Information about IPA Ltd.
UIC: 114635815
Headquarters and administration address: Pleven, 17 "Danail Popov" Str., entrance A, flоор 1, apartment 1
Correspondence Address: Sofia, 34 "Nikolay Haitov" str.
Data Protection Officer: Ioana Nikolova
Phone: +359 898 652 081
E-mail: Yoana.Nikolova@ip-arch.com
Personal Data Protection Act and Regulation
IPA Ltd. is an administrator of personal data and in this capacity processes personal data in compliance with the principles of lawfulness, good faith, transparency, purpose limitation, data minimization, accuracy, storage regulation, integrity, and confidentiality, as well as applying the necessary measures for their protection.
I. BASIC CONCEPTS
"Personal Data" covers any information relating to an identified individual or an individual who can be recognized by an identifier such as a name, an identification number, location data, an online identifier, or by one or more characteristics specific to the physical, physiological, the genetic, psychic, mental, economic, cultural or social identity of that individual;
"Data subject" is a person who can be identified, directly or indirectly;
"Processing" means any operation or set of operations performed on personal data or a set of personal data, by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or another way in which data is made available, arranged or united, restricted, deleted or destroyed;
"Administrator" means a natural or juridical person, public body, agency, or other structure that alone or jointly with others determines the purposes and means of processing personal data;
"Consent of the data subject" means any freely expressed, specific, informed, and undeniable indication of the will of the data subject, through a statement or a clear affirmative action, expressing their consent for the personal data relating to him to be processed;
"Personal Data Protection Officer" is an employee of the Administrator who is charged to provide expert professional knowledge in the field of data protection law.
II. SUBJECTS OF DATA PROCESSING BY IPA LTD.
The main categories of subjects of personal data processing by IPA Ltd. are:
• counterparties, their proxies, employees, consultants, and subcontractors;
• employees, job candidates, and trainees;
• family members of employees;
• users of the website.
III. TYPES OF PERSONAL DATA PROCESSED BY IPA LTD.
IPA LTD. collects and processes some or all of the following types of personal data:
A. Personal data of natural persons - proxies, employees, consultants, and subcontractors of contractors: three names, social security number, address, email address, telephone number, date of birth, qualifications and experience, work history, skills, and other data provided by the data subject.
C. Personal data of employees and trainees: job position, three names, social security number, address, date, and place of birth, gender, education, qualifications, email address, telephone number, bank account number, identity card number, identity card place of issue, identity card date of validity, health data and other data provided by the data subject or necessary for the completion of legal obligations of the administrator.
C. Personal data of employees' family members: three names, social security number, gender, address, identity card number and date of issue, identity card place of issue, phone number, e-mail address, workplace, position, health data, and others data provided by the data subject.
D. Personal data of job applicants: name, social security number, address, email address, telephone number, date of birth, qualifications and experience, work history, skills, experience, and other data provided at the applicant's choice.
E. Users of the IPA Ltd. website: name, email address, cookies, IP address.
IV. BASIS FOR THE THE SUBJECTS' PERSONAL DATA PROCESSING
IPA LTD. processes personal data on one of the following grounds:
1. Legal obligation:
IPA EOOD processes the personal data of data subjects in compliance with the legal obligations that apply to it, such as the Tax and Insurance Procedural Code, Code of Civil Procedure, the Labor Code, the Territorial Planning Law, Law on Obligations and Contracts, the Commercial Act, financial, tax and accounting legislation, as well as other legal acts applicable in the country regulating the activities of IPA Ltd.
2. Conclusion or execution of a contract:
IPA Ltd. owns the personal data of data subjects when the processing is necessary for the performance of a contract to which it is a party or to take actions at the request of the data subject before concluding a contract, as well as in cases of provision of personal data, necessary for the fulfillment of the contractual obligations of the parties.
3. Legitimate interest:
In certain cases, IPA Ltd. processes personal data for the fulfillment of its legitimate interests, such as security of locations and premises, registration of access to buildings, security, including actions to guarantee information and network security, offering services to customers and contractors, protection of the rights of IPA Ltd. in a judicial or non-judicial form, etc.
4. Consent:
IPA Ltd. processes personal data in cases where consent of the data subject is required and there is no other basis for their processing. If he refuses to consent to the processing, IPA Ltd. will not be able to provide the relevant service for which it is necessary. The consent given for the specific purpose can be withdrawn at any time without impacting the lawfulness of the processing beforehand. The withdrawal is carried out through a written application submitted to the offices of IPA Ltd. or by e-mail to the address: Yoana.Nikolova@ip-arch.com, sent from an e-mail address that needs to correspond to the contact details available at IPA Ltd. In this case, IPA Ltd. will stop processing the personal data of the data subject for this specific purpose.
5. Processing is necessary to protect the vital interests of the data subject or another natural person.
Situations in which the processing of personal data is necessary to protect an interest of primary importance to the life of the data subject or another natural person, are covered. This basis is used if there is no other legal basis for the processing of personal data.
V. PURPOSES OF PERSONAL DATA PROCESSING
IPA LTD. processes personal data for the following purposes:
security of areas and premises;
entering into and managing contractual relations with employees, trainees, and contractors;
offering and providing other services related to the activity of IPA Ltd.
VI. TERMS FOR PROCESSING PERSONAL DATA
Storage of personal data is carried out for the terms established in the current legislation in the country, related to the specific type of relationship, and by the regulatory supervisory authorities. Personal data for which there is no express legal or supervisory obligation to store will be deleted, anonymized, or destroyed after achieving the purposes for which they were collected and processed, except in cases where they are necessary for pending judicial or administrative proceedings.
If for a given processing activity, several statutory requirements regarding data storage periods are applicable, then the term is determined by the normative act setting requirements for a longer storage period. Also, the term for processing certain data can be both reduced - for example, on the objection of the data subject (if applicable), and increased - for example, on the instructions of competent authorities in connection with their lawful actions. Normatively determined terms for storing personal data can be extended with the consent of the data subject when this is provided for in a legal action.
VII. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
IPA LTD. can provide personal data processed by it in its capacity as an administrator to third parties. These are the following categories of persons:
• public bodies, institutions, auditors, and individuals - in cases where IPA LTD. has a legal obligation to provide the data;
• third parties, natural, and juridical persons - in fulfillment of statutory or contractual obligations, or on another valid legal basis;
• processing personal data - according to a contract concluded with IPA LTD. or another legal act. IPA LTD. uses only personal data processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures for the protection of personal data;
• state bodies, institutions, and registers - for making inquiries and obtaining information, for example, National Insurance Institute, Commercial Register and register of non-profit legal entities, Bulstat Register, Property Register, and others - to obtain other preliminary information, necessary for the conclusion of a contract at the request of the data subject;
• organizations and individuals in third countries or international organizations. If necessary and only in connection with the achievement of the processing objectives, IPA LTD. may transfer personal data processed by the company to third countries (outside the European Union) and/or international organizations, subject to compliance with the relevant regulatory requirements.
VIII. DATA SUBJECTS RIGHTS
Data subjects have the following rights regarding the processing of personal data:
1. Right of access - the data subject has the right to receive from IPA LTD. a confirmation as to whether personal data related to him/her are being processed, and if so, to access the data and the following information - the purposes of the processing; relevant categories of personal data; the categories of recipients to whom they are or will be disclosed, including recipients in third countries or international organizations; the anticipated period for which the personal data will be stored, the existence of the right to request from the administrator the correction or deletion of personal data, the restriction of their processing, to object to such processing, as well as the existence of the right to appeal to a supervisory authority; information about the source of the data if not collected by the data subject; the presence of automated decision-making, including profiling. IPA LTD. provides a copy of the personal data, which should not be equated with the concept of "copy of documents". The right may be exercised in a form that does not affect the rights and freedoms of other data subjects.
2. Right to correction - the data subject has the right to ask IPA LTD. to correct inaccurate personal data related to him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including through adding a declaration.
3. Right to erasure (right "to be forgotten") - the data subject has the right to request from IPA LTD. the deletion of personal data related to him, without undue delay, and IPA LTD. must do so when any of the following is true:
• the personal data is no longer necessary for the purposes for which they were collected or otherwise processed;
• the data subject withdraws his/her consent on which the data processing is based and there is no other legal basis for the processing;
• the data subject objects to the processing and there are no overriding legal grounds for the processing;
• personal data was processed illegally;
• personal data must be deleted to comply with a legal obligation that applies to IPA LTD.;
• the personal data was collected in connection with the provision of information society services.
The right to erasure does not apply when the processing of data is necessary to comply with a legal obligation and for the establishment, exercise, or defense of legal claims.
Right to processing restriction – the data subject has the right to request from IPA LTD. restriction of processing when one of the following is applicable:
• the accuracy of the personal data is contested by the data subject, for a period that allows IPA LTD. to verify it;
• the processing is unlawful, but the data subject does not wish the personal data to be deleted but instead requests the restriction of its use;
• IPA LTD. no longer needs the personal data for processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;
• the data subject has objected to the processing pending verification of whether the legal grounds of IPA LTD. take precedence over the interests of the data subject.
When processing is restricted, such data are processed, and not stored, only with the consent of the data subject or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural person, or for significant reasons of public interest. When a data subject has requested the restriction of processing, IPA LTD. informs him/her before the cancellation of the restriction of the processing.
Data subjects should bear in mind that when exercising the right to restrict processing, the services for which the personal data were used may be suspended and the corresponding legal relationships terminated.
Obligation to notify when correcting or deleting personal data or restricting processing.
IPA LTD. communicates any rectification, deletion, or restriction of processing to any recipient to whom the personal data has been disclosed unless this is impossible or requires disproportionately large efforts. IPA LTD. informs the data subject about these recipients if they request it.
5. Right to portability - when the processing is based on consent or contractual obligation and is carried out in an automated manner, the data subject has the right to receive the personal data concerning him and which he has provided to IPA LTD. in a structured, widely used and adapted in a machine-readable format and has the right to transfer this data to another administrator without restriction from IPA EOOD.
When exercising the right to data portability, the data subject has the right to obtain a direct transfer of personal data from one administrator to another, where technically possible. The exercise of the right to portability does not affect the right to erasure (the right to be forgotten) and should not adversely affect the rights and freedoms of others.
For each specific case of portability of personal data, the specific legislation governing it shall apply.
6. Right to object - the data subject has the right, at any time and on grounds relating to his/her specific situation, to object to the processing of personal data concerning him, which is based on the legitimate interests of IPA LTD., including for profiling based on legitimate interest. IPA LTD.terminates the processing of personal data, unless it proves that there are clear legal grounds for the processing that take precedence over the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
When personal data is processed for direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for this type of marketing, which also includes profiling insofar as it is related to direct marketing. When the data subject objects to processing for direct marketing purposes, the processing of personal data for these purposes shall be terminated.
In the event of exercising the right to object, the relevant legal relationships for which the personal data subject to the objection were used may be terminated.
7. Right of the data subject not to be subject to a decision based solely on automated processing – the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject data or similarly significantly affects it. The right does not apply if:
• the decision is necessary for the conclusion or execution of a contract between a data subject and IPA LTD.;
• is allowed by law;
• is based on the express consent of the data subject.
Currently, there are no automated decision-making processes in IPA LTD.
8. Right to complain to the supervisory authority - data subjects have the right to submit a complaint to the supervisory authority in the Republic of Bulgaria - the Commission for Personal Data Protection (www.cpdp.bg) or by court order.
9. Notifying the data subject of a breach of personal data security. IPA LTD. undertakes all necessary technical and organizational measures to protect personal data. However, in the event of a breach of their security, IPA LTD. will take the necessary actions to notify the data subject of the breach, per the requirements of the relevant legislation.
In all cases, when personal data is provided by the data subject to IPA LTD. without a legal basis or in violation of the principles for processing personal data, that data is returned, and if this is impossible or requires disproportionately large efforts, it is returned, deleted or destroyed, within 1 month of IPA LTD. being notified.
IX. ORDER FOR EXERCISING THE RIGHTS OF DATA SUBJECTS
The exercising of the rights of data subjects is carried out after the submission of a written application, which should contain the following mandatory details:
The full names of the subject;
Date of birth or PIN/date and place of birth, for a foreign citizen;
Telephone number;
Current/permanent address for correspondence;
In what capacity is the relevant right exercised - for example, counterparty; employee/former employee; intern/trainee; legal representative/beneficial owner/attorney; a related individual of a commercial company, and the name of the commercial company in such a case, as well as its BULSTAT/ UIC;
Description of the request – the type of right that the subject wishes to exercise, the types of data to which it will be applied, as well as additional information necessary for its exercise;
A preferred form of receiving information, incl. a response from IPA LTD. - to the e-mail address specified in the application; to an address for correspondence; to an office address specified by the subject. Contact with the data subject can also be made at the contact phone number specified by him in the application (in case the data subject wishes to provide such an opportunity).
A signature, and date of submission of the application.
IPA LTD. may also request additional identification information if this is necessary to protect the interests of the data subject.
In the absence of some of the data above, it is possible IPA LTD. do not satisfy the subject's application for exercising the relevant right.
The applications are submitted personally by the data subject or through a proxy, who should present an express written power of attorney from the data subject, on-site at an office of IPA LTD.
IPA LTD. has provided a person available for contact by the data subjects in connection with their rights, as well as for questions related to this.
The realization of the aforementioned rights of the data subjects is carried out only if it does not affect other rights that have priority over them.
With this Policy, IPA LTD. aims to create transparency in its relations with data subjects when processing personal data. Additional information can be found in the concluded individual contracts. Information may also be requested from the Data Protection Officer at the correspondence address specified in this Policy, as well as from any employee serving the data subject. In cases where the personal data processed by IPA LTD. is not received by the data subject, IPA LTD. will fulfill its statutory obligation to provide the necessary information, except through this Policy, and additionally when entering into legal relations with him/her for the specific purpose. In cases where the personal data has not been received by the data subject and detailed information about the specific purpose of the processing can't be provided in person, the legally required information will be deemed to have been provided through the Policy published on the IPA LTD. website.
___________________________________________________________________________________________________________________________
DATA PROTECTION POLICY COLLECTED BY AUTOBIOGRAPHIES. ORDER FOR EXERCISE OF THE RIGHTS OF PERSONS APPLICANT FOR EMPLOYMENT IN IPA EOOD (the "Administrator")
This Policy describes the way in which we collect and use your personal data for the purposes of the job application process at IPA EOOD.
The protection of your personal data is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repeal of Directive 95/46/EC ("General Data Protection Regulation").
By providing your personal data, you acquire the title of the subject of personal data, and IPA EOOD acquires the title of Administrator of personal data.
Personal data protection officer:
Name: Ioana Grueva
E-mail: Yoana.Nikolova@ip-arch.com
Phone: +359 898 652 081
Address for correspondence: city of Sofia, "Nikolay Haitov" street No. 34
I. THE ESSENTIAL CONCEPTS
"Personal Data" means any information relating to an identified natural person or a natural person who can be identified by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person;
"Data subject" is a person who can be identified, directly or indirectly;
"Processing" means any operation or set of operations performed on personal data or a set of personal data, by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or another way in which the data is made available, arranged or combined, restricted, deleted or destroyed.
"Administrator" means a natural or legal person, public body, agency, or other structure that alone or jointly with others determines the purposes and means of processing personal data.
"Consent of the data subject" means any freely expressed, specific, informed, and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to have his personal data processed.
"Personal Data Protection Officer" is an employee of the Administrator who is charged with the functions of providing expert professional knowledge in the field of data protection law.
II. What types of personal data do we collect during the application process for a position at IPA EOOD?
When evaluating your application, we process the personal data you provide with your CV /name, address, email address, telephone number, date of birth, social security number, education, competence, citizenship, visa status, etc./, i.e. the personal data which you have decided should be shared with us.
We need this data to assess whether your application is suitable for the vacant position we offer.
During the application process, we may ask you for additional information that we need for the purposes of selecting the right candidates for the position.
We do not collect special categories of personal data, such as health status, race, political views, ethnic roots, etc., therefore we ask that you do not provide such data in your CV.
In all cases, we require your consent to the processing of your data, as well as to note that you are familiar with this Policy.
III. Recruitment process
We use software to automatically process personal data from applications. This software allows us to manage the process of storing applicant data, sharing it only with those employees who have relevant data protection obligations. We assure applicants that our employees have been through the appropriate training on personal data protection and our company will not allow your data security to be breached.
We use the software mainly to structure, store and send applications to the right employee, with the data being shared only within the scope of the administrator's activity.
IPA EOOD has taken all necessary technical and organizational measures to secure your personal data. We have implemented such technical and organizational measures as would allow us to fully protect your personal data. To protect the personal data of our subjects, we have adopted all the policies and internal procedures that are required by law.
You can withdraw your consent at any time, and we will stop processing your data immediately after receiving the request to withdraw consent.
If you decide to withdraw your consent, please contact the Data Protection Officer.
_____________________________________________________________
COOKIE POLICY
This Policy refers to the cookies used on the website managed by IPA EOOD. It complements the Protection of Personal Data Act and aims to inform you why we use cookies, what they do and what choices you have concerning their use.
1. Data subjects are unregistered users - website visitors.
2. Legal basis for processing:
The execution of a contract with the data subject or taking steps to conclude a contract per the request of the data subject - provision of the services through the site.
3. What are cookies:
The website of IPA EOOD uses "cookies" to improve functionality. These are small text files that your browser saves on your hard drive - temporarily or for a longer period, depending on the type of "cookie". "Cookies" perform certain functions, including differentiating you from other users of a particular website, enabling your access to the information you need, or storing certain information related to you, such as your preferences. Each "cookie" is unique to your web browser and contains certain (anonymous) information, such as the domain name it comes from, the "lifetime" of the "cookie" and a numeric code (usually in the form of a randomly generated number).
4. Controlling cookies:
Per legal regulations, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, you have the right to decide whether to delete or save them on your computer. If you remove or refuse the use of cookies on this website, its functionality will not be significantly affected, but your removal or refusal may make some features of the site unavailable or cause difficulties in your navigation. Disabling a cookie or cookie category will not delete an existing cookie from your browser, but you can do it manually through your browser options. More information about who we are, how you can contact us, and how we process your data can be found in our Privacy Policy for Protection of Personal Data Act.
5. What are your rights?
You are aware of when and if your browser receives cookies because it notifies you on your first visit. Thus, you have the option to accept or refuse a given "cookie".
Your browser can be set up to reject all cookies. If you want to find out how to do this, visit: http://www.allaboutcookies.org or Microsoft's Cookie Guide: https://support.microsoft.com/en-us/help/260971/description-of -cookies
You may choose to clear cookies through your browser options, but you should be aware that this may affect your interaction with our website.
You can choose which cookies to allow or disallow by visiting the respective browser settings:
Internet Explorer cookie settings: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-10
Firefox cookie settings: https://support.mozilla.com/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
Chrome cookie settings: support.google.com/chrome/answer/95647?hl=en&ref_topic=14666
Cookie settings on Safari web: https://support.apple.com/kb/PH17191?locale=en_US and iOS https://support.apple.com/en-us/HT201265
Changes to our cookie policy:
Any future changes to our Cookie Policy will be posted on this page. All changes are effective immediately, except where otherwise noted.