For the purposes of its activities, trading company J & AL OOD processes personal data of natural persons („data subjects“) in strict accordance with Regulation (ЕU) 2016/679 (General Data Protection Regulation) (GDPR), the Personal Data Protection Act and the company’s Personal Data Protection Policy
This Privacy Notice is applicable to you if you are a client or a potential client of the services and products offered by J & AL OOD or a job applicant and it is intended to explain to you how and why we process your personal data.
According to the General Data Protection Regulation personal data means any information relating to natural persons through which they can be directly or indirectly identified.
Processing of personal data is any operation or set of operations which is performed on personal data by automated or other means.
Controller is the trading company J & AL OOD entered in the Commercial register under UIC 130570683, having its registered seat and address of management at Byala, 7100, Bul. Kolyo Ficheto No 4, Email: firstname.lastname@example.org, Phone.: 0817/73579
Natural persons whose personal data are processed by the company
In connection with the services provided by it J & AL OOD processes personal data of the following natural persons:
- Counterparts or potential counterparties of the company
- Job applicants
What kind of personal data do we process?
Based on the specific objectives and legal grounds J & AL OOD processes all or some of the following personal data, individually or in combination:
- identification data – three names, personal ID number or personal number of a foreigner/other identifier, address;
- contact details – telephone, fax, e-mail;
- financial information, including bank accounts;
- other information and personal data necessary for performing the duties under the labour, social security and tax legislation.
In cases where it acts as a processor of personal data, J & AL OOD processes the personal data of clients of the Company in compliance with the contract with the administrator, its documented instructions and the legal obligations of the Company.
Purposes of processing
The company processes personal data for the following purposes:
- Trading activity, servicing and maintenance of IT and office equipment and security and print management software
- Electronic archiving;
- Conducting audits under contracts in the following areas – IT, information security, General Personal Data Protection Regulation;
- Protection of the legitimate interests of the company, including:
– ensuring the proper functioning, maintenance and security of the company’s website and IT systems;
– ensuring and protection of the rights and legitimate interests of the company, including legal procedures;
– video surveillance.
- To fulfil statutory obligations:
– obligations under the Accountancy Act, the Tax and Social Insurance Procedure Code and other related statutory instruments, in relation to the execution of proper and lawful accounting;
– execution of the orders of competent state or judicial authorities.
Legal grounds of processing
The company processes personal data only in the presence of any of the alternative legal grounds under the GDPR, and in particular:
- Performance of a contract, including pre-contractual relations before its signing;
- Legal obligations applicable to the company;
- The legitimate interests of the company, insofar as they have priority over the interests or fundamental rights and freedoms of the data subjects;
- In some cases, we process personal data only with the prior consent of the data subject. Consent is a separate basis for the processing of your personal data, and the processing goal is specified therein and is not covered by the purposes listed in this Privacy Notice. The consent already granted may be withdrawn by the data subject at any time in the same manner as it was granted.
Possible consequences of failure to provide personal data
If the client does not provide the required information, including the necessary personal data, the company cannot enter into a contract with that client and cannot render the service requested.
Term of personal data storage
The storage period of personal data depends on the processing purposes for which they are collected.
Personal data of the company’s clients are kept for a period of five years from the completion of the contract in accordance with the general limitation period under the Obligations and Contracts Act.
The personal data contained in the accounting documents shall be kept within the terms of Art. 12 of the Accountancy Act, and Art. 38 of the Tax and Social Insurance Procedure Code, respectively.
The personal data of job applicants will be deleted or destroyed within 60 days of completing the selection procedure of the candidates.
Security of personal data
The Company applies all appropriate technical and organizational measures to ensure the security of personal data, including taking explicit confidentiality obligation by the employees.
Rights of the data subjects
Any natural person whose data are processed by the company has the following rights:
- the right to access his/her personal data, including receiving a copy thereof;
- the right to rectification or completion of inaccurate personal data;
- the right to erasure of personal data processed without a legal basis;
- the right to restriction of processing – in case of a legal dispute between the company and the person until its resolution or the establishment, exercise or protection of legal claims;
- the right to object – at any time and on grounds relating to the particular situation of the person, provided that there are no compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or legal claims;
Pursuant to the Personal Data Protection Act, the above rights may be exercised by submitting a written application in the office of J & AL OOD An application may also be made electronically in accordance with the Electronic Document and Electronic Certification Services Act. The application is made personally by the data subject or by an explicitly authorized person. The company shall decide upon the request of the data subject within 30 days of its submission.
Where the data subject’s requests for the exercise of the rights referred to above are manifestly unfounded or excessive, the company may impose a fee or refuse to act on the request.
Protection of the rights of data subjects
In accordance with the Personal Data Protection Act and Regulation (EU) 2016/679, any individual who considers his/her right to protection of personal data violated, may file a complaint with the Commission for Protection of Personal Data at: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. and Internet page: www.cpdp.bg.
Updates and changes to the Privacy Statement
In order to apply the relevant protection measures and to comply with current legislation, we will regularly update this Privacy Notice. If the changes made by us are substantial, we may post a notice about such changes in our website or let you know otherwise.
This Privacy Notice was last updated on 25.05.2018.