PRIVACY POLICY
on website https://www.soitron.bg/bg/
Last updated: 01.06.2023
1. What is personal data?
Personal data is information that directly or indirectly identifies you as a natural person, as indirect means when it is combined with other information such as your name, postal address, e – mail address, telephone number, etc.
2. How do we process your personal data?
We from “SOITRON” EOOD – the site administrator https://www.soitron.bg/bg/ we do not collect or process more or other types of personal data than we need to fulfill the purposes so stated in this privacy policy.
We will only use personal data as set out in this policy, unless you have given us your express consent to another use of your personal data, such as through an express statement of consent to send you marketing communications.
3. Which of your personal data do we process?
With a view the use of cookies – mandatory and those for which you have given explicit consent to be used, we will process the following categories of your personal data:
1 ) IP address ;
2) Date and time of the request ;
3) The time zone difference to Greenwich Mean Time (GMT) ;
4) Request content (specific page) ;
5) Access Status Code / HTTP Status ;
6) The amount of data transferred in each case ;
7) Website from which the request comes ;
8) Browser – type ;
9 ) Operating system and its interface ;
10) Language and browser software version.
The listed categories of personal data are only those that you provide us when visiting https://www.soitron.bg/bg/ and the use of cookies – mandatory and those for which you have given express consent to be used.
We may be required to process and store personal data on legal grounds and to achieve regulatory compliance such as to prevent, detect or investigate crime, prevent loss, fraud or other financial abuse.
4. Use of the Homepage at https://www.soitron.bg/bg/ :
This Privacy Policy also applies to your use of our website https://www.soitron.bg/bg/ with the following mechanics and features related to the protection of personal data :
Cookies: Our Website uses cookies and other technologies to improve user experience and Website functionality, usability and security, and for advertising performance research purposes. Please see our cookie policy for more details.
5. Who we share your personal data with :
We will only disclose your personal data for the purposes and only to those third parties set out below – unless we have received from you additional consent to transfer personal data to other categories of third parties given elsewhere, such as through a consent statement for a specific purpose. “SOITRON” EOOD will take appropriate measures to ensure that your personal data is processed, protected and transferred in accordance with applicable legislation.
(1) Conversion of a commercial company and redemption of shares :
In connection with conversion, restructuring, merger, sale or other type of transfer of assets, “SOITRON” EOOD will transfer information, including personal data, on a reasonable scale to the acquirer of such shares or assets, and as necessary for the transfer of ownership, after the receiving party agrees to process your personal data and implement the necessary measures to protect it under a way that corresponds to the applicable Bulgarian and European legislation.
(2) Competent authorities :
We will disclose your personal data to public authorities when required by law. For example, “SOITRON” EOOD will respect the requests of courts, administrative and other public state or municipal bodies, which may also include similar bodies of state or municipal authority.
6. Processing of personal data of children :
“SOITRON” EOOD does not collect or process personal data of children under the age of 14, except with the consent of a parent or guardian in accordance with applicable local legislation. If we learn that a child’s personal data has been accidentally collected, we will promptly delete the data in question.
7. Processing of special categories of personal data (“sensitive” data):
“SOITRON” EOOD does not process the so-called special categories of personal data, namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, data for the state of health or data on the sex life or sexual orientation of the natural person .
8. Security of your data:
“SOITRON” EOOD takes the security of your personal data seriously. We apply the appropriate level of protection and to this end we have developed reasonable physical, electronic and technical procedures to protect the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data. Access to your personal data is permitted only to those employees, service providers or those associated with “SOITRON” EOOD persons on the basis of the need for information for official purposes or who need it for the performance of their official duties. In case of leakage of data containing personal data, “SOITRON” EOOD will follow all applicable notification norms in such cases.
9. What are your legal rights?
As a data subject, you have specific legal rights related to the personal data we collect from you. This applies to all processing activities that “SOITRON” EOOD performs, undertakes with your personal data and which are listed above. “SOITRON” EOOD respects your individual rights and will always answer your questions and inquiries regarding the ways in which we process the personal data received from you.
The list that follows contains information about your rights arising under applicable data protection laws:
The subject’s right of access to the data (according to Article 15 of the General Data Protection Regulation – GDPR)
1. The data subject has the right to obtain from the administrator confirmation as to whether personal data relating to him are being processed and, if so, to obtain access to the data and the following information:
a) the purposes of processing;
b) relevant categories of personal data;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) when possible, the intended period for which the personal data will be stored, and if this is impossible, the criteria used to determine this period;
e) the existence of a right to require the controller to correct or delete personal data or to limit the processing of personal data related to the data subject, or to object to such processing;
f) the right to appeal to a supervisory authority;
g) when personal data are not collected from the data subject, any available information about their source;
h) the existence of automated decision-making, including the profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and at least in these cases, essential information about the logic used, as well as the meaning and intended consequences of this processing for the data subject.
2. When personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards under Article 46 of the GDPR in relation to the transfer.
3. The administrator provides a copy of the personal data that is being processed. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. When the data subject submits a request by electronic means, the information shall be provided in a widely used electronic form whenever possible, unless the data subject has requested otherwise.
4. The right to receive a copy referred to in paragraph 3 does not adversely affect the rights and freedoms of others.
I. Right to rectification (according to Art. 16 of the General Data Protection Regulation)
The data subject has the right to request the controller to correct inaccurate personal data relating to him without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by adding a declaration.
II. Right to erasure (right “to be forgotten”) (according to Art. 17 of the General Data Protection Regulation)
1. The data subject has the right to request the controller to delete the personal data related to him without undue delay, and the controller has the obligation to delete the personal data without undue delay when any of the following grounds apply:
2. a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws his consent on which the data processing is based according to Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a) of the GDPR, and there is no other legal basis for the processing;
c) the data subject objects to the processing pursuant to Article 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21, paragraph 2 of the GDPR;
d) the personal data were processed unlawfully;
e) the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;
f) the personal data were collected in connection with the provision of information society services under Article 8, paragraph 1 of the GDPR.
2. Where the controller has made the personal data public and is obliged under paragraph 1 to delete the personal data, it shall, taking into account the available technology and implementation costs, take reasonable steps, including technical measures, to notify the controllers processing the personal data that the data subject data has requested the deletion by these administrators of all links, copies or replicas of this personal data.
3. Paragraphs 1 and 2 do not apply insofar as the processing is necessary:
4. a) to exercise the right to freedom of expression and the right to information;
b) to comply with a legal obligation that requires processing provided for in the law of the Union or the law of the Member State that applies to the controller or for the performance of a task in the public interest or in the exercise of official powers that have been granted to the controller;
c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, letters h) and i), as well as Article 9, paragraph 3 of the FDLR
d) for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, to the extent that the right established in paragraph 1 is likely to make it impossible or seriously hinder the achievement of the objectives of this processing; or
e) for the establishment, exercise or defense of legal claims.
III. Right to restriction of processing (according to Art. 18 of the General Data Protection Regulation)
1. The data subject has the right to request from the controller the restriction of processing when one of the following applies:
2. a) the accuracy of the personal data is contested by the data subject, for a period that allows the controller to verify the accuracy of the personal data;
b) the processing is unlawful, but the data subject does not wish the personal data to be deleted, but instead requests the restriction of its use;
c) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defense of legal claims;
d) the data subject has objected to the processing pursuant to Article 21, paragraph 1 of the GDPR pending verification of whether the legitimate grounds of the controller prevail over the interests of the data subject.
2. Where processing is restricted pursuant to paragraph 1, such data shall be processed, with the exception of their storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or for important reasons of public interest for the Union or a Member State.
3. Where a data subject has requested the restriction of processing pursuant to paragraph 1, the administrator shall inform him before the cancellation of the restriction of processing.
IV. Right to data portability (according to Art. 20 of the General Data Protection Regulation)
1. The data subject has the right to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the administrator to whom the personal data data is provided when:
2. a) the processing is based on consent in accordance with Article 6, paragraph 1, letter a) of the GDPR or Article 9, paragraph 2, letter a) of the GDPR or on a contractual obligation according to Article 6, paragraph 1, letter b) of the GDPR; and
b) the processing is carried out in an automated manner.
2. When exercising his right to data portability under paragraph 1, the data subject has the right to obtain a direct transfer of personal data from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article does not affect article 17. The said right does not refer to the processing necessary for the performance of a task in the public interest or in the exercise of official powers that have been granted to the controller.
4. The right referred to in paragraph 1 does not adversely affect the rights and freedoms of other persons.
V. Right to object (according to Art. 21 of the General Data Protection Regulation)
1. The data subject has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him, which is based on Article 6(1)(e) or (f) of GDPR, including profiling based on said provisions. The administrator shall terminate the processing of personal data unless he proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
2. When personal data are processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for this type of marketing, which also includes profiling insofar as it is related to direct marketing.
3. When the data subject objects to processing for direct marketing purposes, the processing of personal data for these purposes shall cease.
4. At the latest at the time of the first contact with the data subject, he is expressly informed of the existence of the right under paragraphs 1 and 2, which is presented to him in a clear way and separately from any other information.
5. In the context of the use of information society services and notwithstanding Directive 2002/58/EC, the data subject may exercise his right to object by automated means using technical specifications.
6. Where personal data are processed for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89(1) GDPR, the data subject has the right, based on his/her particular situation, to object to the processing of personal data concerning him/her , unless the processing is necessary for the performance of a task carried out for reasons of public interest.
VI. Automated individual decision-making, including profiling (according to Article 22 of the General Data Protection Regulation)
1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects him.
2. Paragraph 1 does not apply if the decision:
3. a) is necessary for the conclusion or performance of a contract between a data subject and controller;
b) is permitted by the law of the Union or the law of a Member State which applies to the controller and which also provides for appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
c) is based on the express consent of the data subject.
3. In the cases referred to in paragraph 2 letters a) and c), the administrator applies appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, at least the right to human intervention by the administrator, the right to express his point of view point and challenge the decision.
4. Decisions under paragraph 2 shall not be based on the special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures are in place to protect the rights and freedoms and legitimate interests of the data subject.
VII. Right to submit a complaint to a supervisory authority (according to Art. 77 of the General Data Protection Regulation)
1. Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of employment or place of the alleged infringement, if the data subject considers that the processing of personal data concerning him violates the provisions of the GDPR.
2. The supervisory authority to which the complaint was submitted informs the complainant about the progress in examining the complaint and about its outcome, including the possibility of legal protection pursuant to Article 78 of the Labor Code.
VIII. Right to withdraw consent
Where the processing is based on consent, the controller must be able to prove that the data subject has given consent to the processing of his personal data. Before giving consent, the data subject is informed of this.
Withdrawing consent is as easy as giving it. To withdraw consent, the data subject could contact the Administrator using one of the indicated contact methods:
1. By sending an email describing the withdrawal of consent to dpo-soitron@popovarnaudov.bg;
2. By sending a written application for withdrawal of consent to the Administrator at the address: Sofia 1766, “Vitosha” district, “XS Tower”, street “Panorama Sofia” No. 5, explicitly indicating on the envelope itself: “Withdrawal of consent in accordance with the Regulation on protection of personal data”.
All communications and statements regarding the applicable rights of the data subject are provided free of charge by the Controller. However, if the application is manifestly unfounded or inappropriate, in particular because it is repeated, the Administrator has the right to charge a reasonable fee, taking into account the administrative costs associated with providing the requested information. In the event of a repeated application for a copy of the processed personal data, the Administrator reserves the right to charge a reasonable fee for administrative costs.
Feedback (answer), as well as, when appropriate, information about the measures taken, is provided by the Administrator as quickly as possible and no later than one month. The Administrator may be permitted to extend the response period by a further two months, in certain extenuating circumstances, given the complexity and number of applications received. The administrator shall inform the data subject of the extension of the response period and indicate the reasons for the delay.
10. Storage of your personal data :
In general, we will store the personal data that we have received as a result of the use of cookies on https://www.soitron.bg/bg/ for the terms that are expressly stated in the Cookie Policy on the website https://www.soitron.com
11. Changes to this policy :
We reserve the right to change our data protection practices and to update and amend this policy at any time. For this reason, we encourage you to consult the policy regularly. This data protection policy is current as of the date indicated in “Last updated” on this document above.
12. Contact data:
“SOITRON” EOOD, UIC 202463853, Address: Sofia, p.k. 1766, Vitosha district, “XS Tower”, 5 Panorama Sofia street, floor 1, e – mail: dpo-soitron@popovarnaudov.bg
INFORMATION on the Processing of Personal Data Belonging to SOITRON LTD.’S Customers
DEAR CUSTOMERS,
As of 25 May 2018, all EU member-states, including the Republic of Bulgaria, started to apply the so-called General Data Protection Regulation /GDPR/, the full title of which is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data.
I. Your legal rights under the General Data Protection Regulation:
In order to achieve good-faith and transparent processing of your personal data at “SOITRON” LTD. (the “Company”), we kindly invite you to familiarize yourself with your rights under the General Data Protection Regulation, namely:
- At your request, you have the right to receive the personal data that concern you and that the Company has obtained in its capacity as a data controller, in a structured, widely used and machine-readable form;
- You have the right to request SOITRON LTD. to transfer such data directly to another controller without any hindrance by us;
- If certain elements of your personal data change, you have the right to request rectification of such data, and you may also request erasure of part or all of the personal data that you have provided to the Company and which it processes, in the event that Soitron Ltd. has no legal obligation to process or store such data. Such an obligation always applies for the duration of your contractual relationship with “SOITRON” LTD. and for a certain period after that (detailed herein below in the next section), since the processing of personal data is required for the fulfillment of the Company’s obligations under the contract concluded with you;
- If you have given us your informed consent to process your data for direct marketing purposes or other purpose, you have the right to withdraw such consent and ask us to immediately delete your personal data from our databases.
- You have the right to object to the processing of your personal data, when you consider that they are not processed in a legal manner, as well as to request a restriction of processing on our part;
- In the event of a dispute with the Company, you have the right to appeal to the Commission for Personal Data Protection, if the dispute concerns the legality of the processing of your personal data.
N.B.! You may exercise the rights under the previous points by submitting a request to the Company’s headquarters at: Sofia 1766, Vitosha region, “XS Tower”, 5 “Panorama Sofia” St., floor 1.
II . Purpose and basis of processing. Periods for Data storage:
A) Your personal data will be processed and stored by the Company for the purposes of fulfilling the contractual relationship between you and “SOITRON” LTD., for the fulfillment of the company’s legal obligations, as well as with a view to achieving and protecting the legitimate interest of the Company – e.g. protection of its legal rights and interests, implementation of business partnerships and expansion of our customer base, which processing is consistent with the balance of rights and legal freedoms of data subjects.
B) The legal basis for processing your personal data by “SOITRON” LTD. is: (1) the existence of a contract (g. for sale / services and/or for manufacturing) between the parties, (2) fulfillment of a legal obligation under the Bulgarian legislation, which applies to “SOITRON” LTD. as a tax entity registered in the Republic of Bulgaria, (3) the legitimate interest of the Company, consistent with the balance of rights and legal freedoms of data subjects. Apart from the above cases your data is processed on the basis of your voluntary and informed written consent, if you wish to provide such.
C) The term for which the Company is required by law to process your personal data, shall be as follows:
– for data contained in accounting documents – 10 (ten) years, starting from January 1 of the reporting period following the reporting period to which they refer;
– for data contained in any other documents, including records in electronic systems and paper archives – up to 5 (five) years, starting from the date on which the contractual relationship between you and the Company ended;
– for direct marketing purposes which are processed based on consent – until you expressly withdraw your consent.
D) Video surveillance:
In order to protect your safety, as well as to protect the rights and legitimate interests of “SOITRON” LTD., the company has introduced 24/7 CCTV in its premises. Please note that there is a sign in the premises equipped with CCTV or immediately in front of such premises, informing you of this circumstance. The recordings from the cameras will be stored in specially designated premises with a secure database, and access to them will be granted only to authorized persons who ensure the security on site, and if necessary, access to the video recordings will also be granted to the competent authorities, in the event of a crime or a suspected crime. Video recordings are subject to automatic deletion within two weeks after being made, except in cases where they contain data about a violation of public order or a crime, in which case we are obliged to store them for a longer period of time.
III . Transfer of your personal data to government bodies and third parties:
Please note that “SOITRON” LTD. transfers your personal data only to the following categories of persons:
- to the competent state and municipal authorities for the purposes of tax control;
- to specialized companies providing technical support for the software products used by the Company, for the purposes of technical support itself – they only have access to your data to the extent that they have access to the system product itself;
- to couriers and companies providing transportation services for the purpose of fulfilling a delivery obligation under the contract concluded between you and the Company.
- other companies within the internal Soitron corporate group.
- IV. The security of your data is our priority:
We would like to inform you that “SOITRON” LTD. considers the security of your personal data a priority. We apply the appropriate level of protection and to this end we have developed reasonable physical, electronic and documentary procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data. Our information security policies and procedures are closely aligned with the widely accepted international standards and are regularly reviewed and updated as necessary to meet our business needs, technological developments and regulatory amendments. Access to your personal data is permitted only to those employees, service providers of the Company on a need-to-know basis for business purposes or who need it for the performance of their official or contractual obligations.
- Contact information of the data controller:
“SOITRON” LTD., UIC 202463853, Address: Sofia 1766, Vitosha region, “XS Tower”, 5 “Panorama Sofia” St., floor 1, represented by the manager Zoltan Vash.
If you have any questions about the above information or if you have suggestions and opinions about the way “SOITRON” LTD. processes your data, please do not hesitate to contact us.
Sincerely,
The team of “SOITRON” LTD.