PRIVACY POLICY AND PROTECTION OF PERSONAL DATA IN“ CORRECT ACCOUNT CONSULT” LTD (“Privacy Policy”) WHEN PROCESSING PERSONAL DATA OF CUSTOMERS – NATURAL PERSONS, REPRESENTATIVES OF LEGAL ENTITIES, AS WELL AS DATA PROVIDED BY OTHER ADMINISTRATORS OF PERSONAL DATA
„CORRECT ACCOUNT CONSULT” LTD, EIK 204444232, with headquarters and management address: Burgas, 19 Tsar Asen St., fl. 1, referred to as “CORRECT ACCOUNT CONSULT” for short, respects the privacy of its customers, as well as the persons whose personal data are provided by other administrators and guarantees the maximum protection of their personal data processed when providing accounting and consulting services, including but not limited to: Accounting and tax consulting, Organization of accounting reporting and compilation of annual, interim and other financial reports in accordance with the Accounting Law; Other consulting services; Economic analyses; Mediation in real estate transactions; construction of residential and public buildings; Purchase, construction or furnishing of real estate for the purpose of sale; Purchase of goods or other items for resale in original, processed or processed form; Commercial representation and mediation; Hotel, Tourist and Restaurant services after license; Leasing of motor vehicles, as well as any other commercial activity not prohibited by law in the country and abroad. This Privacy Policy is based on the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on cancellation of Directive 95/46/EC (“Regulation (EU) 2016/679”).
CORRECT ACCOUNT CONSULT, in its capacity as a socially responsible administrator and processor of personal data, respects the rights and legitimate interests of the data subjects in connection with their processing, realizing and accepting that the Processing of personal data should be intended to serve humanity. The right to protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced with other fundamental rights according to the principle of proportionality. This privacy policy complies with all fundamental rights and respects the freedoms and principles recognized by the Charter of Fundamental Rights of the European Union and the Regulation.
All amendments and additions to the Privacy Policy will be applied after the publication of its current content, and will be available at the address of the registered office of the company. The privacy policy is applicable to your personal data if you are a natural person or a representative of a legal entity who uses or wishes to use the offered services provided by CORRECT ACCOUNT CONSULT, including those offered online through a specialized platform or mobile application. The privacy policy is also applicable to the processing of personal data provided by other administrators of CORRECT ACCOUNT CONSULT in its capacity as a processor of personal data.
- Processing and responsibility for your personal data:
“CORRECT ACCOUNT CONSULT” LTD, with headquarters and management address: Burgas, 19 Tsar Asen St., fl. 2 1, referred to as “CORRECT ACCOUNT CONSULT” for short, is a commercial company registered in the Commercial Register at the Registration Agency with UIC 204444232, which collects, processes and stores your personal data under the terms of this Policy. CORRECT ACCOUNT CONSULT is a personal data controller within the meaning of Regulation (EU) 2016/679 and the Personal Data Protection Act. You can contact us at our office address: Burgas, 19 Tsar Asen St., fl. 2 1, phone: 0893 893 003, e-mail: a.petrova@correctaccountbg.com.
- CORRECT ACCOUNT CONSULT processes the following data on the legal basis and specific purposes described below:
2.1. Depending on the specific goals and grounds, CORRECT ACCOUNT CONSULT processes the data below individually or in combination:
A) Data provided by you, necessary for identification and fulfillment of the contractual obligations of CORRECT ACCOUNT CONSULT and the client:
- three names, PIN or personal number of a foreigner, address, telephone and/or e-mail address for contacting you, or a contact person specified by you;
- three names, social security number and reg. power of attorney number of your attorney specified in the document with which you authorized him to represent you before CORRECT ACCOUNT CONSULT;
- ID data
- data collected upon payment made to CORRECT ACCOUNT CONSULT – bank information collected upon payment made to CORRECT ACCOUNT CONSULT;
- data about the services you use from the CORRECT ACCOUNT CONSULT portfolio;
B) Data prepared and generated by CORRECT ACCOUNT CONSULT in the process of providing the services:
- geographic data relating to the provision of the services;
- when visiting our website https://correctaccountbg.com/ :
– the Google Inc. statistics code – google analytics processes your personal data in accordance with the Google Inc. privacy policy located at https://policies.google.com/privacy#infocollect;
– the Yandex statistics code processes your personal data in accordance with the Yandex Metrica privacy policy located at https://metrica.yandex.com/about/info/privacy-policy;
- information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, e-mail, letters, information about the services requested and provided, complaints, requests, complaints and other feedback we receive from you;
- data about your preferred services.
2.2. Purposes and legal grounds for processing personal data:
A) Data processing, which is necessary for the conclusion or execution of the contract for accounting and consulting services. CORRECT ACCOUNT CONSULT processes your data for the following purposes:
- Identification of a client when: entering into, amending and terminating a contract for services; fulfillment of requests to provide information about the services provided; explanations about the services used, payment of bills and addressing a complaint/complaint. Customer identification is carried out through all commercial and communication channels – commercial outlet, online platform, distance selling, locations and telephone operators, representatives and distributors of services, electronic contact form;
- Updating your personal data or the information about the services used upon your request for correction/change of data/services or delivered goods;
- Volume and type of customer consumption, as a result of your request/complaint/dispute or for the purpose of protecting customers and CORRECT ACCOUNT CONSULT from fraud and abuse by third parties; delivered and pending services; invoice value. Clarification of invoices/monthly charges and provision of references for services used and terminated and goods delivered;
- Preparation of proposals for the conclusion of contracts at a distance and contracts outside the commercial premises, service of refusal of a transaction;
- Handling and responding to customer complaints/inquiries/complaints; Corrections of amounts due if there is a reason for this;
- Processing of personal data on behalf of the client of his employees, suppliers and others, for whom he is the administrator of personal data, and CORRECT ACCOUNT CONSULT is the processor of personal data.;
- Payment of bills, rescheduling, forgiveness, postponement of amounts due;
- Checking the possibility of providing a service;
- Ensuring protection and security of the computer network of CORRECT ACCOUNT CONSULT;
B) In fulfillment of its legal obligations, CORRECT ACCOUNT CONSULT processes your data for the following purposes:
- Issuing invoices, preparing a detailed report on the consumption of the Services;
- Indication of assistance to state institutions in carrying out tax control.
- Provision of information about the client and the services used by him upon inquiry/request/verification by a competent authority;
- Management of granted consents;
- Provision of information to the Consumer Protection Commission and the Personal Data Protection Commission, in connection with the fulfillment of the obligations arising from the relevant legal acts;
- Provision of information to the court and third parties within proceedings;
- For proof of age in case such is required by law.
- Sale of receivables from customers; provision of information about the assignee’s debt – contracts, protocols, monthly accounts/invoices;
- References for sold obligations under assignment contracts for the purposes of confirming the transfer of receivables;
B) CORRECT ACCOUNT CONSULT also processes your data for the purposes of our following legitimate interests:
- Improving the quality of services provided by the enterprise.
- Processing the data from your accounts/invoices for other purposes compatible with the original purpose of their collection and providing both a reliable analysis of our products and services and an assessment of their usefulness for consumer demand.
- Preparation and storage of statistical information and inquiries in an aggregated form – CORRECT ACCOUNT CONSULT performs the specified analysis in order to develop and improve its product range of services and to improve customer service;
- Calculation of the number of users using specific services;
D) CORRECT ACCOUNT CONSULT processes the relevant data provided with the client’s consent for their processing for the following purposes:
- For participation in games and raffles organized by CORRECT ACCOUNT CONSULT.
- To receive and/or provide information/offers/periodic newsletter about products and services, if you have expressed consent to receive such information.
- Periodic receipt of an informational electronic newsletter compiled by the enterprise.
- Categories of persons who gain access to and process personal data:
3.1. Personal data processors who, based on a contract with CORRECT ACCOUNT CONSULT – process your personal data on behalf of CORRECT ACCOUNT CONSULT or have direct/indirect access to your personal data
- Persons who, under the assignment of CORRECT ACCOUNT CONSULT, maintain equipment and software used to process your personal data;
- Persons providing legal services in connection with making entries in the commercial register and other types of legal representation;
- Agencies collecting unpaid customer debts on behalf of CORRECT ACCOUNT CONSULT.
- Persons carrying out activities related to accounting audit;
- The banks serving the payments made by you;
- Persons performing consulting services in the field of personal data protection.
3.2. Other administrators of personal data to whom CORRECT ACCOUNT CONSULT provides your personal data, processing your data on its own basis and on its own behalf Assignors – party to assignment contracts with which CORRECT ACCOUNT CONSULT transfers (sells) your outstanding obligations; Competent authorities, which by virtue of a normative act have the authority to demand from CORRECT ACCOUNT CONSULT the provision of information, including personal data, such as – a Bulgarian court or a court of another country, various supervisory/regulatory authorities – Consumer Protection Commission, Commission for the Protection of Personal Data, the National Revenue Agency, the National Security Agency, authorities with powers to protect national security and public order;
3.3. Joint administrators of personal data, who together with CORRECT ACCOUNT CONSULT determine the purposes and means of processing your personal data;
- Period of storage of personal data.
The duration of storage of your personal data depends on the processing purposes for which they were collected:
4.1 Personal data processed for the purpose of concluding and executing a contract for the provision of a Service are stored for the duration of the contract, as well as six months after the final settlement of all financial relations between the parties;
4.2 Personal data processed for the purpose of issuing accounting/financial documents for tax control, such as, but not limited to, invoices, debit notices, credit notices, handover protocols, etc., are stored for at least 5 /five/ years after the expiration of the limitation period for repayment of the public claim, unless the applicable legislation provides for a longer period.
4.3 CORRECT ACCOUNT CONSULT may store some of your personal data for a longer period until the expiration of the relevant statute of limitations for the purpose of protection in case of possible customer claims in connection with the performance/termination of a contract for the provision of services, as well as for a longer term in the event of an already arising legal dispute in connection with the above until its final resolution with an effective court/arbitration decision.
- What are your rights in relation to the processing of personal data by CORRECT ACCOUNT CONSULT and what actions should you take to exercise them:
Regarding your personal data, you have the following rights:
5.1. to access your personal data and information of the kind that we have included in this Privacy Policy with respect to the data in question. ou can ask CORRECT ACCOUNT CONSULT for information on whether and for what purposes we process your personal data;
5.2. request that your personal data be corrected when it is inaccurate or should be supplemented in view of the purposes of the processing;
5.3. request that your personal data be deleted, only in any of the following cases:
- the same are no longer needed for the purposes for which they are processed;
- you have withdrawn your consent/objected to their processing and there is no other reason for their processing;
- the processing of the data is recognized as illegal;
- national or European legislation requires it;
5.4. request that the processing of your personal data be restricted in any of the following cases:
- in case of disputing the accuracy of your personal data for the period necessary for CORRECT ACCOUNT CONSULT to verify the accuracy of the data;
- unlawful processing has been detected, but you only wish to limit the processing of your data instead of having it deleted;
- you want your personal data to be stored, even though CORRECT ACCOUNT CONSULT no longer needs it for processing purposes, as you will use it to establish, exercise or defend your legal claims;
- in the event of your objection to the processing of your personal data for the period of the verification of its validity;
5.5. to request the transfer of your personal data that concerns you and that you have provided to us, including receiving it from CORRECT ACCOUNT CONSULT in a structured, widely used and machine-readable format and transferring it to another personal data controller. Your right to portability applies to personal data subject to the following conditions:
- data processing is based on your express consent or a contractual obligation; and
- the processing is carried out in an automated manner.
5.6. to object to CORRECT ACCOUNT CONSULT at any time and for your personal reasons in view of the specific situation, against the processing of personal data concerning you, which is based on the need to perform a task in the public interest or in the exercise of official powers that are provided to us, or which we have indicated that we are processing for our legitimate interest. When the objection raised is against the processing of your personal data for the purposes of direct marketing, CORRECT ACCOUNT CONSULT will stop processing them for the stated purpose. When the objection raised is against the processing of your personal data for the other purposes, CORRECT ACCOUNT CONSULT will reply to you within a reasonable time, but not longer than one month, whether it considers the same to be justified and, accordingly, whether it will stop the processing of the relevant personal data for these aims.
5.7. to withdraw your consent to the processing of your personal data at any time, when their processing is based on your consent, by stating your express wish through the commercial network and communication channels with CORRECT ACCOUNT CONSULT.
5.8. to send a complaint to the Commission for Personal Data Protection in case you consider that your rights in relation to the processing of your personal data have been violated. In the event that a specific way is not explicitly indicated, in order to exercise your rights, you should submit an explicit written application in every single commercial outlet of CORRECT ACCOUNT CONSULT.
- Can you refuse to provide personal data to CORRECT ACCOUNT CONSULT and what are the consequences?
n order to conclude a contract with you and to provide you with the services requested by you, we need certain data that are necessary for the conclusion and execution of the relevant contract, as well as for the fulfillment of the legal obligations of CORRECT ACCOUNT CONSULT. Failure to provide the following data prevents CORRECT ACCOUNT CONSULT from concluding a contract with you:
- three names, PIN or personal number of a foreigner, address;
- three names and social security number and reg. power of attorney number of your attorney specified in the document with which you authorized him to represent you before CORRECT ACCOUNT CONSULT;
- ID data;
- data collected upon payment made to CORRECT ACCOUNT CONSULT – bank information collected upon payment made to CORRECT ACCOUNT CONSULT;
- Security of personal data processing:
When processing personal data, CORRECT ACCOUNT CONSULT takes the following measures to ensure security when processing personal data:
- Security of the working premises within the framework of the general security of the buildings.
- Use of PPE for work premises.
- The premises are locked during non-working hours and access to them is regulated.
- The documentation is kept in a filing cabinet with its own lock.
- Computer database servers are state of the art. The server hardware uses RAID technologies for the disk subsystem and RAM with an error detection and correction mechanism.
- Periodic archiving of personal data is carried out.
- Uninterruptible power supplies (UPS) are provided for all computer configurations, servers and communication facilities on which the proper maintenance of personal data bases depends.
- A modern Desktop operating system is used in accordance with the requirements of the used application software with the latest security packages installed.
- Anti-virus software is used with automatic updates and constant scanning enabled.
- Presence of an activated firewall and uninstalled communicators, providing access outside the computer network of “Correct Account Consult” LTD and creating prerequisites for identifying the user’s IP address and for malicious software and mobile code to access the computers.
- The use of portable personal data carriers by employees is prohibited.
- All magneto-optical media, removable memory and external hard drives that are used to record personal data are transmitted and stored in a lockable cabinet.
- The transfer of personal data via the Internet is carried out via e-mail, and data encryption must be ensured.
- ach computer configuration used has an access password.
- The computer configurations used are periodically checked.
- When repairing computer equipment on which personal data is stored, its provision to the service organization is carried out without the devices on which personal data are stored.
Date: 23.05.2018
city of Burgas