GENERAL DATA PROTECTION POLICY of CNSYS PLC

This Policy aims to ensure the awareness of employees, contractors and clients of CNSYS PLC (the Organization), as a Personal Data Administrator (PDA), with respect to their personal data processed by the Organization, as well as to ensure the lawful, fair and transparent processing of personal data.

Personal data is any information relating to a natural person who, directly or indirectly, may lead to his or her identification. Personal data is information that, together with other information, may lead to the identification of an identifiable natural person.

Such information may be name, date of birth, PIN, address, ID number, telephone number, email address, health data, online identifiers, data on end-of-life electronic communications devices, etc.

The General Data Protection Policy of CNSYS PLC (PDPA) and the policies and procedures for the processing of personal data based on it, in the individual processing hypotheses (procedures), are designed to guarantee the rights of individuPDA, In connection with the protection of their personal data, in the processing of the same by the Organization.

The General Data Protection Policy of CNSYS PLC contains the basic rules and informs about:

  1. Purposes of processing personal data;
  2. Ways of collecting and means of processing personal data;
  3. Disclosure of personal data;
  4. Access to the personal data, modification, correction, restriction of processing and deletion of the same, right to complain to the supervisory authority;
  5. Protection of personal data;
  6. Use of personal data of children;
  7. Transfer of personal data;
  8. Ways of contacting the organization;
  9. Processing and storage periods;
  10. If you do not provide your personal data.
  11. Update and change of the current PDPA, as well as the current version.

1. Purposes of processing personal data.

CNSYS PLC collects and uses your personal data only for the purposes set out in this Policy.

1.1. Purposes of processing the personal data of the clients of CNSYS PLC

а. CNSYS PLC processes personal data for the purpose of offering goods and services to its potential customers, with the clear intention to conclude a contract. In this regard, CNSYS PLC can process data about name, PIN, phone number, address and/or email address, etc.

b. CNSYS PLC processes personal data of its clients for the purposes of fulfilling the contract/contracts concluded between CNSYS PLC and the client, including accounting purposes, in connection with the legal obligations of the administrator. For this purpose, the data of the individual for name, PIN or date of birth, ID number, address, email, telephone number, etc. can be processed.

c. CNSYS PLC processes personal data with the explicit consent of the individual for the purposes of marketing research and offering additional goods and services to its customers, name data, email address, telephone number, technical data for the devices of the individual, etc.

d. CNSYS PLC processes the personal data of its clients for the purposes of realizing its legitimate interests, including in connection with the performance of a specific contract, including for the purposes of collection of receivables, as well as obligations of the administrator arising from a normative act or order of a competent authority. For this purpose, PDA processes data for name, PIN, ID number, contract/customer number, address, telephone number, email address, etc.

The processing of personal data by CNSYS PLC may assign to a third party, representing processing personal data outside the structure of the PDA, which provides sufficient guarantees to comply with the requirements of the relevant legal framework in the field of personal data protection. The processing activities of the personal data that the Company may assign to a data Processor are, for example: accounting and legal services, security and video surveillance, construction, delivery and maintenance of software products, computer systems, internet sites and others, including to assign debt collection; by selling the claim through a cession contract. In this regard, provide the relevant party to the contract of assignment or the cession contract with the data of the natural person referred to in point (d).

1.2. Purposes of processing the personal data of the counterparties of CNSYS PLC controllers or processors of personal data

а. CNSYS PLC processes personal data of its potential contractors, representing controllers or processors of personal data for the purposes of establishing commercial, respectively other contractual relations, offering goods and services, assigning activities to or taking on activities on behalf of its potential counterparts, with the clear intention of signing a contract. In this regard, the Company may process data individualizing the person or his representatives, for example: name, phone number, address and/or email address, etc.

b. CNSYS PLC processes personal data of its contractors for the purposes of fulfilling the contract/contracts concluded between the Organization and the counterparty, including for accounting purposes, in connection with the legal obligations of the administrator. For this purpose, data of a natural person can be processed for name, PIN or date of birth, ID number, address, email, telephone number, etc.

c. CNSYS PLC processes personal data with the explicit consent of the person, for the purposes of marketing research and offering additional goods and services to its contractors, name data, email address, telephone number, technical data for the person’s devices, etc.

d. CNSYS PLC processes the personal data of its contractors for the purposes of realizing its legitimate interests, including in connection with the performance of a specific contract, including for the purposes of collection of receivables, as well as obligations of the administrator arising from a normative act or order of a competent authority. For this purpose, PDA processes data for name, PIN, ID number, contract/customer number, address, telephone number, email address, etc.

For the purposes of Article 2.2 of the PDPA, CNSYS PLC may process personal data of employees of its contractors or assign to the same processing of personal data of its employees, as the contracting party provides sufficient guarantees of awareness and valid consent by the employees.

The processing of personal data, CNSYS PLC may assign to a third party, representing processing personal data outside the structure of the PDA, which provides sufficient guarantees to comply with the requirements of the relevant legal framework, in the field of personal data protection. The processing activities of the personal data that the Company may assign to a data Processor are, for example: accounting and legal services, security and video surveillance, construction, delivery and maintenance of software products, computer systems, internet sites and others, including to assign debt collection; by selling the claim through a cession contract. In this regard, provide the relevant party to the contract of assignment or the cession contract with the data of the natural person referred to in point (d).

1.3. Purposes of processing the personal data of employees employed under the civil relationship of CNSYS PLC

a. CNSYS PLC processes personal data of its potential employees, respectively employed under civil relationship natural persons, for the purposes of recruitment and announcement and holding of a job contest, as well as the application by the individual for entry to the PDA, with the clear intention of signing a contract. In this regard, the Company may process data individualizing the individual, such as: details of name, telephone, address and/or email address, information about work experience and professional experience, information about acquired educational and qualification degrees, completed trainings, etc.

b. CNSYS PLC processes personal data of its employees, respectively the individuPDA employed under a civil relationship for the purposes of labor, social and health insurance legislation, including the keeping of an employment record, the employees under an employment relationship, the payment of remuneration and benefits for temporary incapacity for work and disability. Next, for the purposes of performance of the concluded contract/contracts, including accounting purposes, in relation to the legal obligations of the controller, the modification, continuation and termination of the legal relationship. For this purpose, data of a natural person can be processed for name, PIN or date of birth, ID number, address, email, telephone number, etc.

c. CNSYS PLC processes the personal data of its employees, respectively the individuPDA employed under a civil relationship, for the purpose of realizing its legitimate interests, including in connection with the performance of a specific contract, including obligations of the administrator arising from a normative act or order of a competent authority. For this purpose, PDA processes data for name, PIN, ID number, contract number, address, telephone number, email address, etc.

The processing of personal data by CNSYS PLC may assign to a third party, representing processing personal data, outside the structure of the PDA, which provides sufficient guarantees to comply with the requirements of the relevant legal framework in the field of personal data protection. The processing activities of the personal data that the Company may assign to a Processor are, for example: accounting and legal services, security and video surveillance, construction, delivery and maintenance of software products, computer systems, internet sites and others.

2. Ways of collecting and means of processing personal data.

CNSYS PLC collects your personal data in the ways set out in this Policy.

2.1Personal data of our potential and real clients, contractors, employees and individuPDA employed under a civil relationship can be obtained or collected directly from the person to whom they relate; from another person to whom CNSYS PLC, its representative or an authorized person will notify the data subject; by an authority or institution, where there is a valid legal basis for obtaining the data. In case of a clear intention to conclude a contract or for the purpose of realizing the legitimate interests of the controller, we may PDAo obtain your personal data by accessing public registers.

2.2. Personal data and information about the individual may be received by us in the form of documents, forms, forms, applications, letters and correspondence. Next, your personal data can be processed when you visit our office or territorial unit, where there is an established access control system, access control system and/or video surveillance system.

2.3. We may collect or receive your personal data from websites, our own or our partners (including through the use of cookies), under the terms of this Policy, from your devices, pages and brands used on social networks, as well as from other sources, if there is a valid legal basis for this and compliance with the rules on the protection of personal data.

2.4. CNSYS PLC processes your personal data with the means specified in this Policy:

    • Non-automated means of processing personal data. Such means are any means by which the decision to process personal data or to carry out a specific processing activity implies human intervention. In a non-automated way and by non-automated means, we process the received documents in paper and electronic form, including contracts, written or oral correspondence, volition of data subjects, etc. This type of data processing is carried out both on paper or other physical medium and in electronic environment, through the use of computer systems and configurations, multifunctional devices such as printers, scanners, copiers and fax machines, and PDAo through the use of specialized software such as accounting software.
    • Automated means of processing personal data. Such means shall be any means by which the decision on the processing of personal data or the performance of a specific act on the processing of personal data takes place in the absence of human intervention. Our organization does not normally use fully automated means for processing personal data. But for this type of processing it is possible to accept, for example, the receipt of information through the use of cookies.

3. Disclosure of personal data.

CNSYS PLC will disclose, including by providing, your personal data only in the cases specified in this Policy.

3.1. When providing your explicit consent, when concluding or negotiating a contract with CNSYS PLC.

3.2. In the presence of a legal obligation or at the order of a competent authority or institution, the PDA will disclose and/or provide your personal data to the relevant authority or institution or to another person.

3.3. In the presence of an advantage for an PDA interest arising from a legal provision or other valid legal basis. Also in situations where the life, health, fundamental rights and freedoms of the data subject, third party and group of persons are threatened, as well as public health and the security of public order.

4. Access to the personal data, modification, correction, restriction of processing and deletion of the same, right to complain to the supervisory authority.

4.1. You have the right to request and receive from CNSYS PLC confirmation whether personal data relating to you is processed by PDA.

4.2. You have the right to obtain access to the data and information relating to the collection, processing and storage of your personal data by the controller.

4.3. You have the right to receive information about the logic of the processing of your personal data, the purposes and the terms of processing and storage of the data, information about the categories of recipients to whom your personal data may be or have been disclosed or provided for processing, on behalf of the controller.

4.4. In the event that you do not wish all or part of your personal data to continue to be processed and/or stored by CNSYS PLC in the event that you do not wish to have any or all of your personal data processed and/or stored by CNSYS PLC That the controller has no obligation to continue the processing and/or storage of the data or there is no overriding legitimate interest of the controller to continue the processing and/or storage of the personal data, you may object to the processing or request the restriction or suspension of the processing, as well as the deletion of your data. This objection, respectively a request, may be made regarding all or some of the processing hypotheses, both for the full amount of personal data and for part of it.

4.5. You have the right to request that the controller update, correct or supplement your personal data.

4.6. You may request the deletion, restriction of processing or the return of your personal data and the PDA will be obliged to fulfill your request in case:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  •  you withdraw your consent on which the processing is based and there is no other legal basis for the processing;
  • Your personal data has been unlawfully processed;
  • Your personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to CNSYS PLC

4.7. The controller is not obliged to delete, restrict the processing or return your personal data in the cases when it stores and processes them:

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under EU or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  •  for reasons of public interest in the field of public health;
  •  for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes;
  • for the establishment, exercise or defense of legal claims;
  • to exercise the rights of an PDA, which is over-pecuniary in relation to the legal interest of the individual.

4.8. In order to exercise your above rights, you should submit a written request to CNSYS PLC, certifying your identity and describing exactly the basis of your request, regarding which categories of personal data your request relates, about which actions of processing and storing your personal data you make the request. The request under the previous sentence may be submitted in writing to our employee on the spot in an office or territorial division of the PDA, as well as electronically, subject to the requirements of the Electronic document and Electronic signature Act.

4.9. You have the right to lodge a complaint about a violation of your rights, regarding the protection of your personal data with the Commission for personal data Protection, address: 1592 Sofia 2 Prof. Tsvetan Lazarov blvd (www.cpdp.bg).

5. Protection of personal data.

5.1 in compliance with the requirements of the General data Protection Regulation and the relevant legal framework in the field of personal data protection, CNSYS PLC regularly conduct audits and analyzes of its activities and carry out risk and impact assessment for personal data, personal data protection and the legal sphere of the data subjects.

  • In this regard, CNSYS PLC introduces and maintains in its organization and regarding its activity an adequate level of security and protection of personal data, through the implementation of appropriate technical and organizational measures for the protection of personal data and information security.
  • CNSYS PLC conducts regular briefings and trainings of its employees in order to increase their awareness, about their rights and obligations, in relation to the processing of personal data, as well as the development of the legal framework and technical progress.

6. Use of personal data of children.

6.1 CNSYS PLC does not collect or process personal data of children intentionally, for any purpose, beyond the purposes of the labor and social security legislation, as far as the employees of the PDA are concerned. In these cases, the employee provides consent to the processing.

6.2. Although CNSYS PLC does not collect and process personal data of children, the same is possible when visiting an office or territorial division of the PDA, where there is a video surveillance system. In these cases, the rules and requirements of the GDPR and the relevant legal framework in the field of personal data protection are observed.

7. Transfer of personal data.

7.1 CNSYS PLC does not transfer personal data within or outside the Republic of Bulgaria.

8. How to connect with the organization.

CNSYS PLC with UIC: 121708078 with headquarters and address of management: 44-46 Lerin str., zh.k Beli Brezi, 1680 Sofia is a personal data controller and processes your personal data lawfully, fairly and in a transparent manner.

Contact information:

  • Address: CNSYS PLC, 44-46 Lerin str., zh.k Beli Brezi, 1680 Sofia
  • Internet addresses: www.cnsys.bg ;
  • Official email: office@cnsys.bg
  • Тel.: +359 958 36 00
  • As Data Protection Officer the Administrator designate Georgi Tenev, e-mail: dpo@cnsys.bg

9. Processing and storage periods.

CNSYS PLC processes and stores your personal data within the time limits, the definition of which is described in this General data Protection Policy or the time limits agreed between the parties to the contract or when providing consent to the processing of the data.

  • CNSYS PLC processes and stores your personal data for periods not longer than the minimum necessary to achieve the purposes of processing personal data;
  • PDA processes personal data within the statutory time limits in cases where such exist.
  • The time limits for the processing and storage of personal data may also be determined between the parties to a contract with an PDA, subject to the purposes of data processing and the requirements of the relevant legal framework.

In the event that you do not provide the necessary personal data, according to the purposes of processing, due to the need and/or obligation of CNSYS PLC to process the same, we cannot enter into a contract with you, to provide the goods or services you want.

Last modified: 03.01.2019