Information about the Company, which processes your personal data:
Legal name |
PROOF LTD. |
UIN/BULSTAT |
203955697 |
Seat and registered office |
No 9, Dunav Str, Oborishte district, Sofia, Bulgaria |
Address of correspondence |
No 9, Dunav Str, Oborishte district, Sofia, Bulgaria |
+359 888 726 681 |
|
|
sayhello@proof.bg
|
Website |
Information about the Personal Data Protection Officer:
Legal name |
PROOF LTD. |
Address of correspondence |
No 9, Dunav Str, Oborishte district, Sofia, Bulgaria |
Telephone number |
+359 888 726 681 |
|
sayhello@proof.bg |
Information about the Supervisory authority:
Legal name |
Commission for personal data protection |
Seat and registered office |
2 Prof. “Tsvetan Lazarov” Blvd., Sofia 1592, Bulgaria |
Address of correspondence |
2 Prof. “Tsvetan Lazarov” Blvd., Sofia 1592, Bulgaria |
Telephone number |
02 915 3 518 |
Website |
www.cpdp.bg |
The basis for the collection, processing and storage of your personal data
Art. 1. Proof Ltd collects and processes your personal data in connection with the use of the website https://agencyproof.com/, as well as your application for work with us and conclusion of contracts with the company on the basis of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular under the following:
Objectives and principles in the course of collection, processing and storage of your personal data
Art. 2. (1) We collect and process the personal data which you provide us in relation to the use of the website https://agencyproof.com/, processing inquiries sent through the website, as well as providing all the functionalities of the website, your application for employment with us and entering into contracts with the company, including for the following purposes:
(2) The Company adheres to the following Principles in the course of processing of your personal data:
(3) In the course of processing and storage of personal data, the Controller is entitled to process and store the personal data for the purposes of performing its legal obligations and protecting the following legitimate interests:
What type of data do we collect, process and store
Art. 3. The Company carries out the following operations with the personal data you provide for the following purposes:
Conclusion of the impact assessment: Based on the impact assessment carried out, the operation "Conclusion and performance of an employment or civil contract" is permissible to carry out and provides sufficient guarantees to protect the rights and legitimate interests of the data subjects in accordance with the requirements of the GDPR.
Art. 4. (1) The Data Controller processes the following categories personal data and information for the following purposes and on the following grounds:
(2) Data collected for legal entities represented by you (e.g. name, registered office and address of management, etc.) do not constitute personal data within the meaning of the GDPR.
(3) The Data Controller does not collect or process personal data related to the following:
genetic and biometric data, health data or data on sexual life or sexual orientation.
(4) Personal data is collected by the Data Collector from the persons to whom it relates.
(5) The Company does not perform automated data decision making.
(6) The company does not collect and process data for persons under 14 years of age, except with the express consent of their parents or legal representatives.
Duration of personal data storage
Art. 5. (1) Proof Ltd. stores your personal data as a candidate for job/internship for period no longer than 6 months from the moment of completion of recruitment and selection procedures of employees / interns. After the expiration of the term, Proof Ltd makes all reasonable efforts to delete and destroy all of your personal data without undue delay or to make them anonymize (ie to make them in a form that does not reveal your identity), unless you give your explicit consent your personal data to continue to be stored and processed in the future.
(2) In case that the unapproved candidate for job/internship has provided original or notarized copies of documents certifying physical and mental fitness, qualification degree, professional experience or other circumstance, the Company returns these documents to the candidate within 6 months from the end of the selection.
(3) Proof Ltd. stores the personal data of the legal representatives of the legal entities - parties to a contract or the natural persons-partners or customers under a contract with the company indefinitely, for the purposes of protecting the legitimate interest of Proof Ltd. and fulfilling its legal obligations to state bodies and institutions.
(4) Proof Ltd. processes your personal data provided through the website of the Company until the express withdrawal of the given consent by the individual.
(5) The Data Controller processes your personal data provided on the legal ground of consent, until the explicit withdrawal of this consent.
(6) The Data Controller informs you in case that the period for the storage of personal data is necessary to be extended in regard to performing legal obligation or in regard to legitimate interests of the Company or other.
(7) The Data Controller stores the personal data that it is necessary to keep under the applicable law for the relevant period.
Transmission of your personal data for processing
Art. 6. (1) The Data Controller is allowed on its own discretion to transmit part or all of your personal data to personal data processors for performing the purposes of processing which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).
(2) The Data Controller informs you in case of intention to transmit part or all of your personal data to third countries or international organizations.
Your rights in the course of collection, processing and storage of your personal data
Withdrawal of consent for the processing of your personal data
Art. 7. (1) If you do not wish all or part of your personal data, which are processed on the ground of given consent to continue to be processed by Proof Ltd. for specific or all purposes of processing, you may at any time withdraw your consent to processing by sending request in free text to us or through functionality provided by us in Appendix № 1.
(2) The Data Controller could request you to certify your identity with the data subject by requesting from you to present identification document on-the-spot.
(3) Withdrawal of consent does not affect the validity of the processing of personal data provided by you until the withdrawal of consent.
(4) The Data Controller may continue to process some or all of your data if there is a legal obligation to do so or for the purpose of protecting its legitimate interests.
(5) You can at any time withdraw your consent to the processing of your personal data for direct marketing purposes.
Right of access
Art. 8. (1) You have the right to request and receive confirmation from the Data Controller whether personal data related to you are processed.
(2) You have the right to access data related to you, as well as information related to the collection, processing and storage of your personal data.
(3) The Data Controller provides you with a copy of the processed personal data related to you, in electronic or other appropriate form, upon request.
(4) Providing access to data is free of charge, but the Data Controller reserves the right to impose an administrative fee in case of repetitive or excessive requests.
Right to correct or complete
Art. 9. You have the right to demand the Data Controller:
Right to erasure (“Right to be forgotten“)
Art. 10. (1) You have the right to request the Data Controller to erase all or part of your personal data, and the Data Controller has the obligation to erase such data without undue delay, when one of the following grounds applies:
(2) The Data Controller is not obliged to erase the personal data, if he collects and process them:
(3) In case of an exercised right “to be forgotten”, the Company shall erase all your personal data, except for:
(4) To exercise your right to be forgotten, you need to send request in free text or on the completed form in Annex № 2 by e-mail.
(5) The Data Collector may ask you to verify your identity with the identity of the data subject ((including by sending a confirmation from the e-mail address provided by the visitor, presentation of an identification document on the spot or any other means appropriate under the circumstances at the discretion of the Data Collector).
(6) Once we have verified the identity of the person making the request and the person to whom the data relates in accordance with the steps above, and if there are grounds for doing so, we will delete all data we process about you in accordance with para. 3.
(7) The Data Controller does not erase the personal data which it has a legal obligation to store or which is necessary for proving its legitimate rights against claims against the Company.
Right to restriction of processing
Art. 11. You have right to request the Controller to restrict the processing of the personal data, concerning you, when:
(2) The Data Controller may request that you verify your identity and identity with the data subject.
(3) In case of exercising your right to restriction, the Company will limit the processing of your data, unless there is a legal basis to continue processing them in their entirety.
Right to data portability
Art. 12. (1) In case you have given your consent for the processing of your personal data or the processing is necessary for the performance of the contract with the Data Controller, or in case your data is processed in an automated manner, you can, after identification before the Data Controller:
(2) You can exercise your right to data portability by submitting a written text or filling in the form in Appendix № 3 by sending an email.
(3) The Data Controller may request that you verify your identity and identity with the data subject.
Right to receive information
Art. 13. You have the right to require from the Controller to inform you about all recipients, to whom your personal data, for which has been required rectification, erasure or restriction of processing, have been disclosed. The Controller is allowed to refuse to provide this information if this is impossible or involves disproportionate effort.
Right to object
Art. 14. You can object at any time to the processing of personal data by the Data Controller, which relate to you and are processed on the basis of the performance of a task of public interest or for the purposes of legitimate interest.
(2) You can object at any time to the processing of personal data for the purposes of profiling or direct marketing.
(3) You can exercise your right to object by sending a written request to the Company or through the corresponding technical functionality provided, and the Data Controller may ask you to identify yourself as the person to whom the data for which the objection to processing is made.
Your rights in case of personal data breach
Art. 15. (1) When the Data Controller detects personal data breach, which is likely to result in a high risk to your rights and freedoms, the Data Controller communicates the personal data breach to you without undue delay, as well as the measures taken or proposed to be taken by the Company.
(2) The Data Controller is not obliged to inform you if:
Persons to whom your personal data is provided
Art. 16. (1) For the purposes of processing your personal data and fulfilling the contract, as well as to provide the service in its full functionality and in view of your interests, Proof Ltd. may provide your data to third parties processing personal data who comply with all requirements for legality and security in the processing and storage of your personal data. You can get more detailed information about the processors of personal data by contacting us on the contact details provided.
(2) The specified data processors and Controllers comply with all requirements for legality and security in the processing and storage of your personal data and the Company enters into contracts with data processors to guarantee their obligations to protect your personal data.
Art. 17. The Controller does not transfer your data in third countries.
Art. 18. In the event of a breach of your rights under the above or applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission as follows:
Legal name |
Commission of personal data protection |
Seat and registered office |
2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia, Bulgaria |
Address of correspondence |
2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia, Bulgaria |
Telephone number |
02 915 3 518 |
Webpage |
www.cpdp.bg |
Art. 19. You could exercise all your rights related to the protection of your personal data through the forms attached to this privacy notice. Of course, these forms are optional and you could submit your requests in any form that contains a statement to that effect and identifies you as the data subject.
Art. 20. If there is consent for transfer, the Data Controller describes the possible risks for the transfer to third countries in case of lack of decision of an adequate level of protection and appropriate means of protection.
This Privacy notice is adopted on 01.03.2023