- Introduction
- This data protection policy regulates how FROMVOULEVS Ltd. collects, processes and stores personal data in accordance with the requirements of the “General Regulation on Data Protection” – Regulation (EU) 2016/679, the Personal Data Protection Act of Republic of Bulgaria and other normative Bulgarian or international acts.
- The confidentiality of information about our users is a top priority for us. FROMVOULEVS Ltd. in its capacity of controller of personal data and in accordance with the legislation and good practices applies the required technical and organizational measures for protection of personal data of individuals.
- This policy provides information on how and what types of personal data we collect from and about you, why we need it, to whom it may be provided or disclosed, and how it is protected. Please read them carefully. By providing your personal data to FROMVOULEVS Ltd., whether electronically or on paper, you accept and agree to the practices described in this Privacy and Privacy Policy. If you have any questions regarding this policy, please contact the Human Resources Officer, and if you do not agree with some of the terms of the privacy policy, we do not recommend using products and services provided by FROMVOULEVS Ltd., for which it is mandatory to provide your personal data. Your personal data will be provided to the courier companies Speedy and Econt for the needs of delivery of goods to your address.
- Information about FROMVOULEVS Ltd. in its capacity of Personal Data Administrator. In connection with the processing of your personal data, you can contact us at the following contacts: Identification of the Personal Data Administrator: Name: FROMVOULEVS Ltd. Country: Bulgaria Address: city of Sofia, postal code: 1505, 10 Marritsa Str telephone: 02 – 9433167; e-mail: gdpr@fromvoulevs.com; website: https://gdfilament.com
- Any information regarding the processing of your personal data can be obtained from:
- Address: country – Bulgaria, Sofia city;
- postal code: 1505;
- Maritsa Street № 10;
- telephone: +359 2 9433167;
- e-mail: gdpr@fromvoulevs.com
If you believe that we are infringing your rights regarding the processing of your personal data and in accordance with the requirements of the “General Data Protection Regulation” – Regulation (EU) 2016/679 you have the right to lodge a complaint with the supervisory authority and seek judicial protection as follows:
- Right of appeal to a supervisory authority Pursuant to Article 14 (2) (e)
If you wish to lodge a complaint about the processing of your personal data by us or about the way we have handled your complaint, you have the right to lodge a complaint with the Data Protection Commission and the Data Protection Officer (if such is available).
You can file a complaint in one of the following ways: In person on paper in the office of the CPDP at: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov “№ 2. By letter to the address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., Commission for Personal Data Protection. By fax to the address: +359 2 9153525. By electronic way the e-mail address of the CPDP (kzld @ cpdp.bg). In this case, your complaint must be in the form of an electronic document signed with an electronic signature (not scanned). Through the CPDP website at https://cpdp.bg/?p=pages&aid=6 in the manner described on the respective page. In this case, your complaint must be in the form of an electronic document signed with an electronic signature. In each of these cases, the complaint should contain: details of the complainant – names, address, contact telephone number, e-mail address (if any), nature of the complaint, other information and documents that you consider relevant to the complaint and signature (for electronic documents – electronic, for paper documents – handwritten) CPDP provides a complaint form to the Commission (for assistance and guidance of citizens) in connection with misuse of personal data in the lists of voters supporting the registration of political entities. The form can be downloaded from the following page: https://cpdp.bg/userfiles/file/Documents_2017/Forma_jalba_politicheski subekti.doc.
- Plea
- This Privacy Policy (“Policy”) is issued on the basis of the Personal Data Protection Act and its bylaws (“Bulgarian legislation”) and the General Regulation on Data Protection – Regulation (EU) 2016 / 679 (“GDPR”).
- Bulgarian legislation and the GDPR provide rules on how FROMVOULEVS Ltd. must collect, process and store personal data.
- In order for the processing of personal data to be in accordance with the legal requirements, the personal data are collected and used lawfully, the necessary security of the processing operations is ensured and FROMVOULEVS Ltd. has taken the necessary measures to prevent the processing of personal data. . According to the basic principles observed by FROMVOULEVS Ltd., your personal data are:
- processed lawfully, in good faith and in a transparent manner with regard to the data subject (“lawfulness, good faith and transparency”);
- collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (“limitation of objectives”);
- appropriate, related to and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
- accurate and kept up to date; FROMVOULEVS Ltd. has taken all reasonable measures to ensure the timely deletion or correction of inaccurate personal data, taking into account the purposes for which they are processed (“accuracy”);
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed; (“Storage restriction”);
- processed in a way that ensures an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures (“integrity and confidentiality”);
- FROMVOULEVS Ltd. is responsible and is able to prove that it complies with the basic principles related to the processing of personal data (“reporting”).
- Policy Objectives
- With the adoption and implementation of the current policy of FROMVOULEVS Ltd. according to the Bulgarian legislation and Regulation (EU) 2016/679 the rules regarding the protection of individuals in connection with the processing of personal data and the rules regarding the free movement of personal data.
- With the current policy FROMVOULEVS Ltd. wants to guarantee:
- Legality of the processing of personal data performed by FROMVOULEVS Ltd.;
- The rights of individuals subject to personal data under Regulation (EU) 2016/679;
- Compliance with the requirements of the regulation to FROMVOULEVS Ltd. in its capacity of Administrator and / or Processor, including:
- Data protection at the design stage and by default Registers of processing activities Appropriate technical and organizational measures shall be reviewed and, if necessary, updated Risk assessment measures related to the processing of personal data Compliance with the requirements for outsourcing the processing of your personal data to third parties (Processors) The obligations of the officials processing personal data and / or the persons who have access to personal data and work under the direction of the processors of personal data, their responsibility in case of non-fulfillment of these obligations;
- Taking into account the achievements of technical progress, implementation costs and the nature, scope, context and objectives of processing, as well as risks of varying probability and severity for the rights and freedoms of individuals, FROMVOULEVS Ltd. in its capacity of Administrator and / or The processor shall apply appropriate technical and organizational measures to ensure a level of security appropriate to this risk.
- Ensures compliance with the basic principles when transferring personal data to third countries or international organizations outside the EU
- Scope
Definitions:
- “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
- “Processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing, disseminating or otherwise making the data accessible, arranging or combining, restricting, deleting or destroying it;
- The data protection policy applies to the processing of personal data of users, employees, where they have become known to partners and suppliers, as described in the registers of processing activities established in accordance with Article 30 of the General Regulation. on data protection – Regulation (EU) 2016/679 (“Registers of processing activities”).
- Purposes of personal data processing
- In accordance with the requirements of Section I – Transparency and conditions of the General Regulation on Data Protection – Regulation (EU) 2016/679 FROMVOULEVS Ltd. provides transparent information, communication and conditions for exercising the rights of data subjects under Article 12 of the Regulation.
- The purposes and information regarding the processing of personal data are set out in the documents provided to data subjects “Information on the processing of personal data during collection” (D_A13_EN) and “Information provided upon receipt of personal data” (D_A14_EN).
- Transparency. Rights of the persons whose data are processed by FROMVOULEVS Ltd.
Information about your rights related to the processing of personal data Pursuant to Article 14 (2) (c) | ||
Right | The basis | Description of the right |
Right of access | Article 15 | Right of confirmation for processing and access to your personal data. |
Right of adjustment | Article 16 | Correct inaccurate or incomplete personal data. |
Right to delete | Article 17 | Request the deletion of your personal data. |
Right to limit processing | Article 18 | Require restrictions on the processing of your personal data. |
Obligation to notify | Article 19 | Require to be notified of any action related to correcting, deleting or restricting processing. |
Right to object | Article 21 | To object at any time to the processing of your personal data: for the performance of a task in the public interest or on the basis of official authority, or for the purposes of legitimate interests, including profiling. processing for the purposes of direct marketing processing for the purposes of scientific or historical research or for statistical purposes. |
Right to refuse automated processing | Article 22 | You have the right to refuse to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for you or concerns you significantly. |
Right of portability | Article 20 | You have the right to receive personal data. |
Right of appeal and effective judicial protection | Articles 77, 78 и 79 | You have the right to file a complaint to the Commission for Personal Data Protection in violation of Regulation (EU) № 2016/679 of 27 April 2016 and the right to effective protection against the CPDP, the controller or processor of your personal data. |
Right to compensation | Article 82 | You are entitled to compensation for material or non-material damage suffered as a result of a breach of Regulation (EU) № 2016/679. |
For data of partners or suppliers, as described in the registers of processing activities) have the right to exercise their rights as follows:
How to exercise your rights | |||||
On the spot | In Internet | ||||
Address: | “Maritsa” street № 10 | telephone: | +359 2 9433167 | website | https://gdfilament.com/ |
City / Village: | Sofia | Телефон (SMS): | +359 2 9433167 | e-mail: | office@gdfilament.com |
- Transfer of personal data to third countries or international organizations
- The transfer of personal data that are processed or intended for processing after the transfer to a third country or to an international organization outside the EU is carried out by FROMVOULEVS Ltd. only under the General Regulation on Data Protection – Regulation (EU) 2016/679 , subject to the conditions set out in Chapter V of the Regulation.
- FROMVOULEVS Ltd. applies all provisions of the regulation so as not to jeopardize the necessary level of protection of individuals provided by the regulation.
- In case FROMVOULEVS Ltd. will transfer personal data to a third country or an international organization outside the EU, this transfer is made in accordance with the “Procedure for data transfer outside the EU” (P_A44_EN), and data subjects are notified in advance. with “Information for the processing of personal data on collection” (D_A13_EN) and “Information provided on receipt of personal data” (D_A14_EN), requiring their “Consent to the transfer of personal data” (D_A49_EN).
- Violations and Notification of Violations
- “Violation of the security of personal data” means a breach of security that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed by FROMVOULEVS Ltd.
- In the event of a breach of personal data security, the following should be notified immediately:
Contact details of the Data Protection Officer According to Article 14 (1) (b) | |||
Name: | Country: | ||
Address: | Telephone: | ||
City / Village: | e-mail: | ||
Postal code: | Website: |
- In the event of a breach of personal data security which is likely to jeopardize the rights and freedoms of individuals without undue delay and, where practicable, no later than 72 hours after learning of it, FROMVOULEVS Ltd. notifies the Commission for Personal Data Protection of the violation.
- In case a specific violation poses a risk to the rights and freedoms of individuals, FROMVOULEVS Ltd. takes measures to notify the affected persons in order to minimize possible adverse effects.
- FROMVOULEVS Ltd. takes action according to “Procedure for breach of personal data security” (P_A33_EN).
- Destruction
- FROMVOULEVS Ltd. follows “Procedure for destruction of personal data” (P_A17_BG_01).
- FROMVOULEVS Ltd. has the right to make changes in the privacy policy and to update it, amending and supplementing the personal data protection policy at any time in the future, when the circumstances so require.