HELIX TREND EOOD with UIC 205107307 with headquarters and registered address: Sofia, 1618, Krasno selo district, Lagera res. area, 6, Bogovetz str., ent. 1, floor 2, apt. 9, hereinafter re-ferred to as the Company, is the administrator of personal data and is responsible for compliance with the provisions of the General Data Protection Regulation 2016/679.
PRINCIPLES OF PERSONAL DATA PROCESSING
Compliance with the provisions of the Regulation
Company policy aims to ensure compliance with the provisions of the Regulation.
Personal data are collected and processed lawfully and in good faith
The Company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of individuals with regard to the processing of their personal data.
Personal data is processed transparently
The company ensures transparency in the communication of the collected and processed personal data, such information being in a brief, transparent, comprehensible and easily accessible form and using clear and unambiguous wordings
Personal data is collected and processed only for certain purposes
The company processes personal data of individuals only in the following cases:
1. the processing is necessary for compliance with a legal obligation of the Company;
2. processing is necessary for the performance of a contract (including an order) with the Company to which a natural person is a party, or for taking steps at the request of a natural person before concluding a contract when its identification is required;
3. an individual has given his unequivocal consent for a comprehensible and transpar-ently defined purpose on behalf of the Company for which the processing of his/her per-sonal data is necessary;
4. processing is necessary in order to protect the vital interests of the individual whose personal data are processed or of another individual;
5. processing is necessary for the legitimate interests of the Company or a third party, in accordance with the provisions of the Regulation;
6. other cases provided for in the Regulation.
Unnecessary personal data are not collected and processed
The Company does not collect or process personal data of individuals who exceed their legal obli-gations or business needs.
Collected personal data is processed for other purposes only with the consent of the individuals
In all cases where it is necessary to collect and process personal data of individuals for purposes other than the original, the Company notifies the individuals concerned, seeks their consent and proceeds to process their personal data for other purposes only after their explicit consent.
The minimum necessary personal data is collected for processing
The Company collects and processes only the minimum personal data required of individuals which:
1. are provided by law;
2. are necessary for the performance of a contract;
3. are necessary to meet the purposes for which they are collected.
The processed personal data is accurate and up to date
The Company ensures that the processing of personal data of individuals is carried out with maxi-mum accuracy and, if possible, always up to date.
Personal data is processed by the minimum number of people required
The company ensures that the access to and processing of personal data by individuals is carried out by the minimum number of persons (operators) who have the necessary competence for their proc-essing and the necessary commitment to their protection.
Personal data is retained for the minimum required period
The company shall retain personal data for the minimum period required:
1. necessary by law;
2. necessary to fulfil the contract (including the order) and responsibility thereunder;
3. necessary to fulfil the purpose for which data is collected and processed; or
4. until request by a natural person for their deletion,
after which they are destroyed without undue delay.
In any case, the Company provides at least once a year to review the collected and processed personal data, and those of them that fall under any of the above hypotheses are deleted without undue delay.
RULES FOR PERSONAL DATA PROCESSING
Personal data is processed with the necessary levels and protection measures
The Company provides the necessary levels of physical, organizational and technological protection in view of:
1. the nature, scope, context and purpose of the personal data processed;
2. the probability, the levels of impact and the severity of risk for the rights and free-doms of individuals in the event of a breach of the security of the processed personal data;
3. its financial and organizational capabilities.
The Company also provides all necessary measures for the timely recovery of collected and processed personal data at their loss as a result of accidental, malicious or force majeure events.
Personal data is processed with controlled and traceable access
The Company provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals.
Personal data is processed with the required accountability for compliance with the Regulation
The Company provides the necessary accountability and records to be able to demonstrate that the provisions of the Regulation have been complied with.
Respecting the rights of individuals whose personal data are being processed
The Company ensures compliance with the rights of individuals whose personal data are collected and processed, including:
1. the right to information about the processing of personal data;
2. the right of access to personal data – what data are available;
3. the right to rectify inaccurate personal data;
4. the right to delete personal data – the right to be forgotten;
5. the right to limitation of the processed personal data;
6. the right to information about actions as a result of a request for rectification, dele-tion or limitation of the processing of personal data;
7. the right of data portability;
8. the right to object to the processing of personal data;
9. the right not to be subject to automatic decision-making involving profiling.
PERSONAL DATA PROCESSED
Processed Personal Data in the capacity of an Administrator:
• of Employees;
• of clients natural persons;
The processed Personal Data is obtained:
• Personally by Data subjects;
The following Sensitive Personal Data are processed:
• Data on Employee Health Status;
• Data about convictions and Violation containing in a criminal record.
OBJECTIVES FOR PERSONAL DATA PROCESSING
The Company as an Administrator performs the following operations and processes only the re-quired personal data for the following purposes:
• for concluding, implementing and terminating Labour Contracts and Calculation of Employee Wages and Salaries;
• for Delivery of Products to Customers;
• for Delivery of Customer Services;
• for Direct Marketing for Sales objectives;
RECIPIENTS AND RECIPIENT CATEGORIES
In connection with the fulfilment of the above mentioned objectives, the Company provides the physical data to natural persons to the following recipients:
• The National Revenue Agency in Connection with the Calculation of the Salaries of the staff;
• NSSI in relation to the Calculation of Staff Benefits;
• Occupational Medicine Association in relation to an obligation to maintain an updated Health status of the Staff and carrying out periodical medical examinations;
• Subcontractors for performance of contractual obligations;
COMPANY CONTACT DATA
If you have questions or ambiguities about the processing of your personal data or wish to exercise one of your rights, you can contact:
• email: firstname.lastname@example.org
• phone +359 889 723 453
• address: Sofia, 1618, Krasno selo district, Lagera res. area, 6, Bogovetz str., ent. 1, floor 2, apt. 9
COMPETENT SUPERVISORY BODY
The Commission for Personal Data Protection (CPDP) is the independent state body that assures the protection of individuals in the processing of their personal data and access to such data as well as the control over the observance of the Personal Data Protection Act on the territory of the Republic Bulgaria.
In case of doubt that your privacy rights have been violated, you may report to CPDP at:
• Address: Sofia 1592, 2, Prof. Tsvetan Lazarov blvd.
• Email: email@example.com
• Website: www.cpdp.bg
• Phone 02 / 91-53-518