Declaration

REFERENCE: SOT 161 Privacy Policy

Main concern in handling personal data

SOT 161 processes your personal data in order to provide you excellent, quality and varied services. We continually strive to improve our service and achieve maximum customer satisfaction.

The security of the data you have provided is very important to us. It is crucial for the success of our business and for our standing in the community. We strive to protect your data by employing all relevant technical and organisational measures available to prevent unauthorised access, unlawful or malicious use, loss or early erasure of information.

We collect and process personal data only in strict compliance with the requirements of the local and European legislation. We are aware that the processing of your personal data is related to a specific reason and cannot be performed without limitation.

This Declaration, incorporated in the Privacy Policy developed by SOT 161, is intended to explain how and why we process your personal data.

How and why we use your personal data?

To implement an agreement or in the stage of pre-contractual relations

SOT 161 processes your identification data and other personal data in order to provide you with the services you have ordered and to perform our contractual obligations and exercise our rights provided under the agreements signed with you.

Processing is intended to:

Identify a client;

Prepare a proposal to sign an agreement;

Manage and execute your orders and implementing the signed service agreements;

Prepare and send bills/invoices for the services provided to you;

Provide you with your required overall service and collect technical and other information for maintaining the services provided;

Use courier services with renegotiated information and agreement drafts;

Service a transaction denial;

For information on the amounts due for the services provided;

Inform on anything related to the services we provide you, send various notices, notification of problems, errors or responding to your requests, complaints or suggestions;

Generate statistical information about our sales, services, customers and the so-called network traffic that we can also provide to third parties;

Identify and/or prevent unlawful actions or actions in contradiction with the terms of the relevant services;

Process data from your accounts/invoices for purposes that are consistent with the initial purpose of collecting them and making conclusions and analyses of the performance of our services;

Provide warranty and maintenance services of the technical equipment and devices.

To perform our regulatory obligations

We process your identification data, location data, current account opening data and other personal data in order to comply with our obligations under a regulatory act, such as providing information to:

The Ministry of Interior in compliance with the requirements of the Law on the Ministry of Interior (LMI), the Law on Private Security Activities (LPSA), the Law on Health and Safety at Work (LHSW), the Labour Code, the Law on Arms, Ammunition, Explosives and Pyrotechnic Articles (LAAEPA), the Road Traffic Law (RTL), the Communications Regulation Commission, and other government departments;

Providing information to the Consumer Protection Commission or third parties as provided in the Law on Consumer Protection;

Providing information to the Private Data Protection Commission in relation to the obligations under the legislation on the protection of personal data, i.e. the General Data Protection Regulation, Regulation (EU) 2016/679 of 27 April 2016, etc.;

Obligations provided in the Law on Accountancy and the Tax and Social Insurance Procedure Code and other related regulatory acts, in view of keeping lawful accounting;

Providing information to the court and third parties in accordance with the requirements of the procedural and substantive regulatory acts applicable to the activity.

With your consent

We process your personal data only with your prior written consent. If you grant the relevant consent, and until its withdrawal or termination of any contractual relations with you, we will prepare offers for services provided by SOT 161 which are appropriate for you.

Basic personal data include national identification number (EGN), full name, address, email, IP address, bank accounts, geolocation and any data that may disclose personal information or identify a person.

Consumption data: summarised data on the consumption of services provided by SOT 161, including type of service, total number of services and duration of use.

Any consent granted can be withdrawn at any time. The consent withdrawal will not affect the performance of the contractual obligations. If you withdraw your consent to the processing of your personal data SOT 161 will not use your personal data and information for the purposes set out above.

Withdrawing your consent will not affect the legality of the consent-based processing of data prior to its withdrawal.

In order to withdraw your consent you only need to complete a developed corporate data subject consent withdrawal form.

In view of our legitimate interest

We also use your identification data (except for your national identification number) to calculate the agreed prices of the services we provide, and to analyse your data in order to satisfy your requirements as much as possible.

What data do we process?

Identification data:

Identity card number, full name, national identification number (EGN), telephone number, mailing address, email address, bank account numbers, client number, code or other identifier created by SOT 161 for customer identification.

Traffic data:

Data required for providing electronic communications services; for charging; for preparing bills and proving their credibility.

Other data:

Information on the type and content of our contractual relations, and any other information relating to the contractual relations, including:

Recordings of calls made by and to clients and are intended to improve the service provided;

Emails, letters, claims, applications, complaints, information about your troubleshooting requests;

Recordings of security and alarm systems and video recordings made to ensure maximum security;

Preferences for the services we provide;

Other information such as: data provided through the company’s website and mobile applications; the operating system used, IP address when visiting the company’s website; other personal data provided by you or a third party upon signing or during the implementation of an effective contract, and in particular: the permanent address of the proxy specified in a document in which you have authorized him/her to represent you; social media profile data, contact person information;

When processing your basic personal and traffic data and the other data described for the purposes of providing services, paying them, executing your service requests, and performing our statutory obligations, this processing is required to perform these objectives. Without this data, we would not be able to provide the appropriate services. If you do not provide us with identification data, it would be impossible to sign a product or service agreement with you.

Why and how do we use automated algorithms?

For the processing of your personal data we use partially automated algorithms and methods to continually improve our products and services, to tailor our products and services to your needs in the best possible way or for calculation. This process is called profiling.

How do we protect your personal data?

To ensure adequate protection of data of the company and its clients we apply all necessary organisational and technical measures provided by the General Data Protection Regulation and the best practices of the international standards (ISO 27001:2013, etc.).

The company has appointed a Data Protection Officer and an organisation to prevent abuse and security breaches that support the processes of protecting and ensuring the security of your data.

For the sake of maximum security when processing, transferring and storing your data, we use additional protection mechanisms such as encryption, pseudonymisation, etc.

When do we delete your personal information?

As a rule, after the termination of the agreement we will stop using your personal data for the purposes of the contractual relationship, but we do will not erase them before the expiry of:

Six (6) years from the date of termination of the agreement or until the final settlement of all financial obligations and the expiry of the statutory obligations for data retention;

The deadlines provided in the LPSA;

The obligations under the Law on Accountancy for storing and processing of accounting data (10 years);

The statutory deadlines provided in the Law on Obligations and Agreements for lodging claims, obligations to provide information to the court, competent government authorities and other grounds provided by current legislation.

You should keep in mind that we will not delete or anonymise your personal data if it is required for a pending court trial, administrative proceedings or considering your complaint by us.

Your data can also be anonymised. Anonymisation is an alternative to data erasure. In anonymisation, any personal recognisable elements/elements enabling your identification are irrevocably deleted. For anonymised data, there is no regulatory requirement for erasure because it does not constitute personal data.

When and why do we share personal data with third parties?

We provide your personal data to third parties, and our main objective is to ensure that you receive quality, fast and comprehensive services by ensuring that the products and services we provide meet your expectations. We will not provide your personal data to third parties before making sure that all technical and organisational measures are taken to protect this data by striving to exercise strict control to meet this objective. In this case, we remain responsible us for the confidentiality and security of your data.

We provide personal data to the following categories of recipients (data controllers):

Competent authorities which, under a regulatory act, entitled to require the disclosure of information, including personal data, such as courts, prosecutors, various regulatory authorities, such as the Consumer Protection Commission, Communications Regulatory Commission, Commission for Personal Data Protection, labour inspectorates, the Ministry of Interior and authorities entitled to protect the national security and public order;

Postal operators with a view to sending shipments containing agreements, additional agreements and other documents and the need of identifications upon their delivery;

People who, by assignment, maintain any equipment, software and hardware used for processing of personal data and required for development of the company’s network and for providing various services for reporting, payment for services and products, technical support, etc.;

People providing service maintenance of terminal devices;

Installers: for installation or maintenance of technical devices to provide the service;

Providers of electronic communication services, in carrying out number portability;

Payment service banks for payments made by you;

People providing services for organising, storing, indexing and destructing archives on hard copies and/or on an electronic carrier;

People providing consultancy services in different fields.

Your rights with regard to processing your personal data

Right to be informed:

You are entitled to request:

Information on whether your data are being processed, the processing purposes, the categories of data and the recipients to which data is disclosed;

A communication in an easily comprehended form containing your personal data being processed, and any available information about its source;

Information about the logic of any automated processing of personal data relating to you, at least in the case of automated solutions.

Right to rectification:

In case we process incomplete or inaccurate/erroneous data, you are entitled at any time to request:

To erase, correct or block your personal data the processing of which does not meet the requirements of the law;

To notify third parties to whom personal information has been disclosed of any erasure, correction or blocking, except where this is not possible.

Right to objection:

You are entitled at any time:

To object to the processing of your personal data, provided there is a legal basis for doing so. Where the objection is reasonable, the personal data of the individual concerned can no longer be processed;

To object to the processing of your personal data for direct marketing purposes.

Right to restriction of processing:

You may request restriction of the processed personal data if:

The accuracy of the personal data is contested, the period during which its accuracy must be verified;

The data processing is unlawful, but instead of erasing it, you request the restriction of their processing;

We no longer need the personal data (for the respective use), but you need them for the establishment, exercise or defence of legal claims;

You have objected to processing of data pending the verification whether the grounds of the controller are legitimate.

Right to data portability:

You shall have the right to receive the personal data, which you have provided to us, in an organised, orderly, structured, commonly used and machine-readable format, where:

The processing is based on the agreement and the declaration of consent or on a contractual obligation; and

The processing is carried out by automated means.

Right to lodge a complaint:

If you believe that we are violating the applicable legal framework, you may contact us to clarify the matter. You have the right to lodge a complaint with the Commission for Personal Data Protection. After 25 May 2018, you will be able to lodge a complaint also with a regulatory authority within the EU.

Requests for access to information or for rectification shall be filed in person or by an explicitly authorised person under a notarised power of attorney. The request may also be made electronically, in accordance with the Law on Electronic Records and Electronic Signatures.

We shall respond to your request within 14 days of filing. In the event a longer period of time is reasonably required in order to collect all requested data and this seriously impedes our activity, this period can be extended to 30 days. By our decision we shall give or deny access and/or the information requested by the data subject, but always with a motivated response.

Updates and policy changes

In order to apply the most up-to-date protection measures and to comply with effective laws, we will regularly update our Privacy Policy. If the changes we make are substantial, we can post a communication about the changes made on our websites.

By regularly reviewing SOT 161’s Privacy Policy, you will be constantly informed about how we ensure the protection of personal data we collect and handle.

Pin It on Pinterest

Share This