Privacy and Data Protection Policy
SM Consulta Ltd collects and processes personal data in accordance with the current provisions for personal data protection and takes all necessary actions to ensure compliance with legal and regulatory requirements.
This Privacy and Data Protection Policy applies to the processing of personal data of individuals in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE EUROPEAN COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repealing of Directive 95/46/EC (General Data Protection Regulation).
SM Consulta Ltd observes the following principles related to the processing of personal data:
- Lawfulness, conscientiousness and transparency– personal data are processed lawfully, conscientiously and in a transparent manner in regard to the data subject;
- Purpose limitations– personal data are collected for specific, explicitly stated and legitimate purposes and are not further processed in a way incompatible with these purposes;
- data minimization – personal data are appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accuracy – personal data is kept up to date, taking all reasonable measures to ensure the timely deletion or correction of inaccurate data, taking into account the purposes of their processing;
- restriction of storage – personal data are stored for a period not longer than necessary for the purposes of processing;
- Integrity and confidentiality – personal data are processed in a way that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
For the purposes of this Privacy and Personal Data Protection Policy, the definitions as defined in Art. 4 of Regulation (EU) 2016/679 have been used, including:
“personal data”means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“processing”means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“controller”means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- Personal data controller
SM Consulta Ltd (the Company) is registered under VAT: 121627612, registered office and address of management: Simeonovsko shose Str. 276, Sofia
Contact person: Manager
Bellissimo Business Center, Bulgaria Blvd. 102, Sofia 1680
tel./ fax: 02/ 958 99 49; 958 99 59
For further questions regarding Regulation (EU) 2016/679 and your rights:
- Types of personal data and legal basis for their processing
SM Consulta Ltd collects personal data, informing the subjects in a clear way on what grounds it collects these data, by providing a separate privacy notice.
The processing of personal data is lawful if:
- the data subject has consented to one or more specific purposes. The data subject may withdraw their consent at any time. the processing is necessary for the observance of a legal obligation that applies to the Company
- the processing is necessary for the observance of a legal obligation that applies to the Company
- the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject before the conclusion of a contract
- the processing is necessary for the purposes of the legitimate interests of the Company, without affecting the interests or fundamental rights and freedoms of the data subject. SM Consulta Ltd notifies the data subjects of the existence of such a legitimate interest through the confidentiality notice related to the specific processing.
- Purposes of processing
SM Consulta Ltd processes personal data for the specified purposes for which they are collected. Such purposes may include the selection of staff, the conclusion and performance of contracts, the fulfilment of requests for products or services, marketing and social activities, etc.
SM Consulta Ltd notifies the data subjects of the purposes of processing through the privacy notice related to the specific processing.
- Storage of personal data
SM Consulta Ltd stores personal data until the fulfilment of the purposes of processing or within the statutory terms. The consent provided by data subjects remains in force even after the termination of the relations between him or her and and the Company.
- Categories of recipients of personal data
SM Consulta Ltd may disclose personal data of subjects, depending on the purposes of processing, to the following categories of recipients:
- state bodies, institutions and persons to whom the Company is obliged to provide personal data by virtue of the applicable regulatory requirements of local legislation
- • legal entities that by virtue of a contract provide to SM Consulta Ltd services in connection with accounting, legal protection and others under the applicable legislation
- authorized employees of the Company
For the needs of commercial activity, SM Consulta Ltd may disclose only personal data of subjects, who are employees of the Company, to legal entities under a contract.
СSM Consulta Ltd discloses personal data to a third party – processor only if it provides sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing takes place in accordance with the requirements of Regulation (EU) 2016/679 and if it provides protection of the rights of data subjects.
SM Consulta Ltd does not make transfers of personal data to third countries or international organizations.
- Use of website http://www.smcon.com
SM Consulta Ltd maintains a website to promote the products and services offered by the Company.
SM Consulta Ltd maintains a customer support site of the Company http://support.smcon.com, by creating a user account on the customer support site.
Contact forms and feedback
The personal data filled in in the form for registration of users in the site for customer support, are received in the e-mail of the Company from the authorized employees, responsible for data processing.
The contact and feedback forms contain the minimum necessary data that users must provide. These can be a name, e-mail, contact phone number, organization and position they hold. This data is processed only for the purposes of the specific inquiry, proposal or feedback.
The personal data that users provide through the contact forms on the website:
- are not provided to third parties
- are not used for profiling
- not used for direct marketing
- not used to send unsolicited messages (spam)
- are not used in any other way without the explicit written consent of the consumer, except in cases provided by law or a court decision
- are kept in the terms necessary for undertaking the necessary actions and for subsequent analysis and reporting
- Use of social media
We remind you that social media posts may be associated with certain risks, including the confidentiality of the personal data of a subject or other persons they share.
- Security of personal data
SM Consulta Ltd applies a set of technical and organizational measures for security of the personal data it processes. These measures are intended to protect against unauthorized access, unauthorized use, accidental loss or damage to their integrity.
The applied measures for control of the security of the information are subject to periodic independent audit.
- Automated decision-making, incl. profiling
The personal data that SM Consulta Ltd processes are not subject to automated decision-making, including profiling.
- Your rights
According to the applicable legislation in the field of personal data, data subjects have the rights described below.
SM Consulta Ltd undertakes to respond to any request for these rights within one month of receiving it without due fee. If necessary, this period may be extended by another two months. In this case, the Company shall notify the data subject within one month of receipt of the request.
You can send inquiries regarding data subject rights to the following email address: GDPR@smcon.com
When the requests of a data subject are manifestly unfounded or excessive, in particular because of their repeatability, the Company may:
- impose a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or
- refuse to take action on the request.
If the Company refuses to take action on a request, it will inform the data subject of the reason.
As a data subject processed by the Company, you have the following rights:
12.1. Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. The data subject shall have the right to request access to personal data.
The Company shall provide a copy of the personal data undergoing processing, as well as of the purposes of processing. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
12.2. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
12.3. Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- the data subject considers that personal data have been unlawfully processed;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Please note that there may be other reasons that prevent the immediate erasure of data, such as statutory obligations to store, establish, exercise or defend lawsuits, and more.
12.4. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
In case of requested restriction of the processing, SM Consulta Ltd will inform you before its cancellation.
12.5. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent or on a contract and
- the processing is carried out by automated means.
12.6. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data based on:
- the performance of a task of public interest or in the exercise of official powers granted to the Company;
- the legitimate interests of the Company or a third party.
SM Consulta Ltd will terminate the processing against which you have objected, unless there are convincing legal grounds for it or for the purposes of establishing, exercising or defending legal claims.
12.7. Right to file a complaint
If you believe that we have violated applicable data protection laws in the processing of your data and as a result we have affected your rights, please contact us at the following email address: GDPR@smcon.com
You also have the right to lodge a complaint with the competent supervisory authority responsible for monitoring the implementation of Regulation (EU) 2016/679.
This document was approved and enters into force on 28.05.2018.
Declaration of consent for the processing of personal data in accordance with the requirements of the Personal Data Protection Act and Regulation (EU) 2016/679 can be found HERE