General information about the data controller:
Data subjects are informed about the following general profiles valid for all areas of processing: – all data are processed in accordance with the applicable data protection regulations. All data are processed in a lawful, fair and transparent manner for the data subject in accordance with the general principles, specific security measures are observed to prevent data loss, unlawful or improper use and unauthorised access. Data Controller and Data Protection Officer (DPO). Plovdiv, South district, ., 58, tel. +359 883 591 644, e-mail: [email protected], represented by the manager Petko Katsarov.
I. DATA PROCESSING IN CONNECTION WITH THE OPERATION OF THIS WEBSITE
1. 1.1 Navigation data
The computer systems and software procedures used for the operation of this website acquire certain personal data during their normal operation, the transmission of which is embedded in the use of Internet communication protocols. This information is not collected in order to be linked to identified persons concerned, but by its very nature could, through processing and linking with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses of the resources requested, denoted by a URI (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the user’s operating system and IT environment.
Purpose and legal basis for processing – This data is used solely for the purpose of obtaining anonymous statistical information about the use of the website and to verify its proper functioning. The data may also be used to establish liability in the event of hypothetical computer crimes detrimental to the site (legitimate interests of the owner).
Scope of communication – Data may only be processed by internal employees duly authorised and trained to process it, or by persons responsible for maintaining the web platform, and will not be disclosed to other parties, distributed or transferred to countries outside the EU (except in accordance with the requirements of Chapter V of the GDPR). Only in the event of an investigation may they be provided to the competent authorities.
Data retention period (GDPR) Data is generally retained for short periods of time, except for extensions related to investigative activities.
Provision (GDPR) The data is not provided by the person concerned, but is obtained automatically by the technological systems of the site.
1.2 Specific Site
Features Certain pages of the Site may include requests for information from the surfer in connection with specific services (e.g., requesting information, registering a user, working with us, etc.).
Purpose and legal basis for processing –
Only the data that is necessary for the proper provision of the service and is necessary to give a correct and complete response to the interested parties will be requested. Processing is subject to acceptance of specific, free and informed consent.
Scope of communication
Data is processed exclusively by duly authorized and trained personnel or by persons responsible for the maintenance of the web platform (in this case appointed as external data processors). Data will not be distributed or transmitted to non-EU countries.
Data retention period (GDPR)
Data shall be retained for a period compatible with the purpose of collection.
Provision (GDPR)
Provision of data in mandatory fields is necessary to enable a response to be received, while optional fields are intended to provide employees with additional information to facilitate contact.
1.3 Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic and/or ordinary mail to the addresses indicated on this website results in the subsequent receipt of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
II. DATA PROCESSING RELATED TO CUSTOMER AND SUPPLIER RELATIONSHIPS
2.1 Purpose of data processing.
The Company processes personal data identifying customers/suppliers (e.g. first name, last name, company name, personal/fiscal details, address, telephone number, email, bank and payment references) and their operational contacts (first name, last name and details of contact) acquired and used in the context of the provision of the products/services supplied and after consent has been obtained.
2.2 Purposes and legal basis of processing.
The data are processed for:
– entering into contractual/professional relationships;
– fulfilling pre-contractual, contractual and fiscal obligations arising from existing relationships, as well as managing the necessary communication related thereto;
– fulfilling obligations provided for by law, regulation, EU law ;
– exercising a legitimate interest, as well as a right of the Controller (e.g.: right to defend in court, protection of credit positions; normal internal operational, management and accounting needs).court, protect credit positions; normal internal operational, management and accounting needs).
Failure to provide this data will make it impossible to establish a relationship with the Data Controller. The Data Controller declares that when processing is carried out for different purposes (e.g. marketing communications, creation of photo/video content, etc.), explicit consent will be requested from the persons concerned.
2.3 Processing methods and shelf life
The processing of personal data is carried out by collecting, recording, organizing, storing, consulting, processing, modifying, selecting, retrieving, comparing, using, linking, blocking, communicating, cancelling and destroying data. Personal data is subject to both paper and electronic processing. The data controller will process personal data for the time necessary to fulfil the purposes for which it was collected and the related legal obligations.
2.4 Scope of processing
Data is processed by duly authorized and instructed internal entities. It is also possible to obtain information on the scope of communication of personal data, such as any external entities acting as independent processors or data controllers (consultants, technicians, banking institutions, carriers, etc.). Data may be communicated to all companies controlled/connected in different ways. The data are not subject to dissemination or transfer outside the EU (they may only be subject to transfer outside the EU subject to the conditions set out in Chapter V of the GDPR aimed at ensuring that the level of protection of data subjects is not adversely affected. The data shall not be subject to automated processes that have significant consequences for the data subject.
3. Policy update
Please note that this policy may be subject to periodic review, also in relation to legislation and case law. In the event of significant changes, appropriate notice will be posted on the home page of the site for an appropriate period of time. In any event, interested parties are invited to consult this policy periodically.
III. RIGHTS OF THE DATA SUBJECT
3.1 “Right to limitation”
– the right to receive the data concerning him/her in a structured format – the right to object to processing and to automated decision-making processes, including profiling;
– the right to withdraw prior consent – the right to lodge a complaint with the Data Protection Authority in the absence of a response. 1) processing of data related to the functioning of the website 2) processing of data of customers/suppliers of the Controller