PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA THROUGH THE GUARDIAN INFORMATION SYSTEM
1. Who is responsible for your personal data?
We, ANDI MONITORING LTD., UIC 205637387, contact info: Trud, Maritsa Municipality, Plovdiv Province, 16Б Karlovsko Shose Street, tel.: 0700 45 035 and email address: [email protected] (‘The Company’) acknowledge that it is important for you to understand how we collect, store and share personal data which we process through our GUARDIAN system (‘The System’), which we provide to our customers.
The Company has appointed an data protection officer whom you can contact at the following email address: [email protected]
2. For whom is the Notice intended?
This Privacy Notice is intended for the users of the information system regardless if they use it as a web service or through the GUARDIAN mobile app.
3. What kind of mobile data do we process and from whom we receive them?
The type of personal data which we process depends on the purpose for which they are necessary for us and the way in which you use the system.
During the registration and use of the GUARDIAN system we process personal data, which include:
- Registration data – names, email address and password;
- Appointed site officers info - names, email address, services for which access has been given;
- Contact persons info – names, email address and phone number;
- Monitored site data (only for customers which are natural persons) – address, used monitoring services, photos, video images from the site and its adjacent areas;
- Data about the way the users use the system;
- Technical data necessary for the functioning of the system – data like IP address, operating system, brand and type of the device – these data depend also on the way you access the system. We receive the data directly from you in your capacity of a system user or from the service holder, if you are appointed as a contact person in a monitored site.
4. On what grounds is the processing performed?
The processing of personal data is performed only if there are legal grounds for this processing. We process the data on one of the following grounds:
- the processing is needed to conclude or implement the agreement for using the information system (see Terms and conditions for using the GUARDIAN information system) – these are the processing activities performed in the event of registration and directly related to the used services;
- the processing is based on our legitimate interests, which are aimed at efficient managing of the business processes and increasing the availability and quality of the provided services – these are the user behaviour analysis activities, which are required for ensuring the proper functioning of the system as well as for making it easier for the users to use it.
5. For what purposes are the date processed?
We created the information system to provide to our customers an opportunity to manage the services they receive from us as well to make our interactions with them easier.
In order for the system to function, we process personal data for the purpose of:
- managing user accounts;
- technical maintenance of the system;
- providing services through the GUARDIAN system;
- interacting with customers – when we receive questions, for solving technical problems, for providing administrative or technical services;
- analysis and development of the offered service – to trace how our product is used and to improve it by amending existing functionalities or adding new ones.
We process personal data only for the purpose that they are collected for and we do not use them again for incompatible purposes. Additional processing is allowed only for finding out, exercising or defending legal claims. We do not use the data from the System for automated decision making through computer algorithms replacing human judgement, including by profiling.
6. How long do we store the data?
We keep the personal data only for as long as it is necessary for the purposes for which they have been collected are achieved or for as long as it is required by the legislation. We keep the data about the site officers and the contact persons for as long as they are appointed as such by the holder. We keep the data about the holder for as long as the agreement, in relation to which the app is used, is active. After the period for storing is over we anonymize the data so that it cannot be connected again with subject of the data.
7. To whom do we give your personal data?
We process your data mainly within our organization. We may assign specific activities to our suppliers (processors), but only after ensuring that they comply with the requirements for personal data protection. We may use the services of third parties which perform technical monitoring and support when using the app; third parties which have been assigned to improve and update the app; third parties providing remedy and assistance for the rights of ANDI MONITORING LTD. They are obligated to provide a high level of security while we control the processing activities which they perform.
We give data to the competent government authorities in all cases when this is required by law.
We do not perform transferring of personal data in foreign countries or to international organisations.
8. Are the data secure?
We take reasonable physical, technical and organisational security measures intended to secure all personal data against theft, malpractice, change, destruction or damage, according to the requirements of the European and Bulgarian legislation. We determine these measures based on the risks identified by us, we periodically review the implemented measures and update them if necessary. We ensure security during the transfer of the data by encrypting.
9. What rights do you have?
When processing your personal data we apply the rules for exercising the rights of the data subjects prescribed by the legislation. As a data subject you have the right to ask:
- us to grant you access to your personal data, as long the rights of the third parties are respected;
- us to remove incorrect personal data (including the right for incomplete personal data to be rectified);
- us to delete personal data (when applicable);
- us to limit the data processing to storing (when applicable;
- to exercise your right of portability – for the data which are processed on the basis of an agreement and when the processing is done automatically.
You have the right to object to the processing of data on the basis of compelling legitimate grounds at any time and on grounds related to your specific situation.
If you have any questions or concerns about the processing of your personal data or want to exercise one of your rights, please contact us at the following email address: [email protected].
In the application for exercising of rights you should list your full name and address, so we can identify you as the data subject, and if necessary we may ask for additional data and identity documents. Specify what your request is. Specify a mailing or email address depending on your preferred form of communication. You will receive a reply within 1 month of receiving the application.
If you feel that the processing of personal data has violated the law or infringed your rights, you may file a complaint before the Commission for Personal Data Protection, address: Sofia 1592, 2 Professor Tsvetan Lazarov Blvd., website: https://www.cpdp.bg/ or before the Plovdiv Administrative Court.