Policy on privacy and protection of personal data of Partners of "Sectron" Ltd.

1. Introduction.

1.1. Please read carefully this document concerning Privacy and Data Protection Policy for all Sectron’s Partners ("Policy/s") and in case you have any questions related to its content, please contact the Data Protection Officer of the personal data in "Sectron" Ltd. through the means of communication published below.

1.2. The policy complies with the requirements of the legislation in force on the date specified in section 11, including the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union ("Regulation/s").

1.3. "Sectron" Ltd. with UIC 831144177, registered office in Sofia and management address 52 "D-r. G. M. Dimitrov" boulevard, office building Sectron/SOT ("Sectron" or "Company") is the administrator of personal data that it processes solely and only in accordance with applicable legislation.

1.4. As a leading company in the security systems sector, Sectron maintains and steadfastly adheres to high standards in the processing and protection of personal data, as the privacy of this data is of the utmost importance to us.

1.5. The policy also has the nature of a Privacy Notice.

1.6. In the Policy, unless the context dictates/requires otherwise:

1) All titles used in this document are only for convenience and do not influence the interpretation of the texts of the Policy.

2) words used in the singular include the plural and vice versa;

3) the reference to a section, article, point or appendix is ​​a reference to a section, article, point or appendix of the Policy.

2. The purpose of the Policy is to clarify:

1) basic concepts and/or definitions.

2) the personal data that Sectron processes.

3) what the processing consists of, its purposes and whether we provide your personal data to third parties.

4) terms of personal data processing.

5) your rights provided for in the Regulation and the procedure for exercising them.

6) the information related to the personal data protection officer at Sectron.

7) what we do to ensure the security and integrity of your personal data.

8) the actuality and changes in the Policy.


3. Concepts and/or definitions used in the Policy.

3.1. "Personal Data" means any information relating to an identified natural person or an identifiable natural person ("data subject").

3.2. "Data subject" is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or by one or more characteristics specific to the physical, physiological, genetic, the psychic, mental, economic, cultural or social identity of that natural person.

3.3. "Processing" means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.

3.4. "Administrator" means a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data.

3.5. "Processor of personal data" means a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller.

3.6. "Consent of the data subject" means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the processing of his personal data.

3.7. "Personal Data Security Breach" means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of Personal Data that is transmitted, stored or otherwise processed.

3.8. "Supervisory authority" means an independent public authority that carries out overall control of compliance with legal acts in the field of personal data protection and is responsible for monitoring the implementation of the Regulation in order to protect the fundamental rights and freedoms of natural persons in relation to processing.

3.9. "Partners" of Sectron are all natural and/or legal entities:

1) with whom we have commercial relations - our customers, suppliers, subcontractors, franchisees and others; and/or

2) who use the website www.sectron.com, the Support Center, the Partner Portal or other information resources/systems of Sectron, all together referred to below as "Site/s"; and/or

3) persons employed under a civil contract by Sectron, who assist the Company in carrying out its commercial activity; and/or

4) who take training courses or participate in marketing events organized by the Company; and/or

5) who reside in or on the adjacent territory around Sectron facilities - central office, regional offices, warehouses or others.

Before using the Site, please read the terms here.


4. Personal data that Sectron processes.

4.1. When carrying out its commercial activity, Sectron as an administrator may process the following personal data of its Partners:

1) identification data - three names, a uniform civil number or personal number of a foreigner, other data from an identity document (number, date of issue, issuer), position, user name and password for access to the Site;

2) communication data – permanent or other contact address, telephone numbers, e-mail;

3) payment information – bank account numbers and/or other payment or banking information related to payments from and to Sectron;

4) customer information – customer number or other identifier created by Sectron for identification of Partners;

5) other data - video recordings from the video surveillance system at Sectron sites, "live" monitoring for the implementation of monitoring control through this system in the company's central office, photo and video material from official events, handwritten signature;

6) "online identifiers" when using the Site - IP address accompanied in a standard log with the date and time of the visit, functional temporary cookies (cookies), the sole purpose of which is to establish the location of the device through which the Site is accessed , to determine its language version. Sectron does not use cookies to monitor or analyze the behavior of users of the Site

7) interests regarding the goods and services that Sectron offers.

4.2. Sectron processes personal data only of persons who have reached the age of 18 and are legally competent. Therefore, if you do not meet the condition of the previous sentence, you do not have the right to register on the Site or use it, provide services to Sectron or receive services from the Company, and we will not accept your unilateral statement. Sectron is not responsible in the case of accidental processing of personal data of a person who does not meet the specified age and legal capacity restrictions, as we do not collect any personal data regarding the age and legal capacity of persons, except in cases where the law obliges us to verify the data from your identity card or other document containing similar data.

4.3. Sectron does not, as an administrator, process videos and/or photos with automatic means of unique identification.

4.4. Sectron is not responsible for the accuracy of the information provided by you or by the entities under Art. 5.1. data and does not perform checks for this. Only you and the entities under Art. 5.1. you are responsible for your actual identity and the accuracy of the data you provide to us.


5. What is the processing that Sectron performs and for what purpose we do this.

5.1. Sectron collects personal data under Art. 4.1.:

1) personally by you or

2) by a legitimate representative of the legal entity in which you are a worker or employee or

3) by other administrators, when there is a legal basis for this, including your express consent or

4) by competent authorities in the exercise of their powers.

5.2. Sectron stores personal data in electronic form and/or on paper.

5.3. Sectron enters part of the personal data under Art. 4.1. in an ERP system and/or other information systems in order to effectively manage and account for business processes, including the services that the Company provides or receives, and communication with Partners.

5.4. Sectron corrects the personal data when it detects a change in them on its own initiative or upon notification/request by the subjects under Art. 5.1.

5.5. Sectron can provide specific personal data to third parties only in the following strictly defined cases:

1) when this is provided for in a regulatory act, or

2) when this is requested in accordance with the procedure provided for by law by a competent authority, or

3) when we have received your express consent to do so, or

4) when this is imperative for the purposes of your legitimate interest and/or the legitimate interests of Sectron and this does not violate regulatory requirements.

These third parties may be:

1) competent authorities;

2) financial institutions for the purposes of payments between you or the legal entity in which you are a worker or employee and Sectron;

3) operators licensed to perform the services under Art. 39 of the Postal Services Act;

4) Sectron partners through which you or the legal entity in which you are a worker or employee receives services or provides services to the Company;

5) companies performing technical support of Sectron's information systems - usually in these cases we do not provide access to the databases with your personal data. In extremely rare cases, when it is not possible to carry out maintenance in any other way, we only provide access to these databases, following extremely strictly that your personal data does not leave Sectron's information systems in any way;

6) lawyers and/or law firms and/or other consultants of the Company.

In all these cases, Sectron strictly observes the principle of providing only personal data that is absolutely necessary to achieve the specific goal, and only to persons who apply the necessary technical and organizational measures to protect the personal data provided to them.

5.6. Sectron uses certain personal data for the following purposes:

1) registration, creation, editing, maintenance, provision of access or deletion of your user profile on the Site;

2) operation and provision of services available on the Site;

3) preparation, conclusion and/or execution of contracts/agreements or unilateral transactions and/or other unilateral statements - for example, for preparing offers, protocols, powers of attorney, declarations, applications, requests, certificates, invoices and others;

4) provision of services by Sectron, outside of the hypotheses of the previous item 3 – for example, adjustment, repair or other activities regarding equipment in a Sectron service center or at your location, preparation and conducting of trainings;

5) receipt of services by Sectron from you or from the legal entity in which you are a worker or employee;

6) making payments in connection with the previous points 3, 4 and/or 5;

7) communicating with you when necessary;

8) marketing and advertising purposes - to users registered on the Site, as well as to registered participants in various marketing events organized by Sectron, the company periodically sends an electronic newsletter, and sometimes company news, promotional offers and/or invitations to events, as per time their receipt may be refused. In this case, Sectron only processes the e-mail of the user or participant. Sectron will use your personal data for other marketing and advertising purposes only after receiving your express consent;

9) establishing your identity when this is immanently related to the previous purposes;

10) ensuring your security and that of those working at Sectron, including your personal data and the material assets of the Company - we review the recordings from the video surveillance systems in our facilities only and only after an incident related to security has occurred. Certain cameras are used for demonstration purposes only and do not create recordings.

5.7. Sectron accepts for repair, adjustment or other technical activity an information carrier or other type of equipment that contains an information carrier, only with previously deleted personal data in such a way as to guarantee the impossibility of their recovery in any way, unless:

1) deletion is technically impossible, or

2) the law of the European Union (EU) or Bulgarian legislation requires their storage, or

3) the presence of the personal data in the information medium is absolutely necessary for the fulfillment of an obligation of Sectron, in connection with which the relevant technique has been adopted.

5.8. In the above cases, personal data is not copied, analyzed or processed in any other way, unless this is absolutely necessary for the fulfillment of Sectron's obligations. Provided that such processing has been carried out, after fulfillment of the relevant obligations, the personal data are immediately deleted in such a way as to guarantee the impossibility of their recovery in any way.

5.9. After the terms specified in section 6, Sectron deletes the relevant personal data under Art. 4.1. in a way that guarantees the impossibility of their recovery.

5.10. When processing your personal data, Sectron does not use methods for automated individual decision-making or "profiling", i.e. we do not apply automated algorithms for the purpose of evaluating certain personal aspects.


6. Terms of processing your personal data.

6.1. Sectron processes your personal data until the statutory deadline, which regulates the duration of the processing in an imperative manner. If such a period is not arranged, as a rule, we process your personal data until the moment when one of the following circumstances does not occur:

1) withdrawal of your consent if the processing is based on your consent;

2) termination of the legal relationship with you or with the legal entity in which you are a worker or employee, and exhaustion of all legal and factual actions that should be carried out at or on the occasion of the terminated legal relationship, including expiration of the statutory limitation periods and/or termination of administrative, pre-trial or judicial proceedings;

3) an act of a competent authority ordering the termination of processing.

6.2. In deviation from the rules under the previous art. 6.1., Sectron processes certain personal data for a shorter period:

1) the recordings from the video surveillance systems at the Company's sites are stored within the time limits specified in the Law on Private Security Activities;

2) if your or Sectron's legitimate interest is lost;

3) the data from your user profile on the Site are deleted immediately after closing/deleting it;

4) the photos required for the production of access cards are deleted immediately after production;

5) the content of technical means provided to Sectron for repair and/or other technical activities, which had to be temporarily transferred to other devices, is deleted immediately after the completion of the work;

6) standard logs in Sectron's information systems, containing IP address, date and part of the session, are deleted after 12 months;

7) the deletion of cookies depends on the settings of the device through which you access the Site.


7. The Regulation gives you the following rights:

7.1. Right to information.

One of the main purposes of the Policy is to inform you in detail about everything related to the processing of your personal data in the course of Sectron's commercial activity.

7.2. Right of access.

You have the right to access your personal data, information about its processing and your rights in this regard.

7.3. Right to rectification.

You have the right to correct your personal data if it is incomplete or inaccurate, and to request that Sectron do so.

7.4. Right to erasure.

You have the right to request data deletion when any of the following grounds apply:

1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

2) You withdraw your consent on which the data processing is based, and there is no other legal basis for the processing;

3) You object to the processing and there are no overriding legitimate grounds for the processing, or You object to the processing for direct marketing purposes;

4) your personal data has been processed unlawfully;

5) your personal data must be deleted in order to comply with a legal obligation according to the law of the European Union or the law of the Republic of Bulgaria.

Exercising the above rights is not a reason for you to ask Sectron to delete or delete in any other way data that by law or in the legitimate interest of the Company we are obliged to store, process and/or provide to competent authorities.

7.5. Right to restrict the processing of your personal data.

You can request the restriction of the processing of your personal data if:

1) you dispute the accuracy of the data, for the period in which we have to check its accuracy; or

2) the processing of the data is without legal basis, but instead of deleting them, you want their limited processing; or

3) Sectron no longer needs this data (for the specified purpose), but you need it for the establishment, exercise or defense of legal claims; or

4) you have filed an objection to the processing of the data, pending verification of whether the grounds of the Sectron administrator are legal.

7.6. Right to notify third parties.

If applicable, you have the right to ask Sectron to notify the third parties to whom we have provided your data about circumstances related to correction, deletion or restriction of their processing.

7.7. Right to data portability.

You have the right to receive the personal data that you have provided to us that relates to you in a structured, popular, machine-readable format, and to use this data for another controller at your discretion.

7.8. Right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for you or similarly significantly affects you, unless there are grounds for this and appropriate guarantees are provided to protect your rights, freedoms and legitimate interests.

Sectron does not use technologies that fall into this category.

7.9. Right to withdraw consent.

You have the right, at any time, to withdraw your consent to the processing of personal data, which is carried out on the basis of your consent. Such withdrawal does not affect the lawfulness of the processing until the withdrawal of consent.

7.10. Right to object.

You have the right to object to data processed on the basis of legitimate interest.

In the event of such an objection, we will consider your request and, if justified, comply with it. If we believe that there are compelling legal grounds for the processing or that it is necessary for the establishment, exercise or defense of legal claims, we will inform you of this.

7.11. Right of appeal to a supervisory authority.

You have the right to file a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates applicable data protection legislation. The supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data, with address: Sofia 1592, "Prof. Tsvetan Lazarov" No. 2, www.cpdp.bg, kzld@cpdp.bg , telephone number of the Information and Contacts Center - +359 (2) 91 53 518.


8. Procedure for exercising your rights.

8.1. You may exercise the rights under the previous section 7 against Sectron in person or through a proxy with an express power of attorney with a notarized signature. In cases where the proxy is a lawyer, notarization of the signature is not necessary.

8.2. Requests, requests, applications, complaints and the like can be deposited in the Sectron office at the Company's address specified in Art. 1.3. or electronically, the addressee should be the personal data protection officer at Sectron.

8.3. Since the rights of the data subject are personal rights, Sectron has the obligation not to disclose or amend your personal data, unless the disclosure or amendment is made at your request, which is why verification of your identity is necessary.

Therefore, upon depositing the request in the Company's registry, the clerk is obliged to verify your identity by checking the data from your identity card, and if the application is filed through a lawyer - from his lawyer's card.

When there are reasonable doubts about your identity, we may ask you or your representative to provide additional information necessary to confirm your identity.

8.4. You can access and/or correct data contained in your user profile on the Site at any time through the functionalities provided on the Site.

Also, if you wish, you can at any time close your account on the Site (termination of registration) by sending a request to unsubscribe@sectron.com.


9. Personal data protection officer at Sectron.

For any questions related to the Policy, the processing of your personal data and/or the exercise of your rights, you may contact the personal data protection officer at Sectron: correspondence address: Sofia, Blvd. Dr. G. M. Dimitrov”, No. 52, office building Sectron/SOT email: gdpr.sectron@gmail.com phone: +359 (2) 91 982


10. Security and privacy of your personal data.

10.1. In order to guarantee the confidentiality, security, integrity and availability of information in the Company, including your personal data, as well as the continuity of business processes, Sectron has implemented an information security management system according to the international standard ISO 27001:2013. In this way, we guarantee:

1) compliance with the highest standards regarding information security, including your personal data;

2) strict compliance with the applicable statutory and other regulatory requirements;

3) effective information risk management, from the point of view of available funds;

4) determination, compliance and evaluation of information security management processes;

5) the continuity of processes in case of emergencies and crises;

6) carrying out periodic checks of the system with the aim of its continuous improvement.

Through the implementation of the Information Security Management System according to the international standard ISO 27001:2013, we prove that Sectron guarantees the maximum security of both its own information and your personal data.

Sectron's centralized information systems, including databases, are located in a dedicated server room that meets the highest industry security standards and is under the sole control of Sectron.

10.2. In addition, Sectron guarantees the security and integrity of the information in the Company, including your personal data, through numerous additional technical and organizational measures:

1) the premises where the equipment, devices and system software processing your personal data, as well as the physical data carriers are located, are protected by control systems and procedures that guarantee access only to employees for whom the principle " need to know';

2) the building in which the premises under the previous point are located is strictly guarded with permanent physical security, a system for continuous video surveillance and monitor control, as well as a strict access regime;

3) the building is also equipped with fire alarm and fire extinguishing systems.


11. Update and changes to the Policy.

In order to ensure the most up-to-date measures to protect your personal data and to comply with current legislation, we will regularly update this Policy. Therefore, we recommend that you regularly review the current version of the Policy for changes. If the changes are material, we will send you appropriate notice by e-mail and/or post a notice on the Site.

The policy is current as of 04/01/2019.