Personal data policy
Administrator of personal data for the purposes of Regulation (EU) 2016/679 of the European Parliament and the Council of Europe of 27.04.2016 on the protection of natural persons
in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/ 46/EC (General Data Protection Regulation/GDPR)
and in accordance with national laws and by-laws is EKIP Ltd, Veliko Tarnovo, 2 Kozludzha Str.
1.Definitions
Terms such as "personal data", "processing", etc. are within the meaning of Art. 4 of Regulation (EU) 2016/679 of the European Parliament and the Council of Europe of 27.04.2016 on the protection
of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC ( General Data Protection Regulation/GDPR)
and complies with national laws and regulations.
1.1. "Personal data" means any information related to the identification of a natural person or a natural person that can be identified directly or indirectly (including through third parties),
regardless of one or more characteristics.
1.2. "Data subject" means a natural person whose personal data is collected, processed, etc., regardless of how and by which party.
1.3. "Processing of personal data" means any operation or set of operations performed with personal data or with a set of personal data by automatic or other means such as collection, recording,
storage, deletion, etc.
This policy aims to regulate the rules for access by company employees to personal data of entities that are processed by the administrator.
2. The ProArt brand is owned by EKIP Ltd.
EKIP Ltd collects and processes only the data of persons necessary to carry out the offered sales and services and keeps them responsibly and lawfully.
In this capacity, EKIP Ltd acts as a personal data processor.
CONTACT DETAILS OF THE PERSON RESPONSIBLE FOR THE PROTECTION OF YOUR PERSONAL DATA:
2.1. When applying the policy, the technical and organizational security measures described in detail in the Personal Data Protection Instruction, with which all employees are familiar, should be observed.
2.2. Personal data that EKIP Ltd uses are:
"Ordinary" personal data:
• First name, surname and last name
• Home or work address
• E-mail address
• Internet Protocol (IP) address
• "Cookie" identification number - our site, www.proart.bg uses cookies, without which it would not be able to provide correct services. By visiting our site, the subject accepts the use of cookies.
Types of cookies that our sites use are:
• Mandatory cookies that are necessary for the proper functioning of the website system, allowing to maintain the logical session between the client's browser (profile) and the server.
• Analytical cookies that provide information on the number of visits to our site and, thanks to them, analyze whether our users work easily with it and whether we have answered frequently asked questions
(Google Analytics cookies). They do not provide information about personal data, but only show how many pages have been viewed, how many times given pages have been visited,
from what type of device
and are anonymous. For Google Analytics, we also use anonymization of IP addresses using _anonymizelp, and the analytical data is kept for a maximum of 50 months.
• Functional cookies that enable the provision of a more personalized service (for example, saving the last search for an offer) and thus optimally use the functions of the site, as they do not store
personal information.
Cookies for precise targeting, the dynamic cookies of Facebook, Google, etc. we don't use
The subject can manage the settings of the cookies that are received from our site through the settings of the browser they use.
"Special" categories of data
• EGN (single civil number) for cases where this is necessary to fulfill the contractual relationship or we are obliged by law/issuance of an invoice.
3. Sources of personal data
• Directly from the subject - through his express consent.
4. Purposes and principles of the use of personal data collected and processed by EKIP Ltd:
• The processing of the subject's personal data is in connection with the purpose of concluding a sale for the goods and services provided by EKIP Ltd - finished products or the production
of a product according to certain customer requirements. A phone number and email are required for subject feedback and delivery to the relevant address.
• For direct marketing purposes
• Explicit consent obtained from the subject as a client of EKIP Ltd.
5. Grounds for the collection of personal data
• Processing is necessary to comply with legal obligations
• Pursuant to a contract for the performance of certain services with the subject of personal data
• Based on a request by telephone, fax, on-site at the office or through another means of mass communication.
• Based on interests pursued by us or by third parties – our partners, which would be the following:
- our legitimate interest is directly related to the subject of activity carried out by us to fulfill the contractual relations for the provision of the relevant service
- the interests of the company and those of third parties in the field of trade, legal certainty and tax policy arise from the nature of the commercial activity carried out.
- third parties working with the data are: accounting office, transporters, workers, executing the order, it results directly from their activity.
Personal data is stored by EKIP Ltd on paper (in the form of accepted order forms, goods receipts, issued invoices) or in electronic version (in the form of accepted order forms,
goods receipts and invoices) under the Accounting Act, the Law on obligations and contracts, VAT for taxation purposes, the Law on banks and bank payments, the Law on measures against money
laundering.
6. The following have the right to access this data:
• only the employees of EKIP Ltd authorized for this, as this happens with certain levels of access to a certain type of personal information, which is predefined for each individual employee.
Employee access is carried out in the following way:
• through a user name and password in an electronic system in which both the moment of access and the level of access to which the relevant employees are entitled are recorded and recorded.
• In the job description of each of the employees, specific obligations are provided in relation to access to personal data, and each employee is familiar with his obligations
and has received a copy of the job description.
The employee receives an access password upon starting work and has the right to use it for the duration of the employment contract and only within working days and working hours or outside of them
in cases where this is required for objective reasons (a call from the subject in connection with inaccurate, incomplete or other performance of contractual relations, in connection with
a request to provide the relevant assistance to the entity in connection with certain tourist services, etc.) Failure to fulfill this obligation is considered a violation.
Upon termination of the employment contract, the access password of the relevant employee is deleted/destroyed.
• Employees who have access to the records systems are not authorized to provide their access password to another employee or to an outside person.
Service accounting firm (Accounting Act)
• Carriers when necessary, including under international agreements
• Insurance companies
• NRA
• The bodies of state power
7. Principles of personal data processing
• Legality, good faith and transparency
• Limitation of processing purposes
• Relevance to the purposes of the processing and minimization of the data collected
• Accuracy and timeliness of data
• Limitation of storage with a view to achieving the objectives
• Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.
8. Consent to provide personal data
When accepting a framing order, the subject expressly declares that he voluntarily and in compliance with all legal grounds for the request of his personal data provided them,
having previously familiarized himself with the policy of EKIP Ltd for the collection, processing and storage of personal data, available and on the website of EKIP Ltd.
Consent to the processing of personal data can be withdrawn after a written request for withdrawal of consent in a free form at the office of the company or by e-mail (letter) at any time after the conclusion
of the contractual relationship between the administrator or seller-consultant and the subject.
The administrator undertakes to delete the personal data of the subject who has expressly requested this, but in compliance with all the normative acts that concern his activity
and in view of the time for which they oblige him to keep the relevant personal data, if this is recorded in these normative acts acts.
- EKIP Ltd stores personal data within the terms regulated by the Legal Grounds:
• Until the expiration of the general 5-year statute of limitations for contractual relations on the basis of Article 111 of the Law on Obligations and Contracts
(with the possibility of extension up to 6 months, if there is movement on a legal file)
• 10 (ten) years under the Accounting Law and/or completion of the audit and/or cross-examination by the NRA, if the same has not been completed by the end of this 10-year period.
• In the case of employment and insurance legal relations, 50 (fifty) years
• In the case of legal proceedings, until the expiration of 5 years after the filing of the case in court (with a view to collecting costs)
9. The subject has the right:
• To request a copy of or access to/from the personal data that is collected, processed and stored by EKIP Ltd at any time without being hindered by us.
• To request the correction without undue delay of inaccurate personal data, as well as the deletion of such data that is no longer relevant.
• To request deletion of personal data in the presence of any of the following grounds:
- The data is no longer necessary for the purpose for which it was collected
- Consent for their collection and storage has been withdrawn
- When their processing is illegal
- When they must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to a personal data controller
- To request restriction of the processing of personal data, in which case they can only be stored, but not processed. The refusal must be in writing.
- To withdraw consent to the processing of personal data at any time in writing to the administrator
- To object to certain types of processing such as direct marketing
- To object to automated processing of personal data
- On a complaint to the European Supervisory Authority in case of violation of rights according to the above and applicable legislation on the protection of personal data, as follows:
COMMISSION FOR PROTECTION OF PERSONAL DATA
City. Sofia 1592, Prof. Tsvetan Lazarov Blvd. 2, phone: 02/915 3 518, klzd@government.bg, klzd@cpdp.bg
10. EKIP Ltd may refuse to delete personal data for the following reasons:
To comply with a legal obligation on your part or to perform a task of public interest
• For reasons of public interest
• For the purposes of archiving in the public interest, for scientific research or for statistical purposes, to the extent that deletion is likely to make it impossible or seriously hinder
the achievement of the purposes of this processing.
• To establish, exercise or protect legal interests
• In exercising the right to freedom of expression and the right to information.
This policy has been adopted and approved by order of the Manager.