DATA CORP LTD Customers' Privacy Policy
Information about us
DATA CORP Ltd. operates in the form of a company registered in the Commercial Register of the Registry Agency with VAT BG205152170, with its registered office and registered address: Plovdiv 4000, Kapitan Raycho Str., 95, fl. 6 , office 3, Tel:+35932392960; e-mail: office@data-corp.eu Website: www.data-corp.eu.
Information concerning the competent supervisory authority
1. Name: Data Protection Commission
2. Headquarters and address of management: 1592 Sofia, Prof. Tsvetan Lazarov blvd, № 2
3. Correspondence information: 1592 Sofia, Prof. Tsvetan Lazarov blvd, № 2
4. Phone: +359 2 915 3 518
5. Email: kzld@government.bg, kzld@cpdp.bg
6. Website: www.cpdp.bg
I. Our main goal when dealing with personal data
DATA CORP LTD processes your personal data with maximum security in connection with the client's subscription, one-time service contract or other type of contract concluded between the company and you.
The security of the data you have given us is very important to us. It is of great importance for the success of our business and for our public image. Therefore, we protect your data by applying all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information.
We only collect and process personal data in compliance with the requirements of local and European law. We understand that the processing of your data is for a specific reason and cannot be done without restriction.
This Privacy Policy aims to explain how and why we process your personal data.
II. How and why we use your personal information
To perform a client subscription or other contractual relationship.
We process your personal data to give you the opportunity to be a client of the company by fulfilling our contractual obligations and enjoying the rights under the contracts concluded with you.
The processing is carried out in order to:
• Establishment of certain relationships between the company and you in which you are a client. These relationships are created and / or created in a lawful manner;
• lawful and full implementation of the commitment / provision of a specific service;
• production of statistical information about our activity, which we can provide to third parties, etc.;
• protect and ensure the security and interests of our customers;
• identify and / or prevent unlawful acts or actions that conflict with our working conditions;
• the data from your invoices are processed by us for purposes consistent with the original purpose of collecting them in order to establish relationships with us;
In addition to the data we collect, we also process data that you voluntarily provide to us. On our website we collect the following data with the following tools:
· Contact Form: Your name, your email address, subject and your message so that we can contact you in the event of questions or information about your request.
· Request form: your full name, your email address, personal identification number, foreign address, current correspondence address, contact telephone number and the nature of your request
Cookies
We also use so-called cookies in various places on our website. Cookies are small text files that are stored by the web browser on your computer or mobile device. Cookies do not cause damage to your computer and are free of viruses and are automatically deleted after their expiration date. Some cookies expire when you finish your internet session, others are stored for a certain period of time.
The cookies on our website do not collect any personal information. We use cookies to help you visit our website and tailor it to your needs. Of course, you can also browse our website without cookies. By using the browser settings, you can disable cookies stored on your computer. You can also delete existing cookies through your browser settings. In this case, however, there may be functional limitations on our website. More information about the cookie settings on your web browser can be found here:
· Internet Explorer: https://support.microsoft.com/gp/cookies/en
· Mozilla Firefox: https://support.mozilla.com/en-US/kb/Cookies
· Google Chrome: https://www.google.com/support/chrome/bin/answer.py?hl=bg&answer=95647
· Safari: https://support.apple.com/kb/PH5042
· Opera: https://www.opera.com/browser/tutorials/security/privacy/
To fulfill regulatory obligations
We process your personal data in order to comply with the obligations stipulated in the contracts concluded, as well as in regulations such as:
• providing information to the Commission for the protection of personal data in relation to the obligations laid down in the legislation on personal data protection - Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc .;
• Obligations provided for in the Accounting Act, the Tax and Social Insurance Procedure Code and other related normative acts, in connection with keeping proper and lawful accounting;
• providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the procedural and substantive legal acts applicable to the proceedings;
We process your personal information that you voluntarily provide to us, acting as an initiative to contact us for the purpose of providing any of the services we offer or contracting.
DATA CORP LTD does not collect or process personal data relating to the following:
• reveal racial or ethnic origin;
• reveal political, religious or philosophical beliefs, or membership of trade unions;
• genetic and biometric data, health data, or sexual life or sexual orientation data.
When we process your personal data and other information described for the purposes of the contracts concluded or forthcoming, for their fulfillment, as well as for the purpose of fulfilling our regulatory obligations, such processing is obligatory for the fulfillment of these purposes. Without this information, we would not be able to settle our relations by concluding the relevant contract. Subsequent withdrawal will result in termination or termination of our relationship due to our inability to fulfill our obligations properly.
III. How we protect your personal information
To ensure adequate protection of the data of the company and its employees and partners, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act and Regulation (EU) 2016/679 of 27 April 2016, as well as to protect the personal data during the design and protection phase by default.
The protection of personal data at the design stage is reflected in the appropriate technical and organizational measures we have put in place before the processing of personal data begins (at the stage of defining the purposes and means of processing), ensuring their application throughout the data lifecycle. Our appropriate measures are pseudonymisation and / or encryption of data, provisioning of functionalities for automatic reporting of storage periods and their automatic deletion after their expiration, etc.
By default, we protect personal data by applying mechanisms that by default ensure that the following requirements are met:
• Only the minimum amount of personal data and processing operations that are absolutely necessary to achieve our specific purpose are processed;
• The data are stored for the minimum period absolutely necessary to achieve the processing objectives, and then deleted in accordance with the relevant rules and procedures;
• Any access, transmission or sharing of data is admissible only if there is a valid legal basis for it (for example, the consent of the data subject or our legal obligations).
The company has established structures to prevent abuse and security breaches that support the processes of protecting and securing your data.
The company has the opportunity to introduce an additional key for the work of the individual employees for security reasons.
For maximum security when processing, transferring and storing your data, we may use additional security mechanisms.
IV. When we delete your personal information
As a rule, we discontinue using your personal data for the purposes of the contractual relationship upon termination of the contract, but do not delete it before the expiration of one year from the termination of the contract or until the final settlement of all financial obligations and the expiration of the statutory obligations for storing the data, according to the Accounting and Tax Law for storage and processing of accounting data (10 years), expiration of the limitation periods specified in the Law on Obligations and Contracts tendencies (5 years), obligations to provide information to the court, competent state bodies, etc. grounds provided for in current legislation (5 years). Please note that we will not delete or anonymize your personal information if it is necessary for pending litigation, administrative or pending litigation.
V. When and why we share personal information with third parties
We provide your personal information to third parties, and our main purpose is to offer you protection of your interests and security. We do not disclose your personal information to third parties before we have ascertained that all technical and organizational measures have been taken to protect that data, and we seek to exercise strict control over the fulfillment of this purpose. In this case, we remain responsible for the privacy and security of your data.
We provide personal information to the following categories of recipients (data controllers):
Data processors on behalf of:
• third parties who, on a contractual basis, maintain equipment, software and hardware used for processing personal data and necessary for carrying out the activity of the company and for carrying out various reporting, payment, and other activities;
• Authorities, institutions and persons to whom we are obliged to provide personal data under the current legislation;
Data processors on their own behalf:
Competent authorities which by virtue of a legislative act have the power to request the provision of information, including personal data, such as courts, prosecutors, various regulatory institutions such as the NRA, NSSI, the Commission for Personal Data Protection, the Employment Agency, occupational health services, authorities with responsibility for the protection of national security and public order;
VII. Your rights regarding the processing of your personal data:
1. Right to information:
You have the right to request:
• information about whether the data relating to you are being processed, information for the purposes of that processing, the categories of data and the recipients or categories of recipients to whom the data are being disclosed;
• a comprehensible communication containing your personal data being processed and any available information about their source;
• information about the logic behind any automated processing of personal data relating to you, at least in the case of automated decisions.
2. Right of correction:
If we process incomplete or incorrect data, you have the right at any time to request:
• delete, correct or block your personal data, the processing of which does not comply with the law;
• notify third parties to whom his or her personal data have been disclosed of any deletion, correction or blocking, except where this is not possible or involves excessive efforts.
3. The right to be forgotten:
The right of erasure (or the "right to be forgotten") enables, when you do not want your data to be processed and there are no legitimate reasons for storing it, to request that it be deleted on one of the following grounds:
• personal data are no longer needed for the purposes for which they were collected
or otherwise processed;
• You withdraw your consent on which the data processing is based;
• You object to the processing and there is no overriding legal basis for continuing the processing;
• personal data were processed illegally;
• personal data must be deleted in order to comply with legal obligations desire;
The right to be forgotten is not an absolute right. There are situations in which a company has the ability to refuse to erase data, namely when the processing of specific data is necessary for any of the following purposes:
• to exercise the right to freedom of expression and information;
• archiving for public interest purposes, history research or statistical objectives;
• To establish, exercise or defend legal claims.
4. Right of objection:
At any time, you have the right to object to the processing of your personal data when there is a legitimate reason to do so; where the objection is justified, the personal data of the individual concerned may no longer be processed;
5. Right to restrict processing:
You can request a restriction on your customizable data if:
• dispute the accuracy of the data for the period during which we need to verify their accuracy; or
• the processing of data is without legal basis, but instead of deleting it, you want its limited processing; or
• we no longer need this information (for the intended purpose), but you need it to establish, exercise or defend legal claims; or
• You have objected to the processing of the data, pending verification that the administrator's grounds are legitimate.
6. Right to portability of data:
You may ask us to provide personal information that you have entrusted to our care in an organized, orderly, structured, generally accepted electronic format if:
• process the data in accordance with the contract and based on the declaration of consent, which can be withdrawn or contractual obligation, and
• processing is performed automatically
7. Right of appeal:
If you believe that we are in violation of the applicable regulations, please contact us for clarification. Of course, you have the right to file a complaint with the Data Protection Commission. After May 25, 2018, you will also be able to file a complaint with a regulatory institution within the EU.
8. Right to compensation:
According to Art. 82, paragraph 1 of Regulation (EU) 2016/679, any person who has suffered damage as a result of a breach of the provisions of Regulation (EU) 2016/679 is entitled to claim damages before the competent judicial authority.
Exercise your rights
Requests for access to information or for correction shall be submitted in person or via e-mail at office@data-corp.eu. If you send us your request via e-mail, the document MUST BE signed with QUALIFIED ELECTRONIC signature. We will respond to your request within 14 days of its submission. If a longer term is objectively needed - with a view to collecting all the requested data and when this seriously impedes our activity, this period can be extended to 30 days. By decision, we give or deny access and / or information requested by the applicant, but always motivate our response.
The minimum information contained in the application (should be the following: name, address, passport/ID number, description of the application, signature and date of submission, correspondence / email address (depending of the preferred form of receiving information), power of attorney (when needed).
A special register is created for the rights described above: information, correction, "right to be forgotten", objection, limitation of processing, complaint, and in view of the administrator's actions in relation to these rights. , which will list all actions performed.
The initial provision of personal data is free of charge, any subsequent request made by a client / contractor is charged.
VII. Principles of the processing of personal data pursuant to Regulation (EU) 2016/679
• “Legality, Integrity and Transparency” - Your data have been processed in accordance with applicable law, in good faith and in a transparent manner with respect to the data subject;
• “goal limitation” - your data is collected for specific, explicitly stated and legitimate purposes and is not further processed in a manner incompatible with those purposes;
• “minimizing data” - the types of data we collect are relevant, relevant and limited to the minimum necessary for the purposes for which they are processed;
• 'accuracy' - accurate and, where necessary, kept up-to-date, taking all reasonable steps to ensure that personal data are deleted or corrected in a timely manner, taking into account the purposes for which they are processed;
• "retention limit" - your data is stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed;
• "integrity and confidentiality" - processed in such a way as to guarantee an adequate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or corruption, by applying appropriate technical or organizational measures.
VIII. Definitions
• "personal data" - any information relating to an identified or identifiable individual;
• "data subject" - a person who can be identified, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier, or by one or more physical, physiological, genetic, the mental, mental, economic, cultural or social identity of that individual;
• "processing" - any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organizing, structuring, storing, adapting or changing, extracting, consulting, using, disclosing by transmission , disseminating or otherwise making the data accessible, arranging or combining, limiting, deleting or destroying them;
• "restriction of processing" - marking of stored personal data in order to limit their processing in the future;
• "pseudonymisation" - the processing of personal data in such a way that personal data can no longer be linked to a specific data subject without using additional information, provided that it is stored separately and subject to technical and organizational measures in order to ensure that personal data are not linked to an identified or identifiable individual;
• "controller" - a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of the Member State;
• "processor" - a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller;
• 'consent of the data subject' - any freely expressed, specific, informed and unambiguous indication of the data subject's will, by means of a statement or clearly affirmative action expressing his / her consent to the processing of personal data related to him / her;
• “personal data breach” - a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or processed in another way.
IX. Relevance and policy changes
In order to implement the most up-to-date security measures and to comply with applicable laws, we will regularly update this Privacy Policy. We invite you to regularly review the current version of this Privacy Policy, to be constantly informed of how we care about the protection of the personal data we collect.
This "Privacy Policy" is based on current European legislation.
Ask here