Data Protection NOTICE
I. What is the purpose of this document?
For THE SELF MADE LTD the protection of your privacy and the security of your personal information are a top priority.
This notice describes how we collect and use your personal information before, during and after the termination of the employment or other legal relationship with you. All activities described herein are in accordance with the General Data Protection Regulation (Regulation 2016/679) (GDPR). The notice may provide useful information to all future, current and former employees and contractors under civil contracts (including management and control contracts) and website visitors.
THE SELF MADE LTD is a personal data controller. This means that we are responsible for the decisions we make regarding the storage and use of your personal information. We are obliged under the data protection legislation to provide you with the information contained in this notice.
This notice does not form part of your employment or other contract with us. We may update this notice at any time.
It is important that you read this notice carefully to understand how and why we use your personal information.
II. Data Protection Principles
We will comply with the data protection legislation, whereunder data shall:
- Be processed lawfully, conscientiously and transparently;
- Be collected for valid purposes only, which we have clearly explained, and not be used in any other way whatsoever which is incompatible with those purposes;
- Be appropriate, relevant to and not beyond what is necessary for the purposes we have indicated;
- Be accurate and up to date;
- Be stored for a period not longer than is necessary for the purposes we have indicated;
- Be properly protected.
III. What information do we have about you?
“Personal Data” or “Personal Information” means any information about a natural person through which that person is or can be identified.
There are special categories of more sensitive personal data that also require a higher level of protection.
We will collect, store and use the following categories of personal data about you:
- Name, address, telephone number and e-mail address;
- Bank account details;
- Information about your length of service and professional experience (including positions held, working hours, length of service in the specialty, membership in professional and class organizations);
- Place of work;
- Information about your use of our information and communication systems.
IV. How do we collect your personal data?
We collect your personal data during the job application and selection process. Or when you send us an inquiry through our website. This information is provided either directly by you as a candidate or through a recruitment agency. Sometimes we may receive personal data from third parties as well – for example, former employers and others.
We will also collect additional personal data related to your performance within the term of our contract with you.
V. How will we use your personal data?
We will only use your personal data where this is permitted by law. Most often we will use your personal data on the following bases:
- To fulfill our contract with you;
- To comply with a legal obligation;
- Where this is necessary for our legitimate interests (or those of third parties), for example, in cases where we need to seek judicial protection against illegal actions on your part.
We may also use your personal data in the situations listed below, but we expect these to happen infrequently:
- To protect your interests (or the interests of someone else), for example, in providing emergency medical care;
- Where the processing is in the public interest.
VI. Situations in which we will use your personal data
We will primarily use the categories of personal data listed above to fulfill our contractual obligations to you and to comply with our legal obligations. In certain cases, we may use your personal data for our legitimate interests or those of third parties, but only if your interests or fundamental rights do not take precedence over those interests.
The situations in which we will process your personal data include:
- Deciding on your appointment;
- Deciding on the contractual terms and conditions to offer you;
- Checking whether you have the legal right to work in the Republic of Bulgaria;
- Paying your remuneration, deduction and payment of tax and social security contributions;
- Business management and planning, including accounting and auditing;
- Performing attestation;
- Assessment of your qualification for a specific position or task, including decisions on promotion;
- Collection of evidence of disciplinary proceedings;
- Providing training;
- Labor disputes related to you or other employees;
- Assessment of your working capacity;
- Compliance with the requirements of the safety and health at work legislation;
- Monitoring the use of our information and communication systems;
For some of the activities listed above, we may have more than one legal basis for the processing of your personal data.
- To reply to you in case you send us an inquiry by e-mail or through our website.
VII. If you fail to provide us with the personal data we require
Failure to provide the personal information required from you may prevent us from performing our contract with you (for example, by not being able to pay your remuneration) or from complying with a legal requirement (for example, to ensure safety and health at work).
Your refusal to provide the necessary information for the performance of the rights and obligations under the contract may be the reason for the non-conclusion or for the termination thereof.
VIII. Changing the purposes
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we should use it for another reason, and such reason is compatible with the original purpose. If we need to use your personal data for any other purpose, we will notify you and explain the legal basis for such use.
IX. How will we use sensitive personal data?
Special categories of sensitive personal data require a higher level of protection and an additional basis for their collection, storage and use. We may process special categories of personal data in the following situations:
- in limited cases, subject to your explicit written consent;
- for the purpose of fulfilling our obligations under the labor and social security legislation;
- where the processing is in protection of public interest.
In rare cases, we may process sensitive data where this is necessary to defend a legal dispute or to protect your interests or those of someone else and you are unable to give valid consent, or where you have disclosed such sensitive information in the public domain.
X. Some of our major responsibilities as an employer
- We will use information on absences from work, including absences due to temporary working incapacity, in order to comply with the requirements of the labor and social security legislation.
- We will use information on your physical and mental health, in order to ensure your health and safety at work and to provide you with the necessary working conditions.
XI. Do we need your explicit consent?
We are not legally obliged to obtain your consent when we process sensitive personal data in order to fulfill our obligations under the labor and social security legislation.
However, we believe that we will obtain your explicit, voluntary and informed consent based on the information provided to you herein.
XII. Information related to convictions and violations
We may only use information related to convictions and violations in cases where the law allows it. This will usually be in cases where such processing is necessary to fulfill our legal obligations.
XIII. Data sharing
We may share your personal data with third parties, including service providers.
We require that all third parties respect data security and comply with the data protection legislation.
We will share your personal data with third parties where required by law, where necessary for the administration of the employment relationship, or where we have some other legitimate interest in doing so.
Such third parties may include: hosting service providers, companies providing accounting, legal and payroll services, and others.
XIV. How do we ensure the security of your information when we provide it to third parties?
All service providers are required to take appropriate security measures to protect your personal information. They may not use your personal data for their own purposes, but only for the purposes we have determined and in accordance with our instructions.
XV. Data security
We have put in place appropriate measures to prevent the accidental loss, use or unauthorized access, alteration or provision of your personal data. In addition, we restrict the access to your personal data to those employees and third parties who need to receive such information. They will only process personal data on the basis of our instructions and in accordance with their confidentiality obligation.
XVI. How long will we use your personal data?
We will only store your personal data for the period for which we need it to fulfill the purposes for which we collected it, including to comply with the requirements of the labor, social security and accounting legislation.
In order to determine the appropriate retention period, we take into account the quantity, nature and sensitivity of the personal data, the potential risk of damage as a result of unauthorized use or provision of the data, the purposes for which we process them or whether we could achieve these purposes by other means, as well as the applicable legal requirements.
In certain situations, we may anonymize your personal data so that they may no longer be associated with you. As a result, we may continue to use the anonymized data without notifying you. Upon termination of your contractual relationship with us, we will store your information in accordance with our policies and legislative requirements and will securely destroy it after the retention period described in our policy and regulated by law has expired.
XVII. Right of access, correction, retrieval and restriction
- It is your obligation to notify us upon any change in your personal data. It is important that we keep your personal information accurate and up to date. Please notify us of any change to your personal data.
- Your rights in relation to your personal data:
- Access to information: This right allows you to obtain a copy of the personal data we keep about you and to check whether we have a legal basis for their processing.
- Correction: This right allows you to require that we correct any incomplete or inaccurate information about you.
- Retrieval: This right allows you to require that we retrieve or delete your personal data when we have no valid reason to continue processing it. You also have the right to require that your data be retrieved or deleted when you have exercised your right to object to the processing thereof.
- Objection to processing: In cases where we rely on our legitimate interests as a basis for processing, you may object to such processing.
- Restriction of processing: This right allows you to require that we temporarily suspend the processing of your personal data if, for example, you want us to establish the accuracy of the data or the reasons for their processing.
- Data portability: This right is limited to the cases where the data have been provided to us by you for the purposes of a contract and allows you to require that we provide your electronically stored data to a third party.
- Should you wish to exercise any of your rights as described above, please contact us at firstname.lastname@example.org
- Upon such request from you, we may need you to provide us with information confirming your identity. This requirement is part of our data protection measures and aims to ensure that personal information is not provided to a person who is not entitled to receive it.
- You have the right to file a complaint at any time with the Personal Data Protection Commission, the Bulgarian data protection regulator.
XVIII. Right to withdraw your consent
- If you have given your explicit consent to the processing of your personal data for a specific purpose, you have the right to withdraw such consent. To withdraw your consent, please contact us at email@example.com
Upon receipt of your request, we will suspend processing the data for the purpose(s) for which you initially agreed, unless we have another legal basis to continue the processing, of which we will notify you in a timely manner.
XIX. Data Protection Officer
Our core activities do not consist of processing operations which, due to their nature, scope and/or purposes, require regular and systematic large-scale monitoring of data subjects, or of large-scale processing of special categories of data and personal data related to convictions and violations. In view of the above fact, we are not obliged to appoint a Data Protection Officer.
Should you need any further information, please contact us at firstname.lastname@example.org
Amendments to this notice
We reserve the right to change and update this notice at any time. We will provide you with a new notice each time we introduce any amendments.