Over 10 years we helping companies reach their financial and branding goals. Onum is a values-driven SEO agency dedicated.

LATEST NEWS
CONTACTS
Twitter Facebook-f Pinterest Instagram

Who we are

Our website address is: http://34.23.143.129.

PERSONAL DATA PROTECTION POLICY OF Argysso ltd

 

Definitions

 

The following definitions are used in this Policy:

1. “Applicable law” means the applicable legislation of the EU and the Republic of Bulgaria regarding the protection of personal data;

2. “ORD” means Regulation / EU / № 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of personal data of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).

3. ‘Personal data’ means any information relating to an identified or identifiable natural person;

4. “Processing” means any operation or set of operations carried out on personal data by automatic or other means such as the collection, recording, organization, structuring, storage, modification, use, disclosure by transmission, dissemination or other means by which data become available ;

5. “Profiling” means any form of automated processing of personal data, in the form of the use of personal data for the assessment of certain personal aspects relating to an individual and, in particular, for analyzing or forecasting aspects relating to the performance of professional data. obligations of that individual, his economic condition, health, personal preferences, interests, reliability, conduct, ‘location or movement;

6. ‘Register of personal data’ means any structured set of personal data accessed according to certain criteria;

7. ‘controller’ means a natural or legal person, public authority or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;

8. ‘processor of personal data’ means a natural or legal person, public authority or any other body which processes personal data on behalf of the controller;

9. ‘data subject’s consent’ means any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clear confirmatory action expressing his or her consent to the processing of personal data relating to him or her;

10. “Disclosure of personal data” means the party to this Agreement that transmits personal data to the Recipient of personal data;

11. “Recipient of personal data” means the party receiving the personal data from the Disclosure of Personal Data; 12. The terms “Data Subject”, “Violation of the Security of Personal Data”, “Processing”, “Special Categories of Personal Data” and “Supervisory authority” have the same meaning as in the DPA and applicable national law.


Section I

General

 

Art. 1. This Privacy Policy sets out the rules regarding the protection of individuals with regard to the processing of their personal data, as well as the rules regarding the free movement of personal data, as required by Regulation (EU) 2016/679 of the European Union. Parliament.

Art. 2. This Policy defines the purposes and means of personal data protection. The purpose of the Policy for protection of individuals in connection with the processing of their personal data is realized through:

1. Establishing clear rules and coordination in the activities of the employees of Argysso ltd in collecting, recording, organizing, structuring, storing, changing, using personal data, limiting and deleting data from the registers kept in the company in order to ensure the inviolability of the rights of data subjects in the processing of related personal data;

2. Establishing clear rules for the exercise of the data subject’s rights with regard to his data; 3. Regulating the access of the employees to the data in the respective Register of the processing activities;

4. Determining Registers of processing activities;

5. Regulation of principles that must be observed in data management;

6. Determining the necessary technical and organizational measures to protect personal data from unauthorized processing (accidental or illegal destruction, accidental loss, unauthorized access, alteration or dissemination, as well as from all other illegal forms of personal data processing).

Art. 3. These rules regulate:

1. The principles of activity of Argysso ltd as a controller of personal data, in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament, the Personal Data Protection Act and Ordinance № 1 of 30.01.2013 on the minimum level of technical and organizational measures and the permissible type of personal data protection;

2. The mechanisms regulating the introduction and observance of the above principles;

3. The rights of data subjects. Procedures for exercising the rights of personal data subjects;

4. The functions of Argysso ltd in its capacity of administrator;

5. The relations of Argysso ltd with companies, which by virtue of a contract are also administrators or processors of personal data;

6. The procedure for assessing the impact on the processed personal data and determining the levels of impact and protection of the processed personal data.


Section II

Principles related to the processing and protection of personal data

 

Art. 4. The main principles of the activity of personal data processing in Argysso ltd are:

1. Legal, conscientious and transparent processing of personal data. In order for the processing to be lawful and conscientious, personal data should be processed on specific legal grounds, in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament or of a legal act of the Republic of Bulgaria governing the matter, as follows:

 – Based on a legitimate interest of the company;

  – On the basis of compliance with a legal obligation imposed on the company in its capacity as data controller;

– On the basis of performance of a contract to which the data subject is a party or with a view to taking steps at the request of the data subject before entering into a contractual relationship; – Based on the explicit consent of the data subject.

The implementation of the principle of transparency requires that all information and communication related to the processing of personal data be easily accessible and understandable and that clear and unambiguous wording be used.

  2. Limitation of objectives. Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with those purposes.

  3. Minimize data. The personal data collected are appropriate, relevant and limited to what is necessary for the purposes for which they are processed.

4. Accuracy. The personal data collected and processed by the company should be accurate and, if necessary, kept up to date, and for this purpose the company shall take appropriate measures to ensure the timely deletion and correction of inaccurate personal data, taking into account the purposes for which they are processed;

  5. Storage restriction. Personal data shall be kept for no longer than is necessary for the purposes for which they are processed.

  6. Integrity and confidentiality. Personal data is processed in a way that ensures an appropriate level of security of personal data. For this purpose, appropriate technical and organizational measures are applied in the company.

 Article 5. (1) Argysso ltd collects, processes and stores the personal data of the data subjects upon:

1. guarantee of the inviolability of the person and the personal life of the data subject when processing the personal data related to them;

2. lawful and conscientious data processing;

3. data processing only by persons whose official duties require processing of the specific data on the principle “need to know”;

Data protection measures are a function of the type of register on which they are maintained and their level of sensitivity.

(2) In order to guarantee the restriction of data storage in the company, Internal rules for archiving the documents shall be created and applied.

Art. 6 (1). Argysso ltd does not process personal data that:

1. reveal racial or ethnic origin;

2. disclose political, religious or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political or trade union goals;

3. refer to genetic and biometric data, which are processed for the purposes of identification of a natural person only;

4. refer to the sexual life or sexual orientation of the natural person or to the human genome.

5. personal data related to the health condition of the client.

(2) The personal data specified in the preceding paragraph may be processed by the company only on the legally settled grounds.

Art.7. The processing of the personal data of the data subjects is carried out when applying the processing of the personal data of the data subjects is carried out when applying professional confidentiality. This requirement is mandatory in the relations between employees, between employees and customers, as well as in relation to third parties processing personal data. To the same extent, confidentiality is required with regard to the financial condition of personal data subjects, as well as the transactions they perform.

 

Section III

Rights of data subjects

 

Art. 8. (1). The rights of data subjects affect all personal data of the individual processed by Argysso ltd, as well as all data subjects whose data are processed by the company.

(2) The basic rights of the data subject in relation to his data, which the legal framework establishes and the company observes, are as follows:

1. Right of access;

2. Right to correction;

3. Right to be erased (right to be forgotten);

4. Right to limit processing;

5. Right to object;

6. The right not to be subject to automated decision making;

7. Right to data transfer.

Art. 9. (1). The right of access of the Data Subject represents the right to receive from Argysso ltd, in its capacity of administrator, confirmation whether personal data related to it are processed and if so to access his personal data and the following information:

– purposes of processing;

– the relevant categories of personal data;

– categories of recipients to whom the personal data are or will be disclosed;

– the intended period for which the personal data will be stored and, if this is not applicable, the criteria used to determine this period;

– the existence of the right to require the company to correct or delete personal data or to restrict the processing of personal data relating to the data subject, or to object to such processing;

– the right to appeal to a supervisory authority;

– where personal data are not collected by the data subject, any available information on their source;

– the existence of automated decision-making, including profiling, as well as essential information on the logic used, as well as the significance and intended consequences of this processing for the data subject;

Art. 10 The data subject has the right to request from Argysso ltd his personal data to be corrected if they are inaccurate or incomplete. In any case, when there is an error in the data processed by the Company, it is obliged to comply with such a request, and in these cases must notify the other recipients to whom this data is disclosed, so that they can reflect the change.

Art. 11. (1). The data subject has the right to delete (“be forgotten”) his data if:

– the data are no longer needed for the original purpose and there is no new legitimate purpose;

 – the legal basis for the processing is the consent of the data subject and he has withdrawn that consent, and there is no other legal basis for the processing; – the data subject objects to the processing of data and there is no other legal basis for the processing;

 – personal data have been processed illegally;

– personal data must be deleted in order to comply with a legal obligation arising from the legislation applicable to the company;

– personal data are collected in connection with the provision of information society services to a data subject

– kid;

 (2). The right to delete the data subject’s data should not be exercised by the company insofar as the processing is necessary:

– for the company to comply with a legal obligation provided for in the legislation requiring data processing;

– for the establishment, exercise or defense of legal claims.

Art. 12. (1). The data subject has the right to require the company to restrict the processing of his data in the following cases:

– the accuracy of personal data is challenged by the data subject for the period that allows us to verify the accuracy of personal data;

– where the processing is unlawful but the data subject does not wish his personal data to be deleted, but instead requests that we restrict their use;

– when the company no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or protection of legal claims;

– the data subject has objected to the processing and is awaiting verification by the company as to whether our legal grounds take precedence over his interests.

(2). When the data processing is limited according to the conditions of par. 1, such data shall be processed, except for their storage, only with the consent of the data subject or in case of necessity of establishing, exercising or protecting legal claims or for protection of the rights of other natural persons or due to important grounds of public interest .

(3). Where the data subject has exercised his rights to correct, delete or restrict processing and the company has corrected the records accordingly, it undertakes to communicate these actions to any recipient to whom the personal data have been disclosed, unless this is impossible or required. disproportionately large efforts.

Art.13. (1). The data subject has the right at any time to object to the processing of his personal data relating to him, which is based on the processing necessary for the purposes of the legitimate interest of the company. In this case, Argysso ltd may not terminate the processing of data in the presence of legal grounds for their processing, which take precedence over the interests, rights and freedoms of the data subject or to establish, exercise or protect legal claims.

(2). When the data subject objects to the processing of his personal data for the purposes of direct marketing, the company terminates their processing for this purpose.

Art. 14. The data subject has the right not to be the subject of a decision based solely on automated processing, including profiling, which has legal effects on the data subject or similarly affects him. This rule does not apply if the decision is necessary for the conclusion or performance of a contract between the company and the data subject.

Art. 15. (1). The data subject has the right to receive the personal data concerning him and which he has provided to the company in a structured, widely used and machine-readable format and has the right to transfer this data to another controller.

(2). When exercising its right to data portability, the data subject has the right to receive a direct transfer from Argysso ltd to another controller only if this is technically feasible.

Art. 16. In order to exercise the rights of the data subjects in relation to its data, the Company shall create and apply Internal rules for exercising the rights of the data subjects.

 

Section V

   Registers of processing activities

 

Art. 17. (1). This section lists the exemplary requirements for the processing of personal data depending on the type of medium on which the registers are maintained and the level of sensitivity of the data.

Art. 18. (1). Argysso ltd, as a personal data administrator, keeps the following registers:

1. Register “Client files”, under contracts concluded by Argysso ltd and files formed. It processes personal data of clients of the company, parties / or their representatives /.

2. Register “Human Resources Management”, established to organize the activities of the company in connection with personnel management. It processes personal data of employees of the company, intermediaries, if any, as well as personal data of job candidates and interns;

3. Register of complaints submitted by Clients – files in the record keeping of Argysso ltd. It processes personal data of persons affected by the company’s activities, including complaints from persons who are not customers of the company;

4. Register of “Service Providers and Civil Contracts” under contracts concluded with Argysso ltd with external suppliers. It processes personal data of contractors and / or persons under contracts with external service providers, external experts and others who support the activities of the company.

(2). According to the procedure provided by law and depending on the activity of the company, additional registers may be created.

(3). The personal data in the above registers are collected, processed and stored by the respective specialists involved in the process of administration and servicing of the respective activity of the company.

Art. 19. In the register “Client files” are kept and stored the following groups of personal data for clients of the company, their representatives / legal or by power of attorney /, actual owners, third parties, who without authorization carry out a transaction on their behalf for another’s account, using persons and other persons related in any way to the contract:

a / data on the physical identity of the persons according to an identity document submitted by the person – names, address of the natural person, e-mail address, telephone numbers, etc .;

b / data on the economic identity of the person – financial condition of the person, only when this is necessary in view of the type of contract or to determine the risk profile of the client in terms of measures against money laundering and terrorist financing;


Art. 20. (1). The following groups of personal data about the employees of the company under employment or civil contract, persons with management contracts are kept and stored in the register “Human Resources Management”:

a / data on the physical identity of the persons – by an identity document submitted by the person – names, PIN, ID number or other identity document by which the natural person can be identified, date and year of issuance of the document, issuer, address of the individual, field of origin, telephone numbers, etc .; – the basis for the collection of these data are the legal requirements related to the conclusion of employment and civil contracts, health and pension insurance of employees, etc.

b / data on the education of the natural person – type of education, place, number and date of issuance of the diploma. Where necessary, data on additional qualifications shall be provided. The data are necessary in order to comply with regulatory or established by the staffing requirements for employment, respectively for the dismissal of certain positions by individuals. They are provided by the persons on the basis of a normative obligation in all cases when necessary;

c / data on the labor activity of the natural person – practiced profession, labor biography. The data are important in choosing the right person for the job. They are provided on the basis of a regulatory obligation in all cases when necessary;

d / other data – personal data regarding the civil status of the persons, necessary for the positions related to material responsibility, as a certificate of criminal record – only in the cases required by the law. They are provided on the basis of a regulatory obligation.

The above information is stored in the personal files of employees.

 

Art. 21. The minimum requirements for paper-based registers are:

1. Storage of the carriers in lockable premises, to which no outsiders have access, and if necessary in cabinets with secret locks;

2. Upon waiver of the basis or achievement of the purpose of processing and on expiry of the storage period, the destruction of such documents shall be carried out in such a way as to prevent any possibility of future reading of the data.

3. Persons with direct access to documents containing personal data shall be obliged to notify their immediate supervisor immediately, in case of establishment of illegal access or use of the relevant information, including personal data, or of illegal intrusion into a room where this information is stored.

4. The measures under the preceding points shall also be observed by the employees, who on the occasion of the performance of their official duties have requested their provision by the employees, where the initially collected data are maintained.

5. Argysso ltd shall consider the signals and incidents under the preceding paragraph, perform an analysis and take measures for the elimination of the reasons for them and the omissions.

6. For archiving of the documents the Internal rules for archiving of the documents in Argysso ltd are observed.

Art.22. The access and provision of data from these registers shall be carried out, if possible, without taking the original media out of the premises in which they are stored. The employment files of the employees are not exported outside the office premises of Argysso ltd.

 

Registers maintained on a technical medium in electronic form

 

Art. 23. The data maintained in the electronic systems of Argysso ltd exist on a local computer or in a network not connected to the public network. Measures corresponding to a medium level of protection shall be applied to them as a minimum requirement.

Art. 24. The registers to which an average level of protection is applied are all electronic arrays with customer data and data for other persons related to the services of Argysso ltd.

Art. 25. The minimum requirements for registers containing personal data against which an average level of protection is maintained are:

1. Temporary files sent between employees on the occasion of the performance of their official duties and containing personal data shall be deleted after the performance of the respective task or the personal data in them shall be deleted.

2. In the event of loss of data, this fact shall be communicated to the Data Protection Commission.

Art. 26. The protection of the systems, the use of passwords, the restrictions on access and the rules for working with them, as well as the specification of the technical resources applied for data processing, the order for storage and destruction of data carriers and the order for archiving and recovery of data in in case of loss, are in accordance with the approved internal rules and instructions of Argysso ltd.

 

Section VIII

Procedure for access to personal data by data holders or third parties, submission of objections and complaints

 

General provisions for dealing with requests and complaints related to personal data

 

Art. 27. (1). All signals of clients related to personal data are entered in the office of Argysso ltd and are registered in the register of complaints separately.

(2). A customer may submit a request for access to personal data through all channels for submitting requests, complaints or objections.

(3). Argysso ltd shall rule within 14 days from the submission of the application, complaint or objection.

(4). The department responsible for the processing of the specific database and servicing the specific operations concerning the client’s complaint prepares the response to the client. The head of the company shall be informed about the decision taken on the basis of a submitted request, complaint or objection for taking the measures prescribed by the Commission for Personal Data Protection.

(5). When exercising the rights of data subjects under this Section, the Internal Rules for exercising the rights of data subjects shall apply.

 

Access to personal data by the data subject

 

Art. 28. Each client of Argysso ltd may submit an application to the company to request the exercise of their rights in accordance with Section III of this Policy.

Art.29. If the data to which access is requested constitutes classified information, access shall be refused.

 

Access to personal data by third parties

 

Art. 30. In case a third party requests access to data of a client of Argysso ltd, which do not represent secret or classified information, the requested data shall be provided only if the following conditions are simultaneously fulfilled:

1. there is a legitimate interest of the person requesting the data;

2. it cannot be concluded that the interests of the data holder have priority over the interests of the person requesting the disclosure of the data;

3. the recipient of the data falls within the circle of persons for whom the data subject has been notified in advance about the possibility for disclosure of his data or the data subject has been notified for the disclosure of his data after receipt of the request by the third person;

4. the person to whom the data refers has given his / her explicit written consent.

 

Art. 31. If the requested data contain secret or classified information, the requirements for prohibition for their disclosure shall be observed.

 

Public authorities – requests for access

 

Art. 32. (1) Upon received request from a state body for provision of information, which also contains personal data, the special normative act shall be observed, which shall regulate the order for provision of the respective type of information.

(2) When the letter, which contains the request of the state body, contains personal data, which individualize certain clients, in the reply letter the individualizing information for the client shall not include a larger volume of data, unless such are required by the body. .

(3) Upon receipt of a request for provision of specific personal data, a copy of the letter of the respective body shall be provided to the manager of Argysso ltd, with a view to confirming the grounds under law and taking the necessary actions in accordance with the Act.

 

Filing objections and complaints

 

Art. 33. A natural person may object or submit a request to Argysso ltd regarding:

1. the processing of his personal data in the presence of legal grounds for this; if the objection is justified, the personal data of the natural person concerned can no longer be processed;

2. the processing of his personal data for the purposes of direct marketing, regardless of the initially expressed written consent;

3. a request for notification before his personal data are disclosed for the first time to third parties, regardless of his initial written consent, in order to be given the opportunity to object to such disclosure or use. In the event that without this disclosure or use there is an obstacle to the fulfillment of obligations under the contract, the contract is terminated and the client is notified.

4. in case the person has not submitted an application under the previous item, with which he wants to be notified before each disclosure of his data, he may also object to the disclosure, and the respective contract will be terminated.

 

Section IX

Transfer, verification and joint processing of personal data between Argysso ltd and another administrator

 

Transfer of data from Argysso ltd to another personal data controller under a contract

Art. 34. (1). The provision of customer data by Argysso ltd to other administrators, including from EU countries, by agreement is carried out in compliance with the conditions and opportunities provided by these Rules, and in the absence of prior notice of possible categories of recipients, mandatory the data subject shall be notified of the provision immediately before or after its completion.

(2). The notification under para 1 shall contain the following information:

1. the categories of personal data to be provided;

2. the recipient of the data;

3. the purposes of the processing.

(3). When the transfer is to an entity from another country, outside the EU, the specific requirements of the Law on this type of transfer are observed.

 

Receipt by Argysso ltd of data from another administrator

 

Art. 35. When conducting negotiations and concluding contracts for joint campaigns with other traders, which provide for the receipt by them of personal data of their customers, the counterparty is required to ensure compliance with the LPPD and the new Regulation-ORD when providing data to Argysso ltd.

Art. 36. In case in the course of the joint campaign a client expresses disagreement with the processing of his personal data, when the client is not a party to a commercial contract concluded with Argysso ltd, and has not agreed in writing to the processing of information concerning next to it, the data are immediately destroyed on the basis of dropping the purpose of processing.

 

Section X

Rules for entering personal data in contracts of Argysso ltd

 

Art. 37. In the contracts to which Argysso ltd is a party, the personal data about the clients are in a volume that is sufficient for the individualization of the client, unless otherwise follows from the nature of the contract.

Art. 38. Mandatory when drawing up contracts offered by Argysso ltd, a text on the manner of processing the client’s personal data and obtaining the necessary consents for processing personal data, the content of which is consistent with the nature of the product, shall be included.

Art. 39. The control over the implementation of this Policy shall be exercised by the Manager of the company or by a person intentionally initiated by him.

 

Final provisions

This Internal Policy was adopted with Protocol № 1 of 00.00.20.. for a decision of the Owners of the company.