Effective from 2022
I. General information about the Administrator and processing
1. Personal data administrator
Evrobul Company Ltd., with UIC: 040957193, with address: Sofia, 102 Bulgaria Blvd., 2nd floor, office 20, e-mail: firstname.lastname@example.org, tel./fax: 02/8548000 (“Data Controller”) processes personal data of individuals (“data subjects”) in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR), the Personal Data Protection Act and The company’s data protection policy.
If you have any questions, need additional information or suggestions related to the processing of personal data or their protection, you can contact us at the above coordinates.
This policy will provide information on:
EVROBUL Ltd. processes the personal data related to you lawfully, in good faith and in a transparent manner, making significant efforts to ensure an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage to your data. For this purpose, the company applies appropriate technical and organizational measures.
2. Natural persons whose personal data are processed by the company
In connection with the services provided by him, EVROBUL Ltd. processes personal data concerning the following data subjects:
(a) Natural persons, contractors or potential contractors of the company – customers and suppliers of goods and services, respectively their employees.
(b) Staff – current and former employees of the company, as well as job applicants.
(c) Natural persons submitting requests, requests and any other documents to EVROBUL Ltd. (including applications for exercising the rights and electronic communications provided for in Articles 15-22 of the Regulation).
(d) Visitors to the company’s website: https: // www. evrobul.com/.
The administrator does not process personal data of persons under 14 years of age. If you find such processing, please inform us immediately so that we can take the necessary action.
II. Terms used and their meaning
For the purposes of this policy, the terms used in it have the following meanings:
Terms not defined in the text above have the meaning given to them in Regulation (EU) 2016/679.
III. Categories of data, purposes of processing, legal bases and retention periods
The processing of personal data for the purposes of human resources management, incl. of personnel selection and processing of personal data of current and former employees of EVROBUL Ltd, the Policy of the personal data protection company with which the respective persons are acquainted is described in detail, in view of which this category of data subjects will not be covered by current policy.
Except in respect of its employees on the basis of a legal obligation, EVROBUL Ltd. does not process personal data included in the scope of special categories of personal data, namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data solely for the purpose of identifying an individual, health data or data on the individual’s sexual life or sexual orientation.
1. Personal data received from the subject (described in the table below)
|Category of subjects||Categories and types of personal data||Purpose of processing||Grounds and storage period|
|Data on your physical identity (for concluding contracts with individuals ): three names, PIN / PIN, etc. identifier, passport data, address, telephone, e-mail; For contractors – legal entities : three names of the legal representative of the company, two names of the contact person under the contract, e-mail and telephone, respectively. data on his social identity: place of work and position;||1. Individualization of the legal relations with the respective persons;
2. Information support of activities related to the existence, amendment and termination of legal relations and preparation of all types of documents in this regard (contracts, protocols, invoices, etc.);
3. Making correspondence related to the fulfillment of contractual obligations;
4. Fulfillment of the normative requirements of the Commercial Law, the Accounting Act, the Corporate Income Tax Act, etc.
|Under items 1 – 3: Conclusion or execution of a contract according to art. 6, § 1, letter “b” of the Regulation; Term : up to 5 years from the termination of the contractual basis;
Under item 4: Legal obligation according to art. 6, § 1, letter “c” of the Regulation; Term: depending on the respective obligation: e.g. Art. 12, para. 1 of the LSA.
|Visitors to the website using the contact form, online application forms or direct inquiries to the company’s email;
Other persons making inquiries and initiating correspondence;
|Information about your physical identity: two or three names; Contact details
: telephone and / or email address. Other information that you provided in your inquiry ( which cannot be identified in advance ).
|Processing the inquiry and providing an answer and assistance in connection with the subject of the correspondence; In certain cases – clarification of contractual relations;||Pre-contractual relations – art. 6, § 1, letter “b” of the Regulation
Legitimate interest – art. 6, § 1, letter “e” of the Regulation
Term : Up to 1 year, unless the correspondence concerns pre-contractual relations;
|Persons exercising their rights under the Regulation, as well as persons affected by a security breach||Information about your physical identity: three names, PIN / PIN or other similar identifier;||Fulfillment of normatively established obligations in accordance with Regulation (EU) 2016/679 and LPPD.||Legal obligation according to art. 6, § 1, letter “b” of the Regulation; Deadline : 5 years from the last action taken.|
In case the statutory term for a specific type of documents is longer than the one indicated in the table above, the administrator shall apply the statutory term. If you wish to receive information about the retention period of a specific document, do not hesitate to contact us at the coordinates specified in this policy.
The company does not implement or use technologies for automated decision making or profiling .
After the expiration of the deadlines for processing personal data, they shall be anonymized or deleted / destroyed, unless:
More information about the cookies used at https: // www. evrobul.com/, you can find at https://evrobul.com/politika-za-biskvitkite/
3. Possible consequences if personal data are not provided
In case the client does not provide the required information, including the necessary personal data, the company will not be able to conclude a contract with him, respectively will not be able to provide the requested service.
IV. To whom personal data is transferred or disclosed
The personal data of the company’s clients are provided to:
(a) Transport companies and other suppliers and / or subcontractors for the purposes of the contract / application;
(b) Clients of forwarding services for the purposes of the contract / application;
(c) Customs and other public authorities for the purposes of the contract;
(d) Companies providing accounting services and information support of the company’s IT systems, as processors of personal data;
(e) Other competent public bodies in fulfillment of an obligation provided by law.
V. Security measures for personal data
The company implements all appropriate technical and organizational measures to ensure the security of personal data, including an explicit commitment by employees to confidentiality.
VI. What rights do you have and how to exercise them
In case EVROBUL Ltd. processes your data, you have
the following rights:
1. Right of access
You have the right to receive confirmation that we are processing personal data related to you. In the event that we process such data, we will provide you with a copy of the data as well as the following information:
In the event that the documents containing personal data about the subject contain personal data of other persons, they will be deleted in an appropriate manner.
2. Right of correction
You have the right to request that we correct the personal data we process about you in the event that it is inaccurate. In case you want us to supplement your personal data, we will need to submit a declaration / application containing the relevant information.
Once we receive your request, we will correct / supplement the data as soon as possible.
3. Right to be erased (so-called right to be forgotten)
You have the right to request the deletion of personal data related to you, which will be deleted when any of the following grounds apply:
Even if any of the hypotheses described above exist, we will not delete your personal data when processing is necessary for:
4. Right to restrict processing
You have the right to ask us to restrict processing when one of the following applies:
The controller will inform any person to whom data have been disclosed that have been corrected, deleted or restricted, except in cases where this is not possible or requires a disproportionate effort. If you wish, we will let you know who these people are.
5. Right of portability
You have the right to receive the personal data you have provided to us in a structured, widely used and machine-readable format, as well as to request that we transfer them to another administrator of your choice. In order to take such action, the following two prerequisites must be met:
6. Right of objection
You have the right to object to the processing of your personal data when it is based on:
We will stop processing your data immediately if we are unable to prove that there are compelling legal grounds for processing that take precedence over your interests, rights and freedoms, or for establishing, exercising or defending legal claims.
When we process for marketing purposes, we will stop processing your data as soon as we process your request.
7. Right to withdraw consent
When the processing of your data is based on consent, you have the right to withdraw the consent given at any time by notifying us to the specified contacts.
How to exercise the rights described above?
1. If you wish to exercise any of your rights, please download the application HERE and fill in the required information. The application is designed for your convenience, but is not required.
If you prefer, you can also send us a request in free form, which must contain the following information:
2. Please send your application in one of the following ways:
Where the application is submitted by an authorized person, a power of attorney must be attached .
3. After reviewing your application , we will analyze its content and, if necessary, ask for additional information. You will receive information about its processing within one month of sending it in the manner specified by you as preferred for communication.
4. In case you need assistance in filling out the form we offer, you can contact us at the contact details provided in this policy.
You should keep in mind that EVROBUL Ltd. may refuse to fully or partially satisfy any of the rights described above, where the satisfaction of them would pose a risk to public order and security, the prevention, investigation, detection or prosecution of crimes or the execution penalties imposed, including the prevention of and prevention of threats to public order and security, other important objectives of general public interest and in particular an important economic or financial interest, including monetary, budgetary and fiscal matters, public health and social security, the data subject or the rights and freedoms of others or the enforcement of civil claims.
In addition to the rights described above, you have the opportunity to:
1. File a complaint with a supervisory authority
Every data subject has the right to lodge a complaint with a supervisory authority if he / she considers that the processing of personal data concerning him / her violates the provisions of the Regulation or the LPPD. If the subject has a place of work or habitual residence in the Republic of Bulgaria, as well as when the violation was committed in the Republic of Bulgaria, the latter should refer to the Commission for Personal Data Protection (CPDP) within 6 months of learning of the violation. – no later than 2 years from its implementation, by submitting a complaint by letter, fax or electronically by the order of ZEDEUU.
Following the entry into force of the Regulation, personal data subjects may also lodge complaints with other supervisory authorities in the territory of the European Union, where this is provided for in the Regulation.
2. File an appeal with the competent administrative court
Without prejudice to your right to appeal to the CPDP, described in item 1, you have the opportunity to appeal to the competent administrative court when you believe that your rights under the Regulation / LPPD have been violated as a result of the processing of your personal data. .
3. Right to compensation and liability for damages
In case you have suffered material or non-material damages as a result of violation of the Regulation, you have the right to receive compensation from the administrator for the damages.
VII. Information about the supervisory authority
In accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 (General Data Protection Regulation), any natural person who considers that his right to protection of personal data has been violated may lodge a complaint by Commission for Personal Data Protection at the address: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2, website: www.cpdp.bg.
VIII. Social media