PDPA
POLICY FOR PROTECTION OF PERSONAL DATA
for clients and counterparties of Anvers Konstrukt EOOD and visitors to the company's website – www.anvers-konstrukt.com
This privacy policy provides information about how your personal data is processed by “Anvers Konstrukt“ EOOD, UIC 201569095, with headquarters and management address: city of Plovdiv 12 “Kuklensko shose” blvd. fl. 2, office 5, as a client of “Anvers Konstrukt“ EOOD or a visitor to the company website – www.anvers-konstrukt.com
For “Anvers Konstrukt“ EOOD protecting your privacy and the security of your personal information are top priorities.
“Anvers Konstrukt“ EOOD is a personal data administrator. This means that we are responsible for the decisions we make regarding the storage and use of your personal data. We have an obligation under data protection law to provide you with the information contained in this policy.
Our contact information is indicated below.
For the purposes of these Rules, the terms used shall have the following meaning:
• PDPA – Personal Data Protection Act.
• CPDP – Commission for Personal Data Protection.
• GDPR – Regulation (ЕС) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Person responsible for personal data – a person who is an employee of the company or performs functions on behalf thereof, who is entrusted with obligations in connection with the protection and processing of personal data regulated in this Policy. The main activities of the administrator or the processor do not consist in processing operations which, by their nature, scope and / or purpose, require regular and systematic large-scale monitoring of the data subjects or large-scale processing of the specific categories of data and personal data regarding convictions and violations. In view of this circumstance, the Company has no obligation to appoint a Data Protection Officer and should not be deemed to have appointed such a person or that the person responsible for personal data has the obligations and must meet the requirements of the person within the meaning of of Art. 37 et seq. of the GDPR.
• Personal data administrator – a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of the processing of personal data. In the present Policy, “administrator” shall mean the Company.
• Personal data processor – an employee of the company entrusted with data processing functions or a person or organization that, on the basis of a contract, processes personal data provided by the Company for the agreed purposes.
• Data protection notices – separate notices containing information provided to data subjects at the time the Company collects information about them. These notices can be both general (e.g. addressed to employees or notices on the organization’s website) as well as and relating to processing for a specific purpose.
• Data processing – any activity related to the use of personal data. This includes: receiving, recording, storing, performing an operation or a series of data operations such as organizing, editing, recovering, using, providing, deleting or destroying. Processing also involves the transfer of personal data to third parties.
• Consent – any freely expressed, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or clearly affirmative action expressing consent to the processing of personal data relating to them.
Data that can be collected.
We will process personal data, including personal data of Customers, suppliers and counterparties in accordance with applicable laws and regulations for the protection of personal data.
We may collect certain personal information regarding Clients, suppliers and counterparties, for example: full name, contact details (email address, telephone number and correspondence address), in case of an individual, or company name, business address, company telephone number, surname and contact details of company employees, country of incorporation and tax identification number, photos and video, address of facility where the service is to be provided, and any other relevant information in accordance with applicable laws.
Special categories of sensitive personal data require a higher level of protection and additional justification for their collection, storage and use.
We may process special categories of personal data in the following situations:
- in limited cases, with your express written consent;
- to comply with applicable laws;
- when processing is in the public interest.
In rare cases, we may process sensitive data when necessary for the defence in a legal dispute or for the protection of your interests or those of anyone else and you are unable to give valid consent, or in case you have disclosed this sensitive information in the public domain.
Use of personal information regarding Clients, suppliers and counterparties.
We will use the personal data of Clients, suppliers and counterparties during our business activities to provide our services and / or to conclude a contract for services provided to us and sales. We may also use the personal data of Clients, suppliers and counterparties to communicate with them and keep them informed of updates to our services. For example, the provision of personal information by a Client may be necessary in order to provide them with the requested services necessary to perform the contractual relationship with that Client and for other purposes, as set out in this notice, when it is in accordance with our legal interests. We may also require personal data to comply with legal and regulatory requirements.
Personal data shall be processed on the basis of at least one of the legal grounds provided for in Art. 6 of the GDPR, namely: legal obligation, consent of the subject, contract, public interest, legitimate interest of the administrator or third party, protection of the vital interests of the subject or other individual.
Principles of processing
When processing personal data, we comply with the following principles:
• lawfulness – when collecting, processing and storing your data, we comply with the provisions of the applicable Bulgarian and European legislation;
• integrity and transparency – we process the data we collect in accordance with this privacy policy that is accessible to each user;
• appropriateness of the processing for the purposes and minimizing data - the types of data we collect are minimized, according to the purposes for which they are processed. The purposes for which your data are processed are those for which we have obtained your consent;
• limiting storage – we process and store the data received for a period of time according to the purposes for which it is needed and with your consent.
consent of users for data processing - when you send a request to “Anvers Konstrukt“ ЕООD, you give your consent for “Anvers Konstrukt“ ЕООD to store and process personal data provided by you for the purpose of the request.
Disclosure of information to certain third parties.
The personal data of Clients, suppliers and counterparties are processed solely for the purposes stated above and will be strictly shared only on the basis of “need to know”, complying with all legal requirements for Data Protection, with:
- other companies in the group and service providers;
- state authorities for fraud prevention and law enforcement;
- courts, government and non-governmental regulators, tax authorities and the Ombudsman;
- a third party who acquires or has an interest in acquiring all or part of our business, whether by merger, acquisition, reorganization or otherwise;
- disclosure required or permitted by law, including on the basis of an administrative act or similar legal process or request of a state authority, or when we believe in good faith that disclosure is a legal requirement or we have a legitimate interest to make disclosure when necessary to protect our rights and our property.
Transfer of personal data
Where your personal data is transferred to companies and / or authorized third parties located outside your country (including outside the European Economic Area), we take organizational, contractual and legal measures to ensure that your personal data are only processed for the purposes mentioned above and that appropriate levels of security are applied to protect your personal data.
These measures include the mechanisms approved by the European Commission for transfer to third parties in countries that are deemed not to provide an adequate level of data protection, as well as any additional local legal requirements.
Security and storage term.
We will take reasonable steps to protect the Client's personal information against loss or theft, as well as from unauthorized / unauthorized access, disclosure, copying, misuse or modification, regardless of the form in which it is stored.
We will not store information about you for any longer than is reasonably necessary to fulfil the specific purposes for which it was collected and of which you have been hereby notified.
We will only store personal data for the period we need them to fulfil the purposes for which we have collected them, including to comply with the requirements of accounting law. Personal data will be stored for a period of: 5 years after termination of the relationship, 10 years for accounting records and 24 hours for CCTV records.
In any case, the information may be retained for a) a longer period when there is a legal or regulatory reason for doing so (in which case it will be deleted once it is no longer necessary for the legal or regulatory reason) or b) - a short period when the person objects to the processing of his / her personal data and there is no longer a legal reason to keep it.
Rights of clients, suppliers and counterparties of “Anvers Konstrukt” EOOD.
At any time, while storing or processing your personal data, you - customers, suppliers and counteparries (according to the terminology of the law - data subject) have the following rights:
• you have the right to request a copy of your personal data and the right to access your personal data at any time, including to request confirmation that the data relating to you is processed, to be informed about the purposes of such processing, the categories of data and about the recipients of the data as well as about the purposes of any processing of personal data relating to you;
• you have the right to request your personal data in a form that is convenient for transferring to another data administrator, or to request that we do so, without being hindered by us;
• you have the right to ask us to correct, without undue delay, inaccurate personal data as well as data that is no longer up to date;
• you have the right to request that your personal data be deleted in compliance with legal restrictions and requirements, and to limit their processing;
• you have the right to withdraw your consent to the processing of your personal data at any time by a separate request made to the administrator for cases where your personal data is processed on the legal basis of consent;
• you have the right to object to certain types of processing, such as direct marketing (unsolicited advertising);
• you have the right to complain when you believe that your rights as data subjects have been violated, which complaint can be addressed to your local data protection supervisor, namely: Commission for Personal Data Protection (www.cpdp.bg).
To exercise the above rights, please send a message / request to the company at the following email address: anvers07@abv.bg . The request / request must include all details about the data subject, the type of personal data, the purpose for which it was provided and any other information that will help the administrator locate and identify your personal data. The person, responsible for personal data may request additional information, including information relating to the identification of the subject, the type of personal data or the processing activities to which the request relates. You have the right to receive a response within 1 month of submitting the request (except in the case of a request for deletion of data when the controller is obliged to respond to you without undue delay), which may be extended to two months at the discretion of the person responsible for personal data.
Is your personal data being disclosed?
We do not share, transmit, distribute or disclose your personal information to third parties without your explicit consent, unless required by law or necessary to protect the rights and legitimate interests of our Company (after properly assessing whether they have precedence over your rights and interests), or necessary for the purpose of litigation. As a data administrator, we will do our best to ensure that your personal data is protected and treated as strictly confidential.
Contact us
If you have questions about this policy and your rights regarding your personal information, please contact us:
e-mail: anvers07@abv.bg;
tel.: 0887 639 936, contact person: Evtim Iliev
Data Protection Officer
Our main activities do not consist in large-scale processing of personal data, which, by its nature, scope and / or purpose, would require regular and systematic large-scale monitoring of the data subjects or large-scale processing of the specific categories of data and personal data regarding convictions and violations. In view of this, we have no obligation to appoint a Data Protection Officer.
If you need more information you can contact “Anvers Konstrukt ЕООD at the following address and phone number:
city of Plovdiv 12 “Kuklensko shose” blvd. fl. 2, office 5;
tel: 0887 639 936, contact person: Evtim Iliev.