Policy protection of personal data
Petrov Technology EOOD complies with the applicable data protection laws in countries where there is a business relationship. The purpose of this policy is to outline the basic principles by which the company processes personal data to users, customers, suppliers, employees, and others. All units and employees are responsible for handling personal data.
BASIC PRINCIPLES IN PROCESSING PERSONAL DATA
- 1. Legitimacy, good faith and transparency – Processing in the presence of legal grounds, due care and in a transparent manner with respect to the data subject.
- 2. Goals limitation – The collection and processing of personal data is for specific, explicit and legitimate purposes.
- 3. Data minimization – Personal data must be relevant and limited to what is necessary for the purposes of the processing.
- 4. Accuracy – keeping personal data up to date, taking all measures to timely erase or correct inaccurate data.
- 5. Storage limitation – Personal data shall be processed and stored for a minimum duration in accordance with the objectives.
- 6. Privacy – Petrov Technology EOOD use appropriate organizational and technical data processing measures to ensure an appropriate level of security, including protection against accidental or unlawful destruction, disclosure or loss.
- 7. Accountability – The Personal Data Administrator is responsible and able to demonstrate compliance with all principles relating to the processing of personal data.
COLLECTION, USE, DETENTION AND DESTRUCTION
Petrov Technology EOOD uses all measures for the storage of personal data in its operating activities. The personal data collected by the administrator are minimized and are only related to the purposes of the processing, legally.
The period of retention of personal data is in accordance with statutory provisions, more guidance in internal rules. The destruction of personal data is carried out only by an authorized person of the manager in order to comply with all requirements.
DISCLOSING TO THIRD PARTIES
The administrator requires all third parties (partners, vendors, etc.) to ensure that they have taken all appropriate personal data security measures. Each third party only processes personal data to perform its contractual obligations to Petrov Technology EOOD and not for other purposes. If necessary, a legal document should define the respective responsibilities between the Administrator and the processor.
TRANSBOUNDARY TRANSFER OF PERSONAL DATA
Prior to the transfer of personal data outside the EU borders, adequate safeguards must be provided, a Data Transfer Agreement must be concluded and, if necessary, authorized by CPDP.
INFORMATION ABOUT THE DATA SUBJECT
The Personal Data Administrator has the responsibility to provide all personal data related to the subject at his / her request. Also, the data subject is entitled to receive a copy of the data the administrator stores on request.
The data subject has the right to be forgotten. Upon request by the subject, the administrator should delete the personal data.
Authorized person of the CPDP is responsible for creating and maintaining the Data Protection Registry.
A representative of the Authorized person of CPDP administrator decides whether to perform an impact assessment.
CONSENT TO PERSONAL DATA PROCESSING
Authorized person of CPDP ensures that collection methods are in accordance with laws, best practices and standards.
The processing of personal data is based on the consent of the subject based on legal grounds. The administrator is required to notify the subject when the personal data will be used for other purposes for which it was originally collected. The DPO is responsible for giving consent to the subject and the consent can be withdrawn at any time.
When personal data must be corrected or destroyed, the authorized person of CPDP warrants that these requests will be processed.
RESPONSIBILITIES OF THE ADMINISTRATOR
Petrov Technology EOOD is responsible for the processing of personal data and access to them.
The authorized person of CPDP is responsible for managing the Personal Data Protection Program, developing and modifying the policy and internal data protection rules, compliance with Regulation 2016/679, representing the company’s supervisors. Informs and trains data protection officers. Ensures that personal data is processed on the basis of legitimate business interests of the company.
The manager is responsible for complying with all legal requirements. Approval of all documents prepared by the authorized person of CPDP. Provides all systems that meet security standards.
The Economic Director, Head Accountant, Head of Unit is responsible for raising awareness of data protection providers.
The main place where the processing of personal data is concentrated is Sofia, Blvd. Assen Yordanov 12.
In cases of incidents and violations of access to personal data, Petrov Technology Ltd. undertakes to inform the relevant authorities within 72 hours. The authorized person of CPDP shall take appropriate measures in a timely manner to remedy the breach.
The validity of this document is 25.05.2018.