KINI 2001 Ltd, UIC (BULSTAT UNIFIED IDENTIFICATION NUMBER): 128530952, with headquarters and management address: Kabile st, Yambol, further mentioned as ‘the company’, is an administrator of private data and is responsible for the compliance with the provisions of the General Data Protection Regulation (GDPR) 2016/679.
PRIVATE DATA PROCESSING PRINCIPLES
Compliance with the provisions of the Regulations
The company policy has the responsibility of ensuring the compliance with the provisions of the Regulation.
Private data is collected and processed according to the law and good conscience.
The company collects and processes private data according to the principles and rights of the natural persons in relation to the processing of their private data.
Private data is processed transparently
The company ensures transparent communication regarding the collection and processing of private data. The related information is concise, transparent, comprehensible and easily accessible, and clear and unambiguous wording is used.
Private data is collected and processed only for specific purposes
The company processes the private data of natural persons only in the following cases:
1. The processing is required for the legal compliance of the company;
2. The processing is required for the execution of a contract (e.g. an order) with the company, in which the natural person is a legal part, or for making demands of a natural person before signing a contract whenever their identification is required;
3. A natural person has given their unambiguous permission for a comprehensible and clearly defined purpose from the company’s part, for which it is required to process their private data;
4. The processing is required for the protection crucial interests of the natural person whose private data is being processed or another natural person;
5. The processing is required for the legal interest of the company or a third party according to the provisions of the Regulation;
6. The other cases that appear in the Regulation.
Private data that is not necessary for the activity of the company is not collected and processed
The company does not collect and process private data of natural persons, which exceeds its legal obligation or the requirements for the realization of its activity.
Collected private data for other purposes, only after an agreement between the persons has been made.
In all cases that require collected and processed private data of natural persons to be used for purposes different than the ones listed above, the company notifies the respective natural persons and proceeds to the processing of their private data for other purposes only after their explicit consent.
Only the minimal amount of the required private data is collected for processing
The company collects and processes only the minimal amount of private data of natural persons, that:
1. Appear in the law;
2. Are required for the execution of a contract;
3. Are required for the fulfillment of the purposes for which they are being collected.
The processed private data is accurate and up to date
The company ensures the processing of private data of natural persons be done with utmost precision and, if possible, that it always stays up to date.
The private data is processed by the minimal amount of people required
The company ensures the access to the private data of natural persons and its processing be done by the minimal amount of people required (operators), who have the required competence for its processing and the responsibility for their protection.
Private data is collected for the minimal amount of time required
The company collects private data for the minimal amount of time required:
1. Required by law;
2. Required for the execution of a contract (e.g. an order) and the responsibility that comes with it;
3. Required for the fulfillment of the purpose for which the private data is collected and processed;
4. Until request by the natural person for their deletion after which they are destroyed without delay.
In all cases, the company ensures that a review of the collected and processed private data be done at least once a year, and the ones that fall into either of the above categories are deleted without delay.
RULES FOR PRIVATE DATA PROCESSING
Private data is processed with the required precautions
The company ensures the appropriate level of physical, organizational and technological protection with regard to:
1. The nature, scope, context and purpose of the processed private data;
2. The probability, levels of influence and the magnitude of the risk for natural persons in the case of a security violation of the processed private data;
3. Its financial and organizational capabilities.
The company also ensures all required measures for the timely restoration of collected and processed private data in the case of their loss resulting from random, malicious or unforeseeable events.
The private data is processed with a controlled and traceable access.
The company ensures the required and appropriate technical, organizational and technological measures for a controlled and traceable access to the private data of natural persons.
Private data is processed with the accountability required for the compliance with the Regulation. The company ensures the necessary accountability and registries in order to be able to prove that the provisions of the regulation have been met.
Adherence to the rights of the natural persons whose private data is being processed
The company ensures the adherence to the rights of the natural persons whose private data is being collected and processed, which includes:
1. A right to be informed about the processing of their private data;
2. A right of access to their private data – what data does the company have in its disposal;
3. A right of correction of inaccurate private data;
4. A right of deletion of private data – the right to ‘be forgotten’;
5. A right of restriction of the access to the processed private data;
6. A right to be informed about activities resulting from a request for correction, deletion or limitation of the processing of private data;
7. A right of mobility of the data;
8. A right of objection towards the processing of the private data;
9. A right to refuse to be subject to automatic decision-making, including profiling.
Processed private data in the capacity of an administrator:
• of employees ;
• of customers (natural persons);
• of providers (natural persons).
PRIVATE DATA PROCESSING PURPOSES
The company, in its capacity of administrator, carries out the following operations and only processes the private data required for the following purposes:
• for execution of employment contracts and calculation of work salaries and compensations for employees;
• for providing services to customers;
• for maintenance of the customers’ health status;
• for the realization of traceability of the work process.
RECEPIENTS AND RECEPIENT CATEGORIES
In relation to the fulfillment of the aforelisted purposes , the company provides private data of natural persons to the following recepients:
• NRA (National Revenue Agency) with regards to the calculation of work salaries for the staff;
• NSSI (National Social Security Institute )with regards to the calculation of compensations for the staff;
• The Occupational Health Service in relation to the obligation for maintenance of an up-to-date health status of the staff and the organization of periodical medical check-ups;
• General Health Inspection, NSSI and MOI (Ministry of Interior).
COMPANY CONTACT INFORMATION
If you have any questions or confusions regarding the processing of your private data, or if you want to exercise one of your rights, you can contact us at:
• Email: email@example.com
• Phone: +359 550 22499
• Address: 20 Via Pontika Str., Sozopol 8130, Bulgaria
COMPETENT SUPERVISING BODY
The Private Data Protection Commission is the independent body of the State that ensures the protection of the persons during the processing of their private data and during the access to said data, as well as the compliance with the General Data Protection Regulation (GDPR) on the territory of the Republic of Bulgaria
In the case of a suspicion that your rights related to the protection of your private data have been violated , you can report it to the The Private Data Protection Commission at:
• Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
• Email: firstname.lastname@example.org
• Website: www.cpdp.bg
• Phone: +359 2 915 35 18