Personal Data Policy
This policy has been developed and implemented by INCERT EOOD. ("we", Unique Registration Number: 205511883, address management: Sofia, Kalimantsi 45 Street, Office 3. The policy applies to the entire scope of the activity of INCERT EOOD – provision of services by a management systems certification body and training provision.
In the policy we declare how the personal data we collect in the process of providing our services is used, including at our website website incert.bg.
What data do we collect about you and how?
INCERT EOOD is a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)) or also known as "GDPR".
The personal data we collect may include name, telephone, job title, email, contact address, official address, address of residence, as well as any other information provided voluntarily by the holder of the right to the protection of personal data to achieve previously agreed objectives between the two parties.
The personal data we process is information you provide that we need in order to be able to provide you with our services, as well as:
to keep up-to-date information about our customers and employees;
to analyse our performance and the services we provide;
to meet specific regulatory requirements;
We collect information about you when you fill out forms on our website or send us completed training requests or inquiries by e-mail and otherwise explicitly agreed between the parties.
We use our website solely for the purpose of presenting our services and do not use cookies or other tools for collecting information.
How do we use the personal data you have provided to us and for what purposes?
We understand how significant the problem of personal data protection is and the importance of maintaining trust in our partners and customers. Therefore we use the personal data provided to us by our customers and employees solely for the purposes for which they have explicitly consented, to perform a contract or for actions at your request to prepare a contract or compliance with specific legal obligations.
In some cases, to provide you with a service, we will need to provide your personal data to third parties that are our suppliers, e.g. tutors in training courses, accommodation venues, etc. The data we provide to them is solely to perform specific tasks within our services, and those third parties receive only the information they need to perform their tasks. Furthermore, all of them have concluded contracts that oblige them to ensure the security of this information and not to use it for purposes other than those expressly defined.
We do not share your personal data with other companies or organisations to use it for their commercial purposes.
Measures to protect the personal data we collect
When you provide us with personal information, we apply technical and organisational measures to ensure that it is protected for both paper and electronic information.
For how long we store the personal data
We keep your data for a period of five years, unless another specific period is specified in a legal act or contract.
Access to your information, rectification, portability and deletion
You have the right to request a copy of the information about you that we hold. If you wish to receive a copy of any part or all of the personal data we hold, please send us a message to office@incert.bg. We will respond to your request as soon as possible, but no later than one month from the date of its receipt.
By a message to the specified email, you may ask us to correct information about you that you believe to be inaccurate or delete it completely.
Objection to the use of personal data
You have the right to object to processing your personal data on grounds relating to your particular situation. However, we may refuse only if we prove that there are compelling legal grounds for processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Data portability
You may also receive the personal data you have provided in a structured, commonly used, and machine-readable format. You have the right to transfer the data to another data controller, provided that the processing is based on consent or contract and/or the processing is carried out automatically.
Right to be forgotten
If you wish to completely delete any information we store about you, write to us at office@incert.bg or to the manager of INCERT EOOD at 1505 Sofia, Kalimantsi 45 Street, office 3.
Other websites
Our website contains links to third-party websites whose content and functionalities we cannot control. Only our website falls within the scope of this policy, and when you enter other pages you need to familiarize yourself with their privacy policies.
Complaints
If you believe that your personal data is processed in a way that does not comply with the GDPR, you can file a complaint with the control body in the Republic of Bulgaria – the Commission for Personal Data Protection.
Changes to this policy
This policy will be reviewed at least once a year or if necessary, and we will always inform you of changes.
How to contact us
If you have any questions related to your personal data and information that we hold about you, you are welcome to contact us by email: office@incert.bg or at: 1505 Sofia, Kalimantsi 45 Street, office 3.