SOLIFORM Ltd. follows and considers the protection of personal data of its employees, partners and clients of primary and fundamental importance in the conducting and development of its business.
Who processes and is responsible for your personal information?
- SOLIFORM Ltd. is a commercial company registered in the Commercial Register of the Registry Agency with UIC 205499107 and collects, processes and stores your personal data under the terms of this Policy and Regulation (EU) 2016/679.
- SOLIFORM Ltd. is a personal data administrator within the meaning of the Personal Data Protection Act and Regulation (EU) 2016/679.
- You can contact us at our management address:
Sofia 1532 Kazichene
Industrial Zone Kazichene-West
tel .: 02/419 19 19
SOLIFORM Ltd.’s management is committed to:
- Comply with international, European and national legislation governing the processing and protection of personal data;
- Define company regulations and goals to ensure continuous improvement in the field of personal data protection of employees, partners and clients, and to carry out an annual assessment of the status of personal data processing activities and processes;
- Apply all appropriate organisational and technical measures to prevent unauthorised, illegal and / or malicious access to information constituting “personal data”;
- To process the collected personal data solely for the purpose of uniquely identifying individuals in the establishment of present and future employment – legal or commercial relations. Data processing is the result of the fulfillment of statutory obligations of the controller arising from the requirements of the legislation or when the data subject has given his explicit consent or the processing is necessary to fulfill obligations under a contract under which the data subject the person is a party, as well as for the actions prior to the conclusion of the contract and undertaken at the request of the person.
- Process “personal data” through a set of actions that may be by automatic or other non-automatic means, such as collection, recording, organizing, storing, adapting or modifying, recovering, consulting, using, disclosing by transmission, distribution, provision, updating or combining, blocking, deleting and destroying, in accordance with the following principles:
- Legality and integrity of the processing of personal data;
- the appropriateness of the processing of personal data for specific, explicit and legitimate purposes;
- the proportionality of the processing of personal data;
- the relevance of the personal data collected which do not go beyond what is necessary for the purposes for which they are processed;
- timeliness and accuracy of the processed personal data;
- storage for no longer than is necessary for the purpose for which they were collected.
- Only disclose processed “personal data” to the following exhaustively listed categories of persons:
- Data subjects;
- Persons for whom the right of access is provided for in a normative act;
- Persons for whom the right of access arises under a contract.
- To assist in the exercise of the rights of individuals, namely:
- The right to be informed, of the data identifying the controller and his representative, the purposes of the processing of the personal data, recipients or categories of recipients to whom the data may be disclosed, the mandatory or voluntary nature of the submission of the data and the consequences of refusing to provide it;
- Right of access to data relating to them. In cases where, when granting the right of access to the individual, personal data may also be disclosed to a third party, the controller is obliged to provide partial access to them without disclosing data to the third party;
- The right to delete, correct or block personal data whose processing does not meet the requirements of the LPPD, as well as the right to be asked to notify third parties to whom the personal data of the person have been disclosed, about any deletion, correction or blocking which has been done, except where this is impossible or involves excessive effort;
- Right of objection to the controller against the processing of personal data of the individual in the presence of a legal basis for this and against the processing and disclosure to third parties of his personal data for the purposes of direct marketing. The right to be informed before its personal data are first disclosed to third parties or used on their behalf for direct marketing purposes;
- Right of defense – before the CPDP (https://www.cpdp.bg/) and court order.
How and why do we use your personal information?
To perform a contract or in the context of a pre-contractual relationship
We process your credentials to provide the products and services you have requested and use with us, to fulfill our contractual and pre-contractual obligations and to enjoy the rights under the contracts entered into with you.
The processing is carried out in order to:
- identification of the client, partner, job applicant, employee;
- managing and executing your service contracts, executing product and service contracts;
- preparation of contract proposal / offers;
- preparing and sending an invoice / invoice for the products and / or services you have requested with us;
- to provide you with all the necessary services and to collect the amounts due for the products and services used;
- any technical assistance to maintain the services provided;
- preparing proposals for contracting, sending courier services with negotiated information and draft contract; service of refusal of a transaction;
- notification of everything related to the products and services you use with us, sending us various notices, notification of problems, errors or to respond to any requests, complaints, suggestions;
- compilation of statistical information on our sales, services, customers, etc.
- performing processing by the data processor at the conclusion of the contract, assignment, reporting, acceptance, payment;
- provision of warranty and service;
- the emergence and management of employment relationships;
- payment of wages, etc.
We process your credentials and other personal information in order to comply with the obligations laid down in a regulation, such as:
- providing information to the Commission for the protection of personal data in relation to the obligations laid down in the legislation on personal data protection – Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc .;
- obligations provided for in the Labor Code, the Social Security Code, the Tax and Social Insurance Procedure Code, the Accountancy Act, the Health Insurance Act and other related normative acts in connection with the proper and lawful accounting and employment relations;
- providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the procedural and substantive legal acts applicable to the proceedings.
- Following your consent
In some cases, we process your personal data only after your prior written consent. Consent is a separate basis for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the goals listed in this policy. If you give us appropriate consent and until its withdrawal or termination of any contractual relationship with you:
- we prepare suitable for you proposals for products / services provided by SOLIFORM EOOD;
- We prepare relevant product / service proposals from partners of the company, as we process your key personal data.
What data we process:
- three names, a unique civilian or alien personal number, permanent address;
- emails, letters, information about your troubleshooting orders, complaints, requests, complaints;
- other feedback we receive from you
- personal contact information – contact address, telephone number and contact information (email, telephone number);
- preferences for the services we provide;
- if you apply for a job with us, we will ask you for contact information (email, phone number) and information about your education and past employment so that we can evaluate whether you meet the basic requirements for our vacancies;
- if you start working with us, we will ask you for the data required by law when an employment relationship occurs (Ordinance No. 4 of May 11, 1993).
When do we delete your personal information:
As a rule, we discontinue using your personal data for commercial contractual purposes after the termination of the contract, but do not delete them before one year has elapsed or until all financial liabilities are settled and legal obligations expire to store data: under the Accountancy Act for storage and processing of accounting data (11 years), expiry of the limitation periods for filing claims (5 years), obligations for providing information to the court, competent state bodies, etc. grounds provided for in current legislation (5 years). Please note that we will not delete or anonymize your personal information if it is necessary for a pending legal, administrative or litigation process against us.
The statutory requirement for data retention in relation to employment relationships is up to 50 years, depending on the type of data.
Procedure for Exercising the Rights of the Subjects (Individuals), under Art. 15-22 of Regulation (EU) 2016/679:
- Natural persons exercising their rights by submitting, in person or through an explicitly authorized person, a written application to the administrator containing at least the following information:
- name, address and other identifying information of the individual concerned;
- a description of the request;
- preferred form of communication, provision of information and other actions under Articles 15-22 of the Regulation;
- signature, date of application and correspondence address;
- If the Application is submitted by an authorized representative, the respective authorization shall be attached to it.
- Applying and providing information is free of charge.
- The application may also be submitted electronically, in accordance with the Electronic Document and Electronic Signature Act.
- The deadline for examining and deciding on the application is 14 days from the day following the day on which the request is submitted, and 30 days respectively, when more time is needed to collect the requested data.
- The administrator prepares a written response and communicates it to the applicant personally – by signature or by mail, with a return receipt, taking into account the form preferred by the applicant to provide the information.
Consequences of refusing to provide personal data:
- The explicit consent of individuals whose data is not processed is not always necessary if the Administrator has another legal basis for processing personal data – for example, a statutory obligation in relation to the requirements of the Labor Code, the Social Security Code, the Accounting Act, and other applicable regulations.
- The data required by the staff processing the personal data are in accordance with the purpose of their collection and processing (establishment of labor-legal or commercial relations) and are binding. In case of refusal to voluntarily provide the requested personal data, SOLIFORM EOOD will not be able to carry out the subject of the relationship.
- The processing of personal data for purposes which are not based on regulatory requirements but are carried out on the basis of the written consent of the individual, may be suspended, blocked and deleted at any time upon written withdrawal of the consent. Refusal to provide personal data for such purposes will not have consequences for the individual.
SOLIFORM Ltd.’s management team is committed by constantly improving its Policy and adequate measures to create and maintain the necessary conditions for the protection of the collected and processed personal data of its employees, customers and partners.