Daniel Standard Ltd. - a company incorporated in the Republic of Bulgaria with registered office and headquarters: 9, Vasil Levski Str., town of Veliko Tarnovo, UIC: 204412544, Tel.: +359 886 666 258, Email: firstname.lastname@example.org
In connection with its activity - development of software and hardware products - Daniel Standard Ltd. (the Company) processes data, some of which is personal data under the General Data Protection Regulation (EU) 2016/679 therefore has the capacity of data controller.
The purpose of this policy is to inform the users of www.danielstandard.com about the way their personal data is processed, their rights, methods of personal data protection used by the data controller, whom the Company is entitled to provide the collected personal data, as well as methods for exercising the rights of data subjects.
GDPR is the General Data Protection Regulation (Regulation 2016/679 of the European Parliament and the Council). The Regulation significantly enhances the rights of European citizens and accordingly places more obligations on organizations collecting and processing personal data. It entered into force on May 25, 2018 and apply to all Member States of the European Union.
Personal data is collected for specific, explicitly stated and legitimate purposes and is not further processed in a manner incompatible with those purposes. The processing shall be lawful, bona fide and transparent in relation to the data subject.
3. Objectives and scope of Policy:
4. Glossary of terms:
"Personal data" means any information relating to an identified or identifiable person (data subject); identifiable person is an individual who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location, online identifier, or by one or more traits specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
"Genetic data" means personal data relating to the inherited or acquired genetic characteristics of an individual, which give unique information about the characteristics or health of that individual and which are obtained, in particular, from the analysis of a biological sample by the person concerned;
"Biometric data" means personal data obtained as a result of specific technical processing, which are related to the physical, physiological or behavioral characteristics of an individual and which permit or confirm the unique identification of that individual, such as facial images or fingerprints;
"Data subject's consent" means any freely expressed, specific, informed and unambiguous indication of the data subject's will, by means of a statement or clearly affirmative action, expressing his/her consent to processing of personal data related to him/her;
"Processing" means any operation or combination of operations carried out with personal data or a set of personal data by automatic or other means such as the collection, recording, organizing, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, distribution or otherwise as data become available, sorting or combining, limiting, deleting or destroying;
"Controller" means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the personal data processing; where the purposes and means of such processing are determined by the Union law or a Member State law, the controller or the specific criteria for its determination may be laid down in the Union law or in a Member State law;
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Representative" means a natural or legal person established within the Union who is appointed by the controller or processor in writing in accordance with Art. 27, and represents the controller or the processor in connection with their respective obligations under Regulation (EU) 2016/679;
"Recipient" means a natural or legal person, public authority, agency or other entity to whom personal data is disclosed, whether third party or not. At the same time, public authorities, which may receive personal data in the context of a specific investigation in accordance with Union or Member State law, are not considered as 'recipients'; the processing of such data by the designated public authorities complies with the applicable data protection rules for the purposes of processing;
"Supervisory authority" means an independent public authority established by a Member State and responsible for monitoring the implementation of Regulation (EU) 2016/679;
"Personal data breach" means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or processed in any other way;
"Profiling" means any form of automated processing of personal data resulting in the use of personal data to evaluate certain personal attributes relating to an individual, and in particular to analyze or forecast aspects relating to the performance of professional duties of that individual, his or her economic status, health, personal preferences, interests, reliability, behavior, location or movement.
5. Basic principles regarding the processing of personal data that we observe:
- lawful, bona fide and transparent processing of personal data
- processing of personal data for specific purposes
- minimizing data
- up-to-date accuracy and maintenance
- storage limit
- integrity and confidentiality
6. Purpose of processing:
Daniel Standard Ltd. processes personal data for implementation of its activities - software and hardware product development.
Personal data is collected for specific, legitimate purposes and must be processed lawfully and in good faith. Data is not further processed in a manner incompatible with these purposes. Further processing of personal data for archiving in the public interest, for scientific and historical research, or for statistical purposes, is not considered incompatible with the original purposes.
Beyond the above objectives and in connection with the principles set out in Art. 5 of Regulation (EU) 2016/679, Daniel Standard does not collect or process other personal data of its employees, partners and clients. The Company does not process personal data for the purpose of automated decision-making, incl. profiling. The Company collects data from the data subject.
7. The Company only processes personal data when:
- has obtained clear, free, informed and unambiguous consent from data subjects who are notified in advance through this policy about the purpose of their personal data usage;
- there is a contractual obligation for the purpose of executing a contract, one party being the individual (when the Company processes data of its employees) and for the exercise, establishment and protection of rights and legitimate interests;
- processing is necessary for the fulfillment of a task of public interest (according to EU or national law);
8. What data is collected and processed:
Attention: Daniel Standard does not collect or process sensitive personal information of its clients and users on its website www.danielstandard.com .
The collected and processed data is:
- User name and surname - to identify the subject upon request;
- Email - for quick and easy communication;
- Telephone - for contact if necessary;
- Other data admissible under the Regulation if needed to fulfill a Company’s obligation or related to a specific service.
9. Recipients of personal data to which the Company has the right to disclose data:
The Company provides personal data to competent state authorities and institutions when required by the national legislation and in accordance with the rules set out therein (for example: the National Revenue Agency, the National Social Security Institute, the Employment Agency, judicial and investigative authorities, health authorities, etc.). It also provides personal data of individuals to accounting firms, banks, HR agencies and mobile operators for statutory purposes or those specified in a contract concluded with the individuals.
The personal data of www.danielstandard.com users is not disclosed to third parties beyond the legal requirements. The Company does not provide personal data to countries outside the European Union.
10. Rights of individuals - data subjects:
Measures taken to protect personal data in accordance with Regulation (EU) 2016/679 are designed to ensure protection of data subjects' rights, namely:
- Right of access;
- Right to correct inaccurate or incomplete data;
- Right of erasure (right to be forgotten), if applicable the conditions of Art. 17 of Regulation (EU) 2016/679;
- Right to restrict processing;
- Right of data portability, if applicable the conditions for portability under Art. 20 of Regulation (EU) 2016/679;
- Right of objection, if applicable the conditions of Art. 21 of Regulation (EU) 2016/679;
- Right to complain to the Data Protection Commission or the District Court;
- Right not to be subject to a decision based solely on automated processing involving profiling.
11. Data storage period:
As a data controller, Daniel Standard Ltd. processes data for a period as provided in applicable law and in accordance with the principle of storage limitation.
The remaining data is stored in different terms, depending on the data type defining the legal obligation for its processing, including storage.
Storage criteria are:
- When requested from the site format, the data is kept for 6 months or as necessary until clarifying all points of the request itself and giving a client-satisfying answer.
- Personal data of the Daniel Standard Ltd. employees is stored and processed for a longer period pursuant to the requirement of the Accounting Act.
12. Responsibility of the Company for personal data protection:
In connection with the personal data controller responsibility introduced by Regulation (EU) 2016/679 and the Personal Data Protection Act, and to ensure adequate data protection, the Company applies all necessary organizational and technical measures to protect personal data of individuals. For maximum security in the processing, transmission and storage of personal data, the Company uses protection mechanisms for data stored both electronically and on paper.
Computer access via a local network to files containing personal data is carried out only by employees of Daniel Standard Ltd. or by a data protection officer authorized with statutory rights, solely from their physical workplace, by a specially designated computer and after identification by login and password to the system. At the end of the working day, employees turn off their local computer.
In order to increase the security of access to information, employees must change their passwords for a period not exceeding 2 months, determined by Daniel Standard Ltd. The Company uses a fully licensed operating system to perform its data protection functions. Any other software of unlicensed origin is prohibited to use.
Installation of software products on office computers is done only by a designated person - IT specialist.
13. Policy changes:
14. Contact details of the personal data controller:
Address: 9, Vasil Levski Str., Veliko Tarnovo, Bulgaria
Telephone: +359 886 666 258
15. Data protection supervisor:
Data protection supervisor at national level is the Personal Data Protection Commission. It monitors the correct application of Regulation (EU) 2016/679, and any natural person who considers that his or her rights regarding the processing of his/her personal data have been infringed may submit a complaint to the Commission at the following address:
Address: 2, Prof. Tsvetan Lazarov Str., Sofia, Bulgaria
Telephone: +359 2 91-53-555