PRIVACY NOTICE OF 25 MAY 2018
With this Privacy Notice, TRANSPRESS LTD provides information on the methods of collection, use, share and protection of your personal data.
TRANSPRES LTD (hereinafter referred to as the Company) processes your personal data in accordance with the applicable legal provisions on personal data protection. The data is collected for specific, explicitly specified legitimate purposes, and after their achievement, it is not further processed in a manner inconsistent with these purposes. The provision of data is limited to what is required to achieve the purposes for which it is being processed ("data minimisation") and the data is kept updated. It is processed in a manner that ensures an appropriate level of security. Data is kept in good faith and within the statutory deadlines. All activities described herein comply with the General Data Protection Regulation (GDPR) 2016/679.
SUPERVISORY AUTHORITY: Commission for Personal Data Protection
Address: Sofia, postcode 1592, 2 Prof. Tsvetan Lazarov Blvd
It is important to read this notice carefully to understand how and why we use your personal information.
What does personal data mean?
The definitions used in this document comply with Article 4 of GDPR:
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sensitive personal information means personal data, which is inherently particularly sensitive to the fundamental rights and freedoms of data subjects, and which deserve specific protection, since the context of their processing could pose significant risks to the fundamental rights and freedoms. This personal data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, and biometric data used for unique identification of natural person, health data, or data on the sexual life of an individual or its sexual orientation.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Administrator means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
What are the principles of data processing which we apply?
According to the current data protection legislation, the applicable principles are:
- Principle of legitimacy, good faith and transparency in data processing;
- Principle of collecting data only for valid purposes that are not used in any other manner which is not compatible with these purposes;
- Principle of collecting data that is relevant and that does not go beyond the efforts made to achieve the objectives;
- Principle of collecting accurate and updated data;
- Principle of storing the data within a time limit no longer than that required for the purposes for which it is collected;
- Principle of reliable protection.
What information does the company collect?
The company collects only basic personal data for you which do not include special types of information. The personal information collected may include your name, your company name, address, e-mail address, telephone number, and other data required by the Accounting Act and other laws.
Why does the company process personal data?
The company collects your data on different types of grounds.
The company processes your personal data to fulfil its obligations as a party to a contract for sale of goods and services. Moreover, it processes your personal data to issue invoices, and to prepare a detailed report on consumption and services.
To fulfil its obligations, it may transfer your personal data to courier companies and financial / payment processing institutions (such as banks, payment service providers, etc.).
The company has legitimate interest in using this information for future marketing campaigns and to inform you of future projects.
In addition, the company will store the data relating to your payments and purchases to make sure that this information is available in case of formal proceedings, such as civil proceedings (for example, if the company is being sentenced to damages), administrative and criminal investigations (e. g. audit of the Revenue Agency), consumer claims, etc.
Video surveillance of the company commercial sites is performed in order to ensure our security against theft and other potential crimes.
How does the company protect data?
The company protects the security of your data in accordance with the applicable law for their protection. The company applies internal policies and controls to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and that it is available to employees only in performance of their duties.
When the company engages third parties to process personal data on its behalf, they do so on the basis of written instructions. These companies must meet the confidentiality requirements and implement appropriate technical and organisational measures to ensure data security.
However, you should keep in mind that the transmission of information over the Internet is never completely protected. Notwithstanding the fact that we do our best to keep our systems safe, we do not have full control of all processes related to, for example, the use of our website or the sending of confidential emails, and therefore we cannot guarantee the absolute certainty of your information transmitted over the Internet.
How long does the company store data?
The company will store your personal data only for the period it is required for and for which it is legally regulated. The appropriate period is determined depending on the personal data quantity, nature and sensitivity, potential risk of damage resulting from unauthorised use or disclosure of data to third parties, and applicable legal provisions.
Upon termination of customer relationship with the company, it will store your information in accordance with its policies and legal requirements and will destroy it in a safe manner after the period of retention described in a policy and specified in a law expires.
Disclosure of data to third parties
Sometimes, in order to provide the services you have requested from us, the company may share your personal information with external service providers. During technical support of information systems and operational support of the activity, the company may disclose personal data. Such data disclosure occurs only when there is good reason to do so and, on the basis of a written agreement with the recipients to provide an adequate level of protection. The company requires from all service providers with whom it shares your data to secure your personal data and to treat them in accordance with the law.
When delivering your ordered items, the company uses courier services and provides the personal delivery data you have specified to that end.
The company may disclose your personal data to law enforcement, government or public authorities in order to comply with all legal or regulatory requirements. The provision of your data to public authorities can only take place in the cases provided for by law and in a volume that does not exceed the purposes for which it is requested.
Commission for Personal Data Protection exercises legal control of the personal data processing and the company provides full access to the personal data registers kept by it if the legal conditions so require.
What are your rights as a data subject?
1. Right to access your personal data, enabling you to obtain a copy thereof.
2. Right to request for correction of incomplete or inaccurate personal data related to you.
3. Right to request for restriction on the processing of your personal data, enabling you to request for temporarily suspension of its processing.
4. Right to object to the processing of your personal data
5. Right to request for deletion of your personal data when there is no valid reason to continue its processing ("the right to be forgotten").
6. Right to request for transfer of your personal data to you or to a third party; this applies only to automated information for which you have originally consented that we may use it ("portability right").
7. Right to bring an action to the competent supervisory authority or to the court if your rights are violated or if you are a victim of unlawful processing of your personal data.
8. You may withdraw your consent to processing of your personal data at any time, notifying us at the address and contact email specified in the document without prejudice to the lawfulness of the processing.
If you decide to exercise any of these rights or if you have additional questions, please contact us at the following address: 5000 Veliko Tarnovo, 21 Bulgaria Str., entr. E, fl. 1 or by sending an email to: firstname.lastname@example.org .
If you believe that the company has not respected your data protection rights, you may bring an action to Commission for Personal Data Protection.
The company reserves the right to update at any time this notice, of which you will be notified through a publication on our website or in any other appropriate manner.