Privacy Policy
Privacy Policy Notice
This Privacy Policy (hereinafter referred to as the “Policy”) has to inform users about the manner in which “KA Systems Ltd., UIC 160048851, with registered address at Rodopi Municipality, Markovo Village, “Bedrozov Bunar” Area, No. 39 („The Company“, „we“, „us
”) collects, uses, stores and protects the personal data of individuals in connection with the services we provide.
The Company processes personal data in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation”, “GDPR”), as well as the Personal Data Protection Act of the Republic of Bulgaria, or any other applicable law.
The Company also administers and maintains the website [insert website domain] (the “Website”), through which it may collect personal data in connection with the services provided, enquiries and online communication.
Our objective is to ensure transparency, lawfulness and security in the processing of personal data, as well as to enable data subjects to effectively exercise their rights.
Definitions
For the purposes of this Policy, the terms used have the following meanings:
“Personal data” – any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, by an identifier such as a name, personal identification number, identification number, location data, online identifier or by one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” – any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Personal data controller” – “Ka Systems” Ltd., which, in its capacity as controller, determines the purposes and means of the processing of personal data in connection with its activities and is responsible for their lawful processing.
“Data subject” – any natural person whose personal data are processed by the controller.
“Consent” – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of his or her personal data.
All terms and expressions not explicitly defined in this Policy have the meaning given to them in the GDPR and the Personal Data Protection Act.
PERSONAL INFORMATION WE COLLECT
The personal data of the following categories of data subjects are processed:
|
Customers |
Clients are individuals or representatives of legal entities who use the services provided by us. |
|
Site visitors |
Site visitors are all persons who have visited the Company’s website. |
|
Potential customers |
Potential clients are individuals or representatives of legal entities who have directly or indirectly shown interest in the services provided by the company. |
|
Social media user |
A social media user is a person who uses a social network such as Facebook, Instagram, LinkedIn, etc. |
The following categories of personal data are processed:
|
Identification data |
personal data includes names, identifiers and personal data. Identification data is necessary to identify the data subject and enter into a contract with him/her |
|
Payment details |
date of sending and receiving a transfer, amount of the transfer, originator, recipient and other information contained in the payment order or other similar document. The data is processed for the purpose of tracking the payment of the services provided by us and the fulfillment of our obligations. |
|
Data about the behavior of our Site |
Personal data includes pages visited, duration of user session, etc. The data is collected to improve the customer experience of visitors to our Site and to attract new customers. The data subject may object to the processing of personal data by using our cookie banner. |
|
Social media behavior data |
usernames, comments, likes and reactions. We process data from the behavior of users on social networks for the purpose of managing the Company’s profiles and pages on social networks. |
|
Customer service data |
The data includes contact details, site and order data, including but not limited to technical specifications, etc. We process personal data for the purpose of effective customer service, including order management, providing technical support, communication on contract performance, as well as providing follow-up customer support. |
|
Accounting data |
The personal data processed include data on the issuer and recipient of invoices, identifier, address, data on services provided and received, their value, data on payments made, as well as any other information that we have an obligation to process in connection with keeping legal accounting. The company processes personal data in fulfillment of its legal obligation to keep accounting records. |
PURPOSE AND LEGAL BASIS OF THE PROCESSING
We process personal data if one of the following legitimate grounds exists:
|
Execution or conclusion of a contract |
the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract |
|
Legal obligation |
the processing is necessary for compliance with a legal obligation to which We are subject; |
|
Legitimate interest |
the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data; |
|
Consent |
You have consented to the processing of your personal data for one or more specific purposes; |
|
The Privacy Policy describes the processing of personal data in connection with the following services: |
|
|
Construction of electrical installations, photovoltaic systems and other services provided by the Company |
The construction of electrical installations, photovoltaic systems, or other services provided by the Company may include design, installation, maintenance and repair, as well as the implementation of various construction activities for residential, commercial and industrial sites. |
Personal data is processed for the following purposes:
|
Purpose |
Reason and explanation |
|
Analysis of our website behavior |
We process personal data from the behavior of visitors to our Website in order to improve the customer experience. Legal basis: – Consent. Categories of processed data: – Data about the behavior of our Website. |
|
Internal accounting |
The company processes personal data for internal accounting purposes. The processing is necessary to fulfill our legal obligations under the Accountancy Act and all other applicable laws and regulations. Legal basis: – Fulfillment of a legal obligation. Categories of processed data: – Accounting data. |
|
Customer service |
Personal data is processed for the purpose of providing comprehensive customer support and service. Personal data is processed when providing the following services: – Construction of electrical installations, photovoltaic systems and other services. Legal basis: – Contract execution. Categories of processed data: – Identification data; – Customer service data. |
|
Maintaining a profile and page on social networks |
The company processes personal data when maintaining a profile and page on social networks in order to build its brand and distribute its services. The Company has a legitimate interest in disseminating information about its activities and the services provided. The information is disseminated on social networks that are public and intended for communication. Data subjects can freely interact with the Company’s profiles and pages on social networks without having any obligation to do so. The activity has a minimal impact on the rights and freedoms of data subjects. Legal basis: – Legitimate interest. Categories of processed data: – Data from social media behavior. |
|
Advertising |
The company processes personal data for the purpose of promoting the services provided and attracting new customers through personalized advertising. Legal basis: – Consent. Categories of processed data: – Identification data. |
|
Construction site work management |
We process personal data for the purpose of managing teams, ensuring worker safety, tracking project progress, as well as complying with all regulatory requirements and quality standards for the services offered by the Company. Personal data is processed when providing the following services: – Construction of electrical installations, photovoltaic systems and other services. Legal basis: – Contract execution. Categories of processed data: – Identification data; – Customer service data. |
DATA STORAGE PERIODS
Personal data is only stored for as long as is necessary to achieve the purpose for which it is processed. A full list of the purposes for which we process personal data can be found above.
The appropriate period for storing personal data is determined based on the amount, nature and sensitivity of the personal data being processed, the potential risk of harm from unauthorized use or disclosure of the personal data and whether the purposes of the processing can be achieved by other means, as well as on the basis of applicable legal requirements (such as applicable limitation periods).
Personal data is stored according to one or more of the following types of retention periods:
|
Until deletion is requested |
The data are deleted after a request from the data subject or another authorized person for their deletion, as long as there is no other reason for their storage. |
|
To establish, exercise or defend legal claims |
We retain some data when necessary for the establishment, exercise or defense of legal claims, such as defense against claims for breach of contract, non-compliance with applicable regulatory requirements. We retain the data on this basis until the applicable statute of limitations for bringing claims and claims has expired. For example, the statute of limitations for contractual relationships is most often 3 or 5 years after the termination of the contractual relationship, whether due to expiration of the contract, termination or other reason. |
|
Individually determined deadline |
The data is stored for the period determined individually for a specific category of personal data after an assessment of the necessity of processing the data. |
|
When automatically deleted |
Some data is automatically stored for a predetermined period of time and then automatically deleted. Such data may include data collected through cookies. |
|
In contractual relations |
The data is stored for the duration of the contractual relationship, unless there is another reason for their storage. |
|
Under legal obligation |
The data is stored for the period provided for in a law or regulatory act. |
|
Until deleted by the data subject or an authorized person |
In some cases, data is stored until it is deleted by the data subject or another authorized person, as long as deletion or storage is not required on another basis. |
|
In pre-contractual relations |
When we process data in the course of pre-contractual relations and no final contract is concluded, we delete the data within 6 months of the termination of the pre-contractual relations. |
Personal data is stored until the expiration of all applicable retention periods.
Retention periods according to the different categories of personal data:
|
Identification data |
– To establish, exercise or defend legal claims; – In contractual relations; – In pre-contractual relations; The data is stored until the purposes for which they were collected are achieved, as long as there is no other reason for their deletion or storage. |
|
Payment details |
– To establish, exercise or defend legal claims; – In contractual relations; – Under legal obligation. |
|
Data about the behavior of our Site |
– When automatically deleted. The data is deleted according to the deadlines specified in the cookie banner. |
|
Social media behavior data |
– Until deleted by the data subject or an authorized person. Social network users can manage their personal data in their account settings on the respective social network. |
|
Customer service data |
– To establish, exercise or defend legal claims; – In contractual relations. |
|
Accounting data |
– Under legal obligation. Accounting and tax data are stored according to the terms provided for in the Accountancy Act, the Bulgarian Accounting and Tax Code and other legal and regulatory acts applicable to the activity. According to Art. 38, para. 1 Bulgarian Accounting and Tax Code: – accounting registers and financial statements are kept for 10 years; – documents for tax and social security control are stored for 5 years after the expiration of the limitation period for repayment of the public obligation to which they are related. |
After the storage period expires, personal data is deleted.
SHARING PERSONAL DATA
We share personal data with the following categories of third parties:
|
Communication service providers |
We share personal data with communication service providers for the purpose of internal coordination within the team and servicing the Company’s Clients. – Identification data. |
|
Cloud and hosting service providers |
We share personal data with cloud and hosting service providers so that we can provide our services and manage our business processes. – Identification data; – Data on secondment; – Accounting data; – Data about job applicants; – Customer service data. |
|
Payment service providers |
We share data with Payment Service Providers, including banking and non-banking institutions, for the purpose of administering incoming and outgoing payments. – Identification data; – Data on payments made. |
|
Advertising service providers |
We share personal data with advertising service providers for the purpose of promoting the Company’s activities and attracting new customers. – Identification data. |
|
Accounting service providers |
We share data with accounting service providers in order to fulfill our legal accounting obligations. – Accounting data. |
|
Analytics service providers |
We share personal data with data analysis service providers, specifically to analyze the behavior of visitors to our Website. – Data about the behavior of our Website. |
|
Revenue Administration |
We share data with revenue administrations such as the National Revenue Agency, the National Social Security Institute, etc., when this is necessary in fulfillment of our contractual or legal obligation. – Data regarding Payroll and Personnel. – Accounting data. |
|
Social networks |
We share data when we use social networks such as Facebook, Instagram, LinkedIn, etc. – Data from behavior on Social Networks. |
RIGHTS OF DATA SUBJECTS
As a data subject, you have the following rights:
|
Right to information |
You have the right to be informed about the personal data we process about you and how we process it. You can get information through:
|
|
Right of access |
You have the right to request to see or access the personal data we process about you. To access your personal data, you can contact us. See how to contact us here. |
|
Right to correction |
You have the right to request correction or updating of the data we process about you when it is inaccurate or incomplete. You can request correction of your personal data by contacting us. |
|
Right to erasure |
You have the right to request the deletion of your personal data when:
Sometimes we may refuse to delete your personal data. For example, when:
To delete your personal data, you can contact us. You can see more about the retention periods in the section “DATA STORAGE PERIODS”. |
|
Right to restriction |
You have the right to request that we stop processing your personal data when:
You can request restriction of the processing of your personal data by contacting us. |
|
Right to object |
You have the right to object to the processing of your personal data when:
You can object to the processing of your personal data by contacting us. |
|
Right to portability |
You have the right to receive your personal data in a structured, commonly used and machine-readable format and you have the right to request that we transfer these data to another controller where the processing is based on consent or a contractual obligation or the processing is carried out by automated means. You can exercise your right to portability by contacting us. |
|
Right not to be subject to automated decision-making |
You have the right not to be subject to a fully automated decision (decisions made without human intervention), including profiling, when that decision has an impact on you. We do not carry out automated decision-making, including profiling. |
|
Withdrawal of consent |
You have the right to withdraw the consent given for the processing of your personal data when the basis for the processing is consent within the meaning of the GDPR. Consent can be withdrawn in a manner similar to the way it was given. For example, via a cookie banner, unsubscribing from email marketing, or by contacting us. |
|
Right to file a complaint |
You have the right to lodge a complaint with the competent supervisory authority if you believe that your rights have been violated. You can find the contact details of the competent supervisory authority here. |
DATA PROTECTION
We take the privacy and security of your personal data, including information that is considered sensitive, seriously. Our team works actively to maintain the integrity, confidentiality, and availability of our Services, and our policies and protocols are designed to protect your personal data. The company has taken the necessary technical and organizational measures to protect personal data, including access control, secure storage, limiting access to information only to authorized persons and using reliable IT systems.
If you believe that your rights regarding the protection of personal data have been violated, you have the right to file a complaint with the Commission for Personal Data Protection (CPDP) – an independent supervisory authority responsible for monitoring compliance with personal data protection requirements in the Republic of Bulgaria.
COMPETENT AUTHORITY FOR PERSONAL DATA PROTECTION
Authority: Commission for Personal Data Protection (CPDP)
Website: https://www.cpdp.bg/
tel: 02/91-53-518
email: kzld@cpdp.bg
address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
You can find a full list of data protection authorities in the EU here.
HOW TO CONTACT US
We welcome your comments, questions or complaints regarding this Privacy Policy, our use of your personal data or our response to your requests regarding the processing of your personal data. Please contact us using apostolov@kasystems.bg
CHANGES TO THE PRIVACY POLICY
The Company reserves the right to update or amend this Policy when necessary to reflect changes in applicable law, internal procedures or services provided. All changes will be published on the Company’s website and will enter into force on the date of their publication, unless otherwise stated.