Skip To Content

PROTECTION OF PERSONAL DATA

“HOME2U BULGARIA” AD (“the Company”, “Administrator”, “We”) recognizes the need to apply adequate protection of the personal data of data subjects (“You”, “Your”, “You”, “Your”), striving to respect the privacy of your personal life. This Privacy Policy (“the Policy”) has been created to help you understand how We collect, use and protect your personal data, including when you agree to use Our website.

For the purposes of its activity as an intermediary in real estate transactions, the Company processes your personal data in strict compliance with Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR), the Personal Data Protection Act and other applicable regulations and the Policy.

According to the General Data Protection Regulation:

“Personal data” means any information related to a natural person or a natural person who can be directly or indirectly identified (“data subject”).

“Processing” means any operation or set of operations performed on personal data or sets of personal data by automated or other means.

“Controller” means the natural or legal person, public authority, agency or other structure which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other structure which processes personal data on behalf of the controller;

“Recipient” means a natural or legal person, public authority, agency or other structure to whom personal data are disclosed, whether a third party or not.

This Policy provides information on:

Data identifying the Administrator and contact details

Data subjects whose personal data are processed

Categories of personal data

Purposes for which personal data are processed

Legal basis for processing personal data

Recipients of personal data

Retention periods for personal data

Rights of data subjects and how to exercise them

Consent and withdrawal of consent

Right to file a complaint with the supervisory authority

Measures to secure personal data

Data identifying the Administrator and contact details

The personal data controller is “HOME2U BULGARIA” AD with an address: Varna, Odesos district, 81 Vladislav Varnenchik Blvd., 8th floor, office 23, email: admin@home2u.bg; website – www.home2u.bg; tel./fax: 0883521553

Categories of personal data

The Company processes the following categories of personal data, while observing their accuracy:

· Full name, personal identification number, date and place of birth, ID card number and date of issue, address, phone number, email address, bank account, income, photos, marital status, comments;

· Personal data contained in the CV and L-1 Visa;

· Special category of personal data related to the health status of the Company’s employees.

Data subjects whose personal data are processed

The Administrator processes personal data of the following categories of data subjects:

· Clients;

· Personnel – current and former employees;

· Job applicants;

· Applicants, petitioners, complainants and plaintiffs;

· Partners.

Purposes for which personal data are processed

When you provide personal data to the Company through one of the contact forms, We may contact you to make you proposals or to provide services in which you have shown interest. The Administrator also processes personal data for the following purposes:

· For providing consulting services in the field of real estate;

· Fulfillment of the requirements of labor and social security legislation with respect to employees;

· For conclusion of contracts;

· Fulfillment of the Company’s legal obligations under the Accounting Act, tax legislation, the Law on Measures against Money Laundering and other laws that require the Administrator to process personal data in the field of real estate transactions;

· Marketing and advertising information;

· Maintenance and security of the Company’s website and information systems;

· Protection of the Administrator’s legitimate interests.

Legal basis for processing personal data

The Company processes personal data on the basis of the following lawful grounds:

· the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

· processing is necessary for the performance of a contract to which the data subject is a party or for the taking of steps at the request of the data subject prior to entering into a contract;

· processing is necessary for compliance with a legal obligation to which the controller is subject;

· processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

We process special categories of personal data based on the following grounds:

· For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee.

Recipients of personal data

We may share your personal data with the following categories of recipients:

· State institutions and authorities with administrative powers, including but not limited to the State Agency for National Security, the National Revenue Agency, the National Social Security Institute, notaries and others;

· Commercial companies providing accounting services, IT systems security maintenance, website maintenance, translation agencies and others to the Administrator;

· Our partners who provide consulting services in real estate transactions.

The Company implements appropriate technical and organizational measures to ensure the rights and freedoms of data subjects in accordance with the principle of “integrity and confidentiality”. In particular, the Administrator selects appropriate recipients who have taken the necessary safeguards to protect the personal data provided to them and, in view of the existing risks, ensure the appropriate level of security, including where appropriate:

· pseudonymization and encryption of personal data;

· the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

· the ability to timely restore the availability and access to personal data in the event of a physical or technical incident;

· a process of regular testing, assessment and evaluation of the effectiveness of technical and organizational measures to ensure the security of the processing.

The Administrator does not transfer the personal data provided by the data subjects to third parties outside the European Union. The transfer of personal data in this case can only be carried out after the Company has previously notified the data subject in writing and the reason for the transfer.

Retention periods for personal data

“HOME2U BULGARIA” AD stores your personal data in paper and electronic form in accordance with the principle of “storage limitation”. Specifically, for the purposes described above, the Company will retain:

· The personal data of clients is stored for a period of 5 (five) years from the completion of the respective contract in accordance with the general statute of limitations;

· The personal data of job applicants who were not approved for employment in a vacancy announced by the Company for a period of 1 (one) year from the completion of the recruitment procedure, after which they are returned to the data subject or destroyed in an appropriate manner. Personal data may be stored for a longer period for the purpose of sending notifications about new job positions only with the explicit consent of the data subject in electronic or written form;

· The personal data of employees in accordance with the deadlines set in accordance with the Labor Code and the regulations applicable to it, the Social Security Code and the regulations applicable to it, the Tax and Social Insurance Procedure Code, the Accounting Act and others;

· The personal data of data subjects given on the basis of consent is stored for a period of 1 (one) year from its receipt by the Administrator. In this case, the Company takes the necessary measures to notify the data subjects of this circumstance, providing them with the opportunity to give their consent again for a period of 1 (one) year;

· The personal data contained in accounting documents are stored within the following deadlines:

– payrolls – 50 (fifty) years, starting from January 1 of the reporting period following the reporting period to which they relate;

– accounting registers and financial statements, including documents for tax control, audit and subsequent financial inspections – 10 (ten) years, starting from January 1 of the reporting period following the reporting period to which they relate;

– all other accounting information carriers – 3 (three) years, starting from January 1 of the reporting period following the reporting period to which they relate.

Rights of data subjects and how to exercise them

Data subjects whose data is processed by the Administrator have:

· Right of access to personal data, including to obtain a copy of them. This right can be exercised by submitting an access request for information or by filling out a form on the premises of the Company;

· Right to rectification of inaccurate or incomplete personal data by submitting an application by email or filling out a form on the premises of the Administrator;

· Right to erasure (right to be forgotten) of their personal data by submitting an application or by filling out the necessary form on the premises;

· Right to restriction of processing, which can be exercised by submitting an application or on paper at the Company’s office;

· Right to data portability, which they can exercise by submitting an application or on the premises of the Company and filling out the necessary form;

· Right to object which can be exercised by submitting an application or by filling out the relevant form on paper on the premises.

Responses to requests for the exercise of rights are received on the premises of the Company after the applicant provides an ID card for reference. The Company is in the process of building a system that will provide the ability to send a response electronically through traffic encryption.

Giving consent and withdrawal of consent

We may request consent from data subjects to process personal data for one or more of the purposes we have stated. Consent must be freely given, specific, informed and unambiguous indication of the data subject’s wishes.

Consent can be withdrawn at any time in the same way it was given. Consent can be withdrawn by submitting a form or in person at the Company’s office.

Right to file a complaint with the supervisory authority

In accordance with the General Data Protection Regulation and the Personal Data Protection Act, data subjects have the right to file a complaint with the Commission for Personal Data Protection at the address: Sofia, 2 Prof. Tsvetan Lazarov Blvd., or through the website: www.cpdp.bg.

Measures to secure personal data

The Administrator takes the necessary measures to secure personal data. All paper documents containing personal data are stored in locked cabinets in the Company’s offices, with only authorized persons having access to them. The Administrator’s premises have installed alarm systems that help limit unauthorized access to the data.

Access to the Company’s information systems is done through unique user accounts and passwords for each employee. The staff undergo training immediately after being hired and fully comply with the confidentiality rules, with a prohibition on sharing personal data with unauthorized persons.