GOTMAR LTD 115076001 (“GOTMAR” or “We”) accepts its obligations pursuant to the General Data Protection Regulation (Regulation (ЕU) 2016/679) and the relevant Bulgarian law and strives to comply with the highest applicable standards and good practices for personal data processing. The competent supervisory body with regard to protection of personal data processed by GOTMAR is the Commission for Personal Data Protection of the Republic of Bulgaria.
- Data controller: The natural or legal person determining the purposes for and means of data processing.
- Data processor: The natural or legal person processing personal data on behalf of the data controller.
- Data subject: Identified or identifiable live natural person.
- Data breach: Breach of security leading to, e.g. accidental or illegal destruction, loss, change, unauthorized disclosure access, transmission, storage of personal data.
- Personal data: Any information related to the identified or identifiable natural person (“data subject”); identifiable natural person means a person who can be identified, directly or indirectly, by information such as name, identification number, location data, one or more factors characterizing the physical, physiological, genetic, economic, cultural or social identity of that individual
- Sensitive personal data: Personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership in trade unions as well as processing of genetic data, biometric data for the sole purpose of identification of the natural person, data of the health status or data of the sexual life or sexual orientation of the individual.
- Processing: Every operation or combination of operations performed with personal data, no matter whether by automatic or other means such as collection, entry, organization, structuring, storage, adaptation or change, extraction, consultation, use, disclosure by transmission, dissemination or in a different way by which data become accessible, organization or combination, limit, erasure or destruction.
General Data Protection Regulation
As of 25 May 2018, the General Data Protection Regulation (“GDPR”) will be valid in all member-states of the European Union. From this date, GOTMAR will comply its activities with GDPR and the principles of personal data processing.
The six principles of personal data processing set forth in GDPR stipulate that personal data must be:
- Processed lawfully, conscientiously and transparently to the natural persons
- Collected for specific, explicitly stated legal purposes and not be further processed in a way incompatible with these purposes.
- Suitable, related to and limited to the extend necessary for the purposes they are processed for
- Accurate and, if necessary, regularly updated
- Stored in a form allowing identification of the data subject for a period no longer than the one necessary for the purposes personal data are collected.
- Processed in a way guaranteeing a suitable level of security for the personal data
GDPR stipulates the following rights to natural persons for their personal data:
- Right of information (this right is exercised by the provision of clear and easily identifiable privacy notices explaining how and for what purposes “Doverie” uses your personal data and what are your rights related to data processing)
- Right of access to the processed personal data and information on their processing
- Right to correct your personal data when they are inaccurate or incomplete
- Right to restrict processing under the conditions of applicable law
- Right to delete personal data when “Doverie” has no legal grounds to continue data processing
- Right to portability of your data between different service providers
- Right to object against certain activities of data processing such as direct marketing
- Right not to be the subject of automated decision-making with significant effect on you
ОGDPR stipulates six legal grounds, on which personal data may be processed::
- The data subject has given informed consent for processing personal data for a specific purpose
- Processing is necessary for entry into or performance of a contract with the data subject
- Data processing is necessary for observation of legal obligations
- Processing is necessary for the protection of vital interests of the data subject or other individual
- Processing is necessary for performing a task of public interest
- Processing is necessary for the legitimate interests of the data controller or a third party except when the fundamental rights and freedoms of the data subject override this interest.
Principles of data processing in GOTMAR
GOTMAR shall undertake all steps necessary for bringing its activities in compliance with European and national data protection legislation and shall apply the following principles in its business:
- GOTMAR employees are informed of applicable rules and trained to process personal data with the due care and in compliance with established good practices.
- In its activities of production of PET performs, production of caps and handles for bottles from РР and РЕ, manufacture of products from thermoplastic polymers by injection moulding, production of packaging for the perfumery and cosmetics industries, production of matrices. GOTMAR works only with well established organizations and avoids working with companies suspected for being potential threats to the security of data of individuals.
- GOTMAR adopts good practices in the introduction and administration of security systems and observes technological development with respect to possible risks for the security of company network.
- GOTMAR observes the security of computer systems and personal data contained in them, including possible access to different types of personal data for employees. GOTMAR ensures that access is given only to the personal data necessary for performance of the work of relevant employees.
- GOTMAR maintains suitable administrative, technical and organization measures for the protection of security and privacy of personal data of employees as well as the protection of such data from accidental or illegal destruction, accidental loss, unauthorized corrections, disclosure or access, abuse and all other illegal forms of processing.
- Access control and video surveillance are used on the entire territory of the plant; the rooms where personal data are processed and stored are restricted only to the employees processing these data;
- To perform its obligations for protection of its employees’ data GOTMAR has provided protected servers located on the territory of the company to which only the IT Unit has access – supervisors and specialists.
Personal data processed by GOTMAR
Personal data means not only facts but also opinions / assessments of an individual. Personal data processed by GOTMAR can be conventionally divided into four categories
- Staff and associates of GOTMAR, job applicants and former employees;
- Natural persons who are GOTMAR’s clients under contracts for sale and purchase of ready production, vehicles, etc.;
- Natural persons (g. attorneys, auditors, other independent consultants) and representatives, contact persons, employees of clients, partners and suppliers of goods / services with which GOTMAR has or intends to enter into contractual or real relations (e.g. legal representative of clients – legal persons, providers of transport and forwarding services, providers of telecommunication services, software and / or hardware solutions and infrastructure).
Employees, associates, job applicants: GOTMAR processes personal data under labour or service contracts or data of job applicants. In general, GOTMAR processes these data for the purpose of preparation and execution of labour and other contracts as well as to perform its legal relations in the capacity of employer. For more information, please read Privacy Notice: Employees and Persons under Service Contracts with GOTMAR here.
Natural persons – individual clients:
GOTMAR processes the data of natural persons – individual clients under contracts of sale and purchase. We process the data of our clients – natural persons as far as it is necessary for the performance of the contract signed with them.
For more information, please read GOTMAR’s Privacy Notice for negotiations and entering into transactions with natural persons here.
Representatives, contact persons and employees of clients, partners and suppliers of GOTMAR – for more information, please read the privacy notice – commercial contracts of GOTMAR here.
Sometimes, GOTMAR may disclose personal data of its clients or employees / representatives of its clients, partners or suppliers to state bodies or other natural or legal persons – e.g. providers of software and /or hardware solutions and / or infrastructure because of legal obligations or legitimate interests, as the case may be.
Special data categories
GOTMAR shall not process sensitive personal data of its clients – natural persons or employees / representatives of clients, partners and suppliers.
Personal data storage
GOTMAR stores different types of personal data contained in different documents for clearly defined periods. The set periods of storage are always in compliance with the purposes for which personal data are processed. These periods are stated in GOTMAR’s Policy of Storage and Destruction of Documents.
Exercise of the rights of data subjects
In case of submitting requests for exercise of the rights of data subjects, GOTMAR shall establish contact with the natural person in a concise, understandable and easily accessible form, with clear and simple words, especially for persons under the age of 18.
In exercise of the rights of data subjects, GOTMAR has the obligation to duly identify the natural person in order to prevent the risk from unauthorized access to personal data.
The information about GOTMAR’s activities undertaken for the request submitted in exercise of the data subject’s rights will be presented to natural persons without any reasonable delay and in any case within one month after receiving the request.
Any information on the exercise of the rights of data subjects will be presented by GOTMAR free of charge except if the requirements are clearly ungrounded or excessive.
For more information on your rights related to GOTMAR’s processing of your personal data, see our Rules on the Exercise of Rights of Data Subjects.
Security of personal data
GOTMAR maintains secure computer systems for the processing of personal data. Our systems use adequate control mechanisms for the separation and management of data.
GOTMAR has strict policies and procedures imposed on its staff to minimize the risks resulting from personal data processing.
GOTMAR has undertaken procedures for the effective recognition, reporting and investigation of data breach. In case of data breach, GOTMAR shall undertake immediate measures to limit the effect of breach and to inform the affected data subjects and the supervisory authority exercising protection of personal data.
GOTMAR will update in due course by amending and supplementing this Policy at any time in the future when legal requirements or other circumstances so require.
If you want to receive more information on data processing performed by GOTMAR, please contact us or our data protection officer as follows: