Privacy policy 1.0

Valid until September 2021
See the newest version: https://www.ampeco.com/privacy-policy/

INFORMATION BY AMPECO LTD. REGARDING PERSONAL DATA PROCESSING

Your privacy is important to us. We have taken all the necessary organizational and technical measures in order to process your personal data in a manner that is lawful, appropriate and transparent. In this privacy statement by “AMPECO” LTD., we explain which of your personal data we will process, for what purposes and on what grounds, to whom we could provide them, and for how long we will store them.

We recommend that you read this information carefully so that you know more about the manner of processing of your personal data as a client, potential client, related party to a client of ours, counterparty, contact person, representative of a legal entity, or any other interested party. Regardless of what are the purposes and the grounds on which we process your personal data, AMPECO will treat your data with equal care. This document also contains information about your rights and the manners in which you can exercise them.

AMPECO may update this privacy statement and its most recent version will be available at ampeco.com. „AMPECO” LTD. will inform you of all material changes to its terms via its website or other communication channels.

You will also find more information about the Bulgarian privacy legislation on the website of the Bulgarian Commission for Personal Data Protection at www.cpdp.bg

 1. About the company 

„AMPECO” LTD. (hereinafter referred to as AMPECO), Company ID 205394857, 2 Nikolay Haytov Str., 1113 Sofia, Bulgaria. For questions, related to the processing of personal data, please contact us by e-mail at [email protected].

AMPECO in its capacity of a Personal Data Controller conducts its activities in strict compliance with the requirements of the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in order to ensure confidentiality and lawful collection and processing of clients’ personal data.

AMPECO is a controller with respect to the personal data of its clients but also a personal data processor of data provided by its counteragents for the purpose of execution of respective contractual obligations, whereas in the second case AMPECO  strictly follows the controller’s instructions in carrying out this activity.

2.  Definitions  

  • “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a personal identification number, location data, gender, address, telephone number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Processing of personal data” is any operation or set of operations which is performed on personal data whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Rights of Data Subjects 

If you are a person whose personal data is processed by AMPECO under the General Personal Data Regulation, effective since 25.05.2018, you have the following rights:

  •  Right to access – Upon your request, as the data subject, AMPECO shall provide information about the categories of the personal data relating to you, which are being collected and processed by us, and information about the purposes of the processing, the recipients, or categories of recipients to whom your data are disclosed and the sources of this data, except the cases when the data was collected directly from you.
  • Right of rectification, blocking (restriction of processing) and/or erasure (deletion) – Upon your request, the AMPECO shall correct, erase or cease the processing of your personal data.   In such cases, AMPECO shall notify all third parties to whom your personal data has been disclosed regarding all rectifications and erasures that have been made or all cases of restriction of processing of your personal data.
  • Right to data portability – As a data subject, you have the right to request to receive the personal data concerning you, which you have provided to AMPECO, in a structured and commonly used and machine-readable format and you have the right to transmit/transfer those data to another Controller without hindrance from AMPECO as personal data controller, to whom the data was provided, where the processing is based on consent or on a contract or the processing of your personal data is carried out by automated means.
  • Right to object – As a data subject, you have the right to object to the processing of your personal data when the processing of personal data is based on the AMPECO ‘s legitimate interest. AMPECO shall review your objection and shall provide its opinion in writing within 30 days unless this term needs to be extended, for which we will notify you in due time. After reviewing the objection, AMPECO will generally discontinue the processing of your personal data and will notify all interested parties to whom the personal data have been submitted of the objection received and of the measures taken in this regard. In some cases, however, AMPECO has an indisputable legal basis to continue the processing of your personal data even after receiving your objection (for example, in cases of unsettled contractual relations, lawsuits etc.). In such cases, AMPECO will contact you to clarify the reasons why it will continue to process your personal data. If your objection concerns the processing of personal data for direct marketing, the AMPECO will suspend unconditionally the processing of your for that purpose.
  • Right to withdraw the consent given for personal data processing for the purposes outlined in the Declaration of Consent. The withdrawal can be done via a consent withdrawal declaration. 
  • Right to lodge a complaint with the Commission for Personal Data Protection (CPDP) – as the data subject, you have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) against the actions of AMPECO in connection with the processing of your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the CPDP so please contact us in the first instance.

In the cases when you are exercising your rights as a data subject, it would be necessary for you to make a detailed description of your request in the application submitted to AMPECO. When exercising your rights, AMPECO will need to verify your identity so as to avoid anyone else trying to impersonate you. For this purpose, we may require an ID card or other identification document when providing you with the information you request.

You may ask in writing various questions about the processing of your personal data by AMPECO, electronically at the e-mail indicated in item 1 above.

If you do not agree with the AMPECO ‘s position regarding your inquiry or if you wish to receive more information, please visit the website of the Commission for Personal Data Protection at www.cpdp.bg where you could file a complaint.

In the cases when AMPECO has received your personal data from third parties, e.g. your employer is processing them for its own purposes, you may file a complaint against the actions of these third parties directly to them.

The exercise of your rights can not be opposed to the provision of your personal data to the competent authorities for the prevention, investigation, and detection of criminal offences.

4. Types of processed personal data  

AMPECO may process different types of personal data related to your physical, social or economic identity. Such data may be obtained from you as the data subject or from third parties.

AMPECO may process some or all of the data categories listed below in order to achieve the purposes described below, only if it has a good reason to do so.

  1. to identify you: 
  • full name
  • permanent address (street, number, zip code, city, country) 
  • current address (street, number, zip code, city, country)
  • ID card’s (passport) data. 

b) to contact you:  

  • phone number – mobile/fixed 
  • email address 
  • address (street, number, zip code, city, country) 
  • your job position in your respective company
  • similar details of contact persons related to you.  

AMPECO sometimes processes public information such as from official public registers, which are responsible for keeping this information legally or purchasing them from companies that are responsible for the lawful collection of personal data.

Such public data may be processed for the purposes listed by AMPECO in this document.

5. Recipients of personal data

Personal data is generally processed by the employees of AMPECO. The processing of personal data may also be carried out by personal data processors with whom AMPECO has signed a contract for this purpose. Where there is a legitimate reason, personal data may be provided to other administrators to use for their legitimate purposes.

In case the recipients mentioned above are established outside the European Economic Area AMPECO shall forward personal data to non-EEA member countries (third countries), provided that an adequate level of personal data protection is ensured in accordance with the local and European laws, and that the personal data provided are sufficiently protected in the third country concerned, and with the approval of the Commission for Personal Data Protection. Your personal data may be transferred to a third country outside the EEA European Economic Area with your explicit and freely given consent. AMPECO will take all the necessary measures to protect your personal data by limiting its availability to third parties in or outside the European Economic Area.

6. Purposes of personal data processing 

Personal Data, collected by the AMPECO in its capacity of Personal Data Controller, may be processed for different purposes on a different lawful base, as follows:

 6.1. Purposes, where personal data processing is based on legal obligations:  

a. Client identification and authentication of personal data pursuant to the Law. 

b. Reporting on the state and control authorities – National Revenue Agency, National social security institute, etc.

6.2. Purposes for which the processing of your personal data is performed on the basis of performance of a contract

a. Drawing up contracts at your request – to enter into contractual obligations with you, as a customer or as a co-contractor AMPECO must have your specific personal data (e.g. name, date of birth, PIN, ID card number) as well as your contact details. It is possible that AMPECO would require additional information, depending on the type of services that are subject to the contract.

b. Execution of commercial contracts concluded with your employer or assignor – AMPECO may process personal data, provided by its counteragents – your employer or assignor for the purpose of execution of specified contractual obligations and rights.

c. Litigations – Establishment, exercise, and defense of AMPECO‘s rights – AMPECO will process its clients’ data in order to protect its rights in court/ litigation procedures, when settling claims with the help of hired solicitors/lawyers, etc. This pertains to situations where your personal data is processed in connection with the administration of information related to litigations, judicial warrants, petitions, and court decisions.

7. Term of storage of personal data 

AMPECO shall use your personal data only when AMPECO has a clear purpose in mind. Personal data cannot be kept for longer than it is necessary for the purpose(s) for which such personal data is used.

The grounds for storing your data are rooted in the legal retention period (which is often ten years after the end of the legal relationship). The term may be longer when this is necessary for us to be able to exercise our rights. Where there is no legally defined time limit, the period may be shorter.