Privacy and data protection policy

This document describes the responsibilities of “Act Logistic” AD and the privacy and personal data protection policy.

In its daily operations, “Act Logistic” AD uses a large volume of various data through which individuals can be identified, including:

  • current, past, and future employees;
  • job applicants;
  • clients;
  • users of the organization’s website;
  • shareholders and others.

 

Due to the collection and use of this information, “Act Logistic” AD is subject to numerous legal provisions that regulate the methods of data processing and the safeguards that must be provided.

The purpose of this policy is to describe the actions that “Act Logistic” AD has taken to achieve compliance with the requirements.

The control, under this policy, extends to all units, individuals, and processes within the organization’s information systems, including management bodies, directors and executive bodies, staff, suppliers, and other third parties who have access to the organization’s systems.

This procedure should be read and modified in the context of the following documents, which provide additional information on the scope, objectives, resources, roles, and responsibilities for ensuring compliance with GDPR requirements:

  • Procedure for Responsibilities in the Event of a Data Security Breach
  • Internal personal data regulations in the Human Resources Department
  • Document archiving policy at “Act Logistic” AD
  1. General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is one of the most significant legislative acts governing data processing. Through this policy, “Act Logistic” AD seeks to ensure, maintain, and demonstrate compliance with GDPR requirements and legislation at all times.

  1. Legal Definitions

The definitions below have the following meanings:

“Personal Data”

any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

“Processing”

any operation or set of operations performed on personal data or sets of personal data by automated or other means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

“Data Controller”

a natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

  1. Key Principles for Processing Personal Data:

Personal data is processed according to the following principles:

  • Lawfully, fairly, and transparently;
  • Collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • Data minimization;
  • Accuracy – personal data is accurate and kept up to date when necessary;
  • Storage limitation – personal data is erased or corrected when it is found to be inaccurate or excessive for the purposes for which it is processed;
  • Integrity and confidentiality.

“Act Logistic” AD ensures that these principles are respected both in the use of current data processing methods and in the development of new ones (e.g., new software solutions).

  1. Data Subject Rights
  • Right to be informed;
  • Right of access;
  • Right to rectify existing data;
  • Right to erasure (“right to be forgotten”);
  • Right to restrict processing;
  • Right to data portability;
  • Right to object;
  • Rights related to automated processing and profiling.
  1. Legal Bases for Processing

Depending on the specific circumstances, “Act Logistic” AD processes data only on the bases provided below, documenting the link between the legal basis and circumstances in accordance with GDPR. The options are briefly described below.

5.1. Consent

If required for purposes recognized by GDPR, “Act Logistic” AD will seek explicit consent from data subjects to collect and process their data. For data concerning children, parental/guardian consent is also required. Full information about the data processing policy and the use of their data will be provided to the data subjects at the time their consent is requested. Additionally, their rights regarding the given consent, such as the right to withdraw it at any time, will be explained.

If the data is not obtained directly from the data subject, this information should be communicated within a reasonable period, but no later than one month from receiving the data.

5.2. Contract Performance

When collected and processed data is necessary to fulfill a contract with the data subject, explicit consent is not required. This applies in cases where the provided data is essential for the contract’s performance (e.g., delivery cannot occur without the person’s address).

5.3. Legal Obligation

When personal data is collected and processed to comply with a legal obligation, explicit consent is not required. This applies in the fields of labor, tax, and generally, public law.

5.4. Vital Interests of the Data Subject

It is lawful to collect and process personal data if necessary to protect the vital interests of the data subject or another individual. “Act Logistic” AD will process personal data on this basis only if vital interests are truly at stake, and circumstances will be thoroughly documented to ensure evidence.

5.5. Task Carried Out in the Public Interest

When “Act Logistic” AD must carry out a task believed to be in the public interest or part of an official duty, consent from the data subject will not be requested. The assessment of whether it is a public interest and/or official duty is documented and can serve as evidence if needed.

5.6. Legitimate Interest

“Act Logistic” AD may process data to protect a legitimate interest if it does not significantly affect the rights and freedoms of data subjects. In this case, the assessment of whether an interest is legitimate and the extent of the impact on the rights and freedoms of data subjects should be documented.

  1. Data Protection by Design

“Act Logistic” AD respects the principle of data protection by design. Planning and building all new or substantially modified existing systems that collect, store, or process data will be assessed for potential security issues. For each project, a data protection impact assessment will be conducted and appropriate measures will be taken to prevent breaches.

  1. Contracts Involving Personal Data Processing

“Act Logistic” AD will ensure that all contracts it enters into, which involve personal data processing, contain the necessary information and terms required by GDPR.

  1. Disclosure and Transfer of Personal Data

Transfers of data outside the European Union will be carefully considered prior to execution to ensure they fall within GDPR limits. Each case is assessed individually, depending on the European Commission’s evaluation at the time regarding the level of protection provided by the third country concerning personal data.

  1. Data Protection Officer

GDPR requires any public organization processing large volumes of personal data or collecting/storing “sensitive” data to have a Data Protection Officer. According to the regulation, “Act Logistic” AD is not required to appoint a Data Protection Officer.

  1. Data Security Breach Notification

In the event of a data security breach, “Act Logistic” AD takes necessary actions to notify affected individuals. Actions should be proportionate to the breach, respecting the principle of transparency. GDPR obliges the organization, in the event of a breach that may endanger the rights and freedoms of individuals, to notify the supervisory authority (Commission for Personal Data Protection) within 72 hours of becoming aware of it. The notification is carried out in accordance with a specific procedure established by “Act Logistic” AD.

  1. Achieving Compliance with GDPR

The following actions have been taken by “Act Logistic” AD to achieve full compliance with GDPR requirements:

  • The legislation in the field of personal data has been analyzed;
  • Employees engaged in personal data processing understand their obligations and responsibilities for complying with the organization’s personal data protection policies and procedures;
  • The staff has been instructed regarding the required level of data protection;
  • The rules regarding data subjects’ consent are observed;
  • Opportunities are provided for data subjects to exercise their rights, and their requests are managed effectively;
  • Periodic reviews are carried out to update the policies/procedures related to personal data protection;
  • The principle of data protection by design is respected for all new or significantly modified systems and processes;
  • The following documentation of processing activities is maintained:
  • Record of processing activities – Controller;
  • Record of processing activities – Data Processor.

The above documents are subject to periodic review as part of the overall personal data protection audit carried out by the governing bodies.

  1. Storage of Personal Data

Our general approach is to retain the personal data of our employees, suppliers, clients, and contractors, as well as of third parties, for the minimum period necessary – until the purpose for which the data was collected by us or provided by you has been fulfilled, including the period required by applicable law.

  1. Security of Your Personal Data

We take reasonable physical, technical, and administrative security measures designed to protect your personal data against loss, misuse, alteration, destruction, or damage, in accordance with the requirements of our national legislation.

You also play an important role in safeguarding the security of your personal data and should carefully consider to whom you disclose personal data and how you protect your communications and devices.

  1. Contact Us

If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise any of your rights, please contact the Human Resources Department or send us an email at: hr@act-logistics.com

Анкета

Уважаеми клиенти,

Оценете услугите ни тук!

Виж повече

АКТ ЛОДЖИСТИК
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.