for which there is a decision of the European Commission on an adequate level of personal data protection. The same applies to cases where the Company has entered into a contract with standard clauses for the transfer of personal data to third countries, adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021. 

 

Personal data storage periods 

"Microinvest" Ltd. stores personal data in accordance with the principle of "storage limitation". In particular, for the above purposes, the Company will store: 

  • The personal data of counterparties is stored within the terms according to the general statute of limitations; 

  • Personal data contained in accounting documents is stored for the terms specified in the Accountancy Act, the Tax and Social Security Procedure Code and other regulatory acts. 

  • Personal data in the User Account is stored until the User deletes them or requests the Administrator to delete them. Also, if the user Account is inactive for 18 months, the User Account is automatically deleted. 

  • When a data subject writes a comment under posts in Microinvest, their data remains published until the comment is deleted by the Administrator. In this case, they may request the Administrator to delete their comment. 

  • Personal data of Users who have sent a request to the Administrator via the contact form is stored for a period of 6 months from the date of sending the request. 

 

Rights of data subjects and how to exercise them 

Data subjects whose personal data is being processed by the Administrator have: 

  • Right of access to personal data, including to obtain a copy of it; 

  • Right to rectification; 

  • Right to erasure (right to be forgotten); 

  • Right to restriction of processing; 

  • Right to data portability; 

  • Right to object to processing. 

The above rights may be exercised by sending a request in electronic form to dataprotection@quickinvoice.com, signed with a qualified electronic signature in accordance with Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014. A written application can also be submitted on site at the Company's office at the address: Sofia, Ovcha Kupel district, 12 Boycho Boychev Str. 

 

Giving consent and withdrawing consent 

The Company may request consent from data subjects as a lawful basis for processing personal data for one or more purposes. Some of these purposes may, for example, be for profiling, related tracking, behavioral advertising or others. In these cases, the Company will request the consent of the data subject, in order to have a lawful basis to process their personal data, about which they will be notified in a timely and appropriate manner. Personal data may include more categories than those listed above, and the consent shall explicitly indicate the necessary categories of personal data for processing for the relevant purpose. 

Consent must be a freely given, specific, informed and unambiguous indication of the data subject's wishes. Consent may be withdrawn at any time in the manner described above for the exercise of rights by data subjects. 

 

Right to complain to the supervisory authority 

In accordance with the General Data Protection Regulation and the Personal Data Protection Act, data subjects have the right to lodge a complaint with the Personal Data Protection Commission in the relevant Member State, whose addresses can be found here. - https://www.edpb.europa.eu/about-edpb/about-edpb/members_en. 

 

Personal data security measures 

The Administrator takes the necessary measures for the security of personal data. All paper documents containing personal data are stored in locked cabinets in the Company's office, with only authorized persons having access to them. Data in electronic form is stored in compliance with the requirements for information security and access restrictions. 


Sofia, Date: 01.11.2025 

Approved by (Victor Pavlov - manager) 
Facebook Twitter LinkedIn GooglePlus
Microinvest Chat 1.0 beta
X