This website is managed by SIMADA Ltd. (the Company). SIMADA Ltd. is a trade company registered in the Commercial Register with UIC 205216121, with it’s registered office: № 2 Dobrich Str., Fl. 1, ap.2, Sofia, tel.: 0886707699 and e-mail address : Simadaltd@gmail.com, the Company manager is Simeon Doychinov. SIMADA Ltd. is a personal data controller under the General Data Protection Regulation (GDPR).
In accordance with the requirements of the GDRR and all others applicable acts of the European Union and the Republic of Bulgaria, with this Policy, SIMADA Ltd. informs you about: the processing of personal data on the website, the purposes for processing, the measures and guarantees for the protection of the processed personal data, your rights, and how you could exercise them.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
Compliance with the provisions of the GDPR
The Company’s policy aim to ensure compliance with the provisions of the GDPR.
Personal data are being collected and processed lawfully and in good faith
The Company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of individuals related to the processing of their personal data.
The company ensure transparency in the communication of the collected and processed personal data by providing information in a concise, transparent, understandable and easily accessible form and using clear and unambiguous formulations.
Personal data are collected and processed only for specific purposes
The company processes personal data only for the following cases:
- the processing is necessity to comply with a legal obligation;
- the processing is necessity for executing a contract (including an order) where the individual is a party, or when there is a request from the individual to conclude a contract and its identification is required;
- when an individual has given his / her unambiguous consent to an understandable and transparently defined purpose for which the processing of his / her personal data is required;
- the processing is necessity for the purposes of the legitimate interests of the Company or of a third party, in accordance with the provisions of the GDPR;
- in all other cases provided in the GDPR.
Personal data which are unnecessary are not collected and processed
The Company does not collect or process personal data which exceeds its legal obligations or its needs for the performance of its activities.
The minimum necessary personal data is collected
The Company collects and processes the minimum necessary personal data of individuals who:
- are provided in a law act
- are required to perform a contract;
- are needed to fulfill the purposes for which they are being collected.
The processed personal data are accurate and current
The Company ensures that the processing of personal data of individuals is carried out with maximum accuracy and whenever possible up-to-date.
The personal data is stored for the minimum necessary time
The company stores the personal data for the minimum required time, which is:
- required by law act;
- necessary to fulfill the contract and its liability;
- necessary to fulfill the purpose for which the personal data were collected and processed;
- until the legitimate interest of the Company expires, or
- until the individuals require the deletion of their personal data, where there is a reason for such a request.
After the expiration of the minimum required time in accordance with points 1 to 4 of the preceding paragraph, personal data shall be deleted without undue delay.
In all cases, the Company ensures that at least once in a year the collected and processed personal data should be reviewed, and those personal data that fall into any of the above hypotheses are deleted without undue delay.
RULES FOR THE PROCESSING OF PERSONAL DATA
Personal data are processed with the necessary guarantees
The Company provides the necessary levels of physical, organizational and technological protection in view of:
- the character, scope, context and aims of the processed personal data
- the likelihood of impact of the levels and the burden of the risk to the rights and freedoms of the individuals in the event of a breach of the security of the processed personal data;
- its financial and organizational capabilities
The Company is obliged to provide all necessary measures for timely recovering of collected and processed personal data in case of their loss as a result of accidental, malicious or force majeure events.
Personal data are processed with controlled and traceable access
The Company provides all the necessity and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals.
Personal data are processed with the necessary accountability
The company provides the necessary registers to be able to prove that the provisions of the GDPR have been complied.
Rights of the individuals whose personal data are processed
The Company ensures compliance with the rights of the individuals whose personal data is collected and processed, which includes:
- Right to be informed about the processing of personal data;
- Right of access to their personal data;
- Right to withdraw the consent they were given to the company;
- Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Right to erasure (‘right to be forgotten’) and Right to restriction of processing;
- Right to data portability;
- Right to object;
The data subject shall have the right at any time and without giving any reason to object to the processing of his/her personal data for direct marketing purposes.
- Right not to be subject of Automated individual decision-making, including profiling;
The company does not perform automated individual decision-making, including profiling.
- Right to lodge a complaint with a supervisory authority.
PROCESSED PERSONAL DATA
The company processes only the necessary personal data of the individuals for the following aims:
» for providing a tourist services to the clients – Names, Phone, E-mail;
» for correspondence – Name, Email.
RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with the fulfillment of the aims stated above, the Company provides personal data to individuals to the following recipients:
» State and municipal authorities and / or institutions – in connection with legal obligations to them or in connection with legal requests from them;
» Subcontractors in the performance of contractual obligations.
CONFIDENTIALITY OF CHILDREN’S PERSONAL DATA
The Company does not collect personal data of childs under the age of 16. If a parent or legal representative of the child knows that his or her child has provided personal data to the Company, he or she should immediately inform us.
CONTACT INFORMATION WITH THE COMPANY
If you have any questions or concerns about the processing of your personal data or you want to exercise any of your rights, you can contact us in the following Email address:
» E-mail: firstname.lastname@example.org
COMPETENT SUPERVISORY AUTHORITY
On the territory of the Republic of Bulgaria the competent supervisory authority is the Commission for Personal Data Protection.
If you suspect that your personal data rights have been violated, you can report to:
» Address: 1592 Sofia, Prof. Tsvetan Lazarov № 2
» Email: email@example.com