Personal Data Protection Policy

Sirona TEK EOOD, UIC: 202504143, with address: Sofia, Todor Kableshkov Boulevard №55 A, 7th floor, VAT № BG202504143, telephone: 0889 55 00 20, herein referred to as “The Administrator”, applies the current General Conditions in the commercial relations with its Customers.

As a personal data administrator, Sirona TEK EOOD collects and processes specific information about natural persons.

The current personal data protection policy settles the method of the collection, the processing and the storage of the data so that the whole process complies with the standards in the Administrator’s organization and with the requirements of the law.

I. Legal basis

The current Personal Data Protection Policy is issued on the basis of the Personal Data Protection Act and the General Data Protection Regulation (EU) 2016/679 (GDPR).

The Bulgarian legislation and GDPR define rules under which the organizations, including Sirona TEK EOOD, have to collect, process and store personal data. Those rules are applied by the Administrator whether it is about data being processed electronically, on paper or in any other way.

The Administrator  takes the precautions necessary, so that the personal data being processed is not a subject of illegal disclosure. The Administrator of personal data is aware of and follows the principles of the GDPR:

– the personal data is processed in accordance with the law, in good faith and transparently. The user gives their consent for the processing of the personal data provided by him, voluntary via putting the respective mark aiming to send a request from the contact form, created on the website.

– the personal data is collected for specific, explicitly indicated and legitimate purposes and are not to be processed in any other way that does not comply with those purposes. The processing of personal date with advertising and marketing purposes happens only with the voluntary consent of the user, if the user has explicitly stated their wish, via the contact form, to receive offers and promotions, and this may terminated at any time, if the user has informed Sirona TEK EOOD of that.

– the personal data is suitable, connected to and limited to the necessary in connection to the purposes for the data being processed. In order to send a request via the contact form on the site, the customer fills in their names, telephone and e-mail address.

– each user is obligated to check for the accuracy of the personal data, that they provide, and in case it is needed to send a notification for an alteration occurring in some of the personal data, provided by them.

– the personal data is stored in a form, that allows the identification of the individuals concerned, for a period no longer from the one necessary for the purposes for which the date is being processed. Sirona TEK EOOD stores your personal data for a period no longer than the one necessary. The data of the users, who have sent a request via the contact form on the website, are kept for 1 month starting from the day the request had been sent, thus aiming to keep the additional communication between Sirona TEK EOOD and its customers possible, if one is needed. The date of the users, who have made an order request for a specific product or for the performance of a given service via the contact form on the website, are kept for period no longer than the execution of the order and the service and no longer than the warranty period of the product/the service. The period of data storage may be prolonged having in mind the closure of the engagements, concerning the contract on behalf of one side or the other, bur for a period no longer than the one necessary for that;

– the personal data is processed in a way, that guarantees an appropriate level of security of the personal data, including protection against prohibited and unlawful processing and against accidental loss, destruction or damage, where the appropriate technical and organizational measures are being applied.

II. Purposes of the Policy

The current policy aims for the Administrator to:

– be in compliance with the applicable legislation in regards to the personal data and to follow the established good practices;
– to establish mechanism for keeping and protecting the reporting registers;
– to establish the obligations of the officers, who process personal data and/or the those of the individuals who have access to personal data and work under the leadership of the people – processors of personal data, to establish their responsibility in cases of failure to fulfill these obligations;
– to protect the rights of the personnel, the customers and the partners;
– to be transparent about how they store and protect the personal data of the natural persons;
– to establish the necessary technical and organizational measures for the protection of the personal data from unlawful processing (accidental or illegal destruction, accidental loss, unlawful access, amendment or disclosure, as well as any other illegal types of personal data processing);

III. Coverage

The current Personal Data Protection Policy is applicable in regards to the processing of personal data of employees, managers, customers, suppliers, contractors, business contacts and other natural persons, which the Administrator is related to, wants to establish business contact with or are users of the site of

IV. Personal data collection

The current Personal Data Protection Policy is applicable in regards to the processing of personal data of employees, managers, customers, suppliers, contractors, business contacts and other natural persons, which the Administrator is related to, wants to establish business contact with or are users of the site of

Purpose of the data collection

The Administrator collects personal date in connection to the pursuance of the following objectives:

  1. For the performance of activities, connected to a response to a request, for signing, existing, amendment and termination of contractual legal relationships, including for:

– preparation of all kinds of documents;
– for establishing a contract with the contact person via telephone, e-mail or via any other legitimate way;
– for a response to a request, sent via the contact form on the website in connection to the provided by Sirona TEK EOOD products and/or services;
– for accounting in connection to the performance of contracts, to which the Administrator is a party;
– for processing payments in relation to the contracts, signed by the Administrator;
– for sending important information to the subjects in connection to amendments of the rules, the conditions and the policies of the Administrator and/or other administrative information;

  1. For marketing purposes – after receiving an explicit consent from the personal data subjects;
  2. For purposes of the statistics.

Data collection

The personal data for each individual is provided voluntary by the individuals themselves and is collected by the Administrator in the process of execution of the legislative obligation, in connection to a response to a request sent via the contact form, to the conclusion of a contract and/or fulfillment of obligations under an already signed contract, in accordance with the regulations of the Commercial Law, The Law on Accounting, The Obligations and the Contacts Act, the Law on VAT etc., and the conditions, pointed in the trade contract with the respective client via: paper – written documents (including letters of attorney, contracts, garnishee massages, bank information, etc.), via e-mail – provided in connection to the performance of a trade contract.

V. Personal data processing

Personal data processing is every operation or set of operations, which are performed in relation to personal data, by automatic or non-automatic means, such as collecting, registering, organizing, storing, adjusting or amending, withdrawing, consulting, using, disclosure to third parties for submission, dissemination or other type, adjoining, blocking, erasing or destruction.

The Administrator collects and uses the personal data, so that he understands better the needs and the interests of the customers, thus to offer better service. In addition to the information, that the customers provide, may also collect information during the session of the user on the website via instruments for automatic data collection, which include cookies.

The data and the personal information, provided by the users, is used by Sirona TEK EOOD for managing orders, for delivering products and services, for processing of payments, for communication with users regarding orders, products, services and promotional offers.

The information, that Sirona TEK EOOD collects to understand the needs and the interests of their customers, helps for making the visitation of each user on the website consistent and personalized. For example, the Administrator could use the personal data of the user to:

  • Inform about products or services;
  • To provide services and maintenance;
  • To notify for new services or other benefits;
  • To provide personalized promotional offers.

The types of data that the users provide via the designed for the website contact form are: name, telephone number, e-mail address.

We deeply value the personal space of our customers. All data, necessary for sending a request via the contact form on the website is confidential and is not provided to third parties. The data may be provided, if lawfully requested by the police, the prosecutor’s office or the investigative authorities.

VI. Violations. Informing for violations

Data security breach appears when the personal data that Sirona TEK EOOD is responsible for, has been affected by a security incident, as a result from which the confidentiality, the presence and the completeness of the personal data is harmed. In this sense, data harm occurs when there is a security breach, leading to incident or illegal destruction, loss, alteration, illegal data disposal, which is transferred, stored or processed in another way.

In case of a personal data security breach, which may result in a risk for the rights and the freedoms of the natural persons, the Administrator (via the respective officer), without due delay and when this is able to happen – no later than 72 hours after becoming aware of the situation, informs the Personal Data Protection Committee of the infringement.

The administrator documenters every personal data security breach, including the facts, related to the breach and the consequences and the actions undertaken to cope with it.

VII. Destruction

The accounting and the commercial information, as well as all other data and documents of meaning for the taxation and the mandatory insurance installments, are stored by the Administrator within the following periods:

– salary payrolls – 50 years;
– accounting registers and financial reports – 10 years;
– documents for taxation and insurance control – 5 years after the expiration of the limitation period for repayment of the public obligation, that the documents are related to;
– all other bearers – 5 years.

After the expiration of the period for their storage, the information bearers (paper or technical ones), which are not a subject of submission to the National Archives Foundation, may be destroyed.

After the expiration of the period for their storage, the data is destroyed as quickly as possible by destroying the paper bearers via shredding and the technical one – via obliteration and erasure of the respective files from the computers of the Company.

VIII. Additional provisions

Within the meaning of the current internal rules:

  • 1. “Personal data administrator” is “Sirona ТЕК” ЕООD , with UIC 202504143.
  • 2. If the abovementioned conditions become subjects of an amendment or supplement, they will be published on the current page, without notice. After their publications, the customers are considered automatically aware of them.

Please, check our Personal Data Protection Policy section regularly!

Publishing date: 21.05.2018