This website /www.vissoni.eu/ is managed by "VISSONI LEATHER ACCESSORIES" EOOD.
With this Personal Data Protection Policy, "VISSONI KOZENI ACCESSORIES" EOOD takes into account the inviolability of the individual and makes efforts to protect against unlawful processing of the personal data of natural persons.
"VISSONI LEATHER ACCESSORIES" EOOD, EIK 207551773, with headquarters and management address: Sofia, g. k. Buxton, Belmeken Street No. 3 with email address: vissoni@vissoni.eu and phone number 0882 886 954 applies these General Terms and Conditions in its activities, (the "Administrator" or "VISSONI LEATHER ACCESSORIES" EOOD\)
INTRODUCTION.
"VISSONI KOZENI ACCESSORIES" EOOD, as a personal data controller, collects and processes certain information about natural persons.
This information may refer to employees, managers, customers, suppliers, counterparties, business contacts and other natural persons with whom "VISSONI KOŽENI ACCESSOARY" EOOD has a relationship or wants to establish a business contact.
This privacy policy governs how personal data will be collected, processed and stored in order to meet the standards of the Administrator′s organization and comply with legal requirements.
LEGAL BASIS.
This Privacy Policy ("Policy") is issued on the basis of the Personal Data Protection Act and its by-laws, as amended ("Bulgarian legislation"), and the General Data Protection Regulation (EU) 2016/679 (\"GDPR\").
Bulgarian legislation and GDPR provide rules for how organizations, incl. "VISSONI LEATHER ACCESSORIES" EOOD must collect, process and store personal data. These rules are applied by the Administrator regardless of whether it concerns data that is processed electronically, on paper or on other media.
In order for the processing of personal data to be in accordance with the legal requirements, the personal data is collected and used reasonably, stored securely and "VISSONI KOŽENI ACCESSOARY" EOOD takes the necessary measures so that the processed personal data are not subject to illegal disclosure.
The administrator "VISSONI KOZENI ACCESSOARY" EOOD of personal data is familiar with and follows the principles provided for in the GDPR:
personal data is processed lawfully, in good faith and transparently;personal data are collected for specific, explicitly indicated and legitimate purposes and are not further processed in a manner incompatible with these purposes;the personal data are appropriate, related to and limited to what is necessary in relation to the purposes for which they are processed;personal data are accurate and, if necessary, kept up-to-date;the personal data are stored in a form that allows the identification of the affected persons for a period no longer than is necessary for the purposes for which the personal data are processed;personal data are processed in a way that ensures an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.
II. POLICY OBJECTIVES.
This Policy aims at "VISSONI KOZENI ACCESSORI" EOOD to:
ü be in accordance with the applicable legislation regarding personal data and follow established good practices;
ü established the mechanisms for keeping, maintaining and protecting the reporting registers;
ü establish the obligations of the officials processing personal data and/or the persons who have access to personal data and work under the direction of the personal data processors, their responsibility in case of failure to fulfill these obligations;
ü protects the rights of staff, customers and partners;
ü be discovered how it stores and protects the personal data of natural persons;
ü established the necessary technical and organizational measures to protect personal data from illegal processing (accidental or illegal destruction, accidental loss, illegal access, modification or distribution, as well as from all other illegal forms of personal data processing);
ü be protected against the risk of violations.
III. SCOPE.
This Policy applies to the processing of personal data of counterparties, suppliers, customers and partners, as described in REGISTRIES established in accordance with this Policy, Bulgarian legislation and Art. 30 of the GDPR ("Registers of processing activities").
IV. COLLECTION OF PERSONAL DATA.
Data Categories and Subjects
\"Personal Data\" is any information relating to an identified natural person or an identifiable natural person ("Data Subject").
The administrator collects personal data regarding the following categories of persons:
persons representing the companies with which the Administrator has business relationships;contact persons in the companies with which the Administrator has business relationships;persons who are interested in receiving information services - information bulletin, directories, price offers, etc.;persons who sent state inquiries, through the company′s website;
Purposes of data collection
The administrator collects personal data in connection with the implementation of the following goals:
The data you provide to us by contacting us will be stored by us until the reason for data storage/processing no longer exists (e.g. after the processing of your inquiry has been completed). In these cases, the mandatory legal provisions, in particular the statutory data storage periods, remain valid and apply accordingly. For example, we store inquiries regarding distance contracts concluded with us within the general limitation period according to Bulgarian legislation, namely five years, but for other statutory or legitimate purposes we will keep this data for a longer period.
Data storage in these cases is based on our legitimate interest, the proper documentation of our commercial operations and the protection of our legal rights and interests (Article 6, paragraph 1, letter f) of the GDPR - General Data Protection Regulation). In the case of inquiries regarding contracts, the storage and processing of data is carried out for the purpose of establishing and implementing the relevant contractual relationship (Article 6, paragraph 1, letter b) of the GDPR or for the purposes of our relevant legitimate interest (Article 6, paragraph 1, letter f) GDPR).
Sending a newsletter with promotions and special offers based on your express prior consent. We process your personal data so that we can send you (personalized) marketing messages and notifications via electronic messaging channels (e-mail / SMS / mobile push, etc.). Such communications include the latest news, discount information (emails or notifications), and loyalty programs, regardless of the format we use to share such communications.
In case you wish to receive our newsletter, it is necessary to provide us with your email address. Any individual who has given his consent to be the object of direct marketing by "VISSONI KOZENI ACCESSOARY" EOOD has the opportunity at any time to withdraw his consent in an easy and convenient way, based on the principle of transparency, laid down as a basic principle in the Regulation and in this Politics.
1. For the performance of activities related to the conclusion, existence, amendment and termination of contractual relationships, incl. for:
to establish a relationship with the contact person by telephone, fax or any other lawful means;To keep accounting records in connection with the execution of contracts to which "VISSONI KOZENI ACCESSORIES" EOOD is a party;For processing payments in connection with the contracts concluded by "VISSONI KOZENI ACCESSORIES" EOOD;To send important information to the subjects in connection with changes in the rules, conditions and policies of "VISSONI KOZHENI ACCESSOARY" EOOD and/or other administrative information;
Data collection
Data of counterparties (managers, representatives and/or contact persons of the legal entity under a commercial contract)
The personal data of each person are provided voluntarily by the persons themselves and are collected by the Administrator in fulfillment of a legal obligation, in connection with the conclusion of a contract and/or the fulfillment of obligations under a concluded contract in accordance with the provisions of the "Commercial Law, the Accounting Law, the Law on obligations and contracts, the Value Added Tax Act, etc. and the conditions specified in a commercial contract with the relevant client through: paper - written documents (including powers of attorney, contracts, lien notices, bank information, etc.), by e-mail - provided in connection with the execution of a commercial contract and/or by filling on a registration form. Individuals are notified of the provisions of this Policy in advance or at the time of receiving their data.
V. LEGAL INTERESTS OF "VISSONI LEATHER ACCESSORIES" LTD.
In connection with the processing of the data of managers and counterparties:
Data processing is carried out on the basis of legitimate interest and in connection with the conclusion, existence, amendment and termination of commercial and civil contracts in the application and fulfillment of the regulatory requirements of the Commercial Law, the Social Security Code, the Tax and Insurance Procedure Code, the Insurance Code , Personal Income Tax Law, Accounting Law, Obligations and Contracts Law, etc.
VI. TRANSPARENCY. RIGHTS OF THE PERSONS WHOSE DATA ARE PROCESSED BY "VISSONI KOZENI ACCESSOARY" EOOD.
Transparency and conditions for exercising the rights of individuals
The administrator provides information to individuals in a short, transparent, understandable and easily accessible form, in clear and simple language.
The administrator strives to ensure that the individuals are aware of the personal data processed by it and that the individuals fully and completely understand and are informed in relation to the processing in accordance with the requirements of the GDPR and Bulgarian legislation.
The administrator provides the information to the persons in writing or otherwise, including, where appropriate, by electronic means. If the person so requests, the information may be given verbally, provided that the person′s identity is proven by other means.
The administrator shall provide individuals free of charge with information on actions taken in connection with a request regarding their right of access, rectification, erasure, restriction of processing, portability, objection and automated decision-making, without undue delay and in any case within one month from receiving the request.
If necessary, this period can be extended by another two months, taking into account the complexity and number of requests. The administrator informs the person of any such extension within one month of receiving the request, indicating the reasons for the delay. When a relevant person submits a request by electronic means, if possible, the information shall be provided by electronic means, unless the person has requested otherwise.
If the Administrator does not take action on the request, the Administrator shall notify the person without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of filing a complaint with a supervisory authority and seeking legal protection.
Where the person′s requests are manifestly unfounded or excessive, in particular because of their repetition, the Administrator may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or refuse to act on the request .
Right of access of individuals
Each person has the right to obtain from the Administrator confirmation as to whether personal data relating to him/her are being processed and, if so, to obtain access to the data and the following information:
the purposes of the processing;relevant categories of personal data;the recipients or categories of recipients to whom the personal data have been or will be disclosed (including in third countries or international organizations);where possible, the intended period for which the data will be stored, and if this is impossible, the criteria used to determine this period;the existence of the right to request from the Administrator the correction or deletion of personal data or to limit the processing of personal data related to the persons concerned, or to object to such processing;the right to appeal to the Personal Data Protection Commission;where the personal data are not collected from the individuals themselves, any available information about their source;the existence of automated decision-making, incl. the profiling, and at least in these cases, essential information about the logic used, as well as the meaning and intended consequences of this processing for individuals.When personal data are transferred to a third country or an international organization, individuals have the right to be informed of the appropriate safeguards in relation to the transfer.
The administrator provides the person with a copy of the personal data that is being processed. For additional copies requested by individuals, the Administrator may charge a reasonable fee based on administrative costs. When the individual submits a request by electronic means, the information shall be provided in a widely used electronic form whenever possible, unless the individual has requested otherwise.
Right to rectification
Any person whose data is processed by the Administrator has the right to ask the Administrator to correct inaccurate personal data related to him without undue delay. Considering the purposes of the processing, the person has the right to have incomplete personal data completed.
Right to erasure (right to be forgotten)
Any person whose data is processed by the Administrator has the right to request the Administrator to delete the personal data related to him without undue delay, and the Administrator has the obligation to delete the personal data without undue delay when:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the person has withdrawn his consent, on which the processing of the data is based, and there is no other legal basis for the processing;
- the person has objected to the processing and there are no legal grounds for the processing that have an advantage;
- the personal data were processed illegally;
- personal data must be deleted in order to comply with a legal obligation that applies to the administrator;
- the personal data were collected in connection with the provision of information society services.
When the Administrator has made the personal data public and is obliged according to the preceding paragraph to delete the personal data, he, taking into account the available technology and the implementation costs, takes reasonable steps, including technical measures, to notify the administrators processing the personal data that the affected person has requested that these administrators delete all links, copies or replicas of his personal data.
Right to restriction of processing
Any person whose data is processed by the Administrator has the right to request from the Administrator restriction of processing when one of the following applies:
- the accuracy of the personal data is disputed by the person, for a period that allows the Administrator to verify the accuracy of the personal data;
- the processing is unlawful, but the data subject does not want the personal data to be deleted, but instead requires the restriction of its use;
- The administrator no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims;
- the data subject has objected to the processing pending verification of whether the legal grounds of the Administrator prevail over the interests of the data subject.
Where processing is restricted according to the above paragraph, such data are processed, with the exception of their storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or for important reasons of public interest.
When a data subject has requested the restriction of processing, the Administrator informs him before the cancellation of the restriction of processing.
Obligation to notify when correcting or deleting personal data or restricting processing
The administrator communicates any rectification, erasure or restriction of processing to any recipient to whom the personal data has been disclosed, unless this is impossible or requires a disproportionately large effort. The administrator informs the data subject about these recipients if the data subject so requests.
Right to data portability
The data subject has the right to receive the personal data concerning him and which he has provided to the Administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the Administrator when (i ) the processing is based on consent in relation to certain purposes or on a contractual obligation of the subject or taking steps before entering into a contract and (ii) the processing is carried out in an automated manner.
When exercising his right to portability, the data subject has the right to obtain a direct transfer of personal data from one controller to another, where technically feasible.
Right to object
The data subject has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him (when the processing is necessary for the performance of a task in the public interest or in the exercise of official powers of the Administrator, or the processing is for the purposes of the legitimate interests of the Administrator or a third party), including profiling. The administrator shall terminate the processing of personal data unless he proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
Where personal data are processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for this type of marketing, which also includes profiling insofar as it is related to direct marketing. When the data subject objects to processing for direct marketing purposes, the processing of personal data for these purposes shall cease.
At the latest at the time of the first contact with the data subject, he is expressly informed of the existence of the right under the preceding paragraphs, which is presented to him in a clear way and separately from any other information.
VII. TECHNICAL AND ORGANIZATIONAL MEASURES FOR DATA PROTECTION.
Data protection in hard copy as well as in electronic media against unauthorized access, damage, loss or destruction is ensured by means of a series of internally regulated technical and organizational measures.
VIII. TRANSFER OF PERSONAL DATA.
The administrator does not and will not transfer personal data to countries outside the European Union.
IX. VIOLATIONS. NOTICE OF VIOLATIONS.
Violations
A breach of data security occurs when the personal data for which "VISSONI KOZENI ACCESSOARY" EOOD is responsible is affected by a security incident, as a result of which the confidentiality, availability or integrity of the personal data is violated. In this sense, a data breach occurs when there is a security breach resulting in the accidental or unlawful destruction, loss, alteration, unregulated disclosure of data that is transmitted, stored or otherwise processed.
In the event of a breach of personal security these data should be immediately notified to the company at the indicated telephone number and/or e-mail.
Assessment of violations
After the relevant employee of "VISSONI KOZHENI ACCESSORIES" EOOD receives information about a violation, he must determine whether the specific event constitutes a breach of personal data and notify the managers of "VISSONI KOZHENI ACCESSORIES" EOOD about the event (in case they do not know ).
In the event of a breach of the security of personal data that is likely to create a risk to the rights and freedoms of natural persons, the Administrator (through the relevant employee), without undue delay and when feasible — no later than 72 hours after it is becomes aware of it, notifies the Personal Data Protection Commission of the violation.
Where and to the extent that it is not possible to submit the information simultaneously, the information may be submitted in stages without further undue delay.
When the breach of personal data security is likely to pose a high risk to the rights and freedoms of natural persons, the Administrator shall, without undue delay, notify the subject of the breach.
The administrator shall document any personal data security breach, including the facts surrounding the breach, its consequences and the actions taken to address it.
X. DESTRUCTION.
The accounting and commercial information, as well as all other information and documents relevant to taxation and mandatory insurance contributions, are stored by "VISSONI KOZHENI ACCESSOARY" EOOD in the following terms:
- payroll - 50 years;
- accounting registers and financial statements - 10 years;
- documents for tax and insurance control - 5 years after the expiration of the limitation period for repayment of the public obligation to which they are related;
- all other carriers - 5 years.
After the expiration of their storage period, information carriers (paper or technical) that are not subject to transfer to the National Archive Fund can be destroyed.
After the end of the storage period, the data is destroyed as quickly as possible by destroying the paper media by shredding, and the technical media by deleting and deleting the relevant files from the Company′s computers.
Additional provisions
In terms of these internal rules:
§ 1. "Administrator of personal data" is "VISSONI LEATHER ACCESSORIES" EOOD, EIK 207551773, with headquarters and address of management: Sofia, g.k. "Buxton", 3 "Belmeken" St., acting on behalf of the administrator is Nikolaos Leonidas Vlahopoulos.
§ 2. "Processing" means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consulting, use, disclosure by transmitting, distributing or otherwise making the data accessible, arranging or combining, limiting, erasing or destroying;
§ 3. This Policy is subject to confirmation and notification to the persons concerned, by order of the manager Nikolaos Leonidas Vlahopoulos.
The data protection supervisory authority at the national level is the Personal Data Protection Commission. It monitors the correct implementation of Regulation (EU) 2016/679, and any natural person who believes that his rights have been violated in relation to the processing of his personal data can submit a complaint to
Commission at the following address:
Gr. Sofia, "Prof. Tsvetan Lazarov" No. 2
phone: 02/91-53-555
e-mail: kzld@cpdp.bg
Website: www.cpdp.bg
Last update of the Privacy Policy: 20.10.2023
