The security of your personal data is extremely important to us. We act in your interest and are transparent regarding the processing of your personal data. Therefore, with this document, we want to inform you about the personal data we collect, who and how will process them, what we use them for, how long we will store them, and what protection measures we have taken to protect them. This policy is applicable to any type of information that we process in connection with the functioning of the website https://nik-agroservice.com/.
Who are we?
We are "NIK Agro Service" Ltd., UIC 201424000, with headquarters and registered office in Sofia, p.k. 1592, Slatina district, 11B Brussels Blvd. We are a controller of personal data and as such we are responsible for the processing and storage of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) and Bulgarian legislation.
Contact details of the Data Protection Officer.
- Stanislav Stoyanov Georgiev
- Sofia 1000, 55A Alexander Stamboliyski Blvd., 3rd floor, KGK office
Respecting the highest standards in the field of personal data protection and ensuring strict compliance with the provisions of the General Regulation on Personal Data Protection (Regulation (EU) 2016/679), "NIK Agro Service" Ltd. . engages a Data Protection Officer, which reports directly to the top management of the company. You have the opportunity at any time to contact the Data Protection Officer on all matters related to the processing of your personal data and the exercise of your rights under Regulation (EU) 2016/679.
In which cases do we process your personal data through https://nik-agroservice.com/?
We process your personal data when:
- submit a price request via the electronic form regarding the goods and services offered on the website;
- ask a general question and/or share your opinions, comments, and remarks regarding the website, using the contact form available at https://nik-agroservice.com/en/contact-us/
- subscribe to our newsletter;
What categories of personal data do we process?
Inquiries about the price of goods and services offered: When you make an inquiry about the price of goods and services offered, we require you to provide us with:
- three names;
- e-mail address;
- contact number;
- populated place.
At your discretion, you may provide other personal information contained in your request. Contacts If you decide to contact us via the provided feedback form, which you can find in the "Contacts" section, you need to provide:
- three names;
- e-mail address;
- contact number;
- populated place.
At your discretion, you may provide other personal information contained in your message. Newsletter subscription In case you subscribe to our newsletter to receive current news related to NIC, current and future promotions, information about new products and services, you need to provide:
What are the purposes of the processing of your personal data?
Your personal data may be used:
- to provide you with the necessary customer service by responding to a request sent by you for the price of our products and services;
- to answer your questions submitted through the contact form;
- for the purposes of direct marketing, providing you with information about services, products, promotions and/or information of "NIK Agro Service" Ltd. . and/or its partners;
- if necessary for the purposes of official proceedings such as civil cases, administrative investigations, etc .;
- for other purposes, when a certain current law obliges us to perform this processing.
On what grounds do we process your personal data?
Personal data shall be collected and processed in accordance with the grounds provided for in the General Data Protection Regulation. Art. 6, para. 1, p. "B" of the General Data Protection Regulation - "processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject before the conclusion of a contract" These are the cases of processing of personal data (three names, e-mail address, contact telephone number, location) when submitting inquiries for prices of specific products and services and submitting inquiries of the same and/or other nature from the "Contacts" section of the website. Art. 6, para. 1, p. "F" of the General Data Protection Regulation - "the processing is necessary for the legitimate interests of the controller or of a third party, except where such interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. " In certain cases, personal data ( e-mail address, names, contact telephone number ) may be processed on the basis of legitimate interests, as the Company complies with the restrictions of the General Regulation for Personal Data Protection when processing on such grounds. Art. 6, para. 1, p. "A" of the General Data Protection Regulation - " the data subject has consented to the processing of his personal data for one or more specific purposes" Based on free, specific, unambiguous, and informed consent, personal data (email address) is processed when subscribing to our newsletter. You have the option to withdraw your consent at any time. When we use your personal data for the purposes of direct marketing, sales newsletters, and marketing communications for products, services, promotions, and/or other offers that we believe may be of interest to you, you may at any time object to your conduct. direct marketing. You can exercise these rights:
- upon receipt of e-mail, by a single click on a link to refuse to receive advertising messages. The link is always in a visible place and understand what it is for;
- with a request to withdraw consent for the purposes of direct marketing
Art. 6, para. 1, p. "C" of the General Regulation on Personal Data Protection - " processing is necessary to comply with a legal obligation that applies to the controller" In certain cases, it is necessary to process personal data in connection with the legal obligations of the Company.
To whom can personal data be provided?
- Competent public authorities in compliance with legal provisions;
- Companies providing services to the Administrator for information maintenance and security of IT systems;
- Subcontractors - processing personal data.
How long do we keep your personal data?
The company stores personal data for the minimum necessary time:
- needed by law;
- it is necessary to fulfill a contract (including an order) and the responsibility under it;
- the purpose for which the data were collected and processed needs to be fulfilled; or
- until requested by the individual for their deletion or objection during the processing on the basis of "consent", after which they are destroyed without undue delay.
In all cases, "NIK Agro Service" Ltd. . provides at least once a year to review the collected and processed personal data and those of them that fall into any of the above hypotheses are deleted without undue delay.
How do we process children's personal data?
The use of our services by persons under 18 years of age is allowed only with the express consent of a parent/guardian / custodian (person with parental responsibility).
What rights do you have as a data subject?
You have the following rights, which the Administrator will assist at any time:
- Right to information
You have the right to receive information at the time of collection of your personal data about the data that the Administrator collects, who will process them, for what purposes, and on what grounds.
- Right of access
You have the right to request access to your personal data stored by the Administrator at any time. You also have the right to request the provision of a free copy of your personal data that is being processed.
- Right of adjustment
You have the right to request that your personal data be corrected in order for it to be up-to-date and accurate.
- Right to be deleted ("right to be forgotten")
You have the right to request that your personal data be deleted after it is no longer needed for the purposes of processing or after the grounds for processing have ceased to exist.
- Right to limit processing
In certain cases, you have the right to request a restriction on the processing of your personal data.
- Right of portability
You may request to receive your personal data in a structured, widely used and machine-readable format (ie in digital form), as well as request the transfer of your data to another administrator specified by you, if possible. and feasible.
- Right to withdraw consent
When the processing of your personal data is based on consent, you can withdraw it at any time. Thus, the Administrator is obliged not to process your personal data in the future.
- Right to appeal
You have the right to seek the protection of your rights through the Commission for Personal Data Protection (CPDP). The CPDP is an independent state body that monitors the legality of personal data processing activities. Complaints to the CPDP can be submitted in person or by letter to the address: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2; by fax - 029153525; electronically to the e-mail address of the CPDP - firstname.lastname@example.org . More information about the procedure can be found on the Internet address: https://www.cpdp.bg/ .
How can you exercise your rights?
You can exercise any of the listed rights by sending a written notice in free form to the address: Sofia, 55A Alexander Stamboliyski Blvd., p.k. 1000, fl. 3, "To the attention of Stanislav Georgiev - personal data protection official" or to the e-mail address: email@example.com with the subject of the e-mail "Request for personal information". The notification should contain at least the following: name, address, description of the request, the preferred form of communication, and actions under Art. 15-22 of Regulation (EU) 2016/679, signature, date of submission of the application, and address for correspondence. In case the application is submitted through a proxy, a power of attorney should be attached.
What measures have we taken to protect your personal data?
The administrator understands how important it is for your personal data to be properly processed and protected. The team of the Administrator has introduced adequate technical and organizational measures for the protection of your personal data. We use appropriate business systems and procedures to protect and ensure the security of the personal information you provide to us. We use security procedures and technical and physical bans on accessing and using personal data on our servers. Only authorized personnel to have access to personal data for the purposes of their work related to the provision of a service to the respective client/user. These measures, inter alia, ensure compliance with the principles underlying the processing of personal data by ensuring that your personal data is:
- Processed lawfully, in good faith, and in a transparent manner in relation to you as a data subject ("lawfulness, good faith, and transparency");
- Collected for specific, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes ("purpose limitation");
- Appropriate, related to, and limited to what is necessary for relation to the purposes for which they are processed ("data minimization");
- Accurate and kept up to date. We have taken all reasonable steps to ensure that inaccurate personal data are deleted or corrected in a timely manner, taking into account the purposes for which they are processed ("accuracy");
- Stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed ("storage restriction");
- Processed in a way that provides an appropriate level of security for personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures ("integrity and confidentiality");
- The controller is responsible and able to demonstrate that it complies with the basic principles related to the processing of personal data ("reporting").
When can we change this Policy?
The Version of the Privacy and Personal Data Protection Policy dated 20.10.2021