INFORMATION REGARDING THE PROTECTION POLICY PROCESSED IN Art Fines IN RELATION TO ARTICLE. 13 and Art. 14 of EU Regulation 2016/679
1. Personal data administrator
Art Fines with address:Sofia, 22, Shandor Petiofi, str., E-MAIL: firstname.lastname@example.org, tel./fax: +359878677253 (Personal Data Administrator) processes personal data to individuals (data subjects) in accordance with Regulation (EC) 2016/679 General Data Protection Regulation) (GDPR) and the Personal Data Protection Act.
According to the General Regulation, "personal data" means any information relating to a natural person through which it can be directly or indirectly identified. Processing of personal data is any operation or set of operations that can be performed on personal data by automatic or other means.
2. Natural persons whose personal data are processed by the company
In connection with the provided by the company, it processes personal data about the following data subjects:
- Natural persons, contractors or potential contractors of the company - customers and suppliers of goods and services, respectively their employees.
3. Targets of processing
The Company processes personal data to its clients, including their employees, for the following purposes:
(a) Provision of technical and digital services in performance of a contract;
(b) Protecting the legitimate interests of the company, including:
- Ensuring the normal functioning, maintenance and security of the company's systems;
- Providing communication with customers, including electronically;
- Enforcement and protection of the company's rights and legitimate interests, including by court order.
(c) Enforcement of the legal obligations of the company and execution of the ordered state or judicial authorities.
4. Legal grounds for processing
The company processes personal data only if there is one of the alternative legal bases under the General Regulation and in particular:
(a) Execution of a contract, including pre-contractual relations prior to its conclusion;
(b) Statutory obligations applicable to the Company;
(c) The legitimate interests of the company, in so far as they have an advantage over the interests or fundamental rights and freedoms of the data subjects;
(d) Freedom of expression, in particular, informed and unambiguous consent of the data subject. The consent already granted may be withdrawn by the person at any time in the same manner as it was granted.
5. Possible consequences if personal data is not provided
In case the client does not provide the required information, including the necessary personal data, the company will not be able to conclude a contract with the client or will not be able to provide the requested service.
6. To whom is the personal data transmitted or disclosed?
The personal data of the company's clients are provided to:
- Commercial companies providing accounting services and information support to the IT systems of the company as processors of personal data;
- Other competent public authorities in fulfillment of an obligation provided by law.
7. Shelf life of personal data
The personal data of the contractors of the company are kept for 5 years from the conclusion of the respective contract in accordance with the general limitation period under the Obligations and Contracts Act.
The personal data contained in the accounting documents shall be kept within the terms of art. 12 of the Accountancy Act.
8. Personal data security
The Company applies all appropriate technical and organizational measures to ensure the security of personal data, including the explicit obligation of the employees to confidentiality.
9. Rights as data subjects
Any individual whose data is processed by the company has the following rights:
- the right of access to his or her personal data, including a copy of them;
- the right to correct or supplement inaccurate or incomplete personal data;
- the right to delete personal data processed without a legal basis;
- the right to limit the processing - in the case of a legal dispute between the company and the person until its resolution or the establishment, exercise or protection of legal claims;
- the right of objection - at any time and on grounds relating to the particular situation of the person, provided that there are no compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or trial.
Pursuant to the Personal Data Protection Act, the aforementioned rights may be exercised by submitting a written application on site at the COMPANY office. An application may also be made electronically in accordance with the Electronic Document and Electronic Signature Act. The application is made personally by the data subject or by an explicitly authorized person.
10. Protecting the rights of data subjects
In accordance with the Data Protection Act and Regulation (EC) 2016/679 (General Data Protection Regulation), any individual who considers that his / her right to the protection of his or her personal data is violated may appeal to The Personal Data Protection Commission at: 1592 Sofia, "Prof. 2 Tsvetan Lazarov Str., Website: https://www.cpdp.bg/.