Privacy policy

PRIVACY POLICY
on
Post One Group Ltd

DEAR LADIES AND GENTLEMEN,
In fulfillment of its obligations as a personal data administrator, Post One Group Ltd. with EIK 206518959 (the Company) hereby provides you with a Privacy Policy, with a view to the processing of personal data related to the fulfillment of the requirements of the Law on the Protection of Personal Data data and the General Regulation on the protection of personal data Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, in force from May 25, 2018. The Company reserves the right to change the current privacy policies, and will promptly notify with these policies, the Company defines the relevant actions regarding the personal data it collects, how and for what purpose it is used and stored, how it is deleted and under what conditions it can be provided to third parties.
The provision of personal data by employees of the company and contractors is mandatory under the current legislation of the Republic of Bulgaria.
The provision of personal data to other entities is by virtue of a contractual relationship to which the Company is a party.
I Principles related to the processing of personal data.
"Post One Group" Ltd. processes the personal data provided to it lawfully (in the presence of a contractual, legal basis or express consent of the subject), in good faith, in a transparent and appropriate manner, taking all reasonable measures to ensure an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical and/or organizational measures.
"Post One Group" Ltd. stores personal data in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which it is processed, and will undertake the timely deletion or correction of inaccurate personal data, taking into account the purposes for which they are processed.
II "Post One Group" Ltd. collects the following categories of personal information:
• Personal data - three names, address, e-mail address, phone number, official function, position, and for job applicants - data on education, professional experience and work experience, photo;
• Uniform civil number;
.
III "Post One Group" Ltd. collects, stores and processes personal data for the following purposes:

• For concluding contracts: – labor, civil, with clients/counterparts and suppliers;
• For compliance with the rules laid down in Bulgarian legislation regarding the establishment and exercise of representative authority, as well as in view of the Company's legitimate interest in establishing the valid representative authority of the natural person in relation to the party under the Agreement.
• To fulfill its contractual obligations with clients/counterparts;
• For accounting and tax obligations of the Company;
• For payment of remuneration, pension and social security activity;
• To communicate with the Company's clients/counterparts;
• To prepare documents related to the organization of the Company's activities (powers of attorney for representation before state institutions and the management of motor vehicles, when preparing road lists)
• For human resources management;
• To ensure the protection of the Company against possible legal claims by counterparties or third parties, as well as for the establishment and exercise of the rights of the Company.
• When you visit our website, you provide us with your personal data. to enable you to use our services. In this case, our web servers record and store temporarily for security purposes the connection data of the computer that connects to our site, the web pages you visit on our site, the date and duration of the visit, the data identifying the type of browser and operating system, and the website through which you connected to our site.
• When talking on the phone, conversations are recorded and stored temporarily, for security purposes and to improve the quality of our service.
• When you want to use services that "Post One Group" OOD provides, we collect and process the following personal data:
 data on the sender and recipient of a shipment or service (as well as on the requester of the service when he is different from the sender or recipient): name, mobile and landline contact phone number, address of submission and receipt of a shipment or other service, email address mail. These data are necessary for us to perform the requested service, to compile the necessary documents related to the movement of shipments, to contact you at any moment, if this is necessary for the successful, high-quality and timely execution of the assigned task, to respond to Your inquiries, to deal with your complaints and other requests;
 TIN, data from an identity document, the user's bank account or other payment data. This data is collected when the service or the applicable law requires accurate identification of the person /when receiving or paying amounts for Cash on Delivery and Postal Money Transfer services, when paying amounts for complaints, etc./, as well as when an accounting record is drawn up in connection with the service or any other document where the law requires specifying the TIN or other data from the user's identity document. This data is also used to detect and prevent abuse.
 When using certain functionalities of the website, they require registration or a password for access. When registering, you provide us with your personal data: three names, social security number, address, telephone, e-mail address. These data will be used for the purposes of fulfilling your service requests.
 We collect and process a history of your requests and the services provided to you, for the purposes of statistical and marketing analysis, system testing, maintenance and development, as well as to respond to complaints, disputes or claims.
 If necessary, some of the data you provide to us in connection with the delivery of a shipment may be provided to the authorities of the countries through which the shipment is transiting or to which it is traveling, for the purpose of customs clearance or for security checks under the legislation of respective countries. The information provided usually includes: name and address of the sender, name and address of the recipient, description of the shipments, number of packages, weight, contents and value of the shipment.
"Post One Group" Ltd. uses the data provided to us for the purpose of fulfilling a legal obligation (e.g. for the identification of customers under the Anti-Money Laundering Measures Act, for compliance with customs requirements for the delivery of international shipments, compliance with accounting requirements and control according to the Accounting Act, VAT, ZKPO, etc.);

IV "Post One Group" Ltd. provides/discloses personal data to third parties

1. In fulfillment of a legal obligation and/or upon request, the Company may provide personal data to public authorities (National Revenue Agency, National Insurance Institute, Ministry of the Interior, judicial authorities, control authorities, local self-government authorities, Labor Office medicine, etc.);
2. In exceptional circumstances, it is possible for the Company to provide personal data: to a person who acquires its business and assets or relevant parts thereof or to potential buyers and successors in order to facilitate a merger, consolidation, transfer of control or other corporate reorganization ;
3. To a personal data processor (a natural or legal entity that processes personal data on behalf of the Company and at its order or assignment) – accounting firm, legal advisors/lawyers, subcontractors under contract, etc. The processors of personal data act on the basis of a written contract, in accordance with the explicit instructions of the Company and with the application of appropriate technical and organizational measures for the protection of personal data.
4. If necessary, we may pass on your personal data, namely names, addresses and contact telephone numbers of the sender and receiver of the shipment, content and other data related to the delivery, to our subcontractors and partners in the course of performing your service. This is a necessary condition in order to be able to provide services with characteristics, volume, territorial scope and quality adequate to market development and consumer demand.


5. Personal data will not be provided to third parties, nor will it be shared outside the European Union or the European Economic Area except for the fulfillment of the courier services requested by you.
V Storage of personal data and security measures.
1. Personal data are stored and processed for a different period of time depending on the purposes for which they were collected, the requirements of current Bulgarian and European legislation, as well as the presence of an interest, with a view to protecting the legitimate interests of the Company
• Counterparty/Customer data will be actively processed (this includes actions beyond simple storage) for a period until the termination of the contractual relationship. Some documents containing personal data will be archived for a period of 5 years after the termination of the contractual relationship. Regardless of this general term, documents for which Bulgarian legislation requires a longer storage period will be archived for the relevant period of time. For example, accounting legislation requires accounting records and financial statements, including documents for tax control, audits and subsequent financial inspections to be kept for 10 years, starting from January 1 of the accounting period following the accounting period to which they relate.
• Data of employees under employment law – 50 +1 years from the date of conclusion of the contract;
• Sick leaves - 3 years, starting from January 1 of the following year in which they are issued;
• Data of other persons - for a period until the relevant purpose is fulfilled, except in the case when these individuals request "to be forgotten" in accordance with Regulation (EU) 2016/679.
2. The Company undertakes to take commercially reasonable technical, physical and organizational measures to protect personal information against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
When processing personal data, the Company does not make automated decisions.
VI Rights of data subjects
Data subjects have the following rights under data protection legislation:
a) to receive information about the current Privacy Policy of the Company;
b) to receive information about whether and what his personal data are processed and stored;
c) to receive information and the possibility to correct or delete their personal data;
d) to request restriction of the processing of their personal data;
e) of a complaint to the Commission for the Protection of Personal Data or the court, if there are legal prerequisites for this;
In the event of an objection to the processing of personal data, the Company will immediately terminate the processing for the relevant purposes, unless it proves that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of natural persons, or for the establishment, exercise or the defense of legal claims.
Data subjects can exercise their rights and obtain additional information regarding the processing of personal data by Post One Group OOD, at 102 East Tangenta Street, e-mail [email protected], by sending their written request , with a clear and precise indication of the reason for this.
The company will ensure the exercise of the subject's rights related to the protection of personal data in accordance with the terms and conditions of the Personal Data Protection Act, the General Regulation on the Protection of Personal Data, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 year, effective from 25.05.2018 and



Sincerely,
Boyan Kurtev,
Manager
Post One Group Ltd