Privacy Policy

Privacy Policy

Effective Date: May 25, 2018

This website is managed by Crowe Bulgaria Advisory EOOD, UIC: 203636112, with registered office and address: 55, 6th September Str., Sofia 1142, Bulgaria tel. +359 2 44 565 90, fax: +359 2 42 663 05, e-mail: [email protected], website: http://crowe.bg/

The security of the data you entrust to us is of utmost importance to us. For this reason, we protect your data and your employees' data by applying all the appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information.

We collect and process personal data , which strictly follows the requirements of the Bulgarian and European legislation.

The current Privacy Policy aims to explain how and why we process the personal data of our clients and business partners as well as the personal data of their employees and / or business partners, individuals, as well as the data of the candidates in the selection of staff for filling vacant positions in Crowe Bulgaria Advisory EOOD or in Crowe Bulgaria Audit EOOD.

 

About us:

This current policy is applied by Crowe Bulgaria Advisory EOOD, a company registered in the Commercial Register of the Registry Agency under UIC 203636112 having headquarter and management address: 55 6-th September str., 1142 Sofia, Bulgaria, for contact: +359 2 44 565 90, fax: +359 2 42 663 05, e-mail: [email protected], website: http://crowe.bg/, as well as by Crowe Bulgaria Audit EOOD, Company registered in the Commercial Register of the Registry Agency under UIC 203465145 having headquarter and management address: 55 6-th September str., 1142 Sofia, Bulgaria, tel .: +359 2 44 565 90, fax : +359 2 42 663 05, e-mail: [email protected], website: http://crowe.bg/, hereinafter referred to as "the Organizations"

The companies provide financial and tax services, including financial audit and accounting services, tax consultancy, due diligence, corporate management services, etc.

 

Contact details for personal data protection

In the case of inquiries or comments related to the protection of personal data, you can contact directyly our Data Protection Responsible Person:

Crowe Bulgaria Advisory EOODCrowe Bulgaria Audit EOOD

Address: 55 6-th September str., 1142 Sofia, Bulgaria

E-mail: donka.[email protected]crowe.bg

Tel.: +359 2 44 565 90

Data Protection Responsible Person: Donka Pechilkova

 

Sources of information

  • Direct: We receive personal data during the process of establishing business relationships with our clients / partners individuals in connection with a professional services agreements from our portfolio or in order to prepare a draft contract. We receive personal data from individuals and other sources, including but not limited to: when applying for vacant positions in our Organizations or in our company's companies, information about visitors of our offices, business meetings or other similar events, via received business cards, completed online forms, newsletter subscribers, etc.
  • Indirect: Organizations indirectly receive information about individuals from different sources. We may be required to apply personal data to our customer relationship management documentation for better understanding of the needs of our customers, in order to fulfill a statutory obligation or protect our legitimate interests. Sources for receiving personal data by indirect means:
    • Business customers / partners - personal data provided by our clients and / or business partners who are data controlers of the same personal data. Information is obtained in connection with the performance of professional services and / or regulatory requirements. Examples of such activities may be to produce monthly salary calculations, carry out statutory financial audits, etc
    • Publicly available sources - personal data can be obtained from public registers, such as the Commercial Register, articles, sanction lists and internet search;
  • Social and professional internet sites - When contacting organizations with registered individuals in social and / or professional networks such as LinkedIn, Twitter, etc., it will be possible to collect the information or content necessary for the registration or entry that is allowed the social media provider to share with us;
  • Recruitment services - Personal data for individuals can be obtained from recruitment agencies in the recruitment process of the Organizations, including information from previous employers and colleagues;
  • Suppliers and subcontractors - personal data may be obtained from the representative and / or managing companies with whom we have business relationships. For example, in cases of signing a service / products agreement.

 

The personal data that we are receiving and processing are as follows:

Categories personal data:

We process data through which individuals could be identified, directly or indirectly, in connection with performance of a contract or in the context of pre-contractual relationships, as well as in order to comply with obligations that are provided in a legal or regulatory act. The information we receive and process may include the following data:

  • personal data related to selection of personnel - names of the individual, professional position (current and past), telephone numbers (including mobile telephones), postal address, e-mail, professional and career experience, education background, published articles, unwanted biometrics;
  • personal data relating to the conclusion of employment contracts, additional agreements and other documents related to employment law - in this case the necessary information includes but is not limited to: three names, a single citizen's number or a personal number of a foreigner, a date and place of birth, postal address;
  • personal data with regards to the signing of professional services agreements - names, year of birth, current job position, financial information such as income, taxes, investment interests, assets held, bank details, etc.

Special categories of data we process:

Generally, as a rule, our Organizations do not process special categories personal data. However, it is possible to obtain biometric data in the process of recruiting candidates for vacant positions in the Organizations; visitors in our premises; unwanted information about potential or existing clients and candidates who may disclose information about criminal convictions or crimes.

In case of necessity in the execution of a business engagement if it is necessary to obtain and process information for persons under the age of sixteen (16), we proceed in accordance with the legal requirements, obtaining the consent of their parent and / or guardian.

 

We do declare that the personal data we collect will only be used for the following purposes:

  • Recruitment of vacant positions, including personal data for the preparation of an offer for conclusion of a labor contract;
  • Preparation of an employment contract, supplementary agreements and other documents related to the labor-insurance law;
  • Preparation of a contract for the provision of professional services;
  • Providing accounting services;
  • Preparation of annual and / or interim financial reports;
  • Payroll services;
  • Perform annual and / or financial audit;
  • Implementation of financial and tax due diligence;
  • Preparation of tax returns, including filling in of the respective annexes;
  • Providing financial and tax advisory services;
  • Providing information to the court and third parties in court proceedings in accordance with the procedural and substantive rules applicable to the proceedings, including regulatory requirements related to measures against money laundering, terrorist financing, fraud, n .;
  • Serving registered users on our website

 

The basis that entitles us to process your data is as follows:

  • The processing of your data is necessary for the performance of a professional services agreement with you or with regards to our mutual intention to enter into a contract as well as to implement labor and insurance legislation at the Republic of Bulgaria, in accordance with local legislation in that field, including but not limited to : Labor Code, Social Security Code, Health Insurance Act, Personal Income Taxes Act, the Tax and Social Insurance Procedure Code, as well as the related regulations
  • Processing is based on the provision of professional services, following the of global, European and local legislation in the field of financial services. Part of the applicable regulations are: Labor Code, Social Security Code, Health Insurance Act, Accounting Act, Personal Income Taxes Act, Corporate Income Tax Act, Tax and Social Insurance Procedure Code and related regulations arrangements;
  • Processing is based on explicit Consent - in some cases we process personal data only after prior written consent. Consent is a separate ground for the processing of personal data and the purpose of the processing is specified therein;
  • Processing is necessary to comply with a legal obligation and to carry out a task of public interest, such as applying the provisions of the Law on Measures against Money Laundering, etc .;
  • Providing information to the court and third parties in the course of proceedings before a court, in accordance with the requirements of procedural and substantive legal acts applicable to the proceedings.

 

 

The following organizations / individuals may receive your personal data:

  • entities/individuals who, by assignment, support equipment, software and hardware used for processing personal data, technical support, etc .;
  • entities/individuals providing service support to terminal equipment;
  • bodies, institutions and persons to whom we are required to provide personal data under current legislation;
  • entities/individuals providing services of organizing, storing, indexing and destruction of archives in paper and / or electronic form;
  • entities/individuals performing consultancy services in various fields, such as Occupational, Labour Medicine Services, etc
  • transportation / courier companies in order to fulfill our contractual obligations to deliver contracts and / or invoices in paper form;
  • security companies holding a license to conduct private security activities;
  • the banks and payment service providers serving the payments made by you;
  • other data controllers, public bodies to which the Organizations provide your personal data processing your data on your own behalf and on your own behalf, such as the National Revenue Agency, etc.

 

Consent:

By receiving your consent to accept this Privacy Policy of Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD through a Privacy Policy, you authorize us to process your personal data only for the purposes stated by us. Consent is necessary to process both types of (ordinary and special) personal data.

In some cases when we want consensus on special (sensitive) personal data, we will always stated with motives why and how this information will be used. You may withdraw your consent at any time on the basis of Art. 7 and Art. 8 of the General Data Protection Regulation in a form of withdrawal of consent from the data subject sent directly to the Data Protection Responsible Person (on the above contact details).

Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.

 

Transmission of personal data to a non-EU/EEA countries or to international organizations

Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD do not intend to transfer your personal data to third parties outside the EU or to international organizations without your prior explicit consent.

In some rare occasions, when it is necessary to provide a professional service, it is possible to provide information to our partner companies located outside the EU in order to perform contractual obligations. In such cases, your explicit prior consent will be requested. Each organization is required to protect personal data through contracts we have concluded with those non-EU or EEA organizations containing standard data protection clauses that are in a form approved by the European Commission.

 

Period of storage of the personal data

The length of time that your personal data is stored depends on the purpose of the processing and the specific circumstances for which it is collected:

Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD will store your personal data for a period that complies with legal requirements, but not exceeding:

  • obligations under the Accountancy Act for the storage and processing of accounting data for a period of 11 (eleven) years;
  • the expiry of the limitation periods laid down in the Obligations and Contracts Act for a period of 5 (five) years after the expiry of the limitation period for repayment of the public claim, unless the applicable law provides for a longer period;
  • obligations to provide information to the court, competent state bodies, etc., grounds provided for in the legislation in force for a period of 5 (five) years after expiry of the limitation period for repayment of the public claim, unless the applicable law provides for a longer term;
  • obligations to provide information to the court, competent state bodies, etc., grounds provided for in the legislation in force for a period of 5 (five) years after expiry of the limitation period for repayment of the public claim, unless the applicable legislation provides for a longer term;
  • keep registers of all complaints and applications to which this condition applies and the replies to them for a period of two (2) years;
  • preservation of applications for vacant positions for a period of one (1) year, only after obtaining explicit consent of the data subjects. Otherwise, personal data will be destroyed in accordance with an approved Privacy Storing and Destruction Procedure after completion of the selection but no more than 3 (three) months after receipt;
  • pictures (video) - within 30 days of recording creation

The data will be stored as follows:

In Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD we work to protect the confidentiality and security of the information we receive in the course of our business. Access to such information is limited and there are policies and procedures designed to protect information from loss, misuse and unauthorized disclosure.

For the sake of high security in receiving, processing, and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation etc.

 

Your rights as a subject of personal data are the following:

At any time while we store or process your personal data, You (according to the terminology of the law - data subject) have the following rights:

  • You have the right to request a copy of your personal data from Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD and right to access at any time to your personal data;
  • You have the right to ask Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD to correct without undue delay your inaccurate personal data as well as data which are not up to date;
  • You have the right to ask Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD to delete your personal data without undue delay in any of the following circumstances:
    • personal data are no longer needed for the purposes for which they were collected;
    • when you have withdrawn your consent;
    • when you have objected to the processing,
    • when processing is unlawful;
    • where personal data must be erased in order to comply with a legal obligation under EU law or the law of a Member State that applies to us as a data controller;
    • when personal data has been gathered in connection with the provision of information society services;
    • onational or European legislation requires this.

    We may refuse to delete your personal information for the following reasons:

    • in the exercise of the right to freedom of expression and the right to information;
    • to comply with a legal obligation on our part or to perform a public interest task;
    • for reasons of public interest in the field of public health;
    • for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, insofar as erasure is likely to make it impossible or seriously hindering the attainment of the purposes of such processing; or for the establishment, exercise or protection of legal claims.
  • You have the right to request from Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD to restrict the processing of your personal data, in which case the data will only be stored but not processed. Our refusal to restrict will be explicit only in writing, and we are obliged to motivate it with the legitimate reason;
  • You have the right to withdraw your consent to the processing of your personal data at any time with a separate request addressed to the administrator;
  • You have the right to object to certain types of processing, such as direct marketing (unsolicited advertising messages);
  • You have the right to object to automated processing, including profiling;
  • You have the right not to be the subject of a decision based solely on automated processing involving profiling;
  • If we need to use your personal data for a new purpose not covered by this data protection statement, we will provide you with a new data protection notice and when and where necessary we will require your prior explicit consent for the new processing;
  • You have the right to ask Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD for personal data in a form convenient for transfer to another data controler or to ask us to do so without being hindered by our side.

All of the above mentioned requests will be forwarded if there is a third party (recipients, including outside the EU/EEA and international organizations) in the processing of your personal data.

 

Notification in case of violation of personal data security

When the personal data breach is likely to pose a high risk to your rights and freedoms, Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD will notify the Data Privacy Controller when they are in the role of Processor and will send you a duly notice of the breach of security in cases where they are in the role of a Data Privacy Controller. If individual information requires efforts that are disproportionate, we shall publish a public release so as to ensure equal awareness.

 

Updates and policy changes

In order to apply the most up-to-date protection measures and comply with current legislation, we will update this Privacy Policy regularly. If the changes we make are significant, we will post a message about the changes made to our website. We invite you to regularly review the current version of this Privacy Policy, to be constantly informed about how we take care of the protection of the personal data we collect.

This Privacy Policy was last updated on May 25, 2018.

 

This right will be applicable after May 25, 2018.

 

You have the right to appeal to the supervisory authority

You have the right to submit a complaint directly to the oversight body and the competent authority in Bulgaria is the Commission for Personal Data Protection, address: 2 "Prof. Tsvetan Lazarov str., Sofia 1592, Bulgaria, Tel: + 359 2 91 53 518, e-mail: [email protected], website: www.cpdp.bg

In case you wish to file a complaint about the processing of your personal data via Crowe Bulgaria Advisory EOOD or Crowe Bulgaria Audit EOOD (recipients, including outside the EU/EEA and international organizations), you can do so by contacting Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD or directly to the Data Protection Responsible Person (on the above mentioned contact details).

 

Online Privacy DECLARATION

 

What is personal data?

Pursuant to the General Data Protection Regulation (GDPR), personal data is defined as:

"Any information relating to an identifiable natural person or an identifiable natural person ("data subject"); an individual who can be identified, is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, mental, economic, cultural or social identity of that individual.

 

Why Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD collect and store personal data?

In order to be in a position to provide you with high-quality financial and tax services, including financial audit and accounting services, tax advisory, due diligence, corporate management services, etc., we need to collect personal identification data, such as names, place and year of birth, occupation, professional experience, education background, income, taxes etc. We guarantee that the information we collect and use is indispensable for this purpose and is not intended to enter your in your own personal space.

 

How do You use my personal information?

In this privacy notice, we detailed the purposes and reasons for collecting and processing your personal information. Our website may use cookies. When cookies are used, a statement explaining the use of cookies will be sent to the browser.

 

Shall you forward and share my personal data with other organizations or individuals?

We shall not sell your data to third parties, nor will we pass it on to obtain any benefit.

Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD may transfer your personal data to our service subcontractors who have entered into a contract with us.

In case we intend to transmit special (sensitive) personal data to a third party, we will do so only after we have received your explicit consent. (the exception will only exist if we are legally obliged to do otherwise)

All third parties who may receive your data are required to keep your data in a secure way and use them only to fulfill our obligations. When they no longer need your data to fulfill these obligations, they will have detailed instructions for their destruction.

Recipients of your data may also be state authorities to whom we provide them under specific and clear legal obligations.

 

How do you store my personal data that you collect?

Crowe Bulgaria and Crowe Bulgaria Audit EOOD will process (collect, store and use) the information you provide in a way that is compatible with the GDPR requirements. We will strive to keep the information accurate and current.

We will not store your personal information longer than is reasonably necessary to meet the specific purposes by which have been collected and notified to you herein.

Some of the storage times of the information depend on legal requirements to keep documents and information within certain minimum periods.

We will take all foreseeable technical and organizational measures to protect your data against unauthorized access.

Can I be aware what personal data you have and process?

The Otganisations are obliged at your request to respond to you what information we store for you and how it is processed.

In case we have your personal data you can request the following information:

  • contact details of the organization that processes or the name of your data processing;
  • contact details of the Data Protection Responsible Person;
  • targets of processing;
  • the legal basis for the processing;
  • the relevant categories of personal data being processed;
  • the recipients or categories of recipients to whom they are or will be disclosed;
  • the third-country recipients or international organizations if there is a transfer of personal data to them, and guarantees that their data security will be at least at EU level;
  • if the processing is based on the legitimate interests of Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD or a third party, information about these interests;
  • the foreseen term for which personal data will be stored;
  • detailed information regarding your rights to request correction or deletion of personal data or limitation of the processing of personal data, and to object to such processing;
  • information about your right to withdraw your consent at any time;
  • details of your right to appeal to a supervising institution;
  • information whether the provision of personal data is a mandatory or contractual requirement or a requirement necessary for the conclusion of a contract as well as whether you are obliged to provide personal data and the possible consequences of the failure to provide such data;
  • the source from which your personal data is collected, if it is not collected directly from you;
  • All details and information on the availability of automated decision making, such as profiling and any meaningful information about the logic involved in these operations, and the significance and expected consequences of such processing.

How do I access my data processed?

It is necessary to fill in a request for access, which you can obtain after contacting the contact data directly with the Data Protection Responsible Person or requesting the contact details of Crowe Bulgaria Advisory EOOD and Crowe Bulgaria Audit EOOD.

 

Location:

Country: Bulgaria

Address: 55 6th September str, 1142 Sofia

Phone: +359 2 44 565 90

E-mail: [email protected]

Website: http://crowe.bg/

You can contact the Data Protection Responsible Person directly here:

E-mail: donka.[email protected]

Tel.: +359 2 44 565 90

Fax: +359 2 42 663 05