Privacy Policy for Personal Data Protection When Visiting the Website https://sami-m.com/

SAMI–М LTD., UIC 113016443, registered office and management address: 143, Zahari Zograf St., Kalkaz Res. District, Pernik City, e-mail: office@sami-m.com

We provide information regarding the type, purpose, legal grounds, and manner in which personal data shall be collected, processed, stored, and disclosed.

Ms Martina MILCHEVA, e-mail: m.milcheva@sami-m.com , Cell.: +359887942492

Replacing person GDPR – Mr Stoycho Marinov, e-mail: s.marinov@sami-m.com, Cell.: +359888004442

1. Name: Commission for Personal Data Protection (CPDP)

2. Registered office and address of management: 2, Prof. Tsvetan Lazarov Blvd., Sofia 1592

3. Correspondence details: 2, Prof. Tsvetan Lazarov Blvd., Sofia 1592

4. Phone: 02 915 3 518

5. E-mail: kzld@government.bg, kzld@cpdp.bg

6.Website: www.cpdp.bg

1. The personal data we process in relation to your visit and use of the functionalities of the SAMI – M Ltd. website – https://sami-m.com/en – shall be as follows:

Name;
Contact Details: phone, email address;
IP Address.
Други данни:
Cookies – detailed information about them can be found below.

2. Personal data we process in connection with the children’s drawing contest shall be as follows:

Winner’s full name
Winner’s age

The processing of your personal data, provided by you personally, shall be necessary for taking steps in response to a request or inquiry made by the data subject, through the completion of the contact form on our website – Article 6(1)(b) of Regulation (EU) 2016/679.

The personal data you provide will be used for the purposes of managing the inquiry submitted through the designated functionality on the website:

Contact form for inquiry or request.

Participation in the children’s drawing contest and announcing the winner.

SAMI-M LTD. shall respect and safeguard the confidentiality of your personal data. Subject to legal requirements, it shall be possible to disclose your personal data to the following parties:

Providing data to the system administrator, IT department, and company employees.

Providing information to the authorities, such as Ministry of Interior (MoI) and others.

Providing information to the Commission for Personal Data Protection in connection with obligations under the personal data protection legislation – Personal Data Protection Act, Regulation (EU) 2016/679 of April 27, 2016, and others.

In order to provide personalized and appropriate services through our website, SAMI- M Ltd. needs technology for storing and retaining information about your usage thereof. This shall be done through the so-called cookies. These shall be small text files that contain small amounts of information and shall be stored on your computer or in your web browser’s memory. Your browser then shall send these cookies back to our website upon each subsequent visit, helping the site recognize you and shall store information about your user preferences (visits, clicks, activity history). The use of collected cookies shall be very limited and shall be related to technical purposes – improving and personalizing the functionality of our website. The information collected through the use of cookies cannot be linked to a particular individual. More detailed information about cookies and their functionality can be found at https://www.aboutcookies.org/.

By visiting our website, you accept the use of cookies in the manner as described in this Notice. However, you can control and manage cookies in various ways. Please note,however, that removing or blocking cookies may affect your use of our website by limiting your access to certain functionalities or parts of it.

• Necessary Cookies
These cookies enable the proper functioning of our website by allowing you to browse its content and use their features. For example, they help display information on our site in the correct language, etc .

• Functional Cookies
These cookies shall allow us to tailor the operation of our website to the preferences of our visitors and users, to use their full functionality, to watch videos on it, etc. This information shall be completely anonymous, used for very limited purposes and stored for a limited period of time.

•Analytical Cookies
We shall use analytical tools to understand website traffic, assess ease of use, and determine what content interests our users. The information collected through these cookies shall be used exclusively for statistical purposes and shall not be intended for personal identification. We do not receive any personal data about you. These cookies shall show which pages you have visited, whether you accessed our site via a mobile or desktop device, and other anonymous data. The analytical tools shall be provided by Google Analytics, and the collected IP address data shall not be linked to any other information stored by Google.

• Precise Targeting Cookies
These cookies do not store personal information but contain data on how you have used our website. They may be activated by our advertising partners to display content relevant to you. Examples shall include cookies from Facebook, Google, LinkedIn, and others.

You can control and manage cookies in various ways using your browser. Keep in mind that if you delete all cookies, any stored preferences will also be deleted. For more information on how to change your browser settings to block or filter cookies, visit https://www.aboutcookies.org or http://www.cookiecentral.com.

The cookies used when visiting the website of SAMI- M Ltd. shall be:

1. For the domain https://sami-m.com/ ·cookieyes-consent – automatically deleted after 12 months; 

We use the following service providers, and you can learn more about their privacy policies and how to opt-out of their cookies by visiting their website

• Google Analytics: https://support.google.com/analytics/answer/6004245

SAMI – M Ltd. shall be entitled , at their discretion, to change and supplement the way and type of cookies that are being used, at any time. In case of changes to these Terms, we will indicate the date of the change, and this modification will take effect regarding you and your data after the date of this change or from another explicitly specified later date.

Additional information on how to configure cookies in your respective internet browser can be found here:

Internet Explorer http://support.microsoft.com/gp/cookies/en

Mozilla Firefox http://support.mozilla.com/en-US/kb/Cookies

Google Chrome http://www.google.com/support/chrome/bin/answer.py?hl=bg&answer=95647

Safari http://support.apple.com/kb/PH5042

Opera http://www.opera.com/browser/tutorials/security/privacy/

SAMI – M Ltd. shall, as a rule, shall cease the full processing of your personal data for the listed purposes but shall not delete them before the expiry of the statutory obligations for their storage. The data shall be stored for no longer than necessary and for no more than 5 years. Please note that we will not delete or anonymize your personal data if they are required for pending court, administrative procedure, or processing for consideration of your complaint.

1. Right to Information and Access.

You shall be entitled to request:

Information on whether data relating to you is being processed, information on the purposes of such processing, the categories of data, and the recipients or categories of recipients whom the data shall be disclosed to;

A message in a clear and understandable form containing your personal data data are being processed, as well as any available information on its source.

Information on the logic of any automated processing of personal data related to you, at least in cases of automated decisions.

2. Right to Correction.

If we process incomplete or incorrect/wrong data, you shall be entitled, at any time, to request:

• to delete, correct, or block your personal data that is being processed in violation of legal requirements;

• to notify third parties to whom your personal data has been disclosed of any deletion, correction, or blocking, except in cases where this is impossible or involves excessive efforts.

3. Right to Be Forgotten.

The right to delete or “the right to be forgotten” enables you, when you do not want your data to be processed and there are no legitimate grounds for their storage, to request that they be deleted on one of the following grounds:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

• you withdraw your consent on which the data processing is based;

• you object to the processing, and there are no overriding legal grounds for its continuation;

• the personal data have been processed unlawfully;

• the personal data must be erased for compliance with a legal obligation;

The “Right to Be Forgotten” shall not be an absolute right. There are situations in which the controller may refuse to delete the data, specifically when the processing of the data is necessary for one of the following purposes:

• Exercising the right to freedom of expression and information;

• Archiving for purposes of public interest, scientific or historical research, or statistical purposes;

• Establishing, exercising, or defending legal claims.

4. Right to Object.

You have the right to object to the processing of your personal data at any time if there are legal grounds for doing so. Where the objection is justified, the personal data of the personal data of the natural person concerned shall no longer be processed.

5. Right to Restriction of Processing.

You may request the restriction of the processing of your personal data if:

• You contest the accuracy of the data for the period necessary to verify its accuracy; or

• The processing is unlawful, but instead of erasing the data, you request its restricted processing; or

• We no longer need the data for the specified purpose, but you require it for the establishment, exercise, or defense of legal claims; or

• You have objected to the processing of the data, pending verification of whether the controller’s legal grounds override yours.

6. Right to Data Portability.

You shall be entitled to request that we transfer the personal data you have entrusted to us to another controller in an organized, structured, and commonly used electronic format if:

• We process the data based on a contract or a consent declaration that can be withdrawn, or based on a contractual obligation; and

• The processing is carried out automatically.

7. Right to Withdraw Consent.

You shall have the right, at any time, to withdraw your consent to the processing of personal data if the processing in question is based on your consent. Such withdrawal shall not affect the lawfulness of the processing based on the consent given before its withdrawal.

8. Right to Complain.

In case you believe that we are violating the applicable regulations, please contact us to clarify the matter. You shall be entitled to lodge a complaint with the Data Protection Commission or with a competent court under the Code of Administrative Procedure. As of May 25, 2018, you can also lodge a complaint with a regulatory authority within the EU.

9. Right to Compensation.

According to Article 39, Paragraph 2 of the Personal Data Protection Act and Article 82, Paragraph 1 of Regulation (EU) 2016/679, any individual who has suffered damages as a result of a violation of the provisions of Regulation (EU) 2016/679 shall be entitled to seek compensation through legal proceedings before the competent judicial authority.

Requests to exercise your rights shall be submitted to one of the following email addresses – m.milcheva@sami-m.com, s.marinov@sami-m.com, and office@sami-m.com. These requests shall be signed with a Qualified Electronic Signature (QES) or in another way that undeniably confirms the will of the person submitting the request. We shall respond to your request within one month of its submission. If an objectively longer period is required – due to the need to gather all requested data and when this significantly hinders our operations – this period may be extended by up to 30 days. In our decision, we either grant or deny access to the requested information, always providing a justified response. In our decision, we shall either grant or deny access to the requested information, but we shall always give the reasons for our response.

The minimum information contained in the request (in accordance with Article 37v of the Personal Data Protection Act) shall include the following: Name, Address, Personal Identification Number (EGN/LNCH) / Passport Number, Description of Request, Signature and Date of Submission, Correspondence Address/Email (depending on the preferred method of receiving the information), Power of Attorney (if applicable).

Regarding the rights as described here above – such as the right to information, to correction, the “right to be forgotten,” to object, to restriction of processing, to not be the subject to a decision based solely on automated processing, to withdraw consent, and to complain – as well as in view of the actions taken by the data controller in relation to the said rights, a special register shall be maintained in which all actions taken shall be recorded.

The initial response to a submitted request shall be free of charge. In the case of excessive requests (repetition – more than 2 (two) identical requests within a period of 12 (twelve) months) or clearly unfounded requests from the same entity, the Administrator shall be entitled to charge a reasonable fee for processing the request or to refuse to take action on the request.

• “Lawfulness, Fairness and Transparency” – Your data shall be processed in accordance with applicable legislation, fairly, and transparently in relation to the data subject;
• “Purpose Limitation” – Your data shall be collected for specific, explicitly stated, and legitimate purposes and shall not be processed further in a manner incompatible with these purposes;
• “Data Minimization” – The types of data we collect shall be appropriate, relevant, and limited to the necessary minimum in relation to the purposes which they are processed for;
• “Accuracy” – The data shall be accurate and, when necessary, kept up to date, with all reasonable measures taken to ensure the timely deletion or correction of inaccurate personal data, taking into account the purposes which they are processed for;
• “Storage limitation” – Your data shall be stored in a form that allows identification of the data subject for no longer than is necessary for the purposes which the personal data is processed for;
• “Integrity and Confidentiality” – Your data shall be processed in a manner that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by using appropriate technical or organizational measures.

“Personal Data” – any information related to an identified or identifiable natural person.

“Data Subject” – a person who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” – any operation or set of operations performed on personal data or a set of personal data by automated or other means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making data available, arrangement or combination, restriction, deletion or destruction.

“Restriction of Processing”– marking stored personal data with the aim of limiting its processing in the future.

“Pseudonymization” – the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Controller” – a natural person or legal entity, public authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data; when the purposes and means of such processing are determined by the EU law or the law of a Member State, the Controller or the specific criteria for his/her appointment shall be be established by EU law or the law of the Member State.

“Processor” – a natural person or legal entity, public authority, agency, or other body that processes personal data on behalf of the Controller.

“Consent of Data Subject” – any freely given, specific, informed, and unambiguous indication of the data subject’s will, by means of a statement or a clear affirmative action, which signifies their agreement to the processing of their personal data.

“Personal Data Security Breach” – a security breach that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed.

“Recipient” – a natural person or legal entity, public authority, agency, or another body whom personal data is disclosed to, whether a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with the EU or Member State law shall not be considered “Recipients”; the processing of such data by those public authorities shall be subject to the applicable data protection rules in accordance with the purposes of the processing.