Data protection policy adopted by “TRANSFORMA” JSC

/Statement for the protection of personal data processing/

Information about us

„TRANSFORMA” JSC („TRANSFORMA” and/or the “Administrator”) is a company registered in the Commercial Register of the Registry Agency under UIC 130021670, with registered office and address of management in Sofia, Lozen1151, № 30 “Prof. Nikola Marinov” str., e-mail: info@transforma.bg, contact phone – +359 2 9929944

„TRANSFORMA” contact information about our customers’ personal data protection process

„TRANSFORMA” JSC

№ 30 “Prof. Nikola Marinov” str., Lozen 1151, Sofia

e-mail: info@transforma.bg /for complaints regarding the protection of personal data – this is the e-mail of the commissioned company official/

Data protection officers: Vassil Tsanev, Sonya Boneva, Ventsislav Stanoev.

Our main concern when dealing with personal data

„TRANSFORMA” JSC is a responsible data controller and the data security you have entrusted to us is of a major importance to the company. It is for this reason that we are making every effort to protect your data by applying all appropriate technical and organizational means at our disposal to prevent unauthorized or unlawful processing, accidental loss, destruction and damage or premature deletion of the available information.

„TRANSFORMA” JSC collects and processes personal data only in compliance with the requirements of the Personal Data Protection Act, Regulation (EC) 2016/679 on the Protection of physical persons with regard to the Processing of their personal data, Ordinance No. 1 dated 30 January 2013 on the minimum level of technical and organizational measures and the permissible form of protection of the personal data. The processing of your data is always related to a specific reason and it cannot be done without limitations.

The present “Policy for the protection of personal data” is intended to make you familiar as to how and why we process your personal data.

How and why do we use your personal data

For the execution of a contract or in the context of pre-contractual relations

“TRANSFORMA” JSC processes your identification and other personal data in order to provide the products and services that you have requested and which you use as a result of the contracts you have concluded with us. We also process your personal data in order to perform contractual and pre-contractual obligations and to enjoy the rights, given to us, in conformity to the contracts we have concluded with you.

The processing of the data is performed with the following objectives:

  • identifying you as our client;
  • managing and implementing the valid contracts for products and services;
  • drawing up proposals for the conclusion of a contract;
  • for providing and preparing information prior to the signing of the contract;
  • preparing and sending invoices for the products and/or services you

purchase from us;

  • to be able to provide the entire range of services you require as well as to collect the due amounts for the products and services used;
  • sending courier services with notification letters, transaction refusal services, complaints, etc. ;
  • notification of anything related to the products and services we provide,

sending various notifications, info on problems, errors or for responding to requests, complaints and proposals submitted to us;

  • identifying and/or preventing illegitimate actions or actions inconsistent with

our terms of service;

  • processing the data by a specialist when concluding a contract;
  • performing warranty and service maintenance operations.

To meet certain regulatory obligations

We process your personal data in order to comply with obligations we have to meet as set in any normative act, such as:

  • provision of information to the Commission for the protection of personal data in relation to obligations under the legislation on the protection of personal data – Personal Data Protection Act, Regulation (EC) 2016/679 of 27 April 2016, etc .;
  • providing information to the Commission for the protection of consumers or third parties, provided for in the Consumer Protection Act;
  • obligations stipulated in the Accountancy Act and the Tax and Social

Insurance Procedure Code and other related normative acts in relation to the keeping of correct and legitimate financial accounting;

  • provision of information to the state authorities provisioned in the Law on

the measures against money laundering;

  • providing information to the authorities of the Ministry of the interior concerning our obligations as set in the Road Traffic Act;
  • providing information to the Court of law and third parties in court proceedings in accordance with the requirements of the procedural and substantive legal acts applicable to the concrete proceedings;

After we have obtained your consent:

In some cases, we process your personal data only upon obtaining your prior written consent. Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified therein: it is not covered by the objectives listed in the present policy. If you give us your consent and until its withdrawal or the termination of any contractual relations with you:

  • we will prepare adequate offers for products/services from “TRANSFORMA” JSC;
  • we will inform you of all up-to-date advertising campaigns, news and offers, service information and will send you direct marketing messages.

The submitted consent may be withdrawn at any time. The withdrawing of a consent has no impact on the fulfillment of the contractual and legal obligations undertaken by “TRANSFORMA” JSC.

What data do we process:

Identification data:

  • the full name, personal identification number or that of a foreigner residing in the country; permanent address;

Your contact details:

  • e- mail, phone

Other data:

  • information about the type and content of the contractual relations as well as any other related, including:
  • e-mails, letters, information about your troubleshooting requests, complaints, requests, objections;
  • other feedback we get from you;
  • video recordings which are made to ensure and improve security in the offices of the company, to ensure the security of employees, your security and the security of the property owned by “TRANSFORMA” JSC;
  • bank account number or other bank and payment information for the payments made to “TRANSFORMA” JSC;
  • other information such as:
  • data provided through the company’s website;
  • information about the used electronic communication device, the type of the device, the operating system used, the IP address when visiting our website;
  • other personal data provided by you, or by a third party, upon or during the execution of a contract with “TRANSFORMA” JSC and in particular: the full name, the personal identification number or personal ID number of a foreigner residing in the country, the permanent address of a proxy specified in a document by which you have been authorized that proxy to represent you; contact details, contact person; data provided during gaming, lottery and/or other seasonal or promotional campaigns organized by “TRANSFORMA” JSC, including through the social networks.

When processing your basic personal data and other data described for the purpose of providing products and services, paying for them, executing your service requests as well as to fulfill our statutory obligations the processing is mandatory in order for us to meet these goals. Without this data, we cannot provide the respective services. If you fail to provide us with the requested identification data, we will not be able to conclude a contract for the provision of products or services to you.

We do not use automated algorithms to process your personal data.

How do we protect your personal data

To ensure adequate data protection for the company and its customers, we have been able to apply the necessary organizational and technical measures provided for in the Personal Data Protection Act and Ordinance No. 1 of 30 January 2013 on the minimum level of technical and organizational measures and the admissible type of protection of the obtained personal data.

The company has established fraud prevention and security breach structures and has appointed a Data protection officer to support the processes of protecting and safeguarding your data.

For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, etc.

When do we delete your personal data

As a rule, we terminate the use of your personal data for the purposes of the contractual relationship after the termination of the contract, but we do not delete them before the expiration of one year after the termination of the contract or until a final settlement of all financial obligations and the expiration of the statutory obligations for data storage. This includes obligations under the Accountancy Act for the storage and processing of accounting data (11 years), expiry of the limitation period for the submission of claims (10 years) as laid down in the Contracts and Obligations Act, obligations related to providing information to the courts of law, the competent state authorities and other grounds provided for in the currently valid legislation (10 years). Please note that we will not delete or anonymize your personal data if it is necessary for pending court or administrative proceedings or proceedings related to processing a complaint you have filed against us.

Your data can also be anonymised. Anonymisation is an alternative to data deletion. In anonymisation, any personally identifiable elements which allow you to identify yourself are irrevocably deleted. Regarding anonymised data there is no legal obligation for deletion because it does not constitute personal data.

When and why do we share personal data with third parties

We provide your personal information to third parties and our primary purpose is to offer you quality, fast and comprehensive service by taking care of the products and services we offer to meet your expectations. We do not provide your personal data to third parties before we are convinced that all technical and organizational measures have been put in place to protect this data by striving to carry out strict controls to meet this goal. In such cases, we remain responsible for the confidentiality and security of your data.

We provide personal data to the following categories of recipients:

  • persons who provide equipment, software and hardware under order which are used for the processing of personal data and are needed to build the company’s network and to perform various services in the sphere of accounting, payment of services and products, technical support, etc .;
  • postal operators and courier companies with a view to sending deliveries, containing contracts, supplementary agreements and other documents and the need to certify the identity when they are served;
  • employees of the company for the processing of contractual relations;
  • banks and banking institutions in connection with the processing of payments;
  • persons providing service support for the vehicles purchased by you;
  • private bailiffs for servicing and collecting receivables;
  • notaries for serving letters and/or summons or other messages;
  • competent authorities which, by virtue of a statutory instrument, have the power to require the provision of information, including personal data such as: courts of law, prosecution offices, various regulatory bodies such as the Commission for consumer protection, the Commission for the protection of personal data, state authorities with powers to protect national security and public order;
  • importers and manufacturers of the product’s brand in connection with which you have concluded a contract with “TRANSFORMA” JSC.

“TRANSFORMA” JSC does not provide your data to third parties located in countries outside of the EU.

Your rights in relation to the processing of your personal data:

You have the right to request information:

  • information about whether the data, relating to you, is being processed, information for the purposes of such processing, the various categories of data and the recipients, or categories of recipients to whom the data is being disclosed;
  • a message – in an understandable form – containing your personal data which is being processed as well as any available information on the source of that data;

Right to correct the data:

In the event that we process incomplete or incorrect data, you are entitled – at any time – to request:

  • delete, correct, or block your personal data, the processing of which does not meet the requirements of the related legislative norms;
  • to notify third parties, to whom the personal information has been disclosed, of any erasure, correction or blocking, except where this is impracticable or involves excessive effort.

The right to delete data /the right “to be forgotten”/

  • you may request the deletion of your personal information and we have the obligation to delete your data without undue delay when any of the following reasons are made available:
  • your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You have withdrawn your consent, based on the processing of your data;
  • You have objected to the processing of your personal data and we have no legal grounds for processing it which have priority over your rights or you have objected to the processing of your direct marketing data.
  • your personal data has been tampered with;

Right to limit data processing:

You may request a limit on the processing of your personal data if:

  • you question the accuracy of the data for the period during which we must verify its accuracy;
  • the processing of the data has no legal basis, but instead of deleting it you want their limited processing; or
  • we no longer need this data for the purpose of processing it, but you need the data for the establishment, exercise or protection of legal claims; or
  • you have filed an objection against the processing of the data and are expecting a verification process of whether the administrator’s grounds for his activities are legitimate.

Right to transferring data:

You may ask us to provide the personal data you have entrusted to our care in an organized, orderly, structured, generally accepted electronic format if:

  • we process the data in conformity to the provisions of the contract, based on the declaration of consent which may be withdrawn or on a contractual obligation and
  • the processing is performed automatically.

Right of objection:

At any time you will have the right to:

  • object to the processing of your personal data if there is a legitimate reason for doing so; where the opposition is justified, the personal data of the individual concerned can no longer be processed;
  • object to the processing of your personal data for the purposes of direct marketing.

Right to appeal:

If you believe that we are violating the applicable legal framework, please contact us to clarify the matter. You do, of course, have the right to file a complaint with the Personal Data Protection Commission. After May 25, 2018, you will also be able to file a complaint with a regulatory body within the EU.

Requests for accessing information or for making corrections are submitted personally or by an explicitly authorized person possessing a notary certified power of attorney. The request may also be made electronically, in conformity to the Electronic Document and Electronic Signature Act. We will pronounce our position on your request within 30 days of its filing. Our decision will be an approval or a refusal to grant access to the information requested by the applicant, but in all cases we will motivate our response.

Updates and policy changes

In order to apply the most up-to-date data protection measures and to comply with the currently valid legislation, we will regularly update the present Policy for the protection of personal data. In the event that the changes we make are substantial, we may publish a notice, describing the changes, on our website. We invite you to regularly review the current version of the present Policy in order to be constantly informed about the measures we take for the protection of the personal data we collect.

The present Policy for the protection of personal data was last updated on May 22, 2018.