Policy for Exercising the Data Subjects’ Rights
Petar Mihaylov & Co. Ltd. is processing and protecting the personal data collected in the course of fulfillment of its activity in an honest and lawful way, always complying with the purposes for which the data are being collected.
The officers processing personal data for the purposes and with regards to the subject of activity of the trade company, for signing contracts for services and in fulfillment of the obligations thereof respect the following principles in the processing of personal data as part of their employment obligations:
- Personal data are processed in a lawful and conscientious manner
- Personal data are collected for specific, strictly defined and legitimate purposes, and are not additionally processed in a way incompatible with these purposes
- Personal data are accurate and are updated if necessary
- Personal data are deleted or corrected when they are found to be inaccurate or disproportionate to the purposes for which they are processed
- Personal data are kept in a form that permits the identification of the individuals concerned for a period no longer than the necessary for the purposes for which such data are collected
The employees processing personal data are initially and periodically trained for data privacy and are kept familiar with the applicable legislation.
DEFINITION OF TERMS
The terms stated below have the following meanings:
Personal data meansanyinformation relating to an identified natural person or natural person that can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more of the features specific to physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that individual.
Applicable law means the legislation of the European Union and the Republic of Bulgaria which is relevant to the protection of personal data.
Data subject means a natural person who can be identified, directly or indirectly, in particular by any identifier such as name, identification number, location data, online identifier or one or more features, specific for the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that individual.
Regulation(ЕU) 2016/679 means Regulation(ЕU) 2016/679 of the European Parliament and the Council of April27, 2016on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), published in the Official Journal of the European Union on May 4, 2016.
RIGHTS OF PERSONAL DATA SUBJECTS
The data subjects have the following rights regarding their personal data:
- access rights
- the right to rectification
- the right to data portability
- the right to erasure
- the right to delete (right to be forgotten)
- the right to request restriction of processing
- the right to file an objection of processing the personal data
- the right of the data subject not to be the subject of a decision based solely on automated processing no matter if such processing involves profiling or not
Upon request, Petar Mihaylov & Co. shall provide the following information to the data subject:
- information whether Petar Mihaylov & Co. Ltd. is processing or not the personal data of the individual
- a copy of the individual’s personal data processed by Petar Mihaylov & Co. Ltd.
- an explanation on the data processed
The explanation on the data processed shall comprise the following information:
- purposes of the processing
- the relevant categories of personal data
- recipients or categories of recipients to whom personal data are or will be disclosed
- where possible, the foreseeable period for which personal data will be stored and, if that is not possible, the criteria used to determine that period
- the right to request rectification or deletion of personal data or to limit the processing of personal data relating to the data subject or to file and objection against such processing
- the right to appeal to a supervisory body
- when personal data are not collected from the data subject, any available information about their source
The data processing explanation shall contain the information that Petar Mihaylov & Co. Ltd. submits to the data subjects by means of the Privacy Notice.
Upon request of the personal data subject, Petar Mihaylov & Co. Ltd. may provide a copy of the personal data that is being processed.
When providing a copy of personal data, Petar Mihaylov & Co. Ltd. should not disclose the following data categories:
- personal data of third parties, unless they have expressly agreed to do so
- data that constitute a trade secret, intellectual property or confidential information
- other information that is protected under the applicable law
Providing access to personal data subject cannot adversely affect the rights and freedoms of third parties or lead to a breach of a regulatory obligation of Petar Mihaylov & Co. Ltd.
Where access requests are clearly unfounded or excessive, especially because they are repeated in multiple occasions, Petar Mihaylov & Co. Ltd. may charge a reasonable fee based on the administrative costs made for providing the information or to refuse to respond to the request for access.
Petar Mihaylov & Co. Ltd. shall assess on a case-by-case basis whether a claim is clearly unfounded or excessive.
Upon refusal to provide access to personal data, Petar Mihaylov & Co. Ltd. shall advance arguments for its refusal and shall notify the data subject about her/his right to file a claim with the CPDP.
RIGHT TO RECTIFICATION
Data subjects may ask their personal data processed by Petar Mihaylov & Co. Ltd to be rectified if the latter are inaccurate or incomplete.
When a request of rectification of personal data is satisfied, Petar Mihaylov & Co. Ltd. shall notify the other recipients to whom the data have been disclosed (i.e. government bodies, service providers, etc.) so that they could reflect the changes.
RIGHT TO ERASURE(THE RIGHT ‘TO BE FORGOTTEN’)
Upon request, Petar Mihaylov & Co. Ltd. is obliged to delete personal data if one of the following reasons exists:
- personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- the data subject has withdrawn her/his consent on which the processing of the data is based, and there is no other legal basis for the processing;
- the data subject has made an objection to processing and there are no legitimate grounds for the processing to take precedence;
- the data subject has objected the processing of personal data for the purposes of direct marketing;
- personal data have been illegitimately processed;
- personal data should be erased in order to comply with a legal obligation of Petar Mihaylov & Co. Ltd.
- personal data have been gathered in connection with the provision of services to an information society of children pursuant to Article 8 (1) of Regulation (EU) 2016/679.
Petar Mihaylov& Co. Ltd. is not obliged to delete the personal data as far as their processing is necessary for:
- exercising the right to freedom of expression and the right to information;
- complying with a legal obligation of Petar Mihaylov & Co. Ltd.;
- reasons of public interest in the field of public health according to article 9, paragraph 2, items (h) and (i), and article 9, paragraph (3) of Regulation (EU) 2016/679;
- the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes according to article 89, paragraph 1 of Regulation (EU) 2016/679, inasmuch as the right of deletion is likely to make it impossible or seriously obstruct the achievement of the objectives of this processing;
- determining, exercising or defense of legal claims.
RIGHT TO RESTRICT THE PROCESSING
The data subject has the right to request a limitation of processing when one of the following applies:
- the accuracy of personal data is disputed by the data subject; the limitation of processing is applied for a period that allows the controller to verify the accuracy of the personal data;
- processing is illegal, however the data subject does not want the personal data to be deleted, but instead requires a limitation of use;
- Petar Mihaylov & Co. Ltd. no longer needs the personal data for processing purposes but the data subject requires them for determining, exercise or protection of legal claims;
- The data subject has objected to the processing on the grounds of the legitimate interest of Petar Mihaylov & Co. Ltd. and there is an ongoing verification whether the legal grounds of the controller have priority over the interests of the data subject.
Petar Mihaylov & Co. Ltd. may process personal data the processing of which is limited only to the following purposes:
- for storing the data;
- with the consent of the data subject;
- to determine, exercise and protect legal claims;
- to protect the rights of another individual;
- on important grounds of public interest.
When a data subject has asked a limitation of the processing and if any of the above reasons is available, Petar Mihaylov & Co. Ltd shall notify her/him before the processing restriction is lifted.
RIGHT TO DATA PORTABILITY
The data subject is entitled to receive the personal data concerning her/him, and which she/he has provided to Petar Mihaylov & Co. Ltd. in a structured, widely used and machine readable format.
Upon request, these data may be transferred to another controller designated by the data subject when this is technically feasible.
The personal data subject may exercise the right to portability in the following cases:
- when processing is based on the consent of the data subject;
- processing is done on the basis of a contractual obligation;
- processing is performed in an automated manner.
The right to portability cannot adversely affect the rights and freedoms of others.
RIGHT OF OBJECTION
The data subject has the right to object to the processing of his or her personal data by Petar Mihaylov & Co. Ltd. if the data are processed on any of the following grounds:
- processing is necessary for the performance of a task of public interest or in the exercise of official authority conferred on the controller;
- the processing is necessary for purposes related to the legitimate interests of Petar Mihaylov & Co. Ltd. or a third party.
Petar Mihaylov & Co. Ltd. shall terminate the processing of the personal data unless it proves that there are convincing legal grounds to continue doing it which take precedence over the interests, rights and freedoms of the data subject or to determine, exercise or defend legal claims.
RIGHT TO MAKE AN OBJECTION AGAINST PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING
When personal data are processed for the purposes of direct marketing, the data subject is entitled at any time to object to the processing of personal data for that purpose, including with regards of profiling related to direct marketing.
When the data subject opposes processing for direct marketing purposes, the processing of personal data for these purposes is terminated.
RULES FOR EXERCISING THE RIGHTS OF PERSONAL DATA SUBJECTS
Personal data subjects may exercise the rights under this Policy by submitting a request for exercising the applicable right.
Requests to exercise the rights of data subjects may be submitted in the following way:
By e-mail to the following email address: firstname.lastname@example.org
On-site in the office of Petar Mihaylov & Co. Ltd.
By mail at the address of the office of Petar Mihaylov and Co. Ltd.: Sofia, 110, Iztochna Tangenta Str., 1592 Sofia.
The request for exercising the rights relating to the protection of personal data should contain the following information:
Identification of the person – name and unified identification number
Contacts for feedback – address, telephone, e-mail
Application – description of the request
Petar Mihaylov & Co. Ltd. shall provide information on the actions taken in connection with an application to exercise the rights of the entities within one month from the date the application is received.
If necessary, this period may be extended further by two more months, taking into account the complexity and number of requests from a particular person. Petar Mihaylov & Co. Ltd. shall notify the person of any such extension within one month from the receipt of the request, indicating the reasons for the delay.
Petar Mihaylov & Co. Ltd. is not obliged to respond to a request if it is not able to identify the data subject.
Petar Mihaylov & Co. Ltd. may ask for the provision of additional information necessary to confirm the identity of the data subject where there are reasonable concerns about the identity of the natural person submitting the request.
Where the request is made by electronic means, the information shall, if possible, be provided by electronic means, unless the data subject has requested otherwise.
This Policy is adopted by Order of the CEO of Petar Mihaylov & Co. Ltd. and shall enter into force on May 25, 2018.
With this Privacy Notice PETAR MIHAYLOV & Co. Ltd. gives notification on how the personal data provided to him are collected, used, shared and protected.
PETAR MIHAYLOV & Co. Ltd. is processing personal data in a lawful, conscientious and transparent way. They are collected for specific, explicitly stated and legitimate purposes and are not further processed in a way incompatible with these purposes. Personal data are appropriate and relevant, as well as limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’), they are accurate and up-to-date. They are processed in a way that ensures an adequate level of security of personal data. They are kept in good faith and in accordance with the statutory deadlines.
For the purposes of this notification, “personal data” means any information relating to an identified natural person or natural person that can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the physical, physiological, genetic, psychical, mental, economic, cultural or social identity of that individual.
1.Purposes for which personal data are usedby PETAR MIHAYLOV & Co. Ltd.:
- Personal data are used for the purposes and the subject of activity of the company, namely:
- In connection with the sale of consumables and materials for the furniture, interior and exterior industry
- Implementation of legislative requirements, including avoidance of conflicts of interest, corrupt practices and obligations under Bulgarian Law
- In connection with the conclusion of other contracts and on the occasion of its commercial relations – accompanying and related to the subject of activity of the company.2. The company is processing the following types of personal data:
- Given names and surname
- Unified citizen’s number
- Contacts: e-mail, address and telephone number
- Address: domicile or actual residence3. When providing a copy of personal data Petar Mihaylov & Co. Ltd. cannot disclose the following data categories:
- Third parties’ personal data unless they have expressly agreed to do so
- Data constituting a trade secret, intellectual property or confidential information
- Other information that is protected under the applicable law4. If there is a denial to provide the personal data requested or in case it is impossible to do so, Petar Mihaylov & Co. Ltd. has the right to refuse to conclude a contract or to terminate an already concluded one.
5. The terms established for storing personal data are as follows:
- Personal data collected in connection with the sale of consumables and materials for the furniture, interior and exterior industry are kept by Peter Mihaylov & Co. Ltd.for 1 (one) year from their delivery and the expiry of the warranty period of the consumables/materials.
- Personal data collected in connection with the conclusion of another contract are kept for 5 (five) years once the calendar year in which the contract expires is over provided that there are no judicial and/or other claims. In the case of court and/or other claims, the retention period is 3 (three) years after their completion. In some cases, when the processing is legally justified and by decision of the relevant body, this type of information may be stored for up to 7 (seven) years.6. The personal data obtained are required with regards to the contracts signed with Petar Mihaylov & Co. Ltd. or any other business relations, and same are processed and kept legitimately and in good faith with the consent of the personal data subject and in fulfillment of the obligations of Petar Mihaylov & Co. Ltd. under the contracts concluded.
The personal data collected on the above grounds are used only for the purposes stated in this privacy notice or for additional compatible purposes in line with the Law.
7. The personal data collected may be provided to any government authority in connection with its activity and competencies, as follows:
- National Revenue Agency (NRA): upon request, in compliance with the statutory obligations and following the procedure established by Law
- State Agency for National Security (SANS): in the cases provided by the Measures Against Money Laundering Act
- Judiciary bodies: The Judiciary Act provides for a general obligation of legal entities to assist and cooperate with the judiciary authorities in exercising their powers. Petar Mihaylov & Co. Ltd. provides personal data also in connection with legal proceedings brought by and against the Company
- Ministry of Interior (MoI):The Ministry of Interior Act stipulates a general obligation for all entities to provide assistance and to comply with the instructions of MoI authorities upon request and with regards to the statutory obligations, following the procedures defined by Law
- Personal Data Protection Commission (PDPC): upon request, in connection with undergoing specific proceedings or inspections, in compliance with the procedures established by Law
- Commission for Protection against Discrimination: upon request, in connection with undergoing specific proceedings or inspections, in compliance with the procedures established by Law
- Commission for Protection of Competition: upon request, in connection with undergoing specific proceedings or inspections, in compliance with the procedures established by Law
- Other state or local government bodies: only if there are legal grounds to proceed in such a way and once the data subject is notified
8. In addition to public authorities in connection with their statutory duties, the personal data collected may also be provided to:
- Service providers (consultants, experts, appraisers, lawyers). Such disclosure only occurs when there is a good reason to do so, and on the basis of a written contract securing that the recipients should provide an adequate level of protection
- Lawyers or law firms/companies in connection with lawsuits filed by or against Petar Mihaylov & Co. Ltd.
- In any other cases provided by Law.9. Any data subject is entitled:
- To obtain confirmation from Petar Mihaylov & Co. Ltd. for the processing of the personal data related to it
- To ask Petar Mihaylov & Co. Ltd. for access to the personal data related to it, as well as to obtain a copy thereof
- To ask Petar Mihaylov & Co. Ltd. to provide the personal data related to it to another controller
- To ask Petar Mihaylov & Co. Ltd. the personal data related to it to be corrected or deleted
- To ask Petar Mihaylov & Co. Ltd. to restrict the processing of personal data related to it
- To withdraw its consent for processing of its personal data at any time thus not affecting the legal processing of the data so far
- To file with Petar Mihaylov & Co. Ltd. any objection related to violated right to protection of the personal data related to it
- To file with the supervisory body a plea regarding infringed right of personal data protection concerning the data related to it10. Petar Mihaylov & Co. Ltd. does not apply automated decision-making and profiling.
Requests, inquiries and objections shall be filed in writing at the management address of Petar Mihaylov & Co. Ltd.: 110 Iztochna Tangenta Street, 1592 Sofia.
You can become familiar with the website cookies and other technologies for storing information in regard to the services offered onwww.master-profil.com. With the following, company Petar Mihaylov & Co. Ltd. provides information in regard to the means of gathering, using, sharing and protecting provided information via the website of the company in accordance with the new requirements of Regulation (EU) 679/2016.
Cookies are information stored on browser. They are used for storing settings and identifiers, that are required for some of the services provided on the website. These files allow for the user to be identified and the website to adjust according to the user’s preferences. Cookies usually contain the name of the website, the duration for which they are stored on the computer of the user, and a unique number.
Cookies are used for the following purposes:
|What is it?
|Session and navigation controls (session identifier, session security, back button functionality etc)
|Temporary (temporary files, which are generated in the user device until he leaves the website or the correspinding application (for web browsing)
|These cookies are necessary for entering the website, navigation controls, and using the website. The website cannot function normally and safely without them.
Cookies are used to adapt website content to user preferences in order to optimize the website behavior. They are also used for creating general anonymous statistics, which helps find out how a user is using a website, which consequently helps for the website’s better structure and content, while having to access to personal user information.
Do cookies contain personal information?
Personal information accumulated via cookies could be used only for performing certain operations for the user.This information is encrypted in a way that makes access to it impossible from unauthorized parties.
Cookies browser settings
Browser settings could be used to delete or block receiving cookies on behalf of certain or all websites. Detailed information for the various cookies settings could be found in the settings section of the web browser.
Limiting or blocking cookies could affect some functionalities of the website.
Requests, inquiries and objections shall be filed in writing at the management address of Petar Mihaylov & Co. Ltd.: 110 Iztochna Tangenta Street, 1592 Sofia or by email: email@example.com.