Privacy policy

Version 1 \ 01.11.2019

 

This policy specifies the manners of collecting, using and protecting the personal data of customers, suppliers, contractors applying for a job at I3T EOOD and other individuals providing their personal data to our company.

The policy is an integral part of the implemented Personal Information Management System. In developing it, we have been guided by the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and by the Law on Personal Data Protection.

We have taken the necessary measures to bring our activities in line with best practices and legal requirements aimed at protecting the information and its confidentiality. When collecting personal data of our customers, we follow the principles of the minimisation of the personal data being processed, legality, transparency and security. We strive to process only personal data that is essential and appropriate for the purposes of the company's business.

This policy applies to personal data collected through our website, by phone, in person, by e-mail, through related social media applications, by sending and receiving data from suppliers, contractors and partners of I3T EOOD and through technical devices used in providing our services. This policy also explains your rights as regards your personal data and how you can exercise such rights.

In the event that you refuse to provide your personal data required by us to render a service, we may be unable to provide you with the requested services.

When you share personal data with us, we process it in accordance with this Policy. Please read carefully the information contained therein. Should you have any questions or should you need further clarification on the processing of your personal data, please do not hesitate to contact us at: contact@i3t.io

 

CATEGORIES OF PERSONAL DATA PROCESSED

I3T EOOD shall process those personal data that is necessary and related to our activities, while acting as an administrator or processor of personal data - depending on the case.

Personal data processed in relation to the conclusion of agreements and provision of services

Depending on your relationships with I3T EOOD and the way of communication with us, we shall collect and process various types of personal data.

  • Personal data collected through the online inquiry form at https://www.i3t.io/ - names, phone number, e-mail, all data that you enter on a voluntary basis;
  • Personal data of individuals related to customers, partners and suppliers - names, personal ID numbers, number of ID document, position, address and phone number, e-mail of representatives and persons with whom contact is maintained;
  • Other personal data that you share with us - personal data contained in your letters or messages to us, in complaints, claims or alerts. 

Personal data processed when visiting the website

When visiting the company's website, we use automatic technologies to collect: your internet protocol address (IP identifies a device on the internet or a local network representing the identifier that allows information to be sent between devices on a network); login information, browser type and version, time zone settings, browser types and versions; information about the operating system and platform used; information about your visit and duration, including URLs that go to, through and from our website, as well as other similar information and statistics about your interactions.

Our website uses cookies and social plugins to operate better and more efficiently. When visiting the website, they automatically collect a limited set of information that could be used for analysis and for advertising purposes. To learn more about the information being collected and how to control it, please read our Cookie Policy. 

Personal data of other persons

In certain cases, I3T EOOD will process personal data of individuals:

  • Where the person is an employee of a legal entity with which I3T EOOD has a service agreement concluded - we process such data in connection with and in execution of the agreement;
  • Where the person applies for a job at I3T EOOD - full name; date of birth; photo; information about education and professional experience; CV and cover letters; data indicated by the applicant in the CV, etc.
  • Where the person is employed under an employment and non-employment agreement with I3T EOOD - we collect and process all the data necessary for concluding and executing agreements, maintaining employment records, payment of remuneration, exercising employment rights, exercising rights in case of temporary incapacity for work and long-term disability, ensuring healthy and safe working conditions.

When contacting us we recommend not sending information more detailed than that we need as specified hereinabove, including information that contains sensitive personal data (information on racial and ethnic origin, religious and political beliefs, membership of trade unions and political organizations, sexual orientation, health status, etc.). If, however, such data is sent to us by e-mail or other communication channel, we will not accept and process it. We will immediately take the possible practical measures to delete it, taking into account the way it has been sent to us. 

Personal data processed for the purpose of improving customer service and for advertising purposes

In order to improve our services and the quality of service, we shall process personal data contained in customer feedback forms, customer surveys and inquiries, statistics, data from complaints, claims and compliments. If possible, we shall process this data in an anonymized form.

For direct marketing purposes (based on your consent or our legitimate interest) we shall use your contact information to inform you about products and services offered by us and our partners, to send greeting cards and information on advertising campaigns. Should you do not wish to be contacted by us for this purpose, you may object to that as set out in the "Your Rights" section.

OBJECTIVES AND LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

We always process personal data in connection with a product or service we provide, and the processing is necessary to achieve any of the following purposes:

  • to process inquiries received by phone or through the website;
  • to identify the client and their representative authority ;
  • to prepare and implement an agreement for products/service agreement;
  • to manage, render and issue invoice for the services ordered by the client;
  • to process complaints, claims, recommendations, etc. communication with the client ;
  • to liaise with data subjects and their representatives in relation to sending important messages and notifications, for example;
  • for marketing purposes, if consent has been obtained or a refusal has not been received, in response to a conversation or a marketing communication from us received;
  • for other purposes specified in the customer agreement or in the relevant General Terms and Conditions for the services offered by us (where available).

Depending on the purpose for which the data is used, the legal grounds for processing personal data may be one or more of the following:

  • to prepare and implement a service agreement concluded between I3T EOOD and a client/supplier/partner;
  • to provide, manage, render and issue invoices for services ordered;
  • in case of obligatory data processing by virtue of a legal provision, including obligation to cooperate with and data transmission to public authorities and institutions;
  • to protect our legitimate interest;
  • to protect our rights and legitimate interests in collecting receivables arising out of contractual agreements, recourse claims, insurance claims, etc.;
  • to process complaints, claims, recommendations and other communication with customers, suppliers and partners;
  • to establish contact to send important messages and notifications, for example.

If you provide us with your consent, we shall process your data for the following marketing purposes:

  • to send you information about our services or products that are directed to the organization with which you work or which you manage;
  • to process the data for your company, contact, administrator and other data in order to recommend other of our services provided together with third party, products and value-added services that are suitable for you.

You could withdraw your consent you have given at any time by contacting us. If you refuse your data to be processed for marketing purposes, it will not be used in the future for the stated purposes. Withdrawal shall not affect the lawfulness of the processing prior to receipt of the refusal.

CATEGORIES OF PERSONAL DATA RECIPIENTS

We undertake to protect and safeguard your data by working only with trusted partners and suppliers. We shall never provide or sell your data. We respect your rights and always strive to comply with your requests as far as possible in accordance with our legal and operational responsibilities.

Your personal data may be processed on our behalf and by our trusted suppliers and subcontractors. We may entrust services that require processing of your personal data to providers of IT services, hosting services that may contain information about you, social networks, web analytics and search engines, use of tools to refine user-generated content, postal services and deliveries, advertising, marketing, digital and social media agencies to assist us in arranging advertising and marketing campaigns, analyzing their effectiveness and managing your contacts and questions.

We may share your personal information in order to comply with our legal and corporate obligations, to prevent fraud and/or to protect our interests or to improve our services.

When we protect our rights and legitimate interests and if we use the services of external consultants, lawyers, auditors, etc., we shall disclose to them the amount of personal data on the need-to-know basis in order to assist us and to provide the services for which we have hired them.

We may also provide your personal data to third parties in the event that:

  • we are obliged to disclose or share your personal data in order to comply with a legal obligation, to protect the rights, property or safety of I3T EOOD, our customers and employees or in connection with contractual and legitimate interests;
  • if you have given your consent;
  • in other circumstances, should we are entitled to do so by law.

You could obtain more information about who we share with and in what cases we share your personal data after sending an inquiry to I3T EOOD to the contact details specified hereinabove.

DATA STORAGE

We shall store your personal data only for a minimum time period necessary to meet your needs, to achieve the objectives set out herein, as well as where by operation of law or international agreement we are obliged or entitled to store it for a longer period of time. Where we no longer need your personal data, we shall delete it or make it anonymous so that you can no longer be identified thereby. In order to determine the retention period of your personal data, we shall apply the following criteria:

  • when you submit an inquiry through our website - as from the moment of its receipt and in the event that we subsequently have no contractual relationship, we shall keep your data for a period of 5 years;
  • when you have given your consent for marketing purposes or you have not explicitly refused, we shall keep your personal data until you withdraw and submit a withdrawal;
  • the data processed on the occasion of and in connection with the implementation of agreements concluded with customers, suppliers and partners shall be stored in accordance with the Bulgarian legislation for tax and accounting purposes, as well as for the purpose to be able to manage our rights (for example, to file claims) for a term of 10 years after termination of the contractual relationship. It should be borne in mind that in the event that subsequently the relationships are resumed, the retention period shall be monitored after the termination of the last contractual relationship;

Where there are cookies on your computer, we shall keep them for as long as necessary to fulfill their purposes (for example, for the duration of the login session).

You should keep in mind that during pending court and/or out-of-court proceedings, the data provided to us and stored may be subsequently processed for the purposes of such proceedings.

PROTECTION OF YOUR RIGHTS

We shall process your personal data only in accordance with the objectives and within the time periods specified hereinabove.

When we collect personal data, we do so in a minimal amount and only for preliminary clearly defined purposes and retention periods. We provide access to the data only to a limited number of persons who have been previously trained and instructed on how to deal with the data.

I3T EOOD has implemented an Information Security Management System in accordance with the requirements of ISO/IEC 27001, thereby ensuring the maintenance of adequate security measures for the protection of information and in particular personal data. The risk assessment, including the risk assessment as regards the rights and freedoms of the data subjects, is integrated with our Information Security Management System.

All users should be aware of the many risks associated with information security and should take appropriate steps to protect their own information and information processing devices. We do not assume any responsibility for violations that occur as a result of actions or omissions beyond our control.

YOUR RIGHTS

As a data subject, you are entitled to receive confirmation and/or detailed information about your personal data being processed, including a copy of your personal data processed (right of access).

In addition, you may object to the collection and further processing of your personal data, as well as ask it to be corrected (updated) or deleted (when we do not have a valid legal grounds to continue processing it).

It is also important to know that you can withdraw your consent to the processing of personal data at any time. You can exercise this right only for those categories of personal data that we process on the basis of your consent.

EXERCISE OF RIGHTS

To ask questions about your rights or should you wish to exercise any of them, please contact us at the contacts listed hereinabove.

We will respond to any of your requests without undue delay within a 30 days period as from receiving the request. Should we are unable to do so for reasons beyond our control, we will notify you in a timely manner stating the reasons for such delay.

In the event of doubt, we may request additional information to verify your identity. This shall be done so as to protect your rights and privacy.

If you wish to exercise any of the above rights and such request is obviously groundless, or if you particularly often wish to exercise your right, we may require you to pay an appropriate processing fee or even reject your request.

CHANGES IN THE CURRENT POLICY

This Policy is part of the Personal Information Management System implemented in I3T EOOD and is subject to periodic review and update, which will be announced on the company's website.