Information about us:
ZMM Zlatograd AD, is a joint stock company, registered in the Commercial Register of the Registry Agency with VAT ID: 120007156, with headquarter office address: Zlatograd, ZIP code 4980, 4 Bulgaria Blvd., Tel: +359 3071 21 37; Email: firstname.lastname@example.org
Information for contacts in ZMM Zlatograd AD, regarding protection of the personal data of our clients, contractors, and partners:
ZMM Zlatograd AD
Zlatograd, PK 4980, 4 Bulgaria Blvd.,
Tel: +359 3071 21 37
Data protection officer: R. Vuntsova
Our main aspirations and goals working with personal data are:
ZMM Zlatograd AD processes your personal data in order to provide you and your company with better services and solutions related to GDPR and information security. In view of this goal, ZMM Zlatograd AD has built a network of strategic partnerships, which strives to satisfy as much as possible all your needs when using our product portfolio.
The data security is very important to us and it’s a key successor factor of our business and for our public image. That is why we protect your data by applying all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss, or premature deletion of information.
We collect and process personal data only in compliance with the requirements of local and European legislation (GDPR and Bulgarian privacy data regulation). We are aware that the processing of your data is for a specific reason and cannot be performed without restriction.
How and why we use your personal data:
For performance of a contract or in the context of a pre-contractual relationship.
We process your identification data and other personal data in order to provide the products and services that you have requested and that you use with us, as well as to fulfill the contractual and pre-contractual obligations and to enjoy the rights under the contracts concluded with you.
The processing is performed to:
• establishing the identity of the client through all trade channels;
• management and execution of your requests for products or services, execution of contracts for products and services;
• prepared on a proposal for concluding a contract;
• preparing and sending an invoice for the products and / or services you use with us;
• to provide you with the necessary comprehensive service, as well as to collect the amounts due for the used products and services;
• with a view to providing you with a quality services following our agreement;
• preparation of remote proposals and sending courier services with renegotiated information and the draft contract; cancellation service;
• notification of everything related to the products and services you use with us, sending various notifications, notification of problems, errors or to respond to your requests, complaints, suggestions;
• preparation of aggregate statistical information about our sales and services, which we can provide to third parties, etc.;
• analysis of the customer history and preparation of a user profile in order to determine a suitable offer for you;
• protect and ensure the security and integrity of you and our employees;
• identify and / or prevent illegal actions or actions contrary to our terms of service;
• processing the aggregated data by our third party data IT supplier(s) that are acting as a “data processor” for us at the conclusion of a contract, assignment, reporting, acceptance, payment;
To fulfill regulatory obligations:
We process your identification data and other personal data in order to comply with obligations stipulated in a regulatory act, such as:
• fulfillment of obligations in connection with distance selling, off-site sales, provided for in the Data Protection Act (GDPR) ;
• providing information to the Data Protection Commission in Bulgaria;
• providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation on personal data protection – Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016 (GDPR), etc. .;
• obligations provided for in the Accounting Act and the Tax and Social Security Procedure Code and other related regulations in connection with the maintenance of proper and lawful accounting;
• providing information to the court and third parties, within the proceedings before a court, in accordance with the requirements of the procedural and substantive legal regulations applicable to the proceedings;
After your consent
In some cases, we process your personal data only with your prior written consent. Consent is a separate basis for the processing of your personal data and the purpose of the processing is stated in it and is not covered by the purposes listed in this policy. If you give us the relevant consent and until its withdrawal or termination of any contractual relationship with you:
we prepare suitable for your proposals for products / services of ZMM Zlatograd AD by performing detailed analyzes of your basic personal and company data;
• We prepare suitable for you offers for products / services from the company’s partners, as we process your basic personal and company data.
• Basic personal data include names, Social security number, gender and age group, telephone number, address (permanent address)
• Company data include company name, company email address (es), telephone number, company address.
Detailed analysis is a method of analysis that allows the processing of large volumes of data using statistical models and algorithms and others that include the use of network and personal data, as well as processes of pseudonymization and anonymization of the same, in order to extract information about trends and various statistical indicators.
Partners are companies with which ZMM Zlatograd AD has concluded partnership agreements and which provide various products and services.
Concessions granted may be withdrawn at any time. The withdrawal of the consent does not affect the fulfillment of the contractual obligations of ZMM Zlatograd AD. If you withdraw your consent to the processing of personal data for any or all of the ways described above, ZMM Zlatograd AD will not use your personal data and information for the purposes set out above. Withdrawal of consent shall be without prejudice to the lawfulness of the processing based on a consent prior to its withdrawal.
We have a large portfolio of products and services. When you give us consent to data processing, that consent applies to all products and services you want to use or are in usage already.
To withdraw your consent, you only need to use our site or just our contact information.
In view of our legitimate interest
We use your identification data (excluding Social Security Number) to perform a basic analysis of your data in order to adapt the services we offer to your individual needs and to meet the required criteria.
Processing of anonymized data
We process your data for statistical purposes, ie for analyzes in which the results are only summary and therefore the data is anonymous – for example, to represent the movement of large groups of people. It is not possible to identify a specific person or company from this information.
What kind of data do we process for you:
the two/three names, unique civil social security number or personal number of a foreigner, permanent address, gender and age group, company name, personal or company email address, telephone number, company address.
information on the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
• e-mail, letters, information about your requests for troubleshooting, complaints, requests;
• other feedback we receive from you;
• personal contact details – contact address, telephone number and contact information (email, telephone number), gender, age group;
• preferences for the services we provide to you;
other information such as:
• customer number, code or other identifier created by ZMM Zlatograd AD for identification of companies and users;
• data provided through the company’s website;
ther personal data provided by you or by a third party at the conclusion or during the validity of a contract with ZMM Zlatograd AD and in particular: the two/three names, unique civil social security number or personal number of a foreigner, permanent address of a proxy specified in a document, in which you have authorized him to represent them; social network profile data, contact details, contact person; username, data provided when participating in games, raffles and / or other seasonal or promotional campaigns organized by ZMM Zlatograd AD, including through social networks.
Whenever we process your basic personal data, and the other data described for the purposes of providing products and services, for their payment, for the fulfillment of your requests for services, as well as in order to fulfill our regulatory obligations, this processing is mandatory for the fulfillment of these goals. Without this data, we would not be able to provide the relevant services. If you do not provide us with credentials, we will not be able to enter into a product or service agreement with you.
Why and how we use automated algorithms:
For the processing of your personal data we use partially automated algorithms and methods in order to constantly improve our products and services, to make it more personal to you, to adapt our products and services to your needs in the best possible way and/or for calculation purposes. This process is called profiling.
How we protect your personal data
To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act (GDPR), as well as best practices of international standards (ISO 9001, ISO 27001: 2013, etc.).
The company has established processes to prevent abuse and security breaches. For maximum security in the processing, transmission, and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization and more.
When we delete your personal data
As a rule, we terminate the use of your personal data for the purposes of the contractual relationship after the termination of the contract, but we do not delete them before the expiration of one year from the termination of the contract or until the final settlement of all financial obligations and expiration of statutory obligations. For data storage, such as obligations under the Accounting Act for storage and processing of accounting data in Bulgaria is (50 years), expiration of the statute of limitations for filing claims (10 years) specified in the Obligations and Contracts Act, obligations for providing information to the court , competent state authorities, etc. grounds provided for in the current legislation (10 years). Please note that we will not delete or anonymize your personal data if it is necessary for pending court, administrative, accounting or pending proceedings for us.
Your data can also be anonymized. Anonymization is an alternative to deleting data. Upon anonymization, all personally identifiable items allowing your identification are permanently deleted. There is no legal obligation for anonymized data to be deleted, as they do not represent personal data.
Your rights in connection with the processing of your personal data:
Right for information You have the right to request:
• information on whether data relating to you are processed, information on the purposes of such processing, on the categories of data and on the recipients or categories of recipients to whom the data are disclosed;
• a message in an understandable form containing your personal data that is being processed, as well as any available information about their source;
• information on the logic of any automated processing of personal data concerning you, at least in the case of automated decisions.
Right of access:
• The right of access, commonly referred to as “access to the topic”, entitles individuals to receive a copy of their personal data as well as other additional information. It helps people understand how and why you use your data and check if you are doing it legally.
Right of correction:
In the event that we process incomplete or erroneous / erroneous data, you have the right, at any time, to request:
• to delete, correct or block your personal data, the processing of which does not meet the requirements of the law;
• notify third parties to whom his personal data have been disclosed of any deletion, correction or blocking, except where this is not possible or involves excessive effort.
Right of deletion:
• According to Article 17 of the GDPR, individuals have the right to delete their personal data. This is also known as the “right to be forgotten”. The law is not absolute and applies only in certain circumstances.
Right of objection:
At any time you have the right to:
• objections to the processing of your personal data if there is a legal basis for it; where the objection is justified, the personal data of the natural person concerned may no longer be processed;
• object to the processing of your personal data for direct marketing purposes.
Right to limit processing:
You can request a restriction on the personalized data being processed if:
• you dispute the accuracy of the data, for the period in which we have to check their accuracy; or
• the processing of the data is without legal basis, but instead of deleting it, you want its limited processing; or
• we no longer need this data (for the specified purpose), but you need it to establish, exercise or defend legal claims; or
• You have objected to the processing of the data, pending verification that the controller’s grounds are lawful.
Right to data portability:
You can ask us to provide the personal data you have entrusted to our care in an organized, orderly, structured, generally accepted electronic format if:
• we process the data according to the contract and based on the declaration of consent, which can be withdrawn or on a contractual obligation, and
• processing is performed automatically
Rights in relation to automated decision making and profiling:
• Article 22 of the GDPR has additional rules for the protection of individuals if you only make automated decision-making that has a legitimate or similar significant impact on them.
The right to complain:
In case you believe that we are violating the applicable regulations, please contact us to clarify the issue. Of course, you have the right to lodge a complaint with the Data Protection Commission in Bulgaria. After 25 May 2018, you will also be able to lodge a complaint with a regulatory body within the EU.
Applications for access to information or for correction are submitted personally or by a person expressly authorized by you, through a notarized power of attorney. An application may also be submitted electronically, in accordance with the Electronic Document and Electronic Signature Act.
We will rule on your request within 14 days of its submission. In case of an objectively necessary longer term – in order to collect all the requested data and this seriously complicates our activity, this term can be extended up to 30 days. With our decision we give or deny access and / or the information requested by the applicant, but we always motivate our answer.
Relevance and policy changes