Privacy policy 2.0
Valid until January 2024
See the newest version: https://www.ampeco.com/privacy-policy/
INFORMATION BY AMPECO LTD. REGARDING PERSONAL DATA PROCESSING
The privacy of our employees, customers and partners is important to us. In this privacy statement we explain which personal data we collect and process, for what purposes and on what grounds, to whom we provide it, and for how long we store it. This policy also contains information about your rights as a data subject and the manners in which you can exercise them.
AMPECO may update this privacy statement and its most recent version will be available at ampeco.com/privacy-policy. AMPECO will inform you of all material changes to its terms via its website or other communication channels.
About the company
„AMPECO” LTD. (hereinafter referred to as AMPECO), Company ID 205394857, 2 Nikolay Haytov Str., 1113 Sofia, Bulgaria. For questions, related to the processing of personal data, please contact us by e-mail at [email protected].
AMPECO in its capacity of Personal Data Controller conducts its activities in strict compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in order to ensure confidentiality and lawful collection and processing of personal data and repealing Directive 95/46/EC (General Data Protection Regulation).
AMPECO is a data controller with respect to the personal data of its employees, customers, partners and counteragents for the purpose of execution of the respective employment or contractual obligations.
AMPECO is also a data processor with respect to the personal data of the users of the AMPECO Electric Vehicle ChargePoint Management Software-as-a-Service solution. All AMPECO Data Processor responsibilities are described in the AMPECO Data Processing Agreement (DPA), part of our SaaS Service Agreement.
What data do we collect? Types of processed personal data
AMPECO processes the following types of personal data:
- Identification information:
- full name;
- e-mail address;
- permanent or current address (street, number, zip code, city, country);
- ID card’s (passport) data (relevant for our employment or service contracts);
- employment history, NSSI (social security and insurance) data, personal identification number, bank account number (relevant for our employment contracts);
- Contact information:
- mobile/fixed phone number
- email address
- your job position and employer based on public or subscription-based registers (e.g. LinkedIn)
- similar details of contact persons related to you
AMPECO processes public information such as from official public registers, which are responsible for keeping this information legally or purchasing them from companies that are responsible for the lawful collection of personal data. Such public data is processed for the purposes listed in the relevant sections below.
How do we collect your data?
AMPECO collects personal data:
- Directly from you via registration forms on our website ampeco.com or via our e-mail platform when you contact us via e-mail;
- Directly from you as an AMPECO hiring candidate during our recruitment process via our e-mail system and our HR platform or directy from you as an AMPECO employee via our HR Platform;
- Directly from you as a prospective customer during our sales engagement process via our e-mail platform.
How do we process your data?
Personal data is processed by the employees of AMPECO and by our suppliers with whom AMPECO has signed a service contract incl. a Data Protection Agreement (DPA).
Personal Data, collected by AMPECO in its capacity of Personal Data Controller, may be processed for the following purposes:
- Employee identification and authentication: necessary for compliance with the legal obligations of AMPECO as employer or to protect your vital interests as data subject;
- Reporting to the state and control authorities – National Revenue Agency, National social security institute, etc.: necessary for compliance with the legal obligations of AMPECO as employer;
- Drawing up contracts at your request – to enter into contractual obligations with you, as a customer or as a co-contractor AMPECO must have your specific personal data (e.g. name, date of birth, ID card number) as well as your contact details;
- Marketing: We use contact information provided directly by you to send you relevant marketing materials (including newsletters) as per the options you have selected via submitting a form on our website. We offer the options to manage your preferences or unsubscribe.
We use cookies according to our cookie policy.
We use contact information to send targeted Sales materials based on your preferences indicated while using our website. - Customer analytics: we process the data you have provided as per the options you have selected (via the use of cookies or directly) to utilize Google Analytics and Google Ads services: we share aggregated data with Google Analytics.
- Litigations – Establishment, exercise, and defense of AMPECO‘s rights – AMPECO will process its clients’ data in order to protect its rights in court/ litigation procedures.
How long do we store your data?
AMPECO processes your personal data while a contract governing our relationship is active, and for as long as required by applicable laws. The exact duration of the data processing is listed below:
- Personal data of our customers stored in Service contracts – 5 years after service termination;
- Employee identification and authentication – for the duration of the employment contractReporting to the state and control authorities – National Revenue Agency, National social security institute, etc. – indefinitely as stipulated by Bulgarian law;
- Marketing and Sales: for as long as you remain subscribed.
How to contact the appropriate authority?
The Data protection authority in Bulgaria is the Commission for Personal Data Protection. You may contact them by following the process described in the Lodging complaints and alerts page on their website: https://www.cpdp.bg/.
What are your rights as a Data Subject?
If you are a person whose personal data is processed by AMPECO under the General Personal Data Regulation, effective since 25.05.2018, you have the following rights:
- Right to access – Upon your request, as the data subject, AMPECO shall provide information about the categories of the personal data relating to you, which are being collected and processed by us.
- Right of rectification, blocking (restriction of processing), and/or erasure (deletion) – Upon your request, AMPECO shall correct, erase or cease the processing of your personal data. In such cases, AMPECO shall notify all third parties to whom your personal data has been disclosed regarding all rectifications and erasures that have been made or all cases of restriction of processing of your personal data.
- Right to data portability – you have the right to request to receive your personal data processed by AMPECO, in a structured and commonly used and machine-readable format.
- Right to object – As a data subject, you have the right to object to the processing of your personal data when the processing of personal data is based on the AMPECO ‘s legitimate interest. AMPECO shall review your objection and shall provide its opinion in writing within 30 days unless this term needs to be extended, for which we will notify you in due time. After reviewing the objection, AMPECO will generally discontinue the processing of your personal data and will notify all interested parties to whom the personal data have been submitted of the objection received and of the measures taken in this regard. In some cases, however, AMPECO has an indisputable legal basis to continue the processing of your personal data even after receiving your objection (for example, in cases of unsettled contractual relations, lawsuits etc.). In such cases, AMPECO will contact you to clarify the reasons why it will continue to process your personal data.
- Right to withdraw the consent given for personal data processing for the purposes outlined in the Declaration of Consent. The withdrawal can be done via a consent withdrawal declaration.
- Right to raise a complaint with the Commission for Personal Data Protection (CPDP) – as the data subject, you have the right to raise a complaint with the Commission for Personal Data Protection (CPDP) against the actions of AMPECO in connection with the processing of your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the CPDP so please contact us in the first instance.
In the cases when you are exercising your rights as a data subject, it would be necessary for you to make a detailed description of your request in the application submitted to AMPECO. When exercising your rights, AMPECO will need to verify your identity so as to avoid anyone else trying to impersonate you. For this purpose, we may require an ID card or other identification document when providing you with the information you request.
You may ask in writing various questions about the processing of your personal data by AMPECO, electronically at [email protected].
If you do not agree with AMPECO‘s position regarding your inquiry or if you wish to receive more information, please visit the website of the Commission for Personal Data Protection at www.cpdp.bg where you could file a complaint.
In the cases when AMPECO has received your personal data from third parties, e.g. your employer is processing them for its own purposes, you may file a complaint against the actions of these third parties directly to them. In these cases AMPECO is acting in its role as data processor and shall route the data subject’s request to the respective data controller.
The exercise of your rights can not be opposed to the provision of your personal data to the competent authorities for the prevention, investigation, and detection of criminal offenses.