Notification, regarding personal data processing of Clients of DV Design architectural studio

Notification, regarding personal data processing of Clients of DV Design architectural studio

The current notification contains information regarding collection, retention and processing of personal data of clients of DV Design architectural studio (hereinafter DV Design). Additionally, the notification contains information about your rights in relation to your personal data processing, as well as the legal order to lodge a complaint if you consider that your data is processed unduly.

This privacy notice has been developed by DV Design and contains information on:

  • the controller responsible for the processing of personal data;
  • the processed categories of personal data;
  • the conditions under which personal data are processed;
  • the purposes and legal grounds for the processing;
  • retention periods and the applied measures for data protection;
  • the rights of the clients as data subjects within the meaning of the GDPR;
  • as well as in which cases and in what manner we disclose your data with third parties.

Who bears responsibility for your data processing?

Responsibility for your personal data processing is borne by “DV Design” EOOD, UIC: 131522008, with seat and address of management at: Sofia 1000, “Sredets” district, No. 5 Slavyanska Str., floor 6, office 33-34, Republic of Bulgaria, web page: http://www.dv-design.biz.

In case you request more information, regarding your personal data processing or if you wish to exercise any of your rights as well as if you suspect that your data is used unduly, you may send us a letter to our mailing address or via e-mail at info@dv-design.biz.

Why do we collect your personal data?

DV Design processes your data:

1. to identify you or the represented by your Company as a client of DV Design and to communicate with you or with the represented by you Company regarding the conclusion and performance of the contracts for our services;
2. to meet the obligations arising for DV Design under the law with regards to collecting and processing data for its clients;
3. in the process of carrying video surveillance in the offices of DV Design for the protection of the Company’s employees and its property;
4. to protect the interests of the Company in the event of legal disputes with regards to non-fulfillment of the agreements for our services;

What kind of data do we collect?

DV Design processes the following categories of personal data: names and other data, that may identify you, including signature, contact details (email, address, telephone), bank account details; data that the DV Design is obliged to collect by law, data related to the protection of the rights and interests of the clients, including special categories of data, as well as image, insofar as the DV Design offices are provided with video surveillance, which shall be marked with the relevant information marks and signs.

What are the legal grounds on which we process your data?

In accordance with the GDPR DV Design processes your personal data only on valid legal grounds. Namely, DV Design processes your data on the following legal grounds:

  • with regard to your name and other data that identifies you, including a signature, as well as the contact details - for the conclusion of the agreements for our services;
  • with regard to personal data related to the subject of the contracts related to the services we provide - for the performance of the contracts;
  • data regarding images collected by video surveillance - based on the legitimate interest of the Company in ensuring the security of its employees and property;;

What measures for the security of the collected data we apply?

The protection and security of your data is important to us. In order to prevent loss, misuse or unauthorized access to your data, we apply all reasonable measures and remedies, including the obligation for the confidentiality of all employees and contractors of DV Design, implementation of technical measures to protect computers and systems by which personal data are processed, the video surveillance is carried out in the premises where the personal data documents for the Clients are stored, as well as trainings for data protection amongst our employees. If you have any doubts about an infringement, please contact us immediately through the contact details mentioned above.

What are the periods for storing your personal data?

Personal data processed for the purposes of concluding and executing of contracts shall be stored for a period of 5 years (the limitation period according to the Bulgarian legislation) starting from the calendar year following the year of termination of the relevant agreement..Personal data related to accounting documents shall be stored for the following periods according to Art. 12, para 1 of the AA: for accounting registers and financial statements, including documents for tax control, audit and subsequent financial inspections - 10 years; for any other carriers of accounting information - 3 years. Video recordings of the cameras shall be stored for 30 days after which they shall be automatically deleted.

What rights do you have in relation to your data processing?

GDPR provides the following opportunities for the protection of individuals regarding the processing of their data:

  • the right to be informed about the manners and periods for processing of the personal data;
  • the right to object to the processing based on the legitimate interest of the company. If the processing does not comply with the Applicable laws it shall be ceased or limited immediately;
  • the right to correct inaccurate data reflected in the documents stored by GPLO;
  • the right "to be forgotten" when the retention periods for the data has expired, no valid legal ground for the processing can be specified or the processing is no longer necessary;
  • the right to withdraw your consent for the disclosure before third parties of your data in case such consent has been provided using the consent form below;
  • the right to lodge a complaint at any given moment and without the need to exhaust in advance the inner procedure for appealing our processing activities with the competent Data Supervisory authority (see more information below).

How do we share your personal data with third parties?

We can disclose to third parties your personal as follows:

  • to state and local authorities, as well as courts for the performance of concluded contracts for our services;
  • to competent tax and other public authorities for revision or when required by the applicable law;
  • to the partners of DV Design, including accountants, lawyers and other consultants;
  • in the case of team changes, mergers or acquisitions, your data may be shared with the new partner (s) and consultant (ies) for which you will be notified.

In any case, your data will not be shared with entities located outside the EEA (EU, Norway, Iceland and Liechtenstein) unless explicitly permitted by local law and adequate measures for data protection are in place.

How to contact the competent data supervising authority?

Notwithstanding the foregoing, in case of any complaints you have the right to contact the Commission for Personal Data Protection (CPDP):

  • In-person, at 2 Prof. Tsvetan Lazarov Str., Sofia;
  • by letter, to the address: Sofia 1592, No.2 Prof. Tsvetan Lazarov;
  • by fax - 029153525;
  • the e-mail of the CPDP - kzld@cpdp.bg;
  • using the CPDP website: https://www.cpdp.bg/