Here you can find information about the data protection policy processed in EUROBUL EOOD.
INFORMATION ON THE PROTECTION POLICY RELATED TO THE PERSONAL DATA BEING PROCESSED AT EUROBUL Ltd.,
in connection with Art. 13 and Art. 14 under Regulation (EU) 2016/679
1. Personal data controller
The trade company Eurobul Ltd., address: 102 Bulgaria Blvd. 2nd floor, office 20, e-mail: email@example.com, tel./fax: 02/8548000 (Personal data controller) processes the personal data of natural persons (data subjects) in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), the Personal Data Protection Act, and the Company policy on personal data protection.
According to the General Regulation, "personal data" shall mean any information relating to a natural person, through which it can be directly or indirectly identified. Personal data processing shall mean any operation or set of operations that can be performed on personal data by automatic or other means.
2. Natural persons whose personal data are being processed by the company
In connection with the services it provides, Eurobul Ltd. processes personal data regarding the following data subjects:
(a) Natural persons, contractors or potential contractors of the company – customers and suppliers of goods and services, respectively their employees.
(b) Staff – current and former employees of the company, as well as job applicants.
3. Purposes of processing
The Company processes personal data of its clients, including data of their employees, for the following purposes:
(a) Providing transport and logistics services, customs services and consulting in performance of a contract;
(b) Protecting legitimate interests of the company, including:
- Ensuring the proper functioning, maintenance and security of the company's website and IT systems;
- Providing communication with customers, including electronically;
- Enforcement and protection of the company's rights and legitimate interests, including through the court.
(c) Fulfilment of the Company’s legal obligations and execution of the instructions of competent state or judicial authorities.
4. Legal grounds for processing
The company processes personal data only if there is one of the alternative legal grounds under the General Regulation and in particular:
(a) Execution of a contract, including pre-contractual relations prior to its conclusion;
(b) Statutory obligations applicable to the Company;
(c) The company’s legitimate interests, in so far as they have an advantage over the interests or fundamental rights and freedoms of the data subjects;
(d) Freely expressed, explicit, informed and unambiguous consent of the data subject. The consent already granted may be withdrawn by the person at any time in the same manner as it has been granted.
5. Possible consequences if personal data are not provided
In case a client does not provide the required information, including the necessary personal data, the company will not be able to conclude a contract with such a client, it will not be able to provide the requested service, respectively.
6. Who shall be personal data delivered or disclosed to?
Personal data of the company's clients are provided to:
(a) Transportation companies and other suppliers and/or subcontractors for the purposes of a contract / application;
(b) Customers of forwarding services for the purposes of a contract/order;
(c) Customs and other public authorities for the purposes of a contract;
(d) Trade companies providing accounting services and information support to the Company's IT systems in their capacity of personal data processors;
(e) Other competent public authorities in fulfillment of an obligation stipulated under the Law.
7. Term of personal data storage
The personal data of the company’s contractors shall be kept/stored for 5 years after completion of the relevant contract in accordance with the general limitation period under the Obligations and Contracts Act.
The personal data contained in accounting documents shall be kept within the terms of Art. 12 under the Accountancy Act.
8. Personal data security
The Company applies all appropriate technical and organizational measures to ensure the security of personal data, including the explicit obligation of confidentiality undertaken by the employees.
9. Rights of data subjects
Any individual whose data are being processed by the company has the following rights:
- the right of access to his or her personal data, including to get a copy of them;
- the right to correct or supplement inaccurate or incomplete personal data;
- the right to delete personal data being processed without any legal grounds;
- the right to limit the processing – in case of a legal dispute between the company and the person until its resolution or for the purpose of establishment, exercising or protection of legal claims;
- the right of objection – at any time and on grounds relating to a particular situation of the person, provided that there are no compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or a lawsuit.
Pursuant to the Personal Data Protection Act, the aforementioned rights may be exercised by submitting a written application, on the spot, at the office of Eurobul Ltd. An application may also be electronically sent pursuant to the Electronic Document and Electronic Signature Act. The application shall be made personally by the data subject or by a person he/she has explicitly authorized.
10. Data subjects’ rights protection
In accordance with the Data Protection Act and Regulation (EU) 2016/679 (General Data Protection Regulation), any natural person who considers that his her right to protection of his or her personal data has been violated may appeal to The Personal Data Protection Commission at the following address: 1592 Sofia, 2 Prof. Tsvetan Lazarov Str.; website: www.cpdp.bg.