on website https://www.soitron.bg/bg/
Last updated: 01.06.2023
1. What is personal data?
Personal data is information that directly or indirectly identifies you as a natural person, as indirect means when it is combined with other information such as your name, postal address, e – mail address, telephone number, etc.
2. How do we process your personal data?
We will only use personal data as set out in this policy, unless you have given us your express consent to another use of your personal data, such as through an express statement of consent to send you marketing communications.
3. Which of your personal data do we process?
1 ) IP address ;
2) Date and time of the request ;
3) The time zone difference to Greenwich Mean Time (GMT) ;
4) Request content (specific page) ;
5) Access Status Code / HTTP Status ;
6) The amount of data transferred in each case ;
7) Website from which the request comes ;
8) Browser – type ;
9 ) Operating system and its interface ;
10) Language and browser software version.
We may be required to process and store personal data on legal grounds and to achieve regulatory compliance such as to prevent, detect or investigate crime, prevent loss, fraud or other financial abuse.
4. Use of the Homepage at https://www.soitron.bg/bg/ :
5. Who we share your personal data with :
We will only disclose your personal data for the purposes and only to those third parties set out below – unless we have received from you additional consent to transfer personal data to other categories of third parties given elsewhere, such as through a consent statement for a specific purpose. “SOITRON” EOOD will take appropriate measures to ensure that your personal data is processed, protected and transferred in accordance with applicable legislation.
(1) Conversion of a commercial company and redemption of shares :
In connection with conversion, restructuring, merger, sale or other type of transfer of assets, “SOITRON” EOOD will transfer information, including personal data, on a reasonable scale to the acquirer of such shares or assets, and as necessary for the transfer of ownership, after the receiving party agrees to process your personal data and implement the necessary measures to protect it under a way that corresponds to the applicable Bulgarian and European legislation.
(2) Competent authorities :
We will disclose your personal data to public authorities when required by law. For example, “SOITRON” EOOD will respect the requests of courts, administrative and other public state or municipal bodies, which may also include similar bodies of state or municipal authority.
6. Processing of personal data of children :
“SOITRON” EOOD does not collect or process personal data of children under the age of 14, except with the consent of a parent or guardian in accordance with applicable local legislation. If we learn that a child’s personal data has been accidentally collected, we will promptly delete the data in question.
7. Processing of special categories of personal data (“sensitive” data):
“SOITRON” EOOD does not process the so-called special categories of personal data, namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, data for the state of health or data on the sex life or sexual orientation of the natural person .
8. Security of your data:
“SOITRON” EOOD takes the security of your personal data seriously. We apply the appropriate level of protection and to this end we have developed reasonable physical, electronic and technical procedures to protect the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data. Access to your personal data is permitted only to those employees, service providers or those associated with “SOITRON” EOOD persons on the basis of the need for information for official purposes or who need it for the performance of their official duties. In case of leakage of data containing personal data, “SOITRON” EOOD will follow all applicable notification norms in such cases.
9. What are your legal rights?
As a data subject, you have specific legal rights related to the personal data we collect from you. This applies to all processing activities that “SOITRON” EOOD performs, undertakes with your personal data and which are listed above. “SOITRON” EOOD respects your individual rights and will always answer your questions and inquiries regarding the ways in which we process the personal data received from you.
The list that follows contains information about your rights arising under applicable data protection laws:
The subject’s right of access to the data (according to Article 15 of the General Data Protection Regulation – GDPR)
1. The data subject has the right to obtain from the administrator confirmation as to whether personal data relating to him are being processed and, if so, to obtain access to the data and the following information:
a) the purposes of processing;
b) relevant categories of personal data;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) when possible, the intended period for which the personal data will be stored, and if this is impossible, the criteria used to determine this period;
e) the existence of a right to require the controller to correct or delete personal data or to limit the processing of personal data related to the data subject, or to object to such processing;
f) the right to appeal to a supervisory authority;
g) when personal data are not collected from the data subject, any available information about their source;
h) the existence of automated decision-making, including the profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and at least in these cases, essential information about the logic used, as well as the meaning and intended consequences of this processing for the data subject.
2. When personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards under Article 46 of the GDPR in relation to the transfer.
3. The administrator provides a copy of the personal data that is being processed. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. When the data subject submits a request by electronic means, the information shall be provided in a widely used electronic form whenever possible, unless the data subject has requested otherwise.
4. The right to receive a copy referred to in paragraph 3 does not adversely affect the rights and freedoms of others.
I. Right to rectification (according to Art. 16 of the General Data Protection Regulation)
The data subject has the right to request the controller to correct inaccurate personal data relating to him without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by adding a declaration.
II. Right to erasure (right “to be forgotten”) (according to Art. 17 of the General Data Protection Regulation)
1. The data subject has the right to request the controller to delete the personal data related to him without undue delay, and the controller has the obligation to delete the personal data without undue delay when any of the following grounds apply:
2. a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws his consent on which the data processing is based according to Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a) of the GDPR, and there is no other legal basis for the processing;
c) the data subject objects to the processing pursuant to Article 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21, paragraph 2 of the GDPR;
d) the personal data were processed unlawfully;
e) the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;
f) the personal data were collected in connection with the provision of information society services under Article 8, paragraph 1 of the GDPR.
2. Where the controller has made the personal data public and is obliged under paragraph 1 to delete the personal data, it shall, taking into account the available technology and implementation costs, take reasonable steps, including technical measures, to notify the controllers processing the personal data that the data subject data has requested the deletion by these administrators of all links, copies or replicas of this personal data.
3. Paragraphs 1 and 2 do not apply insofar as the processing is necessary:
4. a) to exercise the right to freedom of expression and the right to information;
b) to comply with a legal obligation that requires processing provided for in the law of the Union or the law of the Member State that applies to the controller or for the performance of a task in the public interest or in the exercise of official powers that have been granted to the controller;
c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, letters h) and i), as well as Article 9, paragraph 3 of the FDLR
d) for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, to the extent that the right established in paragraph 1 is likely to make it impossible or seriously hinder the achievement of the objectives of this processing; or
e) for the establishment, exercise or defense of legal claims.
III. Right to restriction of processing (according to Art. 18 of the General Data Protection Regulation)
1. The data subject has the right to request from the controller the restriction of processing when one of the following applies:
2. a) the accuracy of the personal data is contested by the data subject, for a period that allows the controller to verify the accuracy of the personal data;
b) the processing is unlawful, but the data subject does not wish the personal data to be deleted, but instead requests the restriction of its use;
c) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defense of legal claims;
d) the data subject has objected to the processing pursuant to Article 21, paragraph 1 of the GDPR pending verification of whether the legitimate grounds of the controller prevail over the interests of the data subject.
2. Where processing is restricted pursuant to paragraph 1, such data shall be processed, with the exception of their storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or for important reasons of public interest for the Union or a Member State.
3. Where a data subject has requested the restriction of processing pursuant to paragraph 1, the administrator shall inform him before the cancellation of the restriction of processing.
IV. Right to data portability (according to Art. 20 of the General Data Protection Regulation)
1. The data subject has the right to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the administrator to whom the personal data data is provided when:
2. a) the processing is based on consent in accordance with Article 6, paragraph 1, letter a) of the GDPR or Article 9, paragraph 2, letter a) of the GDPR or on a contractual obligation according to Article 6, paragraph 1, letter b) of the GDPR; and
b) the processing is carried out in an automated manner.
2. When exercising his right to data portability under paragraph 1, the data subject has the right to obtain a direct transfer of personal data from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article does not affect article 17. The said right does not refer to the processing necessary for the performance of a task in the public interest or in the exercise of official powers that have been granted to the controller.
4. The right referred to in paragraph 1 does not adversely affect the rights and freedoms of other persons.
V. Right to object (according to Art. 21 of the General Data Protection Regulation)
1. The data subject has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him, which is based on Article 6(1)(e) or (f) of GDPR, including profiling based on said provisions. The administrator shall terminate the processing of personal data unless he proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
2. When personal data are processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for this type of marketing, which also includes profiling insofar as it is related to direct marketing.
3. When the data subject objects to processing for direct marketing purposes, the processing of personal data for these purposes shall cease.
4. At the latest at the time of the first contact with the data subject, he is expressly informed of the existence of the right under paragraphs 1 and 2, which is presented to him in a clear way and separately from any other information.
5. In the context of the use of information society services and notwithstanding Directive 2002/58/EC, the data subject may exercise his right to object by automated means using technical specifications.
6. Where personal data are processed for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89(1) GDPR, the data subject has the right, based on his/her particular situation, to object to the processing of personal data concerning him/her , unless the processing is necessary for the performance of a task carried out for reasons of public interest.
VI. Automated individual decision-making, including profiling (according to Article 22 of the General Data Protection Regulation)
1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects him.
2. Paragraph 1 does not apply if the decision:
3. a) is necessary for the conclusion or performance of a contract between a data subject and controller;
b) is permitted by the law of the Union or the law of a Member State which applies to the controller and which also provides for appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
c) is based on the express consent of the data subject.
3. In the cases referred to in paragraph 2 letters a) and c), the administrator applies appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, at least the right to human intervention by the administrator, the right to express his point of view point and challenge the decision.
4. Decisions under paragraph 2 shall not be based on the special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures are in place to protect the rights and freedoms and legitimate interests of the data subject.
VII. Right to submit a complaint to a supervisory authority (according to Art. 77 of the General Data Protection Regulation)
1. Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of employment or place of the alleged infringement, if the data subject considers that the processing of personal data concerning him violates the provisions of the GDPR.
2. The supervisory authority to which the complaint was submitted informs the complainant about the progress in examining the complaint and about its outcome, including the possibility of legal protection pursuant to Article 78 of the Labor Code.
VIII. Right to withdraw consent
Where the processing is based on consent, the controller must be able to prove that the data subject has given consent to the processing of his personal data. Before giving consent, the data subject is informed of this.
Withdrawing consent is as easy as giving it. To withdraw consent, the data subject could contact the Administrator using one of the indicated contact methods:
1. By sending an email describing the withdrawal of consent to firstname.lastname@example.org;
2. By sending a written application for withdrawal of consent to the Administrator at the address: Sofia 1766, “Vitosha” district, “XS Tower”, street “Panorama Sofia” No. 5, explicitly indicating on the envelope itself: “Withdrawal of consent in accordance with the Regulation on protection of personal data”.
All communications and statements regarding the applicable rights of the data subject are provided free of charge by the Controller. However, if the application is manifestly unfounded or inappropriate, in particular because it is repeated, the Administrator has the right to charge a reasonable fee, taking into account the administrative costs associated with providing the requested information. In the event of a repeated application for a copy of the processed personal data, the Administrator reserves the right to charge a reasonable fee for administrative costs.
Feedback (answer), as well as, when appropriate, information about the measures taken, is provided by the Administrator as quickly as possible and no later than one month. The Administrator may be permitted to extend the response period by a further two months, in certain extenuating circumstances, given the complexity and number of applications received. The administrator shall inform the data subject of the extension of the response period and indicate the reasons for the delay.
10. Storage of your personal data :
11. Changes to this policy :
We reserve the right to change our data protection practices and to update and amend this policy at any time. For this reason, we encourage you to consult the policy regularly. This data protection policy is current as of the date indicated in “Last updated” on this document above.
12. Contact data:
“SOITRON” EOOD, UIC 202463853, Address: Sofia, p.k. 1766, Vitosha district, “XS Tower”, 5 Panorama Sofia street, floor 1, e – mail: email@example.com