PRIVACY NOTICE of “ECOEFECT SV”EOOD

1. For us

The present privacy notice regards a “company/the company

“ECOEFECT SV”EOOD, UIC: 203734072, registered office and headquarters: town of Svishtov, P.C. 5250, western industrial zone, “Svilosa” area;
Contact details: mobile: +359 888 029 497; email: office@ecoefect.com

Contact information of the Official for protection of personal data of the Company:
email: legal.dpa@mydata.bg.

“ECOEFECT SV”EOOD, is Bulgarian woodworking company, specialized in producing of finger-jointed panels and flooring, mainly of solid wood, and other products shortly connected with furniture industry and constructions.

2. Your personal data and our obligation to you

The company complies with all applicable laws, including the legislation for protection of personal data.

The protection of personal data is a subject with a growing importance and we highly appreciate and understand this.

The aim of this document is to explain to you in a clear way the details about collecting and storing personal data, why we process the data, whether and with whom do we share it, so that you can be assured that your privacy is in good hands, and the data about you is stored and processed by us with utmost care and attention.

3. What kind of data we collect from you, on what basis and why?

A) The company process personal data in relation to the following activities:

- Personnel selection – personal data, identifying the job candidates (as for example, names), data about their education, experience, other skills and qualifications, contact information of the candidates (email, phone number), is collected with the aim of making the selection and choosing adequate personnel. The data is processed by the Companies on pre-contractual basis, on the basis of legitimate interest, and in some cases on the basis of consent (when the candidate has given their consent for storing their data for a period of time longer than 6 months).

If during the selection you have provided us with copies or originals of documents, we store them for a period up to 6 months, and after that period they are destroyed. Within this period, you have the right to request for us to return them to you.

- Human resource management – generally, the data that is collected and stored about the employees of the Company is that stated in the Bulgarian labor and insurance legislation. This also includes processing of special categories of data (such as data about health condition). In certain cases, we can collect and process data due to our legitimate interest – for example, security and protection of property and assets of the Company. For the organization of an effective work process, data about employees, related to confirming schedules and shifts, is collected and processed in the Group production base.The storage period, the measures for their protection as well as other important details about our employees’ data are described in detail in internal documents – Privacy notices to the employees of the Company, and each of these notices is available only to the employees of the Company.

- Relations and concluding contracts with counterparties (partners) – If you are our partner, counterparty, in this case and in relation to the formation and development of our relationship, we collect from you certain data. Within this activity, the data is limited to your identifying information, your contact information, data about your employees that work with us. These usually are names, PIN (if it is required for a certain aim), address and phone (email) for contact. The data is stored for a period not longer than the maximum limitation period, as of the end of the implementation of the contract in question, with the aim of protecting your and our interests.

- Collecting data in relation to the access control in the building/establishments of the Company - with the aim of implementing controlled access to the building/establishments of the Company and on the basis of legitimate interest the Company process data about external visitors (for example, their names) and in some cases also data about their personal motor vehicle (reg. number) with which the visitors come “in” and “out” of the territory of the Company.

- Accounting – the data is collected and processed based on law, for the purpose of accounting services and accounting of the activity and protection of legitimate interests of the Company. Only data required according to the legal requirements, related to the accounting operation and accounting is processed, this is data concerning employees/representatives of organizations/companies – clients of the Company, about clients who are natural persons: names, PIN, address. The data is stored within periods in accordance with the accounting, tax and financial legislation and other relevant legislation.

B) The company can process personal data also in relation to his not so regular activities such as:

- Processing of data in relation to managing the capital of the Company – The Company processes data on the natural persons who represent it, manage it, data on the natural persons representing the sole owner of its capital, data on natural persons who by power of attorney participate in meetings of the sole owner of the capital of the Company. The data are processed on a legal basis, in order to comply with regulatory requirements, identification and participation in connection with general meetings of shareholders, as well as on a legitimate interest basis.

- Inquiries through the contact form on the site - The Company collects data on name (s), e-mail, telephone number, information on how the requester found out about the Company, as well as information from the inquiry, formed in free text. The processed data are in a minimal amount and are used in order to identify and return a response to the requester, possibly to enter into a contract with him and develop a partnership / client relationship with the person (with the company / organization he / she represents).

- Sending commercial messages, direct marketing - in case you have explicitly agreed to this, we will use your data for direct marketing / to send commercial messages to you. If you are already in the role of our customer, supplier or partner, in this case within our legitimate interest, it is possible to contact you by email to send you information about our new projects, services. In this case, our legitimate interest is related to our right and efforts to develop our products and services.

You may at any time opt out of (objecting to) receiving emails from us with content as described above by clicking on a special link at the bottom of any email you receive from us.

- Security logs and “cookies” – during each visit of our site https://ecoefect.com/ data about usage is transmitted from the relevant internet browser and log files, the so-called server log files, for example date and time of extraction, name of accessed page, amount of transferred data and the searched provider, which is stored.

Our site collects “cookies”. The “cookies” is information stored at your browser. This information allows us to improve the site functionality. More information about what kind of “cookies” are used by us and how you can manage them you will find in our “Cookies policy” here

The Company is not involved in profiling or automated decision-making.

4. Who do we share your data with?

Your data is shared with external parties only in the following cases:

1. if a law requires that

or

2. if these parties are our service suppliers, for example parties that provide us services in relation to accounting services for the Company, in relation to the technical support of the used by the Company software solutions, etc. These suppliers are carefully selected by us and we require of them to apply the same data protection that we apply. The data that we provide them with is at a strictly minimum amount and do not exceed the purpose for which we do so.

Generally, the Company do not store personal data outside the European Union and do not transmit (transfer) data outside the European Union. If needed, such transfer of data (for example, the secondment of employees of the Companies in counties outside EU, as in that case data is shared for the purpose of organizing the travel and accommodation), the Company is required to handover personal data that is processed or is meant for processing after the transfer of a third country or of a international organization, to be carried out only under the condition that the provisions of the Regulation are complied with, including in relation to onward transfers of personal data by the third country or by the international organization of another third country or of another international organization, in order to ensure the necessary level of protection of natural persons according to the Regulation and for it not to be at risk.

5. What security measures are we taking?

We collect, process and store your personal data and comply with all legal requirement as we implement the appropriate technical and organizational security measures.

For maximum security purposes, when processing, transferring and storing personal data, we use and implement protection as encryption, restricted access, secure archiving and destruction, etc.

Outside the technical measures, the employees of the Company are obliged during processing of personal data to comply with internal policies and procedures of the Company for protection of personal data, and along with that observe the rules in the Policy for protection of personal data and other similar documents accepted at the level of the Company.

6. How long do we store your personal data for?

We store your personal data for the period necessary for the implementation of the contract or the purposes for which the data is collected, except if by law or for protection of our legitimate interests or your rights, a longer period for storing is necessary.

When defining the periods and criteria for storing your personal data we take into consideration the natural development of our partnership.

When the personal data which we collect is no longer necessary for the purposes that they were collected for, and the periods for their storing has passed, we delete it or destroy it in another proper way.

7. What are your rights in relation to your personal data?

You can request for us to provide you with access to your personal data processed by us, to correct it or add to it, to limit its processing, to receive it in a machine-readable format, to object to the processing, to withdraw your consent for processing when your data was collected on this basis as well as for us to delete all data about you,

Part of your rights depend on a specific reason for processing your personal data. We will assist in their implementation; we will review your demands within the statutory deadline and will respect them when they are admissible and when there are grounds for that. In the rare cases that we cannot meet your demands within 1 (one) month, it is possible that this period might need to be extended, but not by more than the admissible and maximum allowed by law period and we are going to list the reasons why.

You can exercise your rights by making a demand to us through the above-mentioned email for contact regarding questions, related to the processing of personal data. You can use this form.

In order to protect your rights and the rights of other subjects of data (our partners, counterparties, employees), whose personal data we process, before providing you with access to certain data or performing another activity by your request, we need to verify the identity of the sender of the request. Because of this we might have to ask you to provide us with additional data about you, to come in person, to send your request signed with digital signature or to take other reasonable measures, depending on the nature of the request, data and context of its processing.

If you believe your rights have been violated, you can contact us so we can check the matter and take the relevant actions in relation to that.
You also have the right to turn to Commission for Personal Data Protection (as a supervisory authority) and to file a complain to the Commission. For more data about the supervisory authority visit: https://www.cpdp.bg/.

8. Update

In the case of changes in the policies, procedures and methods for collecting and processing personal data by us and in the measures that we implement for the protection of data, we will inform you in due time by revising and updating the present privacy notice.

Date of last update of the document: February 2021