Visitors

I.

Controller

 

For the processing of your personal data, the controller is Aurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in:

 

            Aurubis Bulgaria

            Industrial Zone

            2070 Pirdop

            Bulgaria

 

Aurubis Bulgaria is represented by Tim Kurth – Executive Director.

                        

II.

Contact information for the Data Protection Officer

 

Data Protection Officer, Security and Risk Management department, Aurubis Bulgaria AD, Industrial zone, 2070 Pirdop

Tel.:        +359 7286 2280

Fax:        + 359 7286 2646

E-mail:   d.temelkova(at)aurubis.com

 

III.

Collection and processing of personal data for visitors in Aurubis Bulgaria

1.

 

 

 

 

 

 

 

 

 

 

 

2.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3.

When issuing an access card, as part of the security and safety measures, review and transfer of the personal data from the identity document is performed, via reader, into the access control system and into the KIOSK system for initial Health & Safety instruction.  The personal data might be  entered manually into the system. We collect and process the following data:

  • Name;
  • Personal identification No or date of birth;
  • Photo;
  • Registration plate No of the vehicle (only in case access with vehicle in needed);
  • Expiration date of the identity document.

 

When visiting Aurubis Bulgaria as a public official and identifying with an official card, as part of the security and safety measures, personal data is entered manually into the access control system. We collect and process the following data:

•           Name;

•           No of the pass;

•           Public institution, issuing the pass;

•           Registration plate No of the vehicle (only in case access with vehicle in needed).

 

In the KIOSK system for initial Health & Safety induction is performed transfer of the following additional personal data from the identity document, via reader:

•           Photo;

•           Expiration date of the identity document.

 

Video Surveillance – on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading.

 

The processing of personal data in p. III (1-3) is necessary for the following purposes:

·         Security management – including but not limited to activities related to access control, video surveillance, ensuring security of the premises, assets and information held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls. The processing of personal data for these purposes is based on the legitimate interests of the company to ensure the safety and security of its assets as well as its employees against any possible risks;

  • Operational management – including but not limited to establishment, implementation and management of the business activities of the company, for example: maintenance and monitoring of the use of internal networks and information systems, exchange of written correspondence or other communication, health and safety management, protection against serious cross – border threats to health. The processing of personal data for these purposes is based on the legitimate interests of the company to manage its material resources and workforce, including providing network and information security in its organization, as well as managing its budget effectively;

·         Compliance with regulatory requirements and settling of legal disputes - including, but not limited to, the processing of personal data in accordance with regulatory requirements (e.g tax, social, health, trade and other applicable legislation). The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations.

 

Personal data entered into the KIOSK system for initial Health & Safety instruction, (e.g. Names, ID date of expiry, photo, № and date of instruction) – is stored for up to 5 years according to Ordinance No. RD-07-2 of December 16, 2009 on the conditions for conducting periodic briefing of employees and the rules for ensuring healthy and safe working conditions.

Personal data entered into the access control system is processed and stored for up to 3 years.

Video records are processed and stored for up to 2 months of creation in compliance with the Private Security services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year.

 

Video records and indicators of body temperature measurements are processed for up to 2 weeks.

 

The grounds for processing the personal data under p. III are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1) (c) of Regulation (EU) 2016/679 and/ or Article 6 (1) (f) of Regulation (EU) 2016/679 and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation with Article 9 (2) (h) of Regulation (EU) 2016/679 and Article 9 (2) (i) of Regulation (EU) 2016/679.

 

IV.

Collection and processing of personal data in other cases

 

In other cases, different than the mention in p. III, personal data is collected and processed only if provided voluntarily, as follows:

 

1.

If data subject contacts us directly, especially electronically, e.g., via e-mail, via our website or by telephone, to order a publication or place a request. In this case, we store and process the following data to the extent that has been provided:

  • title, first name, last name,
  • one or more valid e-mail addresses,
  • address,      
  • telephone number (landline and/or mobile)
  • fax number

 

The processing of the above mentioned personal data serves for the following purposes:

  • in order to be able to identify You as our contact;
  • for correspondence with You;
  • in order to inform You about the products, services, and Aurubis Bulgaria/Aurubis Group companies;
  • for initiating and establishing a contractual relationship with You, if applicable;
  • for invoicing, if applicable.

 

The basis for the storage and processing is Article 6 Paragraph 1(b) GDPR (General Data Protection Regulation) if You contact us in order to enter into a contractual and pre-contractual legal relationship; otherwise, Article 6 Paragraph 1(a) GDPR (General Data Protection Regulation).

 

2.

If data subject is communicating with us while acting in a professional capacity for one of our business partners, we store and process professionally used contact data, as follows:

  • business partner for whom you are working
  • title, first name, last name
  • position in the organization of our business partner
  • one or more valid e-mail addresses
  • address     
  • phone number (landline and/or mobile)
  • fax number

 

The processing of the above mentioned personal data serves for the following purposes:

  • in order to be able to identify You as our contact with our business partner;
  • for business correspondence with You;
  • in order to inform You about the products, services, and Aurubis Group companies;
  • in order to offer You Aurubis Bulgaria’s products and services;
  • to initiate, execute, and terminate contracts in connection with the business relationship;
  • to maintain the business relationship with Aurubis Bulgaria;
  • for invoicing;
  • to fulfill legal obligations, especially for the prevention of fraud and money laundering.

 

The grounds for processing this personal data are based on Regulation (EU) 2016/679 as follows: 1) Article 6 Paragraph 1(b) GDPR (General Data Protection Regulation) and Article 6 Paragraph 1(f) GDPR (General Data Protection Regulation) in order to maintain and conduct the business relationship for the length of the business relationship or until the Aurubis Bulgaria business partner communicates that You are no longer employed by them; 2) In cases when we are obligated to store the data for a longer period of time pursuant to Article 6 Paragraph 1 Sentence 1(c) GDPR (General Data Protection Regulation) due to storage and documentation obligations according to legal tax, commercial regulations and other applicable regulations; 3) In cases when You have submitted consent to a longer storage period pursuant to Article 6 Paragraph 1 Sentence 1(a) GDPR (General Data Protection Regulation).

 

3.

If Aurubis Group companies provide personal data of the type described above to us as allowed for the purposes mentioned above, especially for cases in which You have contacted an affiliated company of ours with an issue that relates to us and not that affiliated company.

 

V.

Provision of personal data to third parties

 

Aurubis Bulgaria AD uses service providers, who process and store personal data ("Personal Data Processors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security company and companies that provide and maintain hosting services and servers. These processors work only on contractual basis with Aurubis Bulgaria AD and store and process personal data according to the company's instructions.

 

If you contact Aurubis Bulgaria regarding issues that concern a company affiliated with Aurubis Bulgaria, in individual cases we will provide this affiliated company with your personal data.

 

If you have entered the premises of the company and subsequently informed us that you have been infected in order to prevent the spread of a pandemic / epidemic disease, this information shall be disclosed to employees of Aurubis Bulgaria AD and employees of contractors who have been in contact with you and respectively may have been infected.

 

Out of these three circumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well as in cases where You submitted consent to provide your data.

 

VI.

Your rights as Data Subject

 

·         Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence, the company will not be able to continue processing this data if it was based on consent.

·         Right to request confirmation whether the company processes personal data, and if so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular, information may be requested about the purposes of processing; categories of personal data; the categories of recipients to whom personal data will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and to lodge a complaint with a supervisory authority; information about the source from which the company have received personal data when it was not collected by the subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed information.

·         Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679).

·         Right to request erasure of the personal data, unless its processing is necessary:

1) For exercising the right of freedom of expression and information;

2) For compliance with a legal obligation;

3) For reasons of public interest;

4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679).

·         Right to request restriction of the processing of the personal data if: contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense of а legal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679).

·         Right to receive the personal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679).

 

When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier.

 

In order to exercise his rights under the above points, the visitor/ data subject must contact the Data Protection Officer designated by Aurubis Bulgaria AD:

 

              Address:                   2070. Pirdop, Industrial zone,

              Tel :                         + 359 886 131 999

              E-mail:                      d.temelkova(at)aurubis.com

 

The visitor/ data subject has the right, under Article 77 of Regulation (EC) 2016/679, to lodge a complaint to the Commission for Personal Data Protection (CPDP) by the ways described in the Commission's website. The contact details of CPDP are:

 

Address:                      1592 Sofia, Prof. Tsvetan Lazarov Blvd. 2

        Fax:                           02 9153525

        E-mail:                        kzld(at)cpdp.bg

 

Aurubis Bulgaria AD will cooperate to CPDP in the handling of such complaints and will comply with all recommendations and/ or instructions issued by the supervisory authority.

The visitor/ data subject has the right to lodge a complaint at Aurubis Group Headquarters by sending an email to dataprotection(at)aurubis.com .

 

VII.

Right to object

 

If the personal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67, the visitor/ data subject has the right to object the processing of these data under Article 21 (1) of Regulation (EC) 2016/679. In this case, the company will not continue the processing of the personal data, unless there are convincing legal grounds for the processing that take precedence over the interests of the data subject, his rights and freedoms or are necessary for the establishment and/ or the defense of legal claims.

 

If the visitor/ data subject wants to use the right to object, it is enough to send an email to d.temelkova(at)aurubis.com

 

 

Font size
Glossary
onoff
Cookies
We only use necessary cookies on this website. Without these cookies, this website wouldn't function. We use no other cookies on this website. Tracking does not take place on this website. Additional information about the necessary cookies is available here.