WHO ARE WE?
Dimitrova & Staykova Law Firm with Unified Identification Code: 176667645 and registered office and address of management: Sofia, Oborishte district, post code: 1000, 37 Georgi Benkovski Str., 1st floor, hereinafter referred to as “DSP”.
Data Protection Officer: Attorney-at-law Nevena Stanimirova Staykova,
email: firstname.lastname@example.org , tel .: +359 878 73 11 83.
PERSONAL DATA WE COLLECT AND HOW WE USE IT
Personal data is data that identifies and relates to someone as an individual.
DSP, in its capacity as Data Controller, processes personal data as follows:
Personal data received from our contact forms:
When we have received a message / inquiry from a person through the contact form on the Site or through any of the social networks supported by DSP, we will use the name, email and other contact details provided by him / her (if provided in his / her message) to contact and provide him / her with the information and / or assistance that the person needs.
Personal data received through the contact form on the Site or through any of the social networks maintained by DSP will be stored for up to 6 (six) months from receipt of the message / inquiry.
We will not use your contacts to advertise third party products and / or services.
METHOD OF COLLECTION
We process solely the data which you have voluntarily granted to us. This means that it is your responsibility not to provide third party data in violation of third party’ rights to personal data protection, as we have no practical ability to control whether you provide us with third party data with their knowledge and consent in accordance with the legal requirements.
Therefore, each person bears full personal responsibility if he / she provides us with third party data without their knowledge or without their consent in compliance with the requirements of the applicable data protection legislation.
We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is accessible only by those who need access to it in order to perform their job, and that they are properly trained and authorised to do so. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.
For providing quality services DSP may engage third party service providers – Sub-processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. Without them, the implementation of the assistance requested by you will not be possible. We use only sub-processors – professionals in the field, through which we provide additional security for your data and to whom we provide solely the information needed to perform their assigned activities. Such sub-processors are our IT and other software and hardware service providers.
In the cases required by law, your personal data may be provided to the competent state authorities and institutions.
We do not provide your personal data to third parties without legal or contractual grounds, nor do we sell or distribute it in any other way.
INFORMATION WE SHARE
We do not share personal information with companies, organisations and individuals unless one of the following circumstances applies:
You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. Moreover, you have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a personal data subject:
– you have the right to request confirmation if personal data relating to you is being processed and to request a copy of your personal data as well as the information relating to the collection, processing and storage of your personal data.
– you have the right to request your personal data to be deleted if there are any of the following grounds: personal data is no longer necessary for the purposes for which it has been collected; where you have objected against the processing when the processing is unlawful; where data is processed on your consent and you withdraw that consent; where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller. You may be denied deletion of your personal data for the following reasons: exercising the right of freedom of expression and the right of information; to comply with our legal obligation or to carry out a task of public interest or in the exercise of the official authority that has been granted to us; for reasons of public interest in the field of public health; for the establishment, exercising or protection of legal claims.
– you have the right to request your personal data to be corrected if it is inaccurate or to be supplemented if it is incomplete.
– you have the right to request restriction of the processing of your personal data if applicable and there is a reason to do so, for example: you dispute the accuracy of personal data for a period that allows us to verify the accuracy of personal data; the processing is illegal, but you do not want personal data to be deleted but only to be limited; we do not need any more personal data for the purposes of processing, but you require them to identify, exercise or protect your legal claims; you have objected against the treatment pending verification that our legitimate grounds have an advantage over your interests.
– you have the right to request to receive personal data that concern you and which you have provided in a structured, widely used and machine readable format, and you have the right to transfer this data to another administrator when the processing is based on consent or on contractual obligation and the processing is done in an automated manner.
– you have the right to make an objection against the processing of your personal data before the Data Protection Officer if there are reasons to do so.
You can address all requests to the Data Protection Officer. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in exercising your rights, we may ask for additional information to establish your identity.
Please, keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:
We will make reasonable efforts to review your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.
If you think we have infringed your privacy rights, you can lodge a complaint with the Supervisory Authority of Bulgaria, which is the Commission for Personal Data Protection.
More information can be found at: www.cpdp.bg.
Moreover, you can lodge your complaint in the country where you live, your place of work or at the place where you believe we have infringed your right(s).