For the purposes of its activities, trading company BAND - consulting & management Ltd. processes personal data of natural persons („data subjects“) in strict accordance with Regulation (ЕU) 2016/679 (General Data Protection Regulation) (GDPR), the Personal Data Protection Act and the company’s Personal Data Protection Policy.
This Privacy Notice is applicable to you if you are a client or a potential client of the services provided by BAND - consulting & management Ltd. or a job applicant and it is intended to explain to you how and why we process your personal data.
According to the General data Protection Regulation "personal data" means any information relating to natural persons through which they can be directly or indirectly identified.
Processing of personal data is any operation or set of operations which is performed on personal data by automated or other means.
Controller is the commercial company BAND - consulting & management Ltd., entered in the Commercial register under UIN 130483837, having its address of correspondence at 1303 Sofia, Vazrazhdane region, 70B Ivan Ivanov Blvd., floor3, email: [email@example.com, phone: + 3592 4111444, fax: + 35924111448.
Natural persons whose personal data are processed by the company
In connection with the services provided by it BAND - consulting & management Ltd. processes personal data of the following natural persons:
- Counterparts or potential counterparties of the company, as well as employees thereof;
- Individuals under civil contracts, persons under contract for management and control, self-employed, partners/shareholders;
- Job applicantsл
What kind of personal data do we process?
Based on the specific objectives and legal grounds BAND - consulting & management Ltd. processes all or some of the following personal data, individually or in combination:
- identification data - three names, personal ID number or personal number of a foreigner/other identifier, address;
- contact details - telephone, fax, e-mail;
- financial information, including bank accounts;
- other information and personal data necessary for performing the duties under the labour, social security and tax legislation.
In cases where it acts as a processor of personal data, BAND - consulting & management Ltd. company processes the personal data of clients of the Company in compliance with the contract with the administrator, its documented instructions and the legal obligations of the Company.
Purposes of processing
The company processes personal data for the following purposes:
- Providing financial accounting, payroll and consultancy services in the performance of a contract;
- Protection of the legitimate interests of the company, including:
- ensuring the proper functioning, maintenance and security of the company's website and IT systems;
- ensuring and protection of the rights and legitimate interests of the company, including legal procedures.
- To fulfil statutory obligations:
- obligations under the Accountancy Act, the Tax and Social Insurance Procedure Code and other related statutory instruments, in relation to the execution of proper and lawful accounting;
- obligations under the Measures Against Money Laundering Act;
- execution of the orders of state or judicial authorities.
Legal grounds of processing
The company processes personal data only in the presence of any of the alternative legal grounds under the General Regulation, and in particular:
- Performance of a contract, including pre-contractual relations before its signing;
- Legal obligations applicable to the company;
- The legitimate interests of the company, insofar as they have priority over the interests or fundamental rights and freedoms of the data subjects;
In some cases, we process personal data only with the prior consent of the data subject. Consent is a separate basis for the processing of your personal data, and the processing goal is specified therein and is not covered by the purposes listed in this Privacy Notice. The consent already granted may be withdrawn by the data subject at any time in the same manner as it was granted.
Possible consequences of failure to provide personal data
If the client does not provide the required information, including the necessary personal data, the company cannot enter into a contract with that client and cannot render the service requested.
To whom are personal data transmitted or disclosed?
The personal data of the company's clients are provided to:
- NRA, NSSI and other public authorities for the purposes of the contract;
- Competent authorities which, by virtue of regulations, have the power to require from BAND - consulting & management Ltd. the provision of information, among which personal data - court, supervisory/regulatory bodies, bodies with powers to deal with national security and public order matters;
- Other competent public authorities in fulfilment of a legal obligation;
Commercial companies providing IT support services to the company’s IT systems.
Term of personal data storage
The storage period of personal data depends on the processing purposes for which they are collected.
Personal data of the company’s clients are kept for a period of five years from the completion of the contract in accordance with the general limitation period under the Obligations and Contracts Act.
The personal data contained in the accounting documents shall be kept within the terms of Art. 12 of the Accountancy Act, and Art. 38 of the Tax and Social Insurance Procedure Code, respectively.
The personal data of job applicants will be deleted or destroyed within 60 days of completing the selection procedure of the candidates.
Security of personal data
The Company applies all appropriate technical and organizational measures to ensure the security of personal data, including taking explicit confidentiality obligation by the employees.
Rights of the data subjects
Any natural person whose data are processed by the company has the following rights:
- the right to access his/her personal data, including receiving a copy thereof;
- the right to rectification or completion of inaccurate personal data;
- the right to erasure of personal data processed without a legal basis;
- the right to restriction of processing - in case of a legal dispute between the company and the person until its resolution or the establishment, exercise or protection of legal claims;
- the right to object - at any time and on grounds relating to the particular situation of the person, provided that there are no compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or legal claims;
Pursuant to the Personal Data Protection Act, the above rights may be exercised by submitting a written application in the office of BAND - consulting & management Ltd. An application may also be made electronically in accordance with the Electronic Document and Electronic Certification Services Act. The application is made personally by the data subject or by an explicitly authorized person. The company shall decide upon the request of the data subject within 30 days of its submission.
Where the data subject's requests for the exercise of the rights referred to above are manifestly unfounded or excessive, the company may impose a fee or refuse to act on the request.
Protection of the rights of data subjects
In accordance with the Personal Data Protection Act and Regulation (EU) 2016/679, any individual who considers his/her right to protection of personal data violated, may file a complaint with the Commission for Protection of Personal Data at: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd. and Internet page: www.cpdp.bg.
Updates and changes to the Privacy Statement
In order to apply the relevant protection measures and to comply with current legislation, we will regularly update this Privacy Notice. If the changes made by us are substantial, we may post a notice about such changes in our website or let you know otherwise.
This Statement was last updated on 25.05.2018.