Adopted on 01.04.2023.
Grafix Solutions Ltd. with UIC 207362534, with administrative office: gr. Plovdiv, West district, ul. Plovdiv West, 246A, hereinafter referred to as The Company is the data controller and is responsible for compliance with the provisions of the General Data Protection Regulation 2016/679.
PURPOSES AND TYPES OF PERSONAL DATA PROCESSED
The Company, as the Data Controller, performs the following operations and processes only the necessary personal data for the following purposes:
for Registration and Provision of Services
- Two names
- Email address
- Phone number
- Password (encrypted)
- IP address;
for Direct Marketing
- Two names
- Email address
Direct marketing is only carried out to persons who have not objected to it. Where an individual is the subject of direct marketing by the Company, they have the right to object to it, with the consequence that they will receive no further marketing communications until they so request. To object to direct marketing via e-mail, click on the link to opt-out of receiving promotional messages. The link is always in a visible place and it is clear what it is for.
To make users' visits to the website as functional as possible, the Company uses so-called "cookies". "Cookies are small text files that are stored on your hard drive. They allow the website to function properly, recognize the user's device and store certain information about the user's preferences or past actions (login, etc.), which are stored for a certain period of time so that you do not have to enter information (username and password) again.
Each user of the site can disable cookies through their browser settings.
RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with the performance of the purposes set out above, the Company provides the personal data of individuals to the following recipients:
- National Revenue Agency - in relation to: employment contracts; income taxes, social and health insurance payable; benefits payable; inspections and audits;
- Other state and municipal authorities and/or institutions - in connection with legal obligations to them or in connection with legal requests from them for information containing personal data.
- When registering a domain, after the user submits a request, the Company transmits the necessary information to the relevant domain registrar, which processes the data for the purpose of registering the requested domain.
CONTACT DETAILS OF THE COMPANY
If you have any questions or concerns about the processing of your personal data or wish to exercise any of your rights, you can contact:
- email: firstname.lastname@example.org
- Phone: +359 892 249 899
- Address: gr. Plovdiv, West district, ul. Plovdiv West, 246A
PRINCIPLES FOR PROCESSING PERSONAL DATA
Compliance with the provisions of the Regulation
The Company's policy is to ensure compliance with the provisions of the Regulation.
Personal data is collected and processed lawfully and in good faith
The Company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of individuals in relation to the processing of their personal data.
Personal data is processed transparently
The Company shall ensure transparency in the communication of the personal data collected and processed by providing information in a concise, transparent, understandable and easily accessible form and using clear and unambiguous wording.
Personal data is collected and processed only for specified purposes
The Company processes personal data of individuals only in the following cases:
- the processing is necessary to comply with a legal obligation of the Company;
- the processing is necessary for the performance of a contract (including an order) with the Company to which an individual is a party, or to take steps at the request of an individual prior to entering into a contract where his or her identification is required;
- the individual has given his or her unambiguous consent to an intelligible and transparently defined purpose on the part of the Company for which the processing of his or her personal data is necessary;
- the processing is necessary to protect the vital interests of the natural person whose personal data is being processed or of another natural person;
- the processing is necessary for the purposes of the legitimate interests of the Company or of a third party under the provisions of the Regulation;
- the other cases provided for in the Regulation.
Personal data not necessary for the activity is not collected and processed
The Company does not collect or process personal data of individuals beyond its obligations under the law or its needs for doing business.
Collected personal data shall be processed for other purposes only with the consent of the individuals
In all cases where it is necessary to use collected and processed personal data of individuals for purposes other than the original ones, the Company shall notify the individuals concerned, request their consent and proceed to process their personal data for other purposes only after their explicit consent.
The minimum necessary personal data shall be collected for processing
The Company collects and processes only the minimum necessary personal data of individuals who:
- are provided for by law;
- are required for the performance of a contract;
- are necessary to fulfil the purposes for which they are collected.
Personal data processed is accurate and up to date
The Company shall ensure that the processing of personal data of individuals is carried out with the utmost accuracy and, where possible, always up to date.
The personal data shall be processed by the minimum number of persons required
The Company shall ensure that the access and processing of personal data of natural persons is carried out by the minimum number of persons (operators) who have the necessary competence for their processing and the necessary commitment to their protection.
Personal data is kept for the minimum necessary time
The Company retains personal data for the minimum time necessary:
- is required by law;
- the need to perform a contract (including an order) and the responsibility thereunder;
- necessary to fulfil the purpose for which the data were collected and processed; or
- until the individual requests their deletion, after which they shall be destroyed without undue delay.
In all cases, the Company shall ensure that the personal data collected and processed are reviewed at least once a year and those that fall under any of the above hypotheses shall be deleted without undue delay.
PERSONAL DATA PROCESSING RULES
Personal data is processed with the necessary levels and measures of protection
The Company provides the necessary levels of physical, organizational and technological protection in order to:
- the nature, scope, context and purpose of the personal data processed;
- the likelihood, impact levels and severity of the risk to the rights and freedoms of natural persons in the event of a breach of the security of the personal data processed;
- its financial and organisational capabilities.
The Company shall also ensure all necessary measures for the timely recovery of collected and processed personal data in case of their loss as a result of accidental, malicious or force majeure events.
Personal data is processed with controlled and traceable access
The Company shall provide the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals.
Personal data is processed with the necessary accountability to comply with the Regulation
The Company shall ensure that it has the necessary records and registers to be able to demonstrate that the provisions of the Regulation have been complied with.
Compliance with the rights of natural persons whose personal data are processed
The Company shall ensure compliance with the rights of individuals whose personal data is collected and processed, which includes:
- the right to be informed about the processing of personal data;
- right of access to personal data - what data is held;
- the right to rectification of inaccurate personal data;
- the right to erasure - the right to be forgotten;
- the right to restriction of the processing of personal data;
- the right to be informed of action resulting from a request for rectification, erasure or restriction of the processing of personal data;
- the right to data portability;
- the right to object to the processing of personal data;
- the right not to be subject to automated decision-making involving profiling.
COMPETENT SUPERVISORY AUTHORITY
The Commission for Personal Data Protection (CPDP) is the independent state authority that ensures the protection of individuals in the processing of their personal data and access to such data, as well as the control of compliance with the Personal Data Protection Act on the territory of the Republic of Bulgaria.
In case you suspect that your rights related to the protection of your personal data have been violated, you can submit a report to the CPPD at:
- Address. Address: 1592 Sofia Blvd. "Prof. No. 2 Tsvetan Lazarov
- Email: email@example.com
- Website: www.cpdp.bg