Personal data protection policy
1.1. This personal data protection policy shall arrange the way Titan Interconnect Ltd collects, processes and stores the personal data, in accordance with the requirements of the ‘General Data Protection Regulation’ (Regulation (EU) 2016/679), the Personal Data Protection Act of the Republic of Bulgaria and other Bulgarian or international laws and regulations.
1.2. The confidentiality of our users’ information is one of our top priorities. Titan Interconnect Ltd, as a Controller, and in accordance with the legislation and good practices, shall apply the required technical and organizational measures for the protection of personal data of the natural persons.
1.3. This policy provides information on how and what types of personal data we collect from and on you, why we need them, to whom they may be provided or disclosed and how they are protected. Please, read it carefully. When you provide your personal data to Titan Interconnect Ltd, whether electronically or on paper, you accept and agree with the practices described in this personal data privacy and protection policy. Please, in case you have any questions relating to this policy, contact our Data Security Officer and, in case you do not accept any terms of our personal data protection policy, we do not recommend using any products and services provided by Titan Interconnect Ltd where you are required to provide your personal data.
2. Information on Titan Interconnect Ltd as a Controller
2.1. With regard to the processing of your personal data, you may contact us at the following points of contact:
|Identification of Controller|
|First name:||Titan Interconnect Ltd||Country:||Bulgaria|
|Address:||Blv. Tsarigradsko Shose 133||Telephone:||+359 2 437 4032|
If, in your opinion, we infringe upon your rights relating to the processing of your personal data, in accordance with the requirements of the ‘General Data Protection Regulation’ (Regulation (EU) 2016/679), you have the right to submit a complaint to us, lodge a complaint with a supervisory authority and seek judicial remedy as follows:
Under point (e) of Article 14(2)
If you would like to lodge a complaint relating to our processing of your personal data or the way we have addressed your complaint, you have the right to lodge a complaint with the Commission for Personal Data Protection and the Data Security Officer (where available).
You may lodge a complaint in one of the following ways:
- Personally, on paper, at the CPDP’s records office at the following address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
- By sending a letter to the following address: Sofia 1592, 2 Tsvetan Lazarov Blvd., Commission for Personal Data Protection.
- By sending a fax to: 029153525.
- By sending an email to the CPDP’s email address (firstname.lastname@example.org). In this case, your complaint must be formatted as an electronic document, signed with an electronic signature (not scanned).
- Via the CPDP’s website: https://cpdp.bg/?p=pages&aid=6, as described on the respective page. In this case, your complaint must be formatted as an electronic document, signed with an electronic signature.
In any of the above cases, your complaint must contain:
data on the complainant—full name, address, contact telephone, email address (where available)
nature of the complaint
any other information and documents relevant to the complaint, in your opinion
date and signature (for the electronic documents—electronic, for the paper documents—hand-written)
The CPDP provides a form for complaints lodged with the Commission (to aid and guide the citizens) relating to any misuse where personal data are processed in the voter rolls of the supporters of political entities. The form can be downloaded from the following page:
3. Legal basis
3.1. This personal data protection policy (‘Policy’) is issued pursuant to the Personal Data Protection Act and its subordinate legislation (‘Bulgarian Law’), and the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).
3.2. Both the Bulgarian Law and the GDPR lay down rules for the way Titan Interconnect Ltd shall collect, process and store personal data. These rules shall be applied by Titan Interconnect Ltd as a Controller, irrespective of whether the data are being processed electronically, on paper or other media.
3.3. To ensure the compliance of personal data processing with the legal requirements, the personal data are collected and used lawfully, the required security of the processing operations is provided and Titan Interconnect Ltd has taken the required measures to prevent unlawful disclosure of processed personal data. Under the general principles adhered to by Titan Interconnect Ltd, your personal data are:
3.3.1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
3.3.2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
3.3.3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
3.3.4. accurate and kept up to date; Titan Interconnect Ltd has taken all reasonable measures to ensure the erasure or rectification without delay of any inaccurate personal data, having regard to the purposes for which they are processed (‘accuracy’);
3.3.5. kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
3.3.6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’);
3.3.7. Titan Interconnect Ltd shall be responsible and able to prove its adherence to the general principles of personal data processing (‘reporting’).
4. Purposes of the Policy
4.1. With the adoption and application of this Policy by Titan Interconnect Ltd, in accordance with the Bulgarian Law and Regulation (EU) 2016/679, the rules for the protection of natural persons with regard to the personal data processing as well as the rules with regard to the free movement of personal data are established.
4.2. With the adoption and application of this Policy by Titan Interconnect Ltd, in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679, the fundamental rights and freedoms of the natural persons, and, more specifically, their right to protection of personal data are protected.
4.3. With this Policy, Titan Interconnect Ltd aims to guarantee:
4.3.1. The lawfulness of the personal data processing performed by Titan Interconnect Ltd;
4.3.2. The rights of the natural persons—personal data subjects, in accordance with Regulation (EU) 2016/679;
4.3.3. The compliance with the requirements of the Regulation by Titan Interconnect Ltd as a Controller and/or Processor, including:
22.214.171.124. Data protection by design and by default
126.96.36.199. Records of processing activities
188.8.131.52. Appropriate technical and organizational measures, which shall be reviewed and updated, as needed
184.108.40.206. Measures for risk assessment relating to the processing of personal data
220.127.116.11. The compliance with the requirements where the processing of your personal data is assigned to third parties (Processors)
18.104.22.168. The obligations of all officers, processors, and/or the persons having access to personal data and working under the authority of the processors, and their responsibility upon failure to perform these obligations;
4.3.4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Titan Interconnect Ltd as a Controller and/or Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate for the risk.
4.3.5. Shall ensure the adherence to the general principles for transfers of personal data to third countries or international organizations outside the EU.
5.1.1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
5.1.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
5.2. The data protection policy shall be applied with regard to the processing of personal data of the users, the employees, where they have become known to partners and providers, as described in the records of processing activities established in accordance with Article 30 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘Records of processing activities’).
6. Purposes of the personal data processing
6.1. In accordance with the requirements of Chapter III, Section I, ‘Transparency and modalities’ of the General Data Protection Regulation (Regulation (EU) 2016/679), Titan Interconnect Ltd shall provide transparent information, communication and modalities for the exercise of the rights of the data subjects, in accordance with Article 12 of the Regulation.
6.2. The purposes and the information with regard to the personal data processing by Titan Interconnect Ltd shall be provided in accordance with the ‘Procedure for transparent communication’ (P_A2_BG), ‘Procedure upon collection of personal data’ (P_A13_BG) and ‘Procedure upon reception of personal data’ (P_A14_BG).
6.3. The purposes and the information with regard to the personal data processing shall be specified in the following documents provided to the data subjects: ‘Personal data processing information to be provided upon collection’ (D_A13_BG) and ‘Information upon reception of personal data’ (D_A14_BG).
7. Transparency. Rights of the persons whose data are processed by Titan Interconnect Ltd
Information on your rights relating to the processing of personal data
Under point (c) of Article 14(2)
- Right to access – Article 15 – Right to confirmation for processing and access to your personal data.
- Right to rectification – Article 16 – To rectify inaccurate or incomplete personal data.
- Right to erasure – Article 17 – To request the erasure of your personal data.
- Right to restriction of processing – Article 18 – To request the restriction of processing of your personal data.
- Notification obligation – Article 19 – To request to be notified upon any action relating to rectification, erasure or restriction of the processing.
- Right to object – Article 21 – To object at any time to the processing of your personal data.
- Right to rejection of automated processing – Article 22 – You have the right to refuse to be subject to a decision based only on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to portability – Article 20 – You have the right to receive your personal data.
- Right to lodge a complaint and effective judicial remedy – Articles 77, 78 and 79
- You have the right to lodge a complaint with the Commission for Personal Data Protection upon any infringement upon Regulation (EU) No 2016/679 of 27 April 2016 and the right to an effective remedy against the CPDP, Controller or Processor of your personal data.
- Right to compensation – Article 82 – You have the right to compensation for material or non-material damage as a result of an infringement upon Regulation (EU) No 2016/679.
7.1 All personal data subjects (users, clients or employees, where such partners’ or providers’ data have become known to you, as described in the records of processing activities) may exercise their rights as follows:
How you can exercise your rights
Blv. Tsarigradsko Shose 133
8. Transfers of personal data to third countries or international organizations
8.1 Any transfer of personal data processed or intended for processing after the transfer to a third country or an international organisation outside the EU by Titan Interconnect Ltd may take place only under the terms of the General Data Protection Regulation (Regulation (EU) 2016/679), in compliance with the requirements laid down in Chapter V of the Regulation.
8.2 Titan Interconnect Ltd shall apply all provisions of the Regulation to prevent any risk for the required level of protection of the natural persons provided for by the Regulation.
8.3 In case Titan Interconnect Ltd will transfer personal data to a third country or an international organization outside the EU, this transfer may take place in accordance with the ‘Procedure for data transfer outside the EU’ (P_A44_BG) and the data subjects shall be notified in advance by providing the ‘Personal data processing information to be provided upon collection’ (D_A13_BG) and ‘Information upon reception of personal data’ (D_A14_BG), requiring their ‘Consent for personal data transfer’ (D_A49_BG).
9. Breaches and Notification of Breaches
9.1. Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by Titan Interconnect Ltd.
9.2. In the event of a personal data breach, the following shall be notified immediately:
|Contact details of the Data Security Officer Under point (b) of Article 14(1)|
|First name:||Darko Stoyanov||Country:||Bulgaria|
|Address:||Blv. Tsarigradsko Shose 133||Telephone:||+359 2 437 4032|
- 9.3 In the event of a personal data breach likely to create a risk for the rights and freedoms of the natural persons, without undue delay and, where feasible, not later than 72 hours after having become aware of it, Titan Interconnect Ltd shall notify the Commission for Personal Data Protection of the breach.
- 9.4 In case a specific breach creates a risk for the rights and freedoms of the natural persons, Titan Interconnect Ltd shall take action to notify the affected persons in order to minimize any adverse consequences.
- 9.5 Titan Interconnect Ltd shall take action following the ‘Procedure upon personal data breach’ (P_A33_BG).
- 10. Destruction
- 10.1 Titan Interconnect Ltd shall follow the ‘Procedure for the destruction of personal data’ (P_A17_BG_01).
11.1 Titan Interconnect Ltd may update by amending and supplementing the personal data protection policy at any time in the future, as required under the circumstances.
- 12. Document owner and approval
12. 1 Data Security officer shall be the owner of this document and shall be responsible to have this procedure reviewed, in accordance with the reviewing and updating requirements of Regulation (EU) 2016/679.
- 12.2. This version of this document shall be available to all members of the staff of Titan Interconnect Ltd.
- 12.3 This procedure was approved by the Data Privacy Officer on 07/May/2019. and was issued under version control with their signature.