PERSONAL DATA PROTECTION
PURPOSES
“S & I” collects and uses information for the following purposes:
- The performance of contract obligations toward the customer.
“S & I” processes customer personal data on the basis of the contract concluded between the customer and “S & I”. Customer personal data is held for a five-year period.
CUSTOMER RIGHTS
Each customer of the site has all rights related to the protection of personal data under Bulgarian and EU law:
- a right to information relating to the personal data processing by the access to one’s own personal data
- a right to rectify (in case of inaccurate information)
- a right to be forgotten
- a right to restrict the processing by the controller
- a right to data portability between administrators
- a right to complaint related to one’s own personal data
- a right to seek judicial or administrative redress in case of infringement of customer rights.
Customer may request data to be removed in case of availability of one of the following circumstances:
- customer withdraws consent to data processing and no other lawful basis applies to processing
- customer objects to data processing and no legal grounds for processing prevail
- illegal personal data processing
- to delete personal data in order to comply with a legal obligation under EU law
- personal data collection linked to information services for children upon the consent of the holder of parental responsibility
Customer has a right of restriction of his/her own personal data processed by the controller as follows:
- accuracy of personal data is disputed. In such a case processing restriction lasts as long as the controller verifies the accuracy of personal data
- processing is deemed unlawful, but customer disagrees over personal data deletion, and instead requires their use restriction
- controller no longer needs personal data for processing purposes, but customer requires its availability in order to serve the establishment, exercise or defence of legal claims
- customer objects processing while verifying the prevalence of controller’s legal grounds over customer interests
Right to Data Portability
Right to data portability enables the data subject to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where processing is based on consent or on a contract and is carried out by automated means.
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to Object
- Customers have the right to object to the controller the processing of their personal data. The controller of personal data shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where objection to personal data processing for direct marketing purposes is available, data shall no longer be processed.
Complaint to the Supervisory Authority
Every customer shall have the right to lodge a complaint to the Commission for Personal Data Protection against his or her illegally processed personal data.
OBLIGATIONS OF THE CONTROLLER OF PERSONAL DATA
The controller of personal data:
- processes data in accordance with the provisions for personal data protection performed in the regulation and shall be able to demonstrate this accountability;
- secures data protection by design and by default;
- notifies the supervisory authority and data subject of a security breach of personal data and shall document any security breach of personal data, comprising the facts relating to the breach, its effects and the remedial action taken;
- carries out impact assessment of data protection;
- takes technical and organisational measures necessary to ensure data security such as encryption and cooperation with the supervisory authority for personal data protection under the obligations stemming from the regulation;
- prepares and applies internal procedures on receiving, reviewing and responding to customer requests related to their rights as data subjects within one month.
KEEPING OF REGISTER
“S & I” shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information:
(a) the name and contact details of the controller;
(b) the purposes of the processing;
(c) a description of the categories of data subjects and of the categories of personal data;
(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;
(e) where possible, the envisaged time limits for deletion/erasure of the different categories of data;
(f) where possible, a general description of the technical and organisational security measures.
Processor of Personal Data
The controller of personal data shall use the services of processor of personal data, namely Windows OneDrive
Authorities responsible for activity monitoring
The authorities responsible for monitoring the activity of“S & I” are the Commission for Consumer Protection and the Commission for Personal Data Protection.
Contact details:
Commission for Consumer Protection:
- Website: https://kzp.bg/kontakti
- Tel: 0700 111 22
- Email: info@kzp.bg
- Adress: Sofia, 4A Slavejkov sq., fl. 3, 4, 6
Commission for Personal Data Protection:
- Website: https://www.cpdp.bg/
- Tel: 02/91-53- 518
- Email: kzld@cpdp.bg
- Adress: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
Dispute Resolution
The customers may utilize the European Online Dispute Resolution Platform, accessible at
http://ec.europa.eu/odr. This is a common platform provided to allow consumers and traders in the EU to resolve disputes without going to court.
The alternative dispute settlement between consumers and traders is an extra‐judicial conciliation procedure on voluntary basis.
The general conciliation committees assist in settling cases between consumers and traders disputing contracts for the sale of goods and service provision.