Your articles (0)
Registration completed successfully!
Forgotton password
Please enter your email, we will email instructions on how to reset your password.
Log in
Password reset instructions have been sent to the provided email address!
Password has been changed!
Favorite items (0)
"Kuiumdjiev-1925" Ltd - a company registered in the territory of the Republic of Bulgaria, with head office and registered address: Veliko Tarnovo, 24 Ivan Vazov str., 1st Floor,
UIC: 104674321, Tel. +359 62 520 591; +359 888 210 908 and email: office@kuiumdjiev.com
In connection with its activities - production of precious metal products, production of jewellery according to individual designs - the "Company" processes data, some of which is personal data, according to the Personal Data Protection Act and Regulation (EU) 2016/679, and therefore has the status of a personal data controller.
This Policy is to inform the users of www.kuiumdjiev.com of the manner in which their personal data is processed, their rights, the data protection methods used by the data controller, to whom the Company is entitled to provide the personal data collected, and the methods of exercising the rights of data subjects.
2. Introduction:
GDPR is the General Data Protection Regulation (Regulation 2016/679 of the European Parliament and of the Council). The Regulation significantly increases the rights of European citizens and therefore imposes more obligations on organisations that collect and process personal data. It enters into force on 25.05.2018 and shall apply in all member states of the European Union.
Personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes. Processing shall be carried out in accordance with the law, in good faith and in a transparent manner in relation to the data subject.
3. Policy Objectives and Scope:
With this Privacy Policy "KUIUMDJIEV-1925" Ltd. considers the confidentiality and privacy of personal data. In accordance with the legislation and best practices, the Company implements the required technical and organizational measures to protect the personal data of individuals.
With this Personal Data Protection Policy, the Company aims to inform individuals about the purposes of processing personal data, the recipients or categories of recipients to whom the data may be disclosed, the mandatory or voluntary nature of providing the data and the consequences of refusing to provide it, information about the right to access and correct the collected data.
4. Glossary:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under Regulation (EU) 2016/679;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
'supervisory authority' means an independent public authority established by a Member State and responsible for monitoring the application of Regulation (EU) 2016/679.
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. Main principles related to the processing of personal data that we follow:
- lawful, fair and transparent processing of personal data;
- processing of personal data for specific purposes;
- data minimisation;
- accuracy and keeping up to date;
- storage limitation;
- integrity and confidentiality;
- accountability.
6. Purpose of processing:
"KUIUMDJIEV-1925" Ltd. processes personal data for the purpose of commercial activity - production of precious metal products, production of jewellery by individual projects.
Personal data is collected for specific, precisely defined by law purposes, must be processed legally and in good faith. The data shall not be further processed in a manner incompatible with these purposes. Further processing of personal data for the purposes of public interest archiving, scientific, historical research or statistical purposes shall not be considered incompatible with the initial purposes.
Another main reason for collecting personal data is direct marketing. The Company collects personal data for marketing and advertising purposes. The data is only collected with the user's express free, clear and informed consent which the user has marked when reading this privacy policy. Any natural person who has given his consent to be the subject of direct marketing by the Company has the possibility to withdraw his consent at any time, in an easy and convenient way, on the principle of transparency laid down as a fundamental principle in the Regulation.
Apart from the above purposes and in relation to the principles set out in Article 5 of Regulation (EU) 2016/679, KUIUMDJIEV-1925 Ltd. does not collect or process any other personal data of its employees, partners and customers. The company does not process personal data for automated decision-making purposes, incl. "profiling". The organisation collects the data from the data subject.
7. The Company processes personal data only when:
- it has obtained clear, free, informed and unambiguous consent from data subjects who have been informed in advance of what their personal data will be used for by this policy;
- where there is a contractual obligation, for the purpose of executing a contract where one party is the natural person (where the Company processes data of its employees) and for the purpose of exercising, establishing and defending rights and legal interests;
- where the processing is necessary for the performance of a task carried out in public interest (under EU or national law);
- has obtained explicit consent from the natural person for direct marketing purposes (e.g. sending email advertising).
8. What data is collected and processed:
Important: KUIUMDJIEV-1925 Ltd does not collect or process sensitive personal data of its customers and users of the www.kuiumdjiev.com website.
The data collected and processed are:
- First and last name of the user - in order to identify the subject when requesting a service;
- E-mail address - for quick and easy correspondence;
- Telephone number - for direct contact with the data subject;
- Delivery address - required to perform the requested service;
- Country, district, municipality, city/town/village - to specify the delivery location;
- Other as permitted under the Regulation, if necessary to perform an obligation of the Company or related to a particular service.
The submitter of personal data has the right not to share all the personal data requested. In cases where this personal data is necessary for the performance of a specific service of a particular specialized function or an effective response to an inquiry (excl. direct marketing), KUIUMDJIEV-1925 Ltd. could not fulfill the request due to lack of data, which the user is explicitly notified of through the personal data policy.
Where in connection with the Company's activities it is necessary to process or store the data of persons under the age of 18, this is done through the express consent of the parent/guardian.
9. Personal data recipients to whom the Company has the right to disclose the data:
The Company shall provide the personal data to the competent state authorities and institutions when required by the legislation of the country and in accordance with the rules set forth therein (e.g.: National Revenue Agency, National Social Security Institute, Employment Agency, judicial and investigative authorities, health care institutions, etc.). It also provides the personal data of individuals to accounting houses, banking institutions, HR agencies and mobile operators for statutory purposes or those specified in a contract concluded with the individuals.
The personal data of the users of www.kuiumdjiev.com is not provided to third parties outside the scope of legal requirements. The organisation does not provide personal data to countries outside the European Union.
10. Rights of natural persons - data subjects:
The measures taken to protect personal data in accordance with the requirements of Regulation (EU) 2016/679 are aimed at protecting the rights of data subjects, namely:
Right of access;
- Right to rectification of inaccurate or incomplete data;
- Right to erasure (right to be forgotten) if the conditions of Article 17 of Regulation (EU) 2016/679 are applicable;
- Right to restriction of processing;
- Right to data portability if the conditions for portability under Article 20 of Regulation (EU) 2016/679 apply;
- Right to object if the conditions of Article 21 of Regulation (EU) 2016/679 are met;
- The right to lodge a complaint with the Data Protection Authority or the District Court
- Right not to be subject to a decision based solely on automated processing, including profiling;
Where personal data are processed for direct marketing purposes, the user has the right at any time to object to processing of personal data concerning him or her for that type of marketing. The user shall be informed in advance of the existence of the right to object, which shall be made available to him or her by means of a notification in a clear manner and separate from any other information.
11. Data Retention Period:
As a personal data controller, KUIUMDJIEV-1925 Ltd. processes data for a period in accordance with the applicable legislation and in accordance with the principle of storage limitation.
The remaining data is stored for different periods according to the type of data determining the legal obligation for processing, including storage.
The storage criteria are:
- in the case of an order, without the person registering, the data shall be kept according to the time limits laid down in the applicable legislation;
- in the case of subscription to an advertising newsletter, the data of the persons are kept until they unsubscribe themselves. Unsubscribing is done with a single click in an easy and accessible way;
- the personal data of the company's employees is stored and processed for a longer period in view of the requirement of the Accountancy Act;
12. Company's responsibility for personal data protection:
In connection with the responsibility of the personal data controller introduced by Regulation (EU) 2016/679 and the Personal Data Protection Act, and to ensure adequate data protection, the Company applies all necessary organizational and technical measures to protect the personal data of individuals. In order to maximize the security of processing, transferring and storing personal data, the organization uses mechanisms to protect data stored both electronically and on paper.
Computer access via the local network to files containing personal data is only made by employees of "KUIUMDJIEV-1925" Ltd. or by the data protection officer authorized with regulated rights, only from their physical workplace, from a specially designated computer and after identification by name and password to the system. At the end of working hours, employees shall switch off their local computer.
In order to increase the security of access to information, employees are required to change the passwords they use at intervals determined by KUIYUMDJIEV-1925 Ltd. not exceeding 2 months. To perform data protection functions, the Company uses a fully licensed operating system. Any other software of unlicensed origin is prohibited to be used.
Installation of software products on company computers shall only be carried out by a qualified IT specialist.
13. Policy changes:
The Company has the right to update, amend and supplement the Privacy Policy at any time in the future when circumstances so require.
14. Contact details of the data controller:
Address. Veliko Tarnovo, 24 Ivan Vazov Str., 1st Floor
Telephone number: +359 62 520 591; +359 888 210 908
E-mail: office@kuiumdjiev.com
15. Data Protection Authority:
The data protection supervisory authority at national level is the Data Protection Commission. It monitors the correct application of Regulation (EU) 2016/679 and any individual who considers that their rights have been violated in relation to the processing of their personal data may lodge a complaint with the Commission at the following address:
Address: Sofia, 2 Prof. Tsvetan Lazarov str.
Tel.: 02/91-53-555
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg
-
Search -
0
Favorites -
0
Cart -
Profile