sddiconsulting | Processing of personal data

Information about the personal data processor:

SDDI Consulting EOOD

UIC/ BULSTAT 205976619,

Headquarter and management address: Sofia, 13 Plana Planina str.,

Mailing address: Sofia, 13 Plana Planina str.,

Tel: +359888453024;

e-mail: office@sddiconsulting.com.

SDDI Consulting processes your personal data on the following grounds:

Your explicit consent - the purpose is indicated for each specific case;
Execution of the obligations of the Administrator under contract;
Compliance with a statutory duty applicable to the Administrator;
For the legitimate interests of the Administrator or a third party.

In the following paragraphs you will find information about the processing of your personal data depending on the basis on which we process them.

1. 1. FOR PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONSHIPS

SDDI Consulting processes your personal data in order to fulfill the contractual and pre - contractual obligations and to exercise the rights of the agreement.

Purposes of processing:

● establishing your identity;

● management and execution of your request and execution of the concluded contract;

● accounting purposes;

● retention of correspondence in connection with the order made, processing of requests, problem reporting, etc.

● preparation of a user profile;

Based on the contract concluded between us and you, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

personal contact details - contact address, email, phone number;
identification data - the three names, a unique civil number or personal number of a foreigner, permanent address;
data on the orders made through the user profile;
e-mail, letters, information about your removal requests
problems, complaints, requests, grievances;
credit or debit card information, bank account number, or other banking and payment information in connection with the made payments;

The processing of the specified personal data for us is mandatory in order to we can conclude the contract with you and fulfill it.

We may provide your personal data to third parties for the purposes of the fulfillment of the contract.

The data collected on this basis are deleted 5 years after the termination of the contractual relationship, whether or not due to the expiry of the contract, spoilage or other grounds. The term is determined by the 5-year statute of limitations term for possible claims from the contract.

2. FOR FULFILLMENT OF REGULATORY OBLIGATIONS

In case of regulatory obligation to process your personal data, we are required to perform the processing, such as:

● Obligations under the Anti-Money Laundering Measures Act;

● Fulfillment of obligations related to remote selling, sale outside the commercial entity, provided by the Consumer Protection Low;

● providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation for personal data protection;

● Obligations provided for in the Accounting Act and the Tax-Insurance Procedure Code and other related normative acts, in connection with the keeping of lawful accounting;

● Providing information to the court and third parties, in the framework of proceedings before a court, in accordance with the requirements of the regulations applicable to the proceedings;

The data collected in accordance with the obligation provided by law are deleted after as the obligation for collection and storage is fulfilled or abolished.

When there is an regulatory obligation, it is possible to provide your personal data to the competent public authority, physical or legal entity.

3. AFTER YOUR CONSENT

SDDI Consulting processes your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you refuse to process personal data.

Concessions granted may be withdrawn at any time. Withdrawal of consent does not affect the performance of contractual obligations.

If you withdraw your consent to the processing of personal data in any or all of the ways described above, we will not use your personal data and information for the purposes set out above.

We delete the data collected on this basis at your request or 1 year after their initial collection.

4. ОБРАБОТКА НА АНОНИМИЗИРАНИ ДАННИ

We process your data for static purposes, that is, for analysis, in which results are only summary and therefore the data are anonymous.

It is not possible to identify a specific person from this information.

How SDDI Consulting protects your personal data

To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures, provided by the Personal Data Protection Act.

For maximum security in the processing, transfer and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization, etc.

Consumer Rights

Each User of the site exercise all rights to personal data protection according to the Bulgarian legislation and the law of the European Union.

Each User has the right to:

● Awareness (in connection with the processing of your personal data by administrator);

● Access to your own personal data;

● Correction (if the data is inaccurate);

● Deletion of personal data (right to be "forgotten");

● Restrict processing by the administrator or the processor of personal data;

● Portability of personal data between individual administrators;

● Objection to the processing of his personal data;

● The data subject has the right not to be the subject of a founding decision only to automated processing, including profiling, which gives rise to legal consequences for the data subject or the like way it affects him significantly;

● Right to judicial or administrative protection, in case the data subject's rights have been violated.

The user may request deletion if one of the following conditions is true:

● Personal data is no longer needed for the purposes for which it was used collected or otherwise processed;

● The user withdraws the consent on which it is based data processing and there is no other legal basis for processing;

● The user objects to the processing and there are no legal grounds for processing to take precedence;

● Personal data has been processed illegally;

● Personal data must be deleted in order to comply with the law an obligation under EU law or the law of a Member State which applies to the administrator;

● Personal data has been collected in connection with the provision of services to the children's information society and the consent is given by the bearer parental responsibility for the child.

The user has the right to restrict the processing of his personal data by the administrator when:

● Dispute the accuracy of personal data. In this case, the restriction of processing is for a period that allows the administrator to check the accuracy of personal data;

● The processing is illegal, but the User does not want the personal data to be deleted, but requires instead to restrict their use;

● The administrator no longer needs personal data for the purposes of processing, but the User requires them to establish, the exercise or defense of legal claims;

● Objects to the processing pending verification of whether the lawful the grounds of the administrator take precedence over the interests of The consumer.

Right of portability.

The data subject has the right to receive the personal data which concern him and which it is provided to the administrator, in a structured, widely used and machine readable format and has the right to transfer this data to another administrator without hindrance from the administrator to whom the personal data are provided when the processing is based on consent or on contractual obligation and processing is performed in an automated manner.

When exercising his right to data portability, the data subject has the right to receive and direct transfer of personal data from one administrator to another when technically feasible.

Right to object.

Users have the right to object to the administrator the processing of their personal data. The personal data controller is obliged to terminate the processing unless it proves that convincing ones exist legal grounds for processing that take precedence over interests, the rights and freedoms of the data subject, or for the establishment, exercise or the protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing processing should be stop immediately.

Complaint to the supervisory authority Each User has the right to file a complaint against illegal processing of his personal data to the Commission for Personal Data Protection or to the competent court.