DATA PTROTECTION POLICY AT NOMADIA LTD

 

DATA PTROTECTION POLICY AT NOMADIA LTD

 

NOMADIA LTD, UIC: 121912561, with address: 10, Cherni Lom Str., VAT № BG121912561, Tel.: 0896834018, e-mail: office@nomadia.bg, with trademark Nomadia, hereinafter referred to as Controller or Nomadia, in its business relations with clients, applies the present General terms and conditions.

 

PREAMBLE


Nomadia, as personal data controller, collects and processes certain information about natural persons.

 

This information may refer to employees, managers, clients, suppliers, contractors, business contacts and other natural persons with whom the Controller maintains relationships or intends to establish business contacts.

The present personal data protection policy governs the method of collecting, processing and storing personal data in order to meet the standards implemented in the Controller’s organization and be in conformity with the statutory requirements.

 

I. Legal grounds

 

The present Data protection policy (the Policy) is issued on the grounds of the Personal Data Protection Act and regulations, as amended (the Bulgarian legislation), and the General Data Protection Regulation (EU) 2016/679 ("GDPR"). 

The Bulgarian legislation and GDPR provide rules on the manner in which organizations, including Nomadia, should collect, process and store personal data. Such rules are applied by the Controller regardless of whether it refers to data processed electronically, kept on a hard copy or other storage media.

In order for the processing to be in compliance with the legal requirements, the personal data are collected and used reasonably, stored securely with the Controller undertaking the necessary measures in order to avoid their unlawful disclosure.

II. Objectives of the Policy

 

The present Policy aims to ensure that the Controller:

- complies with the applicable legislation with regard to personal data and abides by the established good practices;

- implements the mechanisms of keeping, maintenance and protection of the records;
- lays down the obligations of the data processors and/or the persons who have access to personal data and are supervised by the data processors, their liability in case of non-performance of such obligations;

- protects the rights of the personnel, clients and partners;

- is open as to the manner of storage and protection of the personal data of natural persons;
- establishes the necessary technical and organizational measures for data protection against their unlawful processing (accidental or unlawful destruction, accidental loss, unauthorized access, modification or distribution, as well as against any other unlawful forms of data processing);

- is protected in case of risk of violations.

 

III. Scope 

 

The present Policy is applied to the processing of personal data of contractors, suppliers, clients and partners, as described in the electronic records, in compliance with this Policy, the Bulgarian legislation and Art. 30 of GDPR (“Records and Processing Activities”).

 

IV. Personal data collection

 

Purposes of data collection

 

The Controller collects personal data in connection with the performance of the following objectives:

 1. For performance of activities related to conclusion, existence, modification and termination of contractual relations, including for:

- preparation of any documents;

- establishment of connection with the contact person by telephone, fax, e-mail or any other lawful way;

- delivery and/or acceptance of goods/services, communication in connection with the provision and/or receipt of goods/services and rendering of the customer service related thereto;

- maintaining accountability in connection with the execution of contracts to which the Controller is a party;

- processing of payments in connection with the contracts concluded by the Controller;
- sending important information to the subjects in connection with changes in the Controller’s rules, terms and conditions and policies, and/or other administrative information;

2. For marketing purposes – after obtaining the explicit consent of the data subjects;

3. For statistical purposes – after obtaining the explicit consent of the data subjects.

 

Data collection 

Data belonging to contractors (managers, representatives and/or contact persons of the legal entity under a business contract)

Personal data of an individual are provided voluntarily by the persons themselves and are collected by the Controller in pursuance of a statutory obligation, in connection with the conclusion of a contract and/or execution of the obligations under a contract, in compliance with the provisions of the Commercial Act, the Accountancy Act, the Obligations and Contracts Act, the Value Added Tax, etc., and the terms and conditions indicated in a business contract with the relevant client in the following manner: on a hard copy – written documents (including powers of attorney, agreements, foreclosure notices, banking information, etc.); by e-mail – provided in connection with the execution of a business contract and/or by filling in a registration form. The individuals are informed about the provisions of this Policy in advance or at the time of receipt of their data.

Data protection policy while using our website

 

“Cookies” and tracing

In order to make your visit to our website more enjoyable and to be able to ensure the use of certain functionalities, we use cookies of different pages. These are small text files saved on the end device from which you visit our website. Some cookies which we use, are deleted after the end of the browser session, i.e. after you close your browser (the so called “session cookies”). Other “cookies” remain on your device and enable us or our partner companies to recognize your browser on a further visit (“persistent cookies”). You may set your browser in such a way that keeps you informed about the settings of the cookies and allows you to decide individually whether to accept them or reject the acceptance of cookies for specific cases or in general. Additional information can be found in the supporting section of your Internet browser. Rejection of cookies may limit the functionality of our website. We shall discuss certain cookies herein below.

We discern system cookies from promotional cookies. The system cookies are necessary for the correct functioning of our website. Rejection of such cookies would change your browsing experience as a client and certain services on our website would not be available.

The promotional cookies are described herein below. They are saved with the loading of our website and help us analyze summarized data on our visitors – e.g. how they get to our website, how much time they spend in it, if they visit us for the first time, how you review the content on our website, as well as to make a conclusion about the success of our marketing campaigns.

 

Facebook Pixel

We use Facebook Pixel, a service provided by Facebook. This service uses cookies saved on your device, which enable direction of advertisements through the advertising platform Facebook to its users, as well as to users of Facebook partner companies, e.g. Instagram, who have already visited our website in the last 180 days. This service provides more opportunities for creation of summarized anonymous audiences of visitors, based on the reviewed content on the website, as well as tracking of the success of advertising campaigns carried out through the advertising platform of Facebook. More information can be found in the Privacy Statement of Facebook at:  https://www.facebook.com/about/ privacy/. If you do not wish to participate in the tracking process, you can reject the setting of the cookies necessary for this purpose by using the settings of your browser and generally to deactivate the automatic saving of cookies.

 

Google Analytics 

We use Google Analytics, a web analysis service provided by Google LLC. The information generated by the cookies about your use on this website is usually sent to servers of Google in the USA and is stored there. Google shortens in advance your IP addresses within the Member States of the European Union or in other countries – parties to the European Economic Community Treaty. On behalf of the operator of this website, Google uses this information for assessment of the use of the website, for compilation of reports on the activity of the website and provision of other services related to the website and Internet usage, to the website operator. The IP address sent through your browser within the context of Google Analytics is not connected with other data available to Google. You can reject the use of cookies by making the appropriate adjustments to your browser. You can also prevent collection of data by Google through cookies and their connection with the website use (including IP address), as well as their processing by Google, by downloading and installing an extension (plug-in) for your browser from here: https://tools.google.com/dlpage/gaoptout?hl=en.

 

Connections to social media

Our website also contains links to Facebook. In this case data transfer to the above mentioned media operators is only possible when the relevant button of the icon illustrating the connection, is pressed. If you click on such button, the page of the relevant social network opens. There you can publish information about our products in according with the rules of the social media operator.

You can use our official contact profiles in the different social networks, as well as other official public profiles of the company.

Our Facebook page is at https://www.facebook.com/nomadia.bg/?ref=bookmarks

The personal data which you send through personal message shall only be processed for the purposes of response to your inquiry. We are not liable for information and personal data which you share voluntarily on our official profiles, without being explicitly requested to do so.

V. Transparency. Rights of the data subjects

 

Transparency and exercising of the subjects’ rights

The Controller provides information to the data subjects in a brief, transparent, understandable and easily accessible form, in a clear and simple language.

The Controller tries to ensure that the data subjects are familiar with the data processed by it and they completely and fully understand and are informed about the processing in compliance with the requirements of GDPR and the Bulgarian legislation.

Right to access of data subjects

Any person is entitled to receive from the Controller confirmation as to whether personal data related to him/her are processed and if yes, to obtain access to the data and the following information:

- purposes of the processing;

- the relevant categories of personal data;

- the recipients or categories of recipients to whom the personal data shall be disclosed (including in third countries or international organizations);

 

Right to rectification

Any person whose data are processed by the Controller, is entitled to request from the Controller to rectify, without undue delay, any incorrect personal data related to such person. Considering the purposes of the processing, the person is entitled to completion of incomplete personal data.

Right to deletion (the right to be forgotten)

Any person, whose data are processed by the Controller, is entitled to request from the Controller deletion of personal data related to such person, without undue delay, and the Controller is obliged to delete the personal data without undue delay.

Right to objection

The data subject is entitled at any time and on grounds related to his or her specific situation, to object the processing of personal data related thereto (where processing is necessary for the performance of a task of public interest or upon exercising official powers of the Controller, or the processing is for the purpose of the legitimate interests of the Controller or a third party), including profiling. The Controller terminates processing of personal data unless it is able to prove that there are convincing legal grounds for the processing, which have priority over the interests, rights and freedoms of the data subject, or for the establishment, exercising or defense of legal claims.

Where personal data are processed for the purposes of direct marketing, the data subject is entitled at any time to file an objection against the processing of personal data related to him or her for this type of marketing, which also includes profiling, as long as it is connected with direct marketing. Where the data subject objects the processing for the purposes of direct marketing, the processing of personal data for such purposes shall be terminated.

At the time of the first establishment of contact with the date subject at the latest, he or she is explicitly notified about the existence of the right under the previous paragraphs, which is provided to him or her in a clear way and separately from any other information.

VI. Technical and organizational measures for data protection

 

The protection of data on a hard copy or on electronic media against unauthorized access, damage, loss or destruction is ensured by means of a number of internally regulated technical and organizational measures.

VII. Personal data transfer

 

Nomadia Ltd undertakes not to provide to third parties your personal data without your explicit consent, unless this is necessary for the performance of contractual obligations to you or in connection with its own legal obligations:

 

1. toward public authorities such as the National Revenue Agency, the National Social Security Institute, the Personal Data Protection Commission

2. toward other data processors, depending on the needs of the business activity:

  • Accounting firm
  • IT companies maintaining Internet sites of the Controller, the e-mail platform and the information system
  • Companies providing services related to archival of information (on a hard copy or digital medium)
  • Insurance companies
  • Postal service providers.

 

VIII. Breach. Notifications

 

Breach

Security breach of data occurs when the personal data of which Nomadia is in charge, are affected by a security incident as a result of which the confidentiality, availability or integrity of the personal data is violated. Within this meaning, data breach occurs when there is a security breach leading to incidental or unlawful destruction, loss, modification, unauthorized disclosure of data which are transmitted, stored or otherwise processed.

In case of data security breach, the data protection officer must be immediately notified by using the following contact information: Nomadia Ltd, 10, Cherni Lom Str., Sofia, e-mail: office@nomadia.bg, Tel. 0896 834018.

IX. Data protection officer

The Controller designates Mrs Rumyana Aleksandrova Georgieva – Ilieva as data protection officer in addition to her other position.

Responsibilities:

  • to develop and implement the requirements of REGULATION (EU) 2016/679 as requested by the present policy;
  • to be directly responsible that in general the Controller’s organization as well as the activity of any member of the management, carried out within that member’s area of responsibility, comply with the requirements of Regulation (EU) 2016/679;
  • to be in charge of the security and risk management in terms of compliance with the policy;
  • to represent the Controller on all issues related to data processing.

Should you have any questions regarding the present Policy or would like to exercise your rights, please contact the data protection officer using the following contact details: office@nomadia.bg.

The present Policy was approved by the manager of Nomadia Ltd on 22 May 2018 and became effective as of 25 May 2018.

Question form

Send