Personal data protection
PERSONAL DATA PROTECTION POLICY
Below you will find information about the transparency of the personal data we process in conformity with art. 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation). Please read it carefully. For your convenience, the information is divided into sections if you opt to become familiar directly with any particular part thereof.
1. CONTROLLER’S DATA AND CONTACT DETAILS
The controller of personal data is Suprimmo Jsc., Unique Identity Number (UIN): 204775702, seat and address of registered office: fl.5, 19 Yakubitsa St, Lozenets Administrative Area, 1164 Sofia.
You may contact the controller both on the address provided above and on the following email: firstname.lastname@example.org or phone number: 0700 70 335.
2. PURPOSE OF DATA PROCESSING, CATEGORIES OF DATA, RECIPIENTS AND TERMS OF STORAGE
The information, which contains your personal data, will be processed for one or more of the following purposes:
For your convenience, we provide the whole information regarding the processing of special categories of personal data, the legal basis for processing, the categories of recipients and the terms for the storage for each of specific purpose of processing.
2.1. CONCLUSION AND PERFORMANCE OF CONTRACTS
Personal data, which is processed for the conclusion and performance of the contracts, under which our company is a party, refers to the natural persons, with whom we conclude them, or to the representatives of the legal entities or contact persons, with whom we have contractual relations. The legal basis for the processing of personal data is art. 6, par. 1, letter ’b’ of Regulation (EU) 2016/679 – performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The processed personal data includes the data referring to the identification of the parties under the contract, bank account details, if there is payment to be made, and other data depending on the subject-matter of the particular contract, absolutely necessary for its performance. Personal data may be provided to the data subject, to other bodies or entities only in the cases required by the applicable legislation (such as the National Revenue Agency, law enforcement and security authorities). The services of accounting companies may be used for such processing. The period for the storage of personal data is determined depending on the duration of the contract and the time-barring terms for filing possible claims.
2.2. FUNCTIONING OF OUR INTERNET SITE
Do not forget that natural persons may be identified with online identifiers such as internet protocol addresses (IP addresses) and ‘cookies’. For the purpose of proper functioning of our site, we use ‘cookies’, for which we have provided the necessary information on our web site https://www.suprimmo.bg/cookies.html
The nature of the data, which is collected via ‘cookies’, is IP address, location, reviewed page, type of device. The basis for such processing is your consent – art. 6, par. 1, letter ‘a’ of Regulation (ÅU) 2016/679. ‘Cookies’ for provision of service, which you have expressly requested, are excluded, as provided in art. 4à, par. 4 of the Electronic Commerce Act.
Categories of recipients may be law enforcement and security bodies within the scope of their authority.
The data of the registered visitors is deleted if the account is not used for 5 years or until the persons revoke their consent, respectively until they delete such data. You may receive information about the storage of other cookies and how they can be deactivated from our ‘Cookies’ Policy, which you will find on the link given above.
2.3. DIRECT MARKETING
With your consent we use your personal data to provide directly or indirectly the services, reputation and initiative of our company and to research the level of satisfaction of our clients from the used services. The legal basis for such processing is the consent of the data subject – art. 6, par. 1, letter ‘a’ of Regulation (ÅU) 2016/679. You have the right to withdraw your consent for the processing of your personal data at any time.
The categories of personal data we collect refer to a limited scope of personal information, which identifies the person (name, email address) and the consent given by him or her, including the withdrawal of such consent.
Recipients of such information may be only law enforcement and security bodies within the scope of their authority. We do not transfer such data to third countries.
The personal data for the purposes of direct marketing is stored until the consent for its processing is withdrawn. After that we store only limited volume of information to prove that there was consent for processing and that it was later withdrawn.
2.4. HUMAN RESOURCES
For the purpose of human resources management, we process personal data of job applicants, current or former employees, representatives and shareholders of the controller. Depending on the nature of personal data, the legal basis on which it is processed is: art. 6, par. 1, letter ‘c’ and art. 9, par. 2, letter ‘b’ of Regulation (ÅU) 2016/679 – for compliance with a legal obligation to which the controller is subject. Such obligations arise mainly from the Commerce Act and from the Labour Code.
The processed categories of personal data include: data for identification of natural persons, education and qualification data, health status data, contact details, as well as other data which may be required subject to the labour and social insurance legislation, the application of the tax laws, accounting and reporting, occupational health and safety. The collected data is used only for the above activities and is transferred to third parties only when the applicable law requires that. In such cases, data may be disclosed for example to the National Revenue Agency, General Labour Inspectorate Executive Agency, law enforcement and other public bodies within their authority and competence. The information is not stored outside EU and the European Economic Area.
The collector provides all necessary technical and organizational measures for the protection of your personal data during the whole period of its storage, which is determined in accordance with the applicable requirements of the labour legislation: 50 years for payrolls for salaries, 3 years for sick leave documentation, 5 years after the termination of the employment contract for the employee’s job dossier, 6 months for documents for job applicants, with whom employment contracts were not signed.
The activities related to occupational health and safety are settled through a contract with an occupational health service company under the provisions of Ordinance No. 3 of 25 January 2008 regarding the terms and conditions for the work of the occupational health service companies.
3. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
We remind you that the Member States of the European Union, of the European Economic Area (Iceland, Lichtenstein and Norway) and the Swiss Confederation are NOT third countries. Third countries are all which are not enlisted above.
If it is required to transfer personal data to recipients in such countries, then the guarantees provided in art. 44 and following of Regulation (ÅU) 2016/679 shall apply. If, the European Commission has not taken decision for the specific country regarding the adequate level of protection, your personal data may be transferred only if this is necessary to perform the contract with you or to take steps prior to entering the contract which you have requested. In all events, the principles of Regulation (ÅU) 2016/679 shall apply for the transfer of personal data in order to protect your rights and freedoms.
4. YOUR RIGHTS UNDER REGULATION (ÅU) 2016/679
The general data protection regulation provides the following rights for the natural persons regarding their personal data processing:
You may exercise the rights arising from Regulation (ÅU) 2016/679 with written or electronic statement submitted to the data collector. In your application, you shall write down your name, personal number, address and other data, which identifies you as data subject, to describe the concept of your request, specify the form of communication you prefer and the actions you expect as a result of your request. You have to sign your request, write the date of submission and your contact address. These requirements arise from the provisions of articles 37b and 37c of the Personal Data Protection Act. You may use the controller’s contact details to send your application. It is good to know that even after removal of your profile or if you have requested erasure of your data, copies of some information from your profile may be still visible under certain circumstances, such as, if you have shared information with social media or other services, or when the preservation of such copies is necessary to observe legal obligations or for legal protection. Due to the technology of information cache, your profile may not become immediately inaccessible to the others.
5. RIGHT OF CLAIM TO THE COMMISSION OF PERSONAL DATA PROTECTION
If you think that your rights under Regulation (ÅU) 2016/679 are violated, you have the right to submit a claim to the Commission of Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd, 1592 Sofia, Fax: 029153525, email@example.com
6. WHY THE PROVISION OF YOUR PERSONAL DATA IS IMPORTANT?
When we process your personal data for the purpose of conclusion and performance of contracts with you, the provision of personal data is a required precondition for the conclusion of the contract. If such data is not provided, it will impede the possibility to take steps on claims that are anonymous.
With your consent, we process your personal data when you voluntarily decide to subscribe for our offers, promotions, latest news, market research. If you do not give your consent for that, it will not be possible for us to know in which offers you show interest and provide you the services specially focused on you.
7. HOW WE PROCESS YOUR PERSONAL DATA
Personal data is processed both automatically and manually and is protected with suitable safety measures taking into account the achievements of the technical progress, the costs and expenses for implementation and the nature, scope, context and purpose of such processing. The company introduces suitable administrative, technical, staff and physical measures to protect all personal data we keep against loss, theft or unauthorized use, disclosure or change.
8. WHICH SOURCES WE RECEIVE YOUR PERSONAL DATA FROM
The processed personal data we receive from you being the data subject. If necessary, in addition, we may have access to publicly accessible registers such as the property or commercial register, but we would not do anything if we do not have contractual or pre-contractual relations with you.
9. LINKS TO OTHER WEB SITES
This personal data protection policy does not cover possible links in our site to other websites. We recommend to read the transparency/privacy policies/statements of the other websites, which you visit.
10.UPDATING THIS PERSONAL DATA PROCESSING POLICY
Our company has the right to amend or update this personal data protection policy. Any amendment in this personal data protection policy will be published in advance on the official web site of the company.