PERSONAL INFORMATION PRIVACY POLICY OF ORTHO CONSULTING Ltd

Personal data administrator: Ortho Consulting Ltd, hereinafter referred to as the Company

UIC 205053441;

Seat and management address: Plovdiv, 38 Peshtersko Shose Blvd, floor 2, office 5V;

Representative: Tsvetomir Ivanov Badov;

Phone: +359 88 202 9841;

El. mail: info@badovorthodontics.com;

Website: badovorthodontics.com;

The company guarantees the confidentiality of the personal data of all individuals it deals with, and its use in accordance with this privacy policy, respectively, in accordance with Regulation EU 2016/679 of the European Parliament and of the Council of April 27, 2016 and the Personal Data Protection Act.

I. The following information is subject to collection by the Company is:

Names of natural persons, personal e-mails and telephones, place of work and position, billing address, bank account number or other banking and payment information in connection with the payments made.

II. Information is collected for the following purposes:

For registration in the courses organized by the Company, to answer inquiries, to provide services related to the training activities carried out by the Company, to provide access to video recordings to the Company’s customers, to carry out marketing activities, to conclude contracts with customers, suppliers, employees.

III. The personal data processing includes the following:

Entering the personal data mentioned in paragraph I, in a list of the respective course organized by the Company, in a list of the Company’s clients, in contracts with clients, suppliers, employees;

IV. The company takes technical and organizational measures for the personal data it administers, as follows:

  • Physical access control – control of the persons that enter, change or delete personal data, protection against unauthorized access to premises, equipment, devices for personal data processing;
  • Electronic access control – control of the persons that enter, change or delete personal data, protection against unauthorized use of personal data processing and storage systems;
  • Prevention of possible destruction or loss of personal data, as well as the ability to quickly restore personal data and access to it in the event of a physical or technical incident;

V. The company processes personal data in compliance with the following principles – Article 5 of Regulation EU 2016/679:

  • Processing in a lawful, fair and transparent manner in relation to the data subject;
  • Collection of personal data for specified, explicit and legitimate purposes;
  • Data minimization;
  • Accuracy of personal data and keeping it up-to-date;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;;
  • Processed in a manner that ensures appropriate security of the personal data,;

VI. The persons whose personal data are processed by the Company have the following basic rights – Chapter III of Regulation EU 2016/679:

  • Right to information and access to the processed personal data;
  • Right to rectification and erasure personal data;
  • Right to restriction of processing of personal data;
  • Right to notification regarding rectification or erasure of personal data or restriction of processing;
  • Right to data portability;
  • Right to object to data processing;
  • Right to object to automated individual decision-making, including profiling;

VII. Period of storage of personal data:

  • The data provided as a contractual requirement – until the expiration of five years from the date of the specific order;
  • Data related to collection and verification of accounting data and compliance with accounting reporting – accounting registers and financial statements, incl. documents for tax control, audit and subsequent financial inspections – until the expiration of ten years, starting from January 1 of the reporting period following the reporting period to which they relate, and for all other carriers of accounting information – three years, starting from January 1 of the reporting period, you follow the reporting period to which they refer;
  • Data provided on the basis of consent – until the consent iswithdrawn in the manner in which it was provided or until the expiration of five years from the date of your last visit of the Company’s website (Consent provided can be withdrawn at any time).

The national control authority for compliance with the provisions of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Personal Data Protection Act is the Commission for Personal Data Protection, address Sofia 1592, str. Prof. Tsvetan Lazarov No. 2, phone: 02/91-53-518, E-mail: kzld@cpdp.bg, webpage: www.cpdp.bg.