POLICY FOR PROTECTION OF PERSONAL DATA
Information about the data administrator:
MAN SERVICE Ltd. is a company, registered in the Commercial Register of the Registry Agency with UIC 121546929 with headquarters and management address: Sofia 1839, Vrazhdebna, 5 str., №9, phone: 0886 441 442; e-mail: firstname.lastname@example.org
We process your personal data on the following causes:
- Conclusions between us and you in order to fulfill our obligations under it;
- Your explicit consent - the purpose is stated on a case-by-case basis;
- Subject to statutory duty
In the following paragraphs, you will find information about processing your personal information, depending on the reason we process it.
FOR IMPLEMENTING THE CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS
We process your personal data in order to perform the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.
- identifying yourself;
- managing and executing your application and executing a contract;
- preparing and sending an account / invoice for the services you use with us;
- Keeping correspondence about order placements, query processing, problem reporting, and more.
- creating a profile;
Based on the agreement between you and us, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:
- personal contact information - contact address, email, phone number;
- identification data - full name, personal number or personal ID of a foreigner, permanent address;
- Data about the orders made through the profile;
- emails, letters, information about your troubleshooting requests, requests, complaints;
- credit or debit card information, bank account number or other bank and payment information related to the payments made;
The processing of the personal data we provide is obligatory for us to be able to conclude the contract with you and execute it.
We provide your personal information to third parties and our main purpose is to offer you quality, fast and comprehensive service.
We provide personal data to the following categories of recipients (personal data administrators):
- postal operators and courier companies;
- persons performing consultancy services in different spheres.
The data collected on this basis will be erased 5 years after termination of the contractual relationship, whether due to expiration of the contract, termination or other causes. The term is set by the 5-year limitation period for possible claims under the contract.
FOR THE IMPLEMENTATION OF NORMATIVE OBLIGATIONS
It is possible that the law provides us for an obligation to process your personal data. In these cases, we are required to process the personal data, such as:
- obligations under the Law on Measures against Money Laundering;
- fulfillment of obligations in connection with distance selling, off-premises sales provided by the Law on Consumer Protection;
- providing information to the Commission for the Protection of Consumers or third parties, provided in the Consumer Protection Act;
- Provision of information to the Commission on the protection of personal data in relation to obligations provided by the legislation on the protection of personal data;
- Obligations stipulated in the Accountancy Act and the Tax and Social Insurance Procedure Code and other related normative acts in relation to the keeping of lawful accounting;
- Providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the normative acts applicable to the proceedings;
- Age authentication when shopping online.
The data collected according to an obligation in the law is deleted after the collection and storage obligation has been fulfilled or dropped. For example:
- under the Accounting Act for the Storage and Processing of Accounting Data (11 years),
- obligations to provide information to the court of law, competent state bodies, etc. causes provided by current legislation (5 years).
When an obligation under the law is provided for us, we may provide your personal data to the competent governmental authority, an individual or legal person.
AFTER YOU AGREE
We process your personal data on this basis only after your express, unambiguous and voluntary consent. We will not anticipate any unfavorable consequences for you if you refuse to process your personal data.
Consent is a separate cause for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. If you give us the appropriate consent, and until we withdraw or terminate any contractual relationship with you, we prepare appropriate product/service offers for you.
For this reason, we process only the data you have given us for our explicit consent. Specific data is determined for each individual case. Typically, the data includes:
- phone number
On this reason we can provide your data to marketing agencies and third parties.
Agreements submitted may be withdrawn at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal information and information for the purposes set forth above.
The data collected on this basis is deleted at your request or 1 year after the initial collection.
PROCESSING OF ANONYMOUS DATA
We process your data for static purposes, this means for analyzes where the results are only generalized and therefore the data is anonymous. Identifying a specific person from this information is impossible.
How we protect your personal information
To ensure adequate data protection for the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.
Each User of the site uses all rights to protection of personal data in accordance with Bulgarian and European Union law.
Every User is entitled to:
- Awareness (in connection with the processing of his or her personal data by the administrator);
- Access to their own personal data;
- Correction (if data is inaccurate);
- Delete personal data (right to be forgotten);
- Limitation of processing by the administrator or the personal data processor;
- Portability of personal data between individual administrators;
- Objection to the processing of his or her personal data;
- The data subject is also entitled not to be the subject of a decision based solely on automated processing involving profiling that produces legal consequences for the data subject or similarly affects him or her significantly;
- Right to judicial or administrative redress if the rights of the data subject have been violated.
- The user may request deletion if one of the following conditions is true:
- Personal data is no longer needed for the purposes for which it was collected or otherwise processed;
- The consumer withdraws his / her consent on which the processing of the data is based and no other legal basis for the processing;
- The data user opposes the processing and there are no legitimate grounds for the processing that have an advantage;
- Personal data has been tampered with;
- Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
- Personal data have been gathered in connection with the provision of information society services to children, and consent is given by parental responsibility for the child.
The user is entitled to restrict the processing of his personal data by the controller when:
- Restrictions on the accuracy of personal data. In this case, the limitation of the processing is for a period that allows the administrator to verify the accuracy of the personal data;
- Processing is illegal, but the User does not want to delete the personal data, but instead requires a limitation of their use;
- The administrator no longer needs personal data for the purpose of processing, but the user requires them to identify, exercise or protect legal claims;
- Opposes the processing pending verification that the legal grounds of the controller have an advantage over the User's interests.
Right of portability.
The data subject has the right to receive the personal data that concerns him and which he has provided to an administrator in a structured, widely used and machine readable format and has the right to transfer this data to another administrator without hindrance by the administrator to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one administrator to another when technically feasible.
Right of objection.
Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be terminated immediately.
Appeal to the supervisory authority
Each User has the right to file a complaint against the unlawful processing of his personal data with the Personal Data Protection Commission or the competent court.