The purpose of this notice is, in accordance with the information requirements of Article 13 and Article 14 of the GDPR, to inform you about the personal data processing activities carried out by DI Trade Group Ltd., the purposes for which the data are processed, the measures and safeguards for the protection of the processed data, your rights and how you can exercise them, in accordance with the requirements of EU Regulation (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “Regulation 2016/679” or “GDPR”) and other applicable acts of the European Union and of the Republic of Bulgaria.

1.
“DI Trade Group” Ltd. is a legal entity – trader, registered in the Commercial Register at the Registry Agency with UIC: 203799419, with registered office and management address. registered office and registered address:. 1592, “Iskar” district, g.k. “Druzhba”, ul. “Druzhba”, ul. Tsvetan Lazarov” № 41, with the main subject of activity “import and trade with insulation materials”, represented by ANI VASILEVA Tsonevska – manager, hereinafter referred to as the COMPANY.
The Company is the controller of the personal data processed in the course of or in connection with the Company’s business activities, the address of the Company being. Sofia, p.k. 1592, district “Iskar”, g.k. “Druzhba”, ul. “Proff. Tsvetan Lazarov” № 41 – to which address you can send your requests by mail or submit them in person.
You can also send your requests to: office@di-tradebg.com

2. Purposes and grounds for processing personal data, categories of data processed.
The Company operates in accordance with the legislation of the Republic of Bulgaria, whereby it processes personal data in relation to:

• Conclusion and execution of contracts for the supply of materials and for works with legal entities and individuals.
• human resource management;
• financial and accounting reporting;
• access control to the company’s premises;
• meeting other requirements of the law.

In these cases, the Company processes personal data of customers, representatives of customers, employees; job applicants, contractors and partners; individuals, contractors under contracts and representatives of legal entities, of other persons in connection with the exercise of activities, within the framework of contractual and pre-contractual relations (Art. 6, par. 1, b) of the Regulation), and/or in the presence of a legitimate interest – grounds under Art. 1, б. “f” of the Regulation. In these cases, the data processed relate to the physical and economic identity of the subject.

For the purposes of personnel administration (human resources management) and financial and accounting reporting, the Company processes personal data on the basis of Art. 1, б. “c” and Art. 9 par. 2 lit. “b” of the Regulation of job applicants, employees and natural persons, contractors and representatives of legal entities – contractors. The categories of data processed are data concerning the physical and social, family and economic identity, criminal record and health of the persons concerned.

Where the Company processes data on the basis of the subject’s consent, personal data shall only be processed if the individuals have freely, specifically, informed and unambiguously consented to the processing.

The processing of data shall be carried out for the specific and precise purposes specified by law and the data shall be processed lawfully and in good faith and shall not be further processed in a manner incompatible with those purposes.

3. Categories of data recipients outside the Company.
The Company does not disclose personal data to third parties and recipients, unless there is a legal basis for obtaining the data or the data are not publicly available due to their inclusion in a public register.

Outside the cases of public accessibility of data included in a public register, recipients of data may be, as the case may be:

• State authorities and bodies entrusted with public functions within their powers (NRA, NSSI, Ministry of Interior, courts, prosecutor’s office, bailiffs, notaries, other bodies entrusted with public functions);
• Banks for payment needs;
• Courier companies and postal operators – for the purposes of carrying out correspondence with natural persons-data subjects.

4. Data retention period.
As a data controller, the Company processes data for a minimum period of time in accordance with the purposes of processing and as provided for by applicable law in accordance with the principle of storage limitation.

The personal data processed shall be stored for a period of between 2 months and 50 years, depending on the type of data determining the legal obligation for processing, including storage.

5. Rights of natural data subjects.
The measures taken to protect personal data in accordance with the requirements of Regulation 2016/679 are aimed at ensuring the rights of the subjects whose personal data are processed, namely:

• Right of access;
• Right to rectification of inaccurate or incomplete data;
• Right to erasure (right to be forgotten) if the conditions of Article 17 of REGULATION 2016/679 apply;
• Right to restriction of processing;
• Right to data portability if the conditions for portability under Article 20 of REGULATION 2016/679 are met;
• Right to object if the conditions of Article 21 of REGULATION 2016/679 are met.
• The right not to be subject to a decision based solely on automated processing, including profiling.

You may exercise the above rights by making a request to the Company (in writing or electronically), in which you should specify your specific request, sufficiently individualizing your request and the data to which it relates. The request should be signed and sent to the Company’s address.

6. Right to lodge a complaint with the Commission for Personal Data Protection or the court
If you believe that your rights under Regulation 2016/679 have been violated, you may lodge a complaint with the Commission for Personal Data Protection or the Administrative Court – Sofia.

7. Transfer of personal data to third countries or international organisations.
The Company does not transfer the processed personal data to third countries or international organizations.

8. Measures introduced by the Company for the protection of personal data.
The Internal Rules of DI Trade Group Ltd. on the measures for the protection of personal data, have introduced measures for the effective protection of the personal data processed and the possibility to exercise the rights of data subjects provided for in REGULATION 2016/679, the full text of which will be provided to you upon your written request addressed to the Manager of the Company, at the address of the Company or at the e-mail address.