Grafixoft Ltd. (Grafixoft) protects the privacy of the personal data that it handles with the highest level of care in accordance with the national, EU and international standards.
When communicating with us, you may share personal information to help us identify you (eg name, email, address, telephone number). This is called “personal data”.
This policy sets out the basic principles of personal data protection as well as the new GDPR Standard, which imposes an even higher level of protection on the part of Grafixoft.
This Policy may undergo any kind of changes that Grafixoft would take.
If you have any questions about this Policy, please contact Grafixoft by email at firstname.lastname@example.org or by writing to Bulgaria, 1750 Sofia, 6 ‘Jerusalem’ Blvd.
Grafixoft could handle some of the following types of personal information:
- Jobseekers and staff of Grafixoft in connection with their (potential) role in Grafixoft, including contact details, curriculum vitae, professional development, employee file, benefits, etc.;
- Family members and dependents of Grafixoft employees in relation to employee benefits and services;
- Customers / members of the public, some of whom are direct customers in relation to the products and services we provide or ask us about;
- The trading partners and the staff of the suppliers and other representatives of Grafixoft for the management of trade relations;
- The personal data of the complainants, of people who have entered a written correspondence with Grafixoft or have provided documents containing their personal and / or foreign personal data and other people who have contacted Grafixoft as data controller;
- Other information collected in hard copy or in electronic form for visitors to Grafixoft premises;
- Information about the personal data of the clients or users.
INFORMATION WE RECEIVE AT YOUR VISIT AT THE GRAFIXOFT WEB SITE
We do not receive any kind of information upon your visit at Grafixoft website.
LEGAL BASIS FOR THE TREATMENT OF YOUR DATA
Many different legal bases allow us to process your personal data lawfully and in line with the requirements of the Privacy Regulation. This can happen in the following ways:
- Legitimate interest
Grafixoft may process your data when it is necessary to fulfil the legitimate interests of the company or those of a third party except in cases where fundamental human rights and freedoms override the aforementioned interests and this requires the protection of personal data.
Under certain circumstances, we will need to obtain your explicit consent before undertaking any activity that involves the processing of your personal data. This means that:
- You must give us your consent freely expressed without our interference;
- You need to know what you agree with, so we will make sure that we have provided you with sufficient information;
- You should only be required to agree to one data processing within a specific time period – that’s why we avoid “accumulating” a large number of consents in order to avoid cases where you are not entirely sure what you agree with
- You have to be clear and concrete when you give us your consent – for this purpose, we will probably use a “box” in which you will be able to put a tick about your agreement in a clear and unambiguous manner.
- Implementation of our contract
In some cases, we will have to process your personal data in order to be able to fulfil any of the obligations mentioned in our contract or to take the necessary steps for future signing of the contract.
- Compliance with legal requirements
The processing of your personal data may also be necessary in order for Grafixoft to comply with and fulfil certain legal obligations, as an example of which could be a request from a tax authority or expected litigation.
We do not think that any of the above-mentioned activities would be a cause for doubt on your part. However, you have the right to disagree with the processing of your personal data in specific situations.
PRINCIPLES OF TREATMENT
Grafixoft processes personal data in full compliance with the following principles:
Legitimacy, good faith and transparency
Personal data are processed in a lawful, conscientious and transparent manner with respect to the data subject.
Personal data are processed for specific, explicit, and legitimate purposes and not further processed in a way incompatible with these purposes.
Personal data is appropriate, relevant and limited to what is necessary in connection with the purposes for which it is being processed.
Personal data is accurate and, if necessary, kept up-to-date.
Personal data shall be stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality
Personal data shall be processed in a way that ensures an adequate level of security of the data
Including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.
Grafixoft as a data controller is responsible and must be able to demonstrate compliance with the applicable data protection law.
REGISTERS OF PROCESSED PERSONAL DATA
Grafixoft supports the availability of an overview of all company processing activities (e.g., what categories of data are processed, by whom (which departments or business units) and for which basic processing purposes (“Processing Registers”))
The processing registers shall specify the legal basis and purpose (s) of the processing.
DRAWING DATA TO MINIMUM
Grafixoft processes personal data only and to the extent that it is appropriate, related and limited to what is necessary to achieve the purposes of the business.
All additional personal data that arrive at Grafixoft (deliberately or accidentally) from a source other than a data subject must be considered as a personal data incident and brought to the attention of the CEO.
LIMITATION OF OBJECTIVES
Grafixoft handles personal data for the purposes for which it was originally collected (primary purpose). Personal data may be processed for purposes other than the original purpose (secondary purpose) only if the secondary target is compatible and closely related to the original purpose as understood by the data subject.
Any change to the original processing goal will be carefully evaluated and will be consulted with the CEO before further processing.
ACCURACY AND CONFIDENTIALITY
All personal data processed by Grafixoft shall be kept accurate, complete and up-to-date as necessary for processing purposes. Grafixoft staff must ensure that personal data received directly from data subjects or indirectly are verified with appropriate documentation.
Grafixoft must use appropriate technical and organizational measures to protect personal data, including when third parties deal with the processing of personal data on behalf of Grafixoft.
Grafixoft retains personal data in hard copy or in electronic form (or both) only for a specific term (“Term of Conservation”), which in any case will not exceed:
- The time required to achieve the purpose of the treatment, or
- The time required to comply with the retention requirements under applicable domestic law, or
- What is recommended in relation to the applicable status of restrictions.
TRANSFER OF PERSONAL DATA
In the course of its business, Grafixoft may only transmit data to related parties or to third parties after ensuring that data protection and security are adequately secured.
When transferring personal data to a non-EU / EEA third party, Grafixoft ensures that there are mandatory rules in an agreement or other written document that require the third party to provide appropriate safeguards for the protection of personal data.
BREACH OF PERSONAL DATA SECURITY
All security breaches/data protection must be communicated to the CEO immediately as required by law.
RIGHTS OF INDIVIDUALS
Pursuant to the Data Protection Act, data subjects have the following individual rights in relation to the processing of their personal data:
RIGHT OF ACCESS
The right of access to personal data processed by the Grafixoft group or by a third party on behalf of Grafixoft
RIGHT OF CORRECTION
The right to modify or delete inaccurate or incomplete personal data.
The right to permanently remove personal data.
RIGHT TO RESTRICT TREATMENT
The right to request from Grafixoft to temporarily or permanently discontinue the processing of all or some of the personal data of the data subject.
RIGHT OF DATA POVERTY
The right to receive personal data in a structured, widely used, machine-readable and interoperable format that enables their personal data to be shared with another data administrator by themselves or by Grafixoft.
RIGHT OF IMPACT
The right to object to the processing of their personal data when processing is based on considerations of public interest or legitimate interest or is being processed for the purposes of direct marketing.
The right not to be the subject of a decision based solely on the automated taking of individual decisions, including profiling, which produces a legal consequence or significantly affects them.