PERSONAL DATA PROTECTION POLICY
(Effective from 25 May 2018)
We may periodically update this Personal Data Protection Policy. In such cases, we shall post a message on our website together with the updated version of the Policy.
If you have any questions related to this Policy, do not hesitate to contact us in any of the ways described at the end of this document.
For the purposes of this Policy:
'Personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'). Identifiable natural person shall be a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more characteristics specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
'Special or sensitive personal data' shall include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership of trade unions, as well as the processing of genetic or biometric data for the sole purpose of identifying an individual, data related to their health, sexual life or sexual orientation.
We shall not process sensitive personal data unless this is necessary to meet our statutory obligations, such as our obligations arising from labour or anti-discrimination legislation. Please do not send or provide us with any sensitive data relating to you (or anyone else) unless we have explicitly requested this information from you in writing after we have confirmed that we have all the necessary consents and that all other legal requirements for processing the data have been met.
Personal data processing shall mean any operation or set of operations performed with personal data or a set of personal data, automatic or other, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise, by which data becomes available, any arranging, combining, limitation, deletion or destroying.
Data that cannot be linked or associated with a particular individual, as well as anonymized data, shall not be regarded as 'personal data'.
WHAT CATEGORIES OF PERSONAL DATA SHALL WE PROCESS?
The personal data we shall process include:
General data such as your name (including prefix), the organization you represent or work for and your position there.
Contact information such as postal address, e-mail address, phone and fax numbers.
Financial information such as your bank account number in relation to a particular transaction or a series of related transactions.
Technical information such as data generated by the use of our website or an integrated application (application, plug-ins, etc.) as well as materials or communications that we receive from you or send you online.
Other personal data you have provided us with or that has been provided to us on your behalf or generated in connection with our communication with you on issues relating to products or services that the Company offers to our current or prospective clients or partners, information resources, applications, etc. that you send to any of ACM2 EOOD official email addresses or by using the contact form in the 'Contacts' section of the Company's website.
SOURCES AND WAYS OF COLLECTING PERSONAL DATA
Some of the personal data we collect and process shall be provided directly by you (e.g. when you send us a request via the electronic contact form, fill in a delivery or service request, or when you fill in our Company or Delivery questionnaires, using the Company's website or when you contact us via telephone, fax, or one of the ACM2 EOOD official e-mail addresses.
The personal data you provide directly to us shall include:
Identity information such as your name, PIN (if we, complying with tax law, issue an invoice to an individual), permanent address, correspondence address, telephone number and e-mail address, position/profession.
Personal data contained in the electronic communication you have sent us, such as the data contained in an email message addressed to us or to one of our employees.
Financial information, such as your bank account number in relation to a particular financial transaction or a series of such transactions.
Other data you have provided us at our request when we are required or entitled to collect this data for the purpose of identifying you or confirming the information we have received.
In certain cases, where permitted by law, we shall collect data related to convictions and violations. For example, if the law obliges us not to recruit individuals who have been convicted of specific crimes, we shall process the data you provide in the volume that is required to fulfil the obligation we have been charged by law.
Some of the personal data we process shall be automatically collected by us when you use our website to contact us or make an inquiry. This information shall be provided by devices (such as your personal or work computer, smart phone, tablet, etc.) that you use to access our website, such as the device ID or unique identifier associated with the device or browser you are using, location data, the type of the device or browser you are using.
We shall not collect data about your interaction with our website, such as location information or IP address. We shall not use 'cookies' to collect statistical information that allows us to better understand the behaviour of the visitors to our website, such as information on which of the tabs or resources, published on the website, you have clicked on.
We shall not carry out automated decision-making, including profiling, as a result of automated processing of personal data.
THE PURPOSES FOR WHICH WE PROCESS PERSONAL DATA AND THE LEGAL BASIS FOR ITS PROCESSING
We shall collect, store and process personal data to the extent that this does not contradict with the law and is in accordance with our own personal data protection policy. We shall process personal data for different purposes, and this processing is done on various legal grounds. By law, we should have a legal basis to process your personal data. Depending on the basis on which we handle your personal data, you shall have certain rights. More information about your rights can be found in the section on data subject rights below.
In particular, we shall process the personal data collected by us based on the legal grounds listed below for one or more of the following purposes:
We shall process your personal data in connection with the conclusion and performance of a contract with you.
We may collect and process your personal data for the purpose of concluding and executing a contract with you as well as in cases where we take certain steps on your initiative before concluding a contract. The main purposes for which we process personal data on this basis are:
We shall process your personal data for the purposes of our business activity, that is, in connection with our products and services, by completing the information requested by us in the online contact form, delivery or service requests or any of the questionnaires through which the Company receives information about the quality and the level of its products and services and the degree of satisfaction of our clients and partners. For the above-mentioned purposes, we shall process your personal data as follows: names, addresses (where this is not the seat or the registered address of a legal entity), email address, telephone number, mobile phone number, fax number, and position/profession. Please note that the data you provide us with shall serve only for the purposes of preparing and concluding contracts, organizing the performance of a service or delivery contract, organizing or logistic support for our clients and partners, for contacting you or for sending applications or other materials to an email address. In the event that this data is not available, АСМ2 EOOD shall not be able to deliver, to provide quality warranty or post-warranty service, to provide telephone or on-site support, to provide training for the respective equipment etc.
We shall process your personal data pursuant to the EU and our national laws.
In particular, we process personal data in fulfilment of our legal obligations arising from the fact that we are both an employer and a user of goods and services. We are also a company engaged in commercial activity. In this regard, we shall process personal data to fulfil our specific obligations arising from or relating to:
We can collect and process your personal data with your consent.
In certain cases, once we have your consent to a particular way of processing your personal data, we may use this data:
The data you provide to us voluntarily shall be used only for the specific and expressly stated purpose and shall not further be processed for other, unrelated purposes.
You have the right, at any time, to withdraw your consent for the processing of your personal data with respect to this personal data that is processed on this legal basis. You can find more information about this right below.
We may process your personal data when we have a legitimate interest in doing the following:
COLLECTION AND PROCESSING OF PERSONAL DATA RELATING TO CHILDREN
We understand the importance of taking additional measures to protect children's personal data. We shall not collect personal data from children who are under 16 years of age.
If we understand that we have collected or processed personal data of a child without the required parental consent, we shall take steps to delete this information without undue delay.
IN WHICH CASES DO WE PROVIDE YOUR PERSONAL DATA TO THIRD PARTIES?
We may assign the processing of your personal data to other subcontractors (personal data processors) who assist us in processing this data. These persons shall process your data on our behalf and in accordance with our instructions for all or any of the purposes set forth in this Policy. We shall not allow subcontracted personal data processors to use your personal data for their own purposes, including for direct marketing.
We shall require all personal data processors who do so on our behalf to process this data in accordance with the law and to ensure its security, including by taking the necessary technical and organizational measures to protect the personal data. The categories of recipients processing personal data on our behalf shall be:
In certain cases, where this is dictated by our legitimate interests, we may disclose your personal data to third parties such as:
HOW LONG SHALL WE STORE YOUR PERSONAL DATA AND WHEN SHALL WE DELETE IT?
We shall store your personal data for the period that is necessary or permitted in view of the purposes for which we process it. Once these goals are met or when we have lost our legitimate interest or legal basis for data processing (for example, when we withdraw the consent to process certain data), we shall delete the personal data without undue delay.
The criteria on the basis of which your personal data is stored shall include: (a) the period in which we maintain relationships with you and provide you with our services, (b) the deadlines for storing the data provided by applicable laws, and (c) the period for which we need to store the data in connection with our participation and the protection of our rights and legitimate interests in legal or administrative proceedings, or the expiration of the respective limitation periods.
For example, we shall store personal data contained in our accounting records for the periods provided for in the Accountancy Act.
HOW SHALL WE PROTECT YOUR PERSONAL DATA?
When processing your personal data, we shall undertake the necessary technical and organizational measures to protect this data from unauthorized access, modification or deletion. The mentioned measures shall include:
YOUR RIGHTS IN RELATION TO THE PROCESSING OF YOUR PERSONAL DATA
At any time during the processing of your personal data by us, you shall have certain rights as outlined below.
You can exercise your rights under this Policy and the General Data Protection Regulation (Regulation (EU) 2016/679) by sending a message to the e-mail address below, which contains your specific request and which, if possible, signed with a qualified electronic signature. In case you send us a request via post and/or using a courier, your signature shall be required to identify you before us. If you are unable to sign your request in any of our preferred ways, we may ask you to provide additional information for your identification.
We shall respond to your request free of charge and without undue delay, within the statutory period of time. In cases where we receive repeated requests from you, we may refuse to take action on the claim or set a charge (based on the costs we will incur) that you will have to pay for providing the information or communication or undertaking the requested action.
RIGHT OF ACCESS AND INFORMATION
You shall have the right to request and receive:
RIGHT OF RECTIFICATION OR AMENDMENT
If you find that the personal data we process concerning you is inaccurate and/or incomplete, you may ask us to correct and/or amend it. We shall correct and/or complete your personal data without undue delay.
RIGHT TO OBJECT
When processing your personal data, pursuant to our legitimate interest, you shall have the right to object to such processing. We shall terminate any such processing without unnecessary delay and shall delete your data unless we provide reasonable grounds for continuing to process your data that override your rights and legitimate interests or the processing of your personal data is necessary for the establishment, exercise or protection of legal claims. In addition, you shall have the right to object, at any time, to the processing of your personal data for the purposes of marketing or advertising. We shall terminate any such processing without undue delay, as soon as we receive your objection.
RIGHT TO RESTRICT PROCESSING
You shall have the right to ask us to restrict the processing of your personal data in the future when:
RIGHT TO ERASURE ('RIGHT TO BE FORGOTTEN')
You shall have the right to ask us to delete your personal data, and we shall be obliged to delete it without undue delay when:
In some cases, we shall not be able to fulfil your request, if processing of your personal data is required for:
RIGHT TO WITHDRAW YOUR CONSENT
In cases where we handle your personal data with your consent, you shall have the right to withdraw that consent with immediate effect. In this case, we shall stop the processing of your personal data in future.
PORTABILITY OF YOUR PERSONAL DATA
In cases where we process your personal data with your consent or in performance of our contractual obligations with you, as long as this does not harm the rights or freedoms of others, you shall be entitled to receive the data you have provided to us in a structured, commonly used and machine-readable format, or, if technically feasible, ask us to transmit this data to a third party.
RIGHT TO LODGE A COMPLAINT
If you believe we process your personal data in violation of the applicable law, you have the right to lodge a complaint with a competent authority. You can contact the supervisory authority responsible for your place of residence or your country, or the supervisory authority responsible for us.
The competent authority in the Republic of Bulgaria shall be the Personal Data Protection Commission, at:
2 Prof. Tsvetan Lazarov Blvd.
Tel. +359 2 915 3518
WAYS OF CONTACTING US
For any matter relating to the processing of your personal data or the exercise of your rights, you may contact us in one of the following ways:
By e-mail, to the following e-mail: firstname.lastname@example.org
By post, to the following address: ACM2 Ltd., 152 Cherni Vrah Blvd., Sofia 1407