Protection of personal data
PRIVACY POLICY
Personal data administrator: ASSOCIATION GS1 BULGARIA, EIK: 177030295
Contact information for the administrator of personal data: headquarters and management address in the city of Sofia, 9 Iskar St., phone: 02/811 7 604, e-mail: gs1bulgaria@gs1bg.org.
Contact details of the Data Protection Officer: dpo@gs1bg.org.
This Privacy Policy refers to the personal data that the GS1 Bulgaria Association (“the Association”, “the Organization”) collects and processes, mainly for the purpose of providing services according to its subject of activity.
We apply a personal data protection policy both for data that we collect through registration documents, forms for obtaining membership in the Association, through e-mail correspondence, conclusion of a contract or other methods of collecting personal data permitted by law, and for data, collected through our website https://www.gs1bg.org.
This statement is intended to inform about the practices we apply in protecting your data and about your rights regarding the collected personal data.
General information
The main activity of the Association is the issuing of global identification numbers.
When collecting and processing personal data, our Association is subject to the regulations – Regulation (EU) 679/2016 and the Personal Data Protection Act, other laws and the by-laws issued based on them, which regulate how to these actions are carried out, for what purposes and what personal data protection guarantees are to be applied.
- What personal data do we collect and process about you?
A) In the majority of cases, we collect data that allows us to identify you (including as a representative of a legal entity) and to communicate with you (in case of need to contact you), such as names (first name and surname), telephone number and contact email (preferably work), address (correspondence address) and more specifically:
– for job candidates with us, we collect and process: names, education data, qualifications, certificates, experience, profession, contact data (phone number, email), other data provided at the discretion of the candidate, incl. those contained in the candidate’s CV, cover letter;
– for our employees, we collect and process: names, social security number, photo (for the issuance of an official pass), data from an identity document/identity card, health data, as well as other data in connection with regulatory requirements. We also collect information/data about loved ones, incl. the children of our employees, in relation to labor and insurance legislation and the use of certain benefits, for example sick leave for a child, other;
– for the natural persons with whom we enter into contracts (including civil contracts), we collect and process: names, social security number, address, data from an identity document, contact data (phone number, email);
– in our relationships with legal entities, we collect information about the capacity in which you represent the relevant legal entity (your position), your names, your contact details (office phone number, email);
– if you have a registered profile on our site, we collect and process your names (name and surname – in Cyrillic and Latin), address, business phone number and email, other data from your profile.
– for farmers, we collect data on names, address (address for correspondence), social security number, contact data (phone number, email);
– when processing signals about illegitimate numbers through the BG Barcode mobile application, for the natural persons using the application, we collect and process data according to the privacy statement uploaded to the application, with which everyone who downloads and works with the application has the opportunity to become familiar when downloading and installing it;
– data related to payments, etc. necessary data for issuing invoices (for example, TIN when issuing an invoice to a natural person), information on the method of payment, information on payments due and made; bank account and other information collected and processed in connection with making the payment (depending on the payment method).
In the building where the office of GS1 Bulgaria is located, video surveillance is carried out, which aims to ensure the protection of the assets and property in the building. Access to this data is strictly regulated and is permissible only for persons who have the right under an express contract or are specified by law/regulation.
– cookies – our site collects cookies. They are information stored in your browser. They are used to save settings and identifiers necessary for some of the services we provide through our site. You should keep in mind that the site may not function properly and reliably without some of the cookies. You can manage the cookies on our site by following the instructions set out here.
When paying by credit/debit card, the system transfers you to an external service provider. This provider determines what data it needs, which are generally: card number, cardholder names, card validity period, card CVC code; bank account and other information collected and processed in connection with making the payment. The association does not have access to this data and we could not control its processing in any way. This data is processed according to the personal data protection policy of the respective provider, and we ask that you independently inform yourself about their practices and rules.
- On what basis and for what purpose do we collect personal data; what do we use them for?
GS1 Bulgaria provides information on the personal data administered/processed by it upon request by the subjects of personal data and in compliance with all legal requirements and ethical rules.
Other publicly available information GS1 Bulgaria collects/processes in compliance with the rules of the sources of publicly available information. When we contact you, we will tell you where we have your personal data from, in case we have not collected it from you personally.
It is possible for the Association to collect information about personal data from publicly available sources, incl. registers, in relation to the activities of its members, as well as in relation to the services provided by it. This information includes data for making contact with members and/or partners, and/or interested persons in connection with the activity carried out by our Association.
B) Data collected from other sources
- Disclosure of your data to third parties
We need the collected data to fulfill legal/regulatory obligations towards us, as well as in connection with obtaining GS1 Bulgaria membership, obtaining global identification numbers, document reference, product catalog administration, participation in events, seminars and trainings GS1 standards topics, reporting illegitimate barcodes and receiving advice related to the Association’s subject matter.
In cases where it is necessary to collect your personal data from you due to our legitimate interest or to preserve your vital interests, we will inform you in a timely manner, as well as explain your rights. You have the right to object to us collecting your personal data if you believe that we do not have a legitimate interest in collecting it.
Except where we collect your personal data based on law, contract, legitimate interest or to protect your vital interests, we will ask for your consent. We will use your personal data only after your express consent for the specific purpose. You have the right, if you change your mind at a later stage, to withdraw your consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent given before it was withdrawn.
If you do not wish to receive such information in the future, you can object (opt-out) by sending an email to newsletter@gs1bg.org, as indicated at the end of each communication to you.
If you are a member of the Association, we may send you information about our products and services that would be of interest to you, and this information may be part of our newsletter, the sending of which is part of the services we provide to you by virtue of your membership in the Association and on the basis of legitimate interest.
We collect your personal data in connection with the provision of our services to you, as well as in connection with the services used by our Organization, provided by your organization or by you personally.
The organization does not perform profiling or automated decision-making.
In general, the Association does not store personal data outside the European Union and does not transfer data outside the European Union. If it becomes necessary for the Association to transfer data outside the European Union, such transmission of personal data will take place only on the condition that the provisions of Regulation (EU) 2016/679 are complied with in order to ensure the necessary level of protection of personal data of individuals and that they are not exposed to risk.
- Data transfer
We apply care to the personal data we process, demanding and expecting this from our partners, whether they are processors or individual administrators.
– we may share your personal data with companies providing courier and/or postal services. The data is shared only for the purpose of carrying out the relevant deliveries and providing the relevant services from these companies. These companies bear their own responsibility in relation to the security of personal data, and are obliged by law to protect such personal data.
– persons who, by assignment, maintain equipment, software and hardware used for processing personal data and necessary to ensure the activities of the Association, i.e. persons providing technical and administrative services to the Association in order to carry out its activities;
– state bodies, institutions and persons to whom it is obliged to provide personal data by virtue of a valid legal act;
GS1 Bulgaria discloses personal data administered/processed by it only to:
The association stores the administered/processed personal data for the period specified in the current legal acts, depending on the purpose for which they were collected.
GS1 Bulgaria collects, processes and stores personal data in compliance with all legal requirements and applying adequate technical and organizational security measures, and where necessary additional protection mechanisms such as encryption, pseudonymization and others.
- Protective measures
- Period (term) in which we store your personal data
When the personal data are not necessary for the mentioned purposes, they are deleted or destroyed in another appropriate way.
The purpose of storing personal data is to minimize the necessary actions for re-registrations or re-provision of data.
In cases where there is no legally specified term, the Association stores your data for a reasonable term, determined on the basis of additional criteria. The criteria are consistent with the subject of the Association’s activity, with the desire to provide high-quality services, aiming at the normal development of our relationships (for example, in connection with your membership).
More information on storage periods can be found in the following table:
Data collected in connection with the following activities of the Association:
Expiration date
1. Recruitment
Documents, information, data for candidates who have not passed the first stage of the competition procedure (admission to an oral interview) are always destroyed within 6 months.
Those who appeared at the second stage of the competition procedure (conducting an oral interview) fill in a form for participation in the selection procedure (Appendix 5), which, together with a copy of the job advertisement, is kept by the GS1 Bulgaria Association for a period of 3 years from completion of the personnel selection procedure (ground for storage – legitimate interest due to prescribed limitation periods in the special legislation). Other documents (resumes, cover letters, etc.) provided by applicants who have reached the second stage of the selection procedure will be stored for a period of up to 6 months, unless the applicant has given his express consent for the documents to be stored for longer term, as they will be used for the purposes of subsequent selection, in the event that he/she is not approved for the relevant position (in the latter case – upon consent, the data is stored for a maximum period of 3 years).
2. Human resource management
Terms stipulated in labor insurance legislation, etc. relevant legislation.
3. Registration of a profile (user) on the website of the Association
A profile that has been inactive for 2 years is deleted.
4. Membership in the Association and obtaining an identification number /prefix/ (and barcode)
15 years after termination of membership, data is deleted.
5. Order to generate a barcode symbol
They are stored for 5 years from the date of execution.
6. Accounting activity and reporting of the Association (accounting)
According to accounting and tax legislation:
– payrolls – 50 years, starting from January 1 of the accounting period following the accounting period to which they refer;
– payment orders (for payment of remuneration by bank transfer) – 50 years, starting from January 1 of the accounting period following the accounting period to which they refer;
– accounting registers and financial reports under the Civil Code and the Civil Code (under the Civil Code – including documents for tax control, audit and subsequent financial inspections) – 10 years, starting from January 1 of the reporting period following the reporting period to which they relate;
– documents for tax and insurance control (in case such control is carried out in accordance with Art. 38, para. 1, item 3 of the DOPC) – 5 years after the expiration of the limitation period for repayment of the public obligation with which they are connected.
7. Conducting seminars and trainings
5 years after the event, the list of participants is deleted.
8. Consultations on the application of GS1 standards
2 years after the termination of the company’s membership, the data is deleted.
9. Checking the quality and readability of codes on finished packaging (barcode verification)
They are stored for 5 years from the date of execution.
10. Photographing products at the request of companies (product photography)
They are stored for 5 years from the date of execution.
11. Processing signals for illegitimate numbers through the BG Barcode mobile application
The data is deleted after 5 years from the date of the signal.
12. Processing of inquiries from the site (inquiries made through the contact form on the site)
For a period of up to 6 months after answering the inquiry.
13. Surveys in connection with research on topics related to GS1 standards and User Forum
Only companies with active membership receive surveys; personal data is deleted after 5 years from the date of survey processing.
14. Holding of General Assembly and meetings of the Management Board of the Association
5 years from the date of release of the relevant representative from the General Assembly and/or Board of Directors
15. Relations with partners, suppliers and contractors of the Association
They are stored for 5 years after completion of the relevant contract or after termination of the contract on other grounds.
The data is mainly contained in contracts.
16. “Cookies” on the website of the Association
Usually for the period in which the “cookies” are valid, which in most cases is not longer than 6 months; in some cases, they are deleted when the data subject closes his browser.
If the basis for processing is consent, upon withdrawal of consent the data is deleted/removed identifiers, links, etc.
- Your rights
Right to access and receive information – you have the right to request access to your personal data at any time.
You have the right to know what personal data is processed about you, what it is used for and how it is stored. To exercise your right of access, send us an access request.
In the rare cases where we cannot provide access to your personal data within 1 month, we will give you the reasons why.
If you have a registration (profile) on our website, you can access your personal data at any time through your user profile.
Right to rectification – you have the right to request the rectification of any inaccuracies in your personal data.
If you have a registration (profile) on our website, you can update your personal data at any time through your user profile.
Your other rights – in addition to the rights listed above, you have the right to request:
– your personal data to be deleted;
– the processing of your personal data will be limited for a certain period of time;
– to object to the processing;
– data portability;
– right of complaint – you also have the right to file a complaint with the Commission for the Protection of Personal Data (PCPD) if you believe that we are violating the rights guaranteed to you by the legislation on the protection of personal data. You can find up-to-date information on how to exercise the right to appeal to the CPDP at: https://www.cpdp.bg/ – the website of the supervisory authority.
Your personal data will not be deleted in the systems of GS1 Bulgaria when, based on a normative or administrative act, the Association is obliged to store them.
In case you have any questions, please contact the employees of the Association, who will:
– assist in the exercise of your rights;
– provide additional information about each of your rights.
GS1 Bulgaria strives to satisfy your requests, when these requests are admissible and well-founded, as well as to give an answer within the statutory deadlines.
GS1 Bulgaria strives to satisfy your requests, when these requests are admissible and well-founded, as well as to give an answer within the statutory deadlines.
In rare cases, we may need to extend this period, but by no more than the permissible and maximum period permitted by law.
- Actualization / Update
This privacy notice is reviewed and updated by us regularly, in order to be as clear, accurate, transparent as possible and to cover changes that have arisen to us or changes in the relevant legislation.
Document last updated date – June, 2020.
DOCUMENTS FOR DOWNLOAD
Request to exercise rights
Privacy Notice