GENERAL PROVISIONS
For the purposes of its activities, the company Archistik Ltd. processes personal data of individuals (“data subjects”) in strict accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR), the Personal Data Protection Act, and the company’s Personal Data Protection Policy.
This Privacy Policy applies to you if you are a client or a potential client of the services provided by Archistik Ltd., an employee or a job applicant, and aims to explain to you how and why we process your personal data.
LEGAL GROUNDS FOR PROCESSING
Archistik Ltd. only processes personal data in the presence of any of the alternative legal bases under the General Data Protection Regulation, in particular:
- Execution of a contract, including pre-contractual relations before its conclusion;
- Legal obligations applicable to the company;
- The legitimate interests of the company, insofar as they take precedence over the interests or fundamental rights and freedoms of data subjects;
- In some cases, Archistik Ltd. only processes personal data with the prior consent of the data subject. Consent is a separate basis for the processing of your personal data, the purpose of which is stated in it and does not overlap with the purposes listed in this privacy statement. Consent already given may be withdrawn by the person at any time in the same manner in which it was given.
OBJECTIVES
Archistik Ltd. only collects personal data for specific and legitimate purposes and does not further process them in a way incompatible with them.
Archistik Ltd. strives not to provide your personal data to any third parties in any way other than in the hypothesis provided for in the law. All service providers are required to take appropriate
security measures to protect your personal information. They may not use your personal data for their own purposes, but only for the purposes specified by Archistik Ltd., as well as in accordance with the company’s instructions.
PRINCIPLES
Archistik Ltd. complies with the data protection legislation, according to which it data should:
1. be processed lawfully, transparently and in good faith;
2. be only collected for valid purposes, which we have clearly explained, and not be used in any other way that is incompatible with these purposes;
3. be appropriate, relevant and not beyond what is necessary for the purposes we have set out;
4. be accurate and up to date;
5. be stored for a period not longer than necessary for the purposes we have set out;
6. be properly protected.
WHAT INFORMATION IS PROCESSED?
- Identification data under identity document / another identifier;
- Data on education, professional qualification and employment;
- Data relating to convictions and offenses;
- Financial information, including bank accounts;
- Data to be provided upon conclusion of a contract;
- Data on the orders, their execution, the obligations under the contract;
- Data for communication with clients – email, phone, correspondence address;
- Other data required by virtue of the special laws governing employment relationships, tax and social security relationships, business accounting, safe and healthy working conditions, and social issues.
WHO PROCESSES AND IS RESPONSIBLE FOR YOUR PERSONAL DATA?
The personal data controller is the company Archistik Ltd., UIC 200653003, registered office and management address: Sofia city, Krasno Selo Region, 20 Dospat Str., fl. 6, studio 3, e-mail: office@archistik.com, and contact phone: +359 2 953 24 77, +359 887 172 477.
HOW IS YOUR PERSONAL DATA PROCESSED?
By using “consent”, Archistik Ltd. only means the cases in which the data subject has been informed about the planned processing and has expressed their consent.
Consent obtained under duress or on the basis of misleading information shall not be a valid basis for the processing of personal data. For special categories of data, Archistik Ltd. will request the explicit written consent of the data subjects, unless there is an alternative legal basis for processing.
PERIOD OF STORAGE OF PERSONAL DATA
Archistik Ltd. will only store your personal data for the period for which it is necessary to fulfill the purposes for which it was collected, including to comply with the requirements of labor, social-security and accounting legislation.
RIGHTS OF DATA SUBJECTS
As a data subject, you have the following rights with regard to data processing:
- To request confirmation that personal data relating to you are being processed and, if so, to access to the data, as well as any information about the recipients of this data.
- To request a copy of your personal data from the controller;
- To ask the controller to correct personal data when it is inaccurate and when it is no longer up to date;
- To require that the controller delete personal data (right to be “forgotten”);
- To ask the controller to limit the processing of personal data, in which case the data will only be stored, but not processed;
- To object to the processing of your personal data;
- To object to the processing of personal data concerning you for the purposes of direct marketing.
- To complain to a supervisory authority if you believe that any of the provisions of the Regulation have been violated;
- To request and be provided with the personal data in a structured, widely used and machine-readable format;
- To withdraw your consent to the processing of the personal data at any time with a separate request addressed to the controller;
- To not be subject to automated decisions that affect you significantly, without the possibility of human intervention;
- To oppose automated profiling that happens without your consent;
OBLIGATION TO NOTIFY
Archistik Ltd. wants to keep your personal information accurate and up-to-date, so it should be
notified of any changes in your personal data.
CHANGES TO THE PERSONAL DATA PRIVACY POLICY
In order to implement the latest protection measures, as well as in order to comply with applicable law, Archistik Ltd. shall regularly update this Privacy Policy. If the changes that have been made are significant, they should be published in a message addressed to you via the specified correspondence address or in another appropriate way.
WITHDRAWAL OF CONSENT
If you have given your explicit consent to the processing of your personal data for a specific purpose, you have the right to withdraw this consent through the correspondence options provided on the company’s website.
Upon receipt of your request, Archistik Ltd. will suspend the processing of data for the purpose for which you have initially agreed, unless there is another legal basis which is an obstacle to respecting your withdrawal, and Archistik Ltd. shall undertake to notify you in a timely manner.
DATA SECURITY
Archistik Ltd. shall be responsible for the security of the data you provide by implementing the appropriate and necessary level of protection to protect the data it collects from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data.
Access to your personal data is only allowed to those employees, service providers or persons related to Archistik Ltd. on a “need to know” basis for official purposes or to persons who need
it to perform their official duties.
Personal data shall be deleted or destroyed only in accordance with internal procedures for the storage and destruction of data.
PROTECTION OF THE RIGHTS OF DATA SUBJECTS
In accordance with the Personal Data Protection Act and Regulation (EU) 2016/679, any individual who considers that their right to protection of personal data has been violated may lodge a complaint with the Data Protection Commission at: Sofia City 1592, 2 Prof. Tsvetan Lazarov Blvd., website: www.cpdp.bg.