CONFIDENTIALITY POLICY AND PERSONAL DATA PROTECTION
This communication aims to inform you, in compliance with the information requirements under Articles 13 and 14 of the GDPR, about the activities of DI TRADE GROUP OOD on personal data processing, the purposes of personal data processing, and the measures and guarantees for protection of the processed data, your rights and how you can exercise them, in accordance with the requirements of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “Regulation 2016/679” or “GDPR”) and the other applicable acts of the European Union and the Republic of Bulgaria.
1. Data about the controller and its contact details
DI TRADE GROUP OOD is a legal entity, registered in the Commercial Register at the Registry Agency by UIC 203799419, with headquarters at Sofia 1592, “Iskar” Region, zh.к. Druzhba, 41, Prof. Tsvetan Lazarov Blvd., with main activity “imports and trade in insulation materials“, represented by ANI VASILEVA TSONEVSKA – General Manager, hereinafter referred to as the COMPANY.
The Company is the controller of the personal data that are being processed in the course of, or in connection with the implementation of the commercial activity of the Company, and the address of the Company is: Sofia 1592, “Iskar” Region, zh.к. Druzhba, 41, Prof. Tsvetan Lazarov Blvd. - at which address you can send your requests by mail, or submit them personally.
You may also direct your requests to e-mail address: firstname.lastname@example.org
2. Purposes and grounds for personal data processing; processed data categories
Company carries out its activity in accordance with the legislation of the Republic of Bulgaria, processing personal data in relation to:
- conclusion and performance of contracts for delivery of materials and for construction and installation works, with legal entities and natural persons;
- human resource management;
- financial accounting;
- access control to Company’s premises;
- fulfilling other legal requirements.
In the above cases the Company processes personal data of clients, representatives of clients, employees, job applicants, contractors and partners, natural persons, contractors and representatives of legal entities, and other persons in connection with the activities pursued, within contractual and pre-contractual relations (Article 6 (1) (b) of the GDPR), and/or in case of legitimate interests under Article 6 (1) (f) of the Regulation. In these cases, the data processed is related to the physical and economic identity of the subject.
For the purposes of administration of personnel (human resources management) and financial accounting, the Company processes personal data on the basis of Article 6 (1) (c), and Article 9 (2) (b) of the GDPR, of job applicants, employees and natural persons, contractors and representatives of legal entities-contractors. Categories of data processed concern the physical and social identity, family and economic identity, criminal record data, and health status of the persons.
When the Company processes data based on the subject’s consent, personal data is processed only if persons have freely, specifically, informed and unambiguously expressed their consent to the processing.
Data processing is done for the specific and legally defined purposes, data is processed legally and in good faith, and cannot be further processed in a way incompatible with these purposes.
3. Categories of recipients of the personal data outside the Company
Company does not disclose personal data to third parties and recipients unless there is a legal basis for receiving the data, or the data is not publicly available due to its inclusion in a public register.
Apart from the cases of public access to data included in a public register, recipients of the personal data may, depending on the case, be:
- state authorities and bodies entrusted with public functions within the framework of their powers (NRA, NSSI, MoI, courts, prosecutors, bailiffs, notaries, other bodies charged with public functions);
- banks for the purposes of payments;
- courier companies and postal operators - for the purposes of correspondence with natural persons-data subjects.
4. Data storage periods
As a Data Controller, the Company processes data for a minimum period according to the processing objectives and the provisions of the legislation in force, in accordance with the “storage limitation” principle.
The processed personal data shall be stored for a period of 2 months up to 50 years, according to the data type defining the legal obligation for processing, including its storage.
5. Rights of data subjects
The measures taken to protect the personal data in accordance with the requirements of Regulation 2016/679, are aimed at ensuring the rights of data subjects whose personal data is being processed, namely:
- Right of access;
- Right of rectification of inaccurate or incomplete data;
- Right of erasure (right to be forgotten), if conditions under Article 17 of the GDPR are present;
- Right of processing limitation;
- Right of data portability, if conditions for portability under Article 20 of the GDPR are present;
- Right of objection, if the conditions of Article 21 of the GDPR are present.
- Right of data subject not to be subject to a decision based solely on automated processing, including profiling.
You may exercise the above rights by sending a request to the Company (in writing or electronically), which should point out the specific request, sufficiently customizing your request and the data to which it relates. The request should be signed and sent to the address of the Company.
6. Right to appeal to the Commission for Personal Data Protection or the Court
If you believe that your rights under Regulation 2016/679 have been violated, you may file a complaint with the Commission for Personal Data Protection, or the Sofia Administrative Court.
7. Transmission of personal data to third countries or international organizations
Company does not transmit the processed personal data to third countries or international organizations.
8. Data protection measures introduced by the Company
By introducing DI TRADE GROUP OOD Internal Rules on Measures for Personal Data Protection, measures were put in place for effective protection of personal data processed and the possibility for data subjects to exercise their rights, provided for in the REGULATION 2016/679. The complete text will be provided to you upon written request, addressed to the General Manager of the Company, to the Company’s address, or to the e-mail address: email@example.com