Privacy policy according to Regulation (EU) 2016/679
Introduction
For RCD TRADE LTD (the "Administrator" / "We" / "the Company") the protection of personal data is a very important and top priority. We respect your personal sphere and for that reason, we will provide below with information regarding the processing of your personal data below.
II. Information about the Administrator. Details of the supervisory authority
RCD TRADE LTD is a company incorporated in the Commercial Register of the Registry Agency with UIC 203643231 with registered address, Sofia, 55 Haydushka Polyana Str., Registered office: Sofia, kv. Vrazhdebna, 3- and №4
face: Vladimir Tsekov
The supervisory authority that oversees personal data protection activities is the Personal Data Protection Commission. If you are not satisfied with the way we have responded to your personal data protection complaint, you have the right to file a complaint with it.
III. Aims and scope of the policy. Principles for the processing of personal data
This Privacy Policy (in brief, the 'Policy') contains information on how and why we process your personal data, how we protect and store it, and what your rights are in relation to the personal data you provide.
The guiding principles that the Company applies in the processing of personal data are:
- legality, integrity and transparency throughout the process of processing personal data;
- the collection of personal data is bound by specific, explicit and legitimate purposes and is not processed in a manner incompatible with those purposes;
- minimizing the personal data that the Administrator processes and strict compliance with the purposes for which they are processed;
- the relevance of the personal data being processed and taking all reasonable steps to ensure that inaccurate personal data are deleted or corrected in a timely manner, having regard to the purposes for which they are processed.
- ensuring an adequate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical and organizational measures.
Reason for processing your personal data. Purpose of processing. Third party disclosure
The administrator processes your personal data:
- for the performance of the contracts to which you are a party and the guarantee and enforcement of the rights arising from them
- to comply with the normative obligations arising from the current Bulgarian legislation.
What are the purposes of processing the personal data you provide:
- compliance with legal requirements - providing information to competent authorities, institutions and third parties within the powers they have, as well as in the proceedings before a court, in accordance with the requirements of the procedural and substantive legal acts applicable to the procedure; obligations stipulated in the Law on Accounting and the Tax and Social Insurance Procedure Code and other related normative acts, in connection with keeping proper and lawful accounting;
- communicating with you about updates to our products and informing you of any promotions we offer, to the extent that it is in our legitimate interest or that you have agreed to receive such communications, and unless you choose to opt out of them.
Your personal data is obtained and processed by CIMEXEUROPE employees or civil contractors who need this information to fulfill contractual, legal and regulatory obligations. We may disclose your personal information insofar as we believe such disclosure is necessary to satisfy the above objectives to the following recipients:
- external auditors, notaries, private and public bailiffs, persons providing consultancy services in various fields for the purpose of executing or applying the contract concluded between us;
- banks and / or payment institutions to service the payments made by / to you;
- Competent authorities, institutions and persons who have the power to request the provision of personal data and to which we are obliged to provide personal data under current legislation, such as courts, prosecutors, various regulatory authorities;
- persons who, on a contractual basis, maintain equipment, software and hardware used for processing of personal data and necessary for the establishment of the Company's network, as well as for the provision of various services related to communication with clients;
We require all third parties to whom we disclose personal data an obligation of confidentiality and take all technical and organizational measures to protect this data under the Regulation.
Time limit for processing and storage of personal data you provide
We process your personal data for the entire duration of the Contract you have entered into with us and store them for a period of 5 to 50 years in order to comply with applicable law, with the expiry of certain limitation periods for filing claims and obligations to provide information to the court, competent public authorities and other grounds provided for in current legislation. Upon expiration of the above deadlines, the Company will delete or anonymize your personal data.
VII. What are your rights regarding the processing of personal data?
You have the following rights in relation to the processing of your personal data:
- Right of access and information about your personal data - You have the right to ask us what information (if any) we process for you and, if so, to provide you with a message in an understandable form containing your personal data being processed, as well as any available information about their source and a copy of the personal data that is being processed. You can apply for access to your personal data locally at the Company's office or by sending an email to the Company's email address. We will confirm your request and respond to you within one month of submitting your request.
- Right of Deletion - you may request that we delete or remove your personal data when it is no longer necessary for the purposes for which it was collected or processed. Please note that this request will be granted provided that we have no legal obligation to store this information and / or are not subject to the statute of limitations that we are required to comply with in accordance with applicable laws and regulations.
- Right of correction - any factual inaccuracy or incompleteness about your personal data may be corrected - in the event that we process incomplete or erroneous data, you have the right to ask us to correct it without undue delay. Given the purpose of the processing, you have the right to fill in the incomplete personal data, including by adding a declaration.
- Right to request a restriction of processing - you may request a restriction of the processing of your personal data in certain circumstances, such as when you dispute the accuracy of the data or if you believe that the processing is without a legal basis. However, such objection may not prevent us from storing your personal data.
- The right to object to the processing of your personal data when there are legal grounds for doing so, and to object to the processing of your personal data for direct marketing purposes. When the objection is justified, your personal data can no longer be processed unless the Company proves that there are compelling legal grounds for processing.
- Data Transfer Right - You may request the Company to provide the personal data you provide to us in an organized and read-only format if the processing is contract based or based on a statement of consent. When exercising your right to data portability, you have the right to receive a direct transfer of your personal data from one controller to another when technically feasible.
- Right to complain to the Commission for Personal Data Protection (CPDP) If you believe that we are in breach of the applicable regulations, please contact us to clarify the matter. Of course, you have the right to file a complaint with the Commission for Personal Data Protection, with the CPDP contact details at the very beginning of this document.
VIII. protection of personal data
The security of your personal information is important to us and we therefore apply various organizational and technical measures to ensure that your data is protected and confidential. Some of the measures we apply to ensure a high level of security with regard to the management of personal data include:
- minimization - the personal data we require is relevant and limited to what is necessary for the purposes for which it is processed;
- strict internal control over access to personal data - access to your personal data is only allowed to those of our employees who need this information to properly carry out their professional duties;
- providing ongoing training in protecting the personal data of all our employees and ongoing internal controls on the implementation of confidentiality measures.
We may change this policy in accordance with applicable law and industry best practices. We will post changes to this page and encourage you to review this Policy on a regular basis to stay informed.