Intelligent Systems Bulgaria EOOD takes responsibility to ensure the security of personal data, which it collects and processes in a lawful, conscientious and transparent to the data subject manner.
Personal data is any information that relates to an identified or identifiable living individual who can be identified (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The managing of the personal data security complies with the Data Protection Act, its secondary legislation and Regulation (EU) 2016/679 – GDPR, through the embedded Information Security Management System, certified in accordance with the international standard ISO 27001.
Data that we collect
Intelligent Systems Bulgaria EOOD processes personal data only if it is lawful and to the extent that at least one of the following purposes is applicable:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.
In relation to the above conditions, Intelligent Systems Bulgaria EOOD collects information from the following individuals external to the company:
- Data subjects who has shown interest into our products and services (name, company, position, phone number and e-mail):
- Personal data in our firm web site for access marketing materials, demo versions, chat, contact forms, and more;
- Personal data when subscribing for a newsletter;
- Personal data contained in inquiries directly sent by e-mail.
- Job applicants (contact information education, training and professional experience) through:
- CV provided through web-based job finding platforms;
- CV sent directly by e-mail;
- CV submitted through the company website using the appropriate form;
- LinkedIn profile.
- Data subjects in their role of employees of a legal entity – contractors of Intelligent Systems Bulgaria EOOD in connection with the implementation of the contractual relations.
Automatically collected information
Automatic data processing, when necessary, is done using methods that do not have a data retrieval algorithm for a person, a subject of personal data, based on the output summary information resulting from the automatic processing.
When you access the websites of Intelligent Systems Bulgaria EOOD we collect information about domain/internet address (IP) from which the web site is used; browser type and system, time and date of the visit; search results and other similar parameters. This information is used only in an aggregated form without processing data for specific individuals, data subject and it is not provided to third parties.
Use of “cookies”
A “cookie” is a small file that is transferred from the website to your device when you visit. It helps to provide information about the subject behavior that can be used to customize the mode of operation. Intelligent Systems Bulgaria EOOD uses “cookies” only after prior notice and consent from the user.
Below you could find more information about cookies.
To improve the performance of isystems-group.com and to provide you with better and more interesting content, we use “cookies” technology – that is, small text files with data for a certain amount of time are saved in your browser. They track your activities such as sections and subsections visited, operating system, screen resolution, and more.
What cookies do we use?
Isystems-group.bg uses Google Analytics cookies (Google’s web analytics service) to aggregate anonymous usability data from users.
To give you extra control over Google Analytics cookies, Google offers a plug-in for some browsers: https://tools.google.com/dlpage/gaoptout?hl=en
How to reject or delete a cookie?
Some internet browsers accept cookies automatically. Regardless of your browser’s default settings, you can at any time deny, block, or delete any cookies that are stored on your device. You can find out how to do this in the Help menu on your internet browser or by visiting: http://www.allaboutcookies.org
Note that if you choose to delete or block the cookies used by isystems-group.com, you may not be able to access certain features or be prevented from further receiving interesting content.
How we process and use your personal data
Data that we process
Intelligent Systems Bulgaria EOOD processes personal data from the administrator’s (client’s) name only after having a written agreement between the parties. These data include:
- Test/demo client’s data and also a real data which are installed in our client’s systems;
- Access data for provided hosting;
- Remote access data to client’s environments.
How we use your personal data
1. For what purposes we process data?
For the purposes of marketing:
- To send certain information which we consider is useful, including marketing communications;
- To contact you by phone or e-mail about your interest in our products and services;
- To personalize our content and advertising that you see in our websites and apps in Internet;
Newsletter and marketing communications are sent after the recipient has given consent. You can opt out from providing such data in every message you receive.
For job applicants
The collected data during the searching for a specialist for our vacant positions or in cases of received CV which is sent directly to our e-mail is used only for the purposes of recruiting and hiring an employee for the needs of Intelligent Systems Bulgaria EOOD.
Interaction with Contractors
As part of the fulfillment of obligations under concluded contracts with clients, Intelligent Systems Bulgaria EOOD processes the following data:
- Contact data which is kept in the firm’s systems and project documents;
- Employees` personal data with access to HelpDesk system;
- Microsoft Customer Source/ Office 365 accounts.
2. For what purposes we retain and process personal data?
Intelligent Systems Bulgaria EOOD retains and processes the personal data in its capacity of administrator or processor only for the purposes for which it was initially collected, including the purposes related to contract management, human resources management, marketing, development/implementation and maintenance software products.
3. How we retain and process personal data?
Personal data is retained and processed in accordance to the implemented information security management system certified according to the international standard ISO 27001:2013 and in accordance with Ordinance № 1 of 30 January 2013 on the minimum level for technical and organizational measures and the type of protection allowed of personal data.
4. How long do we retain your personal data?
- Intelligent Systems Bulgaria EOOD retains collected personal data for the needs of the marketing only for the period of relevant objectives for collection of such data.
- Job applicant‘s personal data is retained for a period not longer than one year.
- Counteragent employees` personal data is retained for the period during which a claim may be made in relation to our dealings with you.
- Personal data provided for processing by data administrators is retained only for the processing period which is a subject to a written agreement between the parties.
5. When and how we share personal data?
Intelligent Systems Bulgaria EOOD can share personal data when it is allowed by law, in relation with corporate or financial change in Intelligent Systems Bulgaria EOOD or linked with it legal entities. Personal data can be shared to protect data subject’s vital interests, Intelligent Systems Bulgaria EOOD’s legitimate interests (in such cases the data subject’s interests and rights should be preferred) or when Intelligent Systems Bulgaria EOOD considers it necessary to share them because of legal reasons or to perform its legal duties or to respond to requirements by the competent supervisory authority.
6. Collection of data from persons under 16 years of age
Intelligent Systems Bulgaria EOOD does not process personal data from individuals under the age of 18. If we receive that kind of information through some of our communication channels, we will delete it immediately.
Ensuring security of personal data
Intelligent Systems Bulgaria EOOD maintains a high level of competence and awareness of its employees about the importance of secure retaining and processing of personal data which our entity processes in its role as an administrator, as well as in cases where the Company processes clients` personal data.
Intelligent Systems Bulgaria EOOD concludes a contract and/or additional agreements with its clients on the processes in which the company is processing personal data, with subcontractors for the processing of personal data and with persons who are assigned to process personal data but who are not subcontractors.
Intelligent Systems Bulgaria EOOD concludes agreements for confidentiality with its employees.
Intelligent Systems Bulgaria EOOD maintains registers for the processing of the personal data.
Intelligent Systems Bulgaria EOOD has implemented technical measures to protect personal data which includes:
• Access management
• Retain access information
• Security of the work station
• Security of the portable information
• Security of the internal network
• Server protection
• Security of the web sites
• Continuity of services
• Secure data destruction
• Secure data exchange with customers
• Physical security
• Use of encryption
• Data anonymization
When there is a risk of jeopardizing the rights and freedom of the individuals, as well as in cases specified by the Commission for the Personal Data Protection of the Republic of Bulgaria, Intelligent Systems Bulgaria EOOD assesses the impact of provided processing operations on the protection of personal data and takes all necessary measures to ensure the security of personal data.
Intelligent Systems Bulgaria EOOD documents every violation related to the security of personal data according to the current procedures of Information Security in project management, including the facts which relate to personal data breach, its consequences and what actions are taken to handle it in accordance with the incident handling procedures and the improvement of the security of the information and notifies the Commission for Personal Data Protection or the administrator whose personal data is processed about the accident in 72 hours.
Access to information, questions, objections and solving disputes
Every individual, data subject can take advantage of:
- Right to access: The data subject has the right to receive a conformation if his personal data is processed and if it is so to has access to the collected data which are related with him and to exercise that right to be informed about the processing and to verify his legality.
- Right to restrict the use of the personal information: The data subject requires the restriction of processing personal data by the administrator when the accuracy of the personal data is disputed, the processing is unlawful or Intelligent Systems Bulgaria EOOD does not need the personal data anymore for the purposes of processing but the data subject does not require his data to be deleted, and also when the data subject has rejected the data processing. Right to be deleted (right “to be forgotten”): To ask his personal data to be deleted when the personal information is no longer needed for the purposes for which it was collected, there is no lawful reasons to be processed or the personal data was illegally processed.
- Right to object: To object to the processing of his personal information for marketing purposes (including profiling), no matter if it is about initial or further process. The data subject is explicitly informed of the existence of this right which is presented to him in a clear manner and apart from any other information.
- Right to withdraw: To withdraw his agreement for the processing of personal information at any time. Withdrawal of the agreement does not affect the lawfulness of processing during the initial agreement. The data subject is informed of this before giving his consent.
- Right to correct: To ask from Intelligent Systems Bulgaria EOOD in its role of administrator to correct data subject’s incorrect personal data. Data subject has the right to require his incomplete personal data to be corrected including by adding a declaration.
- Right to data portability: To receive the personal data, which refers to the data subject and which he has provided to the administrator, in a structural, commonly used, and machine-readable format and to transmit this data to another data controller.
- Right to lodge a complaint with a supervisory authority: To lodge a complaint to the Commission for the Personal Data Protection of Republic of Bulgaria if he considers that the processing of his personal data is in violation to his lawful rights or to refer the case to the competent court, as well as obtain compensation for damages.
If you have any question about our privacy practice or if you have questions, demands or worries about your personal information, please contact with us at [email protected]