Privacy Policy
The current privacy policy enters in force on the 25th May 2018 and will be periodically updated to ensure compliance with Bulgarian and European legislation.
Who is processing your data:
NIKIPLAST-M LTD. is a company registered in the Commercial Register administered by the Registry Agency with a VAT number: 107562570. The company’s administrative headquarters and their place of business is in Bulgaria, Gabrovo, Sevlievo 5400, 116 Marin Popov Str. (phone number: +359 675 3 25 45; fax.: +359 675 3 25 45; e-mail: office@nikiplast.net).
NIKIPLAST-M LTD. is a data controller in accordance with the provisions of Regulation 2016/679 of the European Parliament and the Council (GDPR).
NIKIPLAST-M LTD processes personal data in strict observance of Bulgarian and European privacy legislation; more specifically, Articles 6 and 13 of the Regulation 2017/679 as well as Article 4.1 and 4.2 of the Personal Data Protection Act. In accordance with the aforementioned provisions, NIKIPLAST-M determines and controls the processing activities and stores personal data both in hard copy or electronically.
Processing of personal data by NIKIPLAST-M
What kind of information do we process?
The information processed by NIKIPLAST-M contains identifiable personal data of natural and legal persons. The personal data that we process, without this list being exhaustive, includes: Personal Identification Numbers (PIN), dates of birth, phone numbers, data contained with personal documentations - e.g. date of issue, bank accounts, as well as other personal data that may be directly or indirectly used for the identification of natural or legal persons individually or in conjunction with other characteristic traits/details. The personal data that we process is obtained consensually after informing the relevant data subjects of: the reasons for data collection and processing, subjects’ rights, the technical and organizational methods that we have implemented to ensure high standards of data security. We engage in processing activities for specific purposes, such as the pursuance of legitimate business interests or the execution of legal obligations and we always strive to clearly communicate this information with the data subjects prior to the commencement of processing activities. Furthermore, the personal data that we process is stored for specific periods of time depending on the type of data involved. Such data is stored for as long as there is a legitimate reason for the processing of personal data and after that interest has expired – the stored personal data is deleted in conformity with data retention and deletion schedules. We ensure that the stored personal data is protected in accordance with the existing legislation on data protection and we observe best practices for data privacy to ensure one of the most valuable assets in our possession – the data of our employees, clients and contractors.
Personal data processed through our websites:
The websites of NIKIPLAST-M do not collect personal data through cookies or other technical means for data collection. This site only utilizes functional cookies that are necessary for the proper user experience of this website and, which are indispensable for its proper functioning. The information that you provide through our contact forms will only be used to contact you for the purposes of further communications. For more information on cookies please refer to our cookies policy (LINK to cookies policy).
With whom do we share your personal data ?
The personal data that you share with us via our websites will not be disclosed to third parties including other companies.
We will only share personal data in the instances when we have a legal obligation to do so and only when its access, use or disclosure is lawfully and legitimately required by governmental authorities that are legally required to obtain your information containing personal data. Under these circumstances personal data will be disclosed solely before competent officials and authorities acting in their mandated capacities in order to comply with legally binding obligations of NIKIPLAST-M LTD.
Do we share or transfer data to third countries and countries outside of the European Union (EU)?
NIKIPLAST-M LTD does not share or transfer data to third countries and to countries outside of the European Union.
NIKIPLAST-M Privacy Policy
I. Purpose
This Privacy Policy expresses NIKIPLAST-M’s commitment to process the information obtained from our clients, employees and other stakeholders with utmost attention and confidentiality. The policies and principles set forth in this policy, describe how we collect, store and process information and the technical and organizational principles we have implemented to ensure that the processing of data is carried in a transparent and informed manner that complies with the existing Bulgarian and European data legislation as well as international standards for corporate security and data protection. This privacy policy is pertinent to all stakeholders whose information we process – employees, applicants, suppliers, clients, etc.).
Data privacy is a cornerstone in the protection of our information assets and in the prevention of financial loss and reputational damages. It is our solemn commitment to maintaining high data security standards, which is essential to the creation and advancement of our business relationships and goals.
II. NIKIPLAST-M Data protection: Vision and mission
For us in NIKIPLAST-M LTD. it is of paramount important to guarantee that the processing of personal data will be in violation of the rights and interests of data subjects. In order to ensure this, we have taken a proactive approach towards data privacy and security. This statement embodies our endeavors to enforcing the necessary technical and organizational measures to ensure that our informational assets are secure prior to the commencement of processing activities. With this approach in mind, we enforce practices that prevent unauthorized access to our systems and networks, consistently monitor for the deliberate or accidental erasure or loss of personal data, monitor the safety of our networks and forbid unauthorized access (physical and digital) to our informational infrastructure.
It is our priority to continuously improve, enforce best practices and develop our existing operational methods by adhering to the principles of “privacy by default” and “security by design”. This means that the processing of personal data will be subjected to principles and practices that are in place prior to data collection in an inherently secure manner.
In order to fulfil the afore mentioned obligations and principles we have introduced the following measures:
Proactive approach to data protection
Through the timely integration of security measures and the prevention of security breaches, we strive to minimize potential risks for the confidentiality of stored personal data.
2. Data Security by Default
We continually improve our business practices and data processing methods to ensure that personal data is gathered, processed and deleted in a structured and legitimate and timely manner that does not necessitate the ad-hoc introduction of additional security measures, which are often untimely or excessive.
3. Complete and consistent approach towards the protection of personal data.
Compliance and lawfulness are the guiding principles that underline our data managing practices through the processing cycle; that means that all personal data is collected and processed in a secure and responsible manner and then deleted when we no longer have legitimate reasons to store it.
4. Transparency in the handling of personal data and regular information audits to ensure the protection of processed information.
In order to enforce this principle, we apply clearly defined and transparent practices in determining what information we collect and process and then carry out regular internal and external information audits to ensure data minimization and security.
5. Due diligence in managing personal data.
Our system operators, accountants, HR management specialists, and other employees handling personal data have undergone relevant trainings in data protection and understand the importance of respecting the rights of data subjects. In order to further protect the interests of our stakeholders we take responsibility to perpetually improve our data security systems and practices. At NIKIPLAST-M, the design and enforcement of data security policies is always reliant upon the considerations and opinions of our employees and contractors.
III. Guiding principles and rules for the processing of personal data.
The following internal rules and regulations for the processing of personal data at NIKIPLAST-M Ltd. comply with the requirements of Bulgarian and European legislation, and in particular (Article 5, Article 6, Article 13 of Regulation (EC) 2016/679 of The European Parliament and the Council on the Protection of Personal Data (GDRP), as well as Article 4, paragraph 1, point 2 of the Personal Data Protection Act.
1. Lawful and fair processing of personal data
The collection and processing of personal data is executed in accordance with explicitly defined procedures that respect and protect the personal data rights of data subjects in accordance with the applicable Bulgarian and European legislation.
2. Relevance of the processed information
The data that we collect, store and process is limited and directly related to the performance of pre-defined legitimate activities by NIKIPLAST-M. Personal data is only processed for purposes that are defined prior to data collection. We will not process data for purposes, which have not been specified prior to the collection of data in a clear and informed manner; and if we have to process data for other activities, we will first request the permission of the data subjects affected.
3. Transparency and respect for the rights of data subjects
3.1. Data subjects are informed of the reasons of processing of their data is processed. Personal data is collected with the explicit consent of the person concerned and prior to the commencement of processing activities the subject must be informed and aware of:
3.1.1 The identity of the data controller / NIKIPLAST-M Ltd. /
3.1.2. The purposes of data processing
3.1.3. The categories of personal data collected and processed
3.1.4. Third parties to whom personal data may be revealed
3.2. The rights of data subjects include:
3.2.1. The right of access to the personal data provided, including the right to information regarding how we have obtained your data, the purposes of the processing activities and the third parties to whom the data is revealed.
3.2.2. The right to correct, update and delete the stored data in accordance with pre-defined procedures. This means that we will correct all information that is inaccurate or outdated in timely manner when you inform us.
3.2.3. The right to withdraw your consent to share your personal data with NIKIPLAST-M LTD, including the right to object to the processing of personal data. If you withdraw your consent, we will no longer process your data but we may be required to store some of it in compliance with our legal obligations. Unfortunately, we will be unable to provide you with some goods or services if you withdraw your consent.
3.2.4. The right to the portability of personal data. You can always request us to send your personal data to another data controller or to provide you with a copy of your personal data that will be organized in a machine-readable (computer-readable) format.
4. Conservative processing of personal data.
Before collecting your personal data we will first determine whether and to what extent the processing of such data is necessary to achieve the specific objectives at hand. This means that the we will process personal data for specific purposes and if there is: a legitimate reason for the processing of your data, or the processing of your data is related to a specific and legitimate interest of NIKIPLAST-M, or if we have a statutory obligation to process your personal data. We, at NIKIPLAST-M LTD. do not collect personal data in advance for potential future purposes and the unjustified collection of personal data is strictly prohibited.
5. Erasure of personal data that is no longer required.
Personal data that is no longer required for the completion of legal or business processes is deleted in accordance with data retention schedules. Once a specified period has expired during which we have either legitimate interests or statutory obligations to store information we will delete the relevant records of your personal data. In some cases, there may be reasons to store your data for longer periods of time (e.g. if we this is required for legal, taxing, or accounting purposes). In such cases, the relevant personal data will be archived for as long as the specific interest persists and then deleted.
6. Factual accuracy and timeliness of the stored data.
We will ensure that the personal data that we store in hard copies or in our databases is correct, complete and up to date. Appropriate measures are taken to ensure that inaccurate or incomplete data is erased, corrected, supplemented or updated.
7. Security and confidentiality
The personal data that is processed and stored by NIKIPLAST-M is considered confidential and kept in accordance with strict security standards. We continually improve our security protocols to protect the integrity and confidentiality of the confidential data that we store. Through appropriate organizational and technical measures, we prevent actions that breach the informational security of the processed data such as: unauthorized access, misuse, incorrect alterations, unauthorized dissemination, accidental loss or deletion as well as malicious actions.
8. Data breach and notification procedures in cases of data security incidents.
In the events of data security incidents, we will inform the affected data subjects (as far as this is legally possible) by providing relevant and specific information on the causes of the breach, the magnitude of the incident, what information has been compromised and the measures we have taken in response. In performance of our obligations will inform all affected parties including regulatory bodies and act in accordance with our data breach procedures in mitigating damages and overcoming such incidents.
IV. Responsibility for data security and the protection of personal data
1. Internal regulations
The employees of NIKIPLAST-M Ltd. whose day-to-day work involves the processing of personal data undergo regular seminars and lectures on the subjects of data security and protection of data resources. We have implemented internal regulations giving detailed instructions on data security and safety and more specifically:
· Data security rules and procedures for safe and secure handling of information assets.
· E-mail security policies
· Password Protection Protocols
· Rules and protocols for the transfer of personal data
· Internal security measures for the collection, storage and erasure of personal data
· Additional security measures
2. Roles in the processing of personal data.
NIKIPLAST-M Ltd.’s employees processing personal data perform the following data processes:
· collect, process, store, archive, correct and delete personal data
· receive, and evaluate job applications, containing: application letters, curriculum vitae, up-to-date photos, certificates and diplomas
· process current employees’ personal data including: Names, PINs, current addresses, ID card details, document numbers, dates of birth, telephone numbers, e-mails, bank account numbers, citizenship and current addresses, work capability decisions issued by medical examiners, sick notes and medical certificates, other documents for all other types of leave permitted under the Bulgarian Labour Code.
3. Compliance and due diligence
Our employees have been made informed of and equipped with the necessary knowledge to comply with Regulation 2016/679. In processing personal data our employees will:
· Process personal data that is collected in a legitimate, honest and transparent manner.
· Process personal data only for specific and legitimate purposes.
· Collect personal data for specific purposes – contractual obligations, legitimate interest of the company or legal obligations
· Minimize the collection and storage of personal data.
· Keep information updated and accurate. Audit the stored data and ensure its veracity and accuracy.
· Store data for specific periods of time and delete data that is no longer required.
· Apply security measures to ensure data security and protection as well as the confidentiality of the personal data.
4. The processing of personal data will only take place when we have obtained the consent of data subjects. In accordance with Article 6 of Regulation 2016/679 (GDPR) we will process personal data on the basis of:
o The explicit consent of the data subject
o In pursuance of contractual obligations
o In performance of a statutory or legal obligation
o In protection of vital interests of the data subject
o In performing actions that are in the public interest
o If we have a legitimate business interest
5. Data security measures and protocols
In order to protect NIKIPLAST-M’s information assets we enforce the following practices:
· Develop and implement transparent data collection procedures
· Regular and extensive data audits
· Restriction of access to personal data
· Train employees in data privacy and information security measures
· Create and maintain secure networks and systems
· Establish clear reporting procedures in cases of data breaches or data misuse
· Revise our contracts and inform our customers, employees and other stakeholders regarding our data processing practices and how this affects their personal data.
· Revise our practices and audit the stored data to ensure compliance
· Carry out data risk assessments
· Enforce concrete data security measures including: software solutions for enhanced data protection, maintain regular back-ups, etc.
· Hired a Data Protection Officer: serves as a primary contact, trains employees in data protection and security, revises and audits our practices to ensure compliance, and recommends improvements and changes in our data processing practices .
V. Disciplinary consequences
All the principles described in this policy are strictly observed by our employees. Violation of data protection guidelines will result in disciplinary and, if necessary, legal actions.