Principles of personal data processing
Compliance with the provisions of the Regulation
The policy of the Company is to ensure compliance with the provisions of the Regulation.
Personal data is collected and processed lawfully and conscientiously.
The Company collects and processes personal data lawfully, conscientiously and in accordance with the principles and rights of individuals in connection with the processing of their personal data.
Personal data is processed transparently
The Company provides transparency in the communication of the collected and processed personal data and the information on this is in a concise, transparent, comprehensible and easily accessible form, using clear and unambiguous wording.
Personal data is collected and processed only for certain purposes
The Company processes personal data of individuals only in the following cases:
- the processing is necessary for compliance with a legal obligation of the Company;
- the processing is necessary for the execution of a contract (including an order) with the Company, to which the individual is a party, or to take steps at the request of an individual before concluding a contract when his identification is required;
- an individual has given his / her unambiguous consent for an understandable and transparently defined purpose on the part of the Company, for which the processing of his / her personal data is required;
- processing is necessary in order to protect the vital interests of the individual whose personal data is being processed or of another individual;
- the processing is necessary for the purposes of the legitimate interests of the Company or a third party, in accordance with the provisions of the Regulation;
- other cases covered by the Regulation.
Personal data unnecessary for the activity are not collected and processed
The Company does not collect or process personal data of individuals that exceed its legal obligations or its business needs.
Collected personal data is processed for other purposes only with the consent of the persons
In all cases where it is necessary to collect and process personal data of individuals for purposes other than the original, the Company notifies the relevant individuals, seeks their consent and proceeds to process their personal data for other purposes only after their explicit consent.
For processing, the minimum necessary personal data is collected
The Company collects and processes only the minimum necessary personal data of individuals who:
- are provided by law;
- are needed to execute the contract;
- are needed to meet the purposes for which they are collected.
The processed personal data is accurate and up-to-date
The Company ensures that the processing of personal data of individuals is carried out with maximum accuracy and, if possible, always up to date.
Personal data is processed by a minimum number of persons required
The Company ensures that the access and processing of personal data of individuals is performed by the minimum necessary number of persons (operators) who have the necessary competence for their processing and the necessary commitment to their protection.
Personal data is stored for the minimum necessary period
The Company stores personal data for the minimum required period:
- needed by law;
- it is necessary to execute a contract (including an order) and the responsibility for it;
- the purpose for which the data were collected and processed needs to be met;
- or at the request of the individual for their deletion, after which they are destroyed without undue delay.
In all cases, the Company ensures that at least once a year a review of the collected and processed personal data is made and those that fall into any of the above hypotheses are deleted without undue delay.
Rules for personal data processing
Personal data is processed with the necessary levels and protection measures
The Company provides the necessary levels of physical, organizational and technological protection with a view to:
- the nature, scope, context and purpose of the personal data processed;
- the probability, impact levels and risk severity to the rights and freedoms of individuals in the event of a breach of the security of the personal data processed;
- Own financial and organizational capabilities.
The Company also provides all necessary measures for timely recovery of collected and processed personal data in case of loss as a result of accidental, malicious or force majeure events.
Personal data is processed with controlled and traceable access
The Company provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to personal data of individuals.
Personal data is processed with the necessary reporting for compliance with the Regulation
The Company provides the necessary accountability and registers to be able to prove that the provisions of the Regulation have been complied with.
Compliance the rights of individuals whose personal data is processed
The Company ensures compliance with the rights of individuals whose personal data is collected and processed, which includes:
- right to be informed about the processing of personal data;
- right of access to personal data - what data is available;
- right to correction of inaccurate personal data;
- the right to delete personal data - the right to be forgotten;
- the right to restrict the processing of personal data;
- the right to be informed of actions resulting from a request for correction, deletion or restriction of personal data processing;
- right to data transferability;
- right of objection against the processing of personal data;
- the right not to be subject to automatic decision-making involving profiling.
Processed personal data
Processed Personal Data as an Administrator:
- of Employees;
- of Customers Individuals;
- of Suppliers Individuals.
Purposes of personal data processing
The Company, as Administrator, performs the following operations and processes only the necessary personal data for the following purposes:
- for concluding, executing and terminating Employment Contracts and Calculating Salaries and Employee Benefits Salaries and Employee Benefits;
- for Delivery of Products and Services to customers;
- for Direct Marketing for Sales Purposes.
Recipients and recipient categories
In connection with the implementation of the objectives set out above, the Company provides personal data of individuals to the following recipients:
- subcontractors for the implementation of contractual obligations.
Contact details of the Company
If you have any questions or concerns regarding the processing of your personal data or wish to exercise any of your rights, you can contact:
- E-mail: firstname.lastname@example.org
- Phone: +359 2 999 11 02
- Address: 1A Vasil Levski Str., 1532 Kazichene, Sofia, Bulgaria
Competent supervisory authority
The Commission for Personal Data Protection (CPDP) is an independent government body that protects individuals in the processing of their personal data and in accessing such data, as well as control over compliance with the Personal Data Protection Act in the Republic Bulgaria.
In case of suspicion that your rights related to the protection of your personal data have been violated, you can report to the CPDP to:
- Address: 2, Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
- E-mail: email@example.com
- Web-site: cpdp.bg
- Phone: +359 2 91 53 518