Effective from: 23 May 2018
Last updated: 18 July 2023
Relena-92 EOOD, Unified Identification Code 200712291, address: City of Plovdiv, 133 Ruski Blvd., phone +359 888365338, e-mail: firstname.lastname@example.org (“Relena-92” or the “Data Controller”) applies the following in its relations with customers:
While carrying out its activities, Relena-92 collects and processes certain information, including personal data. This information may refer to employees, customers, suppliers, contractors, and other persons with whom the Data Controller has or wishes to have business contacts.
The objective of this Policy is to regulate the collection, processing, and storage of personal data, in both paper and electronic form, in compliance with the legal requirements, particularly the provisions of the Personal Data Protection Act and related legal documents, and the General Data Protection Regulation - Regulation (EU) 2016/679 (“GDPR”).
Personal data is any information that relates to an identified or identifiable living individual (e.g., email address, name, age, date of birth, telephone number, etc.).
Sensitive data that reveals a person’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning sex life, or sexual orientation is a special category of personal data. Relena-92 does not process such information.
The only type of sensitive data that we process is data concerning health. This occurs when the customer is a natural person who requests translation of medical documents. In such cases, we ask the data subject to give explicit consent to the processing of that personal data for the purposes of translation. All companies that request medical translations containing personal data should provide the files to us with deidentified data.
The Data Controller is familiar with the GDPR principles and complies with them. In particular, this includes the following:
– Any processing of personal data is lawful, fair, and transparent;
– Personal data is collected for specific, explicitly specified, and legitimate purposes and is not further processed in a manner incompatible with these purposes;
– Personal data corresponds to and is limited to what is necessary in relation to the purposes for which it is processed;
– Personal data is accurate and, if necessary, kept up-to-date;
– Personal data is stored in a form that allows the identification of the affected persons for a period no longer than necessary for the purposes for which the personal data is processed;
– Personal data is processed in a way that ensures a reasonable level of personal data security, including protection against unauthorized or unlawful processing, by applying appropriate technical or administrative measures.
Collection and Use of Personal Data
Relena-92 collects personal data that it needs to provide its services. In addition to its employees, the Controller collects personal data regarding the following categories of persons:
– Customers who are natural persons;
– Persons representing the companies or contact persons in the companies with which the Controller has or plans to have business relationships;
– Persons who are interested in receiving information services such as newsletters, magazines, e-books, reference books, etc.
The persons concerned are notified of the provisions of this Policy for the collection of personal data in advance or at the time of providing the data. The Controller provides information regarding the protection of personal data in writing or through other means, including electronic means.
The protection of personal data is extremely important to us. Relena-92 does not sell your data to other companies or individuals. If we provide data to third parties, these are our contractors who process the information on our behalf, in accordance with European data protection legislation, to ensure a high level of protection. Personal data shared with us through our website is kept only for the purpose for which it was entrusted to us.
When using the contact form on one of our sites, the personal data entered (only an email address is required) will be processed solely for the purpose of answering the inquiry.
We do not collect personal information from children under the age of 16. If parents and/or legal guardians of children find out that children under their guardianship have provided their data to Relena-92, they should contact us at the indicated addresses to delete the information as soon as possible.
User Rights in Relation to Personal Data
Users who have provided personal data to Relena-92 have the following rights:
– Right of access to the processed data;
- Right to erasure (right “to be forgotten”): Any person whose data is processed by the Controller has the right to ask the Controller to delete their personal data without undue delay if there are no legal restrictions in this regard;
- Right to request correction of personal data;
- Right to object to the processing of personal data when there are legal grounds for this;
- Right to withdraw their consent to the processing of personal data for the purposes of receiving an electronic newsletter and other marketing communications, etc.;
- Right to complain to the Personal Data Protection Committee if they believe that data protection rules have been violated.
We may refuse to process requests that are unreasonably repetitive, require disproportionate technical effort, threaten the privacy of other users, are grossly impractical, or to which access is not otherwise required by law.
The exercise of these rights, where the requests are not repetitive and unfounded, is not subject to the payment of a fee.
Storage and Destruction of Personal Data
Relena-92 stores your personal information for a period necessary to fulfill the purposes set forth in this Personal Data Protection Policy, unless storage for a longer period is required by law. The storage period is determined based on the type of data and the purposes for which they were collected, after which the information is finally destroyed.
The Controller is obliged to delete personal data without undue delay when:
– The personal data are no longer necessary for the purposes for which they were collected;
– The person has withdrawn their consent to the processing of the data, and there are no other legal grounds for their processing;
– The person has objected to the processing, and there are no legal grounds for the processing that prevail.
The destruction of information (on paper or electronic media) is carried out promptly by destroying paper media through shredding, and information on electronic media is deleted by deleting the relevant files.
Technical and Organizational Measures for Data Protection
Protection against unauthorized access, damage, loss, theft, and misuse, disclosure, alteration, or destruction of data on paper or electronic media is ensured by means of technical and organizational measures.
Breach of Personal Data Security
The Controller documents every violation of personal data security, the facts related to the violation, its consequences, and the actions taken. The Controller establishes an internal organization for promptly notifying the Personal Data Protection Committee within 72 hours of learning about the violation.
Policy Validity and Updating