Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or Regulation (EU) 2016/679) shall apply from 25 May 2018 within the territory of the European Union (EU) and the European Economic Area (EEA), including the territory of the Republic of Bulgaria. The Regulation extends and further develops the legal framework affecting natural persons in the EU and EEA while underlining the importance of data protection in the context of a modern information society where data exchange is a continuous process on which the normal functioning of this society is based, and introduces new increased requirements for the processing of personal data.
RESTAURANT ESTE EOOD, entered into the Company Register and the Register of Non-profit Legal Entities at the Registry Agency under Company ID 201482830, having its head office and registered address at 3A, Nikolay Haytov Str., Izgrev District, Sofia Municipality, Sofia 1113, Tel.: + 359 2 868 54 71, fax: + 359 2 868 72 96 (RESTAURANT ESTE), is a personal data controller and, as such, it complies strictly with the requirements for processing and security of personal data, it does not share nor disclose personal data and information in any unauthorized manner, it guarantees the security of the collected personal data and information and guarantees also the provision of transparent information, communication and conditions for the exercise of the data subjects’ rights.
RESTAURANT ESTE collects, stores and processes otherwise the following basic categories of personal data:
- nationality and/or citizenship;
- identity documents data;
- bank account and bank card data;
- contact data;
- IP addresses, cookies;
- other information
from the following categories of data subjects, including but not limited to:
- staff – in relation with any employment, personal service and/or other managerial contract;
- counterparties with which contracts and/or agreements have already been or will be concluded;
- clients and other persons who have started written correspondence with RESTAURANT ESTE or have submitted to them documents containing their personal and/or someone else’s personal data, and other persons authorized by the personal data controller and/or persons who have already established contact with them;
- website and software application users.
Data may be obtained directly from the data subjects they pertain to, and/or from other sources, whereas all or part of these data is necessary to fulfill the lawful and/or contractual obligations of the data controller, data is provided to other persons only in the cases provided for in a legal act and/or on another legitimate basis, appropriate organizational and technical measures for their processing have been put in place and data is kept for no longer than the period required to protect the legitimate interest of the data controller.
While processing personal data, RESTAURANT ESTE complies with the following principles, namely that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1) of Regulation (EU) 2016/679, not be considered to be incompatible with the initial purposes (“purpose limitation”);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of Regulation (EU) 2016/679, subject to implementation of the appropriate technical and organisational measures required by Regulation (EU) 2016/679 in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”), and
- evidences shall be kept as to the fulfillment of the obligations of RESTAURANT ESTE arising out of the effective privacy laws.
RESTAURANT ESTE hereby informs you that, in accordance with the provisions of the applicable privacy laws, you, as a data subject, have the right to be informed about issues related to the processing of your personal data, you have the right to access to your personal data, right to correct and supplement the personal data collected or provided by you, including by adding a statement, the right to erase your personal data processed by RESTAURANT ESTE (“right to be forgotten”), right to restrict the processing of your personal data, right to portability of your personal data, right to object to the processing of your personal data and rights related to the automated individual decision-making, including profiling. RESTAURANT ESTE shall assists the data subject in exercising his/her rights.
If you believe that your personal data is being processed in violation of the provisions of Regulation (EU) 2016/679 and/or the applicable national privacy laws, you, as a data subject, are entitled to lodge a complaint to a supervising authority, which in Bulgaria is the Commission for the Protection of Personal Data (CPDP), whose contact details are as follows: address: 2, Prof. Tzvetan Lazarov Blvd., Sofia 1592; GPS coordinates: N 42.668839; E 23.377495; Information and Contact Center – Tel.: 02/91-53-518; Reception – working hours: 9:00 – 17:30; E-mail: firstname.lastname@example.org; Internet site: www.cpdp.bg and/or to the competent court.