DATA PROTECTION POLICY (GDPR)
Devnya Cement JSC is a data controller in the meaning of the General Data Protection Regulation . You may contact the Controller at the following address: Industrial zone, Devnya 9160, or on tel: +359 519 92420.
Devnya Cement JSC is committed to comply with any applicable data protection law inclusive but not limited to the General Data Protection Regulation, the Data Protection Act and any by-laws issued on its basis.
Devnya Cement JSC respects the privacy of its employees and counterparties and protects their personal data during processing to the maximum degree.
Devnya Cement JSC has undertaken any necessary organizational and technical measures for personal data protection.
Devnya Cement JSC processes duly collected data only required for particular, specified and lawful purposes:
- Individualization of the subjects of data when they enter into labour and civil relations with the Controller, fulfilment of the Controller’s legal and contractual obligations arising from his capacity of an employer / assignor;
- Entering into and fulfilment of any obligations under contracts signed by the Controller and related to his business;
- Control of the access regime on the Controller’s territory;
- Fulfilment of the Controller’s statutory obligations related to the business carried on by him;
- Other purposes requiring data processing by the Controller where, in any case, the Controller has the obligation to establish the existence of any grounds for processing as per Art. 6 of the .
Any personal details collected and processed by Devnya Cement JSC should be correct and updated if necessary. Personal data is deleted or rectified when it is found incorrect or non-complying with the purposes it is processed for.
Devnya Cement JSC stores and processes any data collected for a period not longer than the one required for the purposes the personal data has been collected for.
Devnya Cement JSC observes the general prohibition on processing special categories of data, such as details revealing racial or ethnical origin, political concepts, religious or philosophical beliefs, syndical membership, as well as processing of genetic data, biometric details exclusively for the purposes of identification of an individual, data of the individual’s health condition or sexual life or sexual orientation. Where Devnya Cement JSC is required to process sensitive data for achieving the purposes of processing, it will be carried out in strict compliance with the legal requirements.
Any subjects, whose data is processed by Devnya Cement JSC, have the following rights:
- Right of information about their personal details processed by Devnya Cement JSC;
- Right of access to their personal details processed by Devnya Cement JSC;
- Right of rectification of incorrect personal details processed by Devnya Cement JSC;
- Right of deletion of personal data („right of being forgotten“);
- Right of restriction of their personal data processing;
- Right of portability of their personal data.
Any rights listed above may be exercised by the subjects of personal data by:
- Sending an application personally or through a proxy to the following e-mail address: . The application should be signed as provided for by the Electronic Document and Electronic Signature Act.
- Sending an application personally or through a proxy to the following address: Industrial zone, Devnya, to the attention of the Legal Counsellor and Data Protection Officer at Devnya Cement JSC.
Devnya Cement JSC may provide personal data if and to the extent necessary for any third parties:
- For achieving the purposes the relevant categories of personal data has been collected for;
- For fulfilling a legal obligation;
- For protection of the rights and safety of Devnya Cement JSC, our employees and counterparties.
Devnya Cement JSC may transfer personal data, if and to the extent necessary, within the economic group of Heidelberg Cement which it belongs to, under internal corporate rules.
Should any subjects’ rights be infringed, each of them is entitled to protection that may be achieved by:
- Referring the matter to the Data Protection Committee;
- Appealing any actions and acts of the Data protection controller to the respective Administrative Court or the Supreme Administrative Court under the general rules of jurisdiction.