General Data Protection Regulation

Intelligent Systems Bulgaria takes responsibility to ensure the security of personal data, which it collects and processes in a lawful, conscientious and transparent manner with respect to the data subject.

Personal data is any information that relates to an identified or identifiable living individual which can be identified (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The managing of the personal data security complies with the Data Protection Act, its secondary legislation and Regulation (EC) 2016/679 – GDPR, through the Embedded Information Security Management System certified according to the international standard ISO 27001: 2013.

Data that we collect

Intelligent Systems Bulgaria processes data base only when it is lawful and only if and to the extent that at least one of the following purposes is applicable:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In relation to the above conditions, Intelligent Systems Bulgaria collects information from the following individuals external to the company:

  • Data subjects who has shown interest into our products and services (name, company, position, phone number and e-mail):
    • Personal data in our firm web site for access marketing materials, demo versions, chat, contact forms, and more;
    • Personal data when subscribing for a newsletter.
    • Personal data contained in inquiries directly sent by e-mail.
  • Job applicants (contact information education, training and professional experience) through:
    • CV provided through web-based job finding platforms;
    • CV sent directly to e-mail;
    • CV submitted through the company web site using the appropriate form;
    • LinkedIn profile.
  • Data subjects in their role of employees of legal entity – contractors of Intelligent Systems in connection with the implementation of the contractual relations.

 

Information Collected Automatically

Automatic data processing, when necessary, is done using methods that do not have a data retrieval algorithm for a person, a subject of personal data, based on the output summary information resulting from the automatic processing.

When you use the web site of Intelligent Systems Bulgaria we collect information about domain/internet address (IP) from which the web site is used; browser type and system, time and date of the visit; search results and other similar parameters. This information is used only in general type without processing data for specific individuals, data subject and it is not provide to third parties.

The use of “cookies”

We use “cookies” to improve the site content and to provide you with more targeted messages. A “cookie” saves a small text file in your web browser for a given period of time. Thus, we can follow visitors’ site activities such as sections visited, location, etc.

A cookie is a very small file that is downloaded to your device when you visit. It helps to provide information about the subject behavior so it can customize the mode of operation. Intelligent Systems Bulgaria uses “cookies” only after prior notice and consent from the user.

What “cookies” do we use?
You can opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en

How do you block/delete “cookies”?
Some Internet browsers accept “cookies” automatically. You can delete or block all “cookies” stored on your device anytime, despite the default browser settings. Find out more how to do that in the “Help” section of your browser menu or by visiting http://www.allaboutcookies.org

Please, have in mind that if you decide to delete or block “cookies” from isystems-group.com, you might not use some site functionality or be prevented from further receiving interesting content.

 

Data that we process

Intelligent Systems Bulgaria process personal data from the administrator’s (client’s) name only after written agreement between the parties. These data include:

  • Test/demo client’s data and also a real data which are installed in our client’s systems;
  • Access data for hosting;
  • Remote access data for client’s environments.

 

How we use your personal data

1. For what purposes we process data

For the purposes of the marketing:

  • To send certain information which we consider is useful, including marketing communications;
  • To contact you by phone or e-mail about your interest in our products and services;
  • To personalize our content and advertising you see in our web sites and apps in Internet;

Newsletter and marketing communications are sent after recipient’s agreement. You can opt out in every message you receive.

For job applicants

The collected data during the searching for a specialist for our vacant positions or in cases of received CV which is sent directly to our e-mail is used only for the purposes of recruiting and hiring an employee for Intelligent Systems’ needs.

Interaction with Contractors

As part of the fulfillment of obligations under concluded contracts with clients Intelligent Systems Bulgaria processes the following data: Contact data which is retained in the firm’s systems and project documents;

  • Employee’s personal data with access to HelpDesk system;
  • Microsoft Customer Source/ Office 365 accounts.

2. For what purposes we retain and process personal data? – Intelligent Systems Bulgaria retains and processes the personal data in its capacity of administrator or processor only for the purposes for which it was initially collected, including the purposes related to contract management, human resources management, marketing, development/implementation and maintenance software products.

3. How we retain and process personal data? – Personal data is retained and processed in accordance to the implemented information security management system certified according to the international standard ISO 27001:2013 and in accordance with Ordinance № 1 of 30 January 2013 on the minimum level for technical and organizational measures and the type of protection allowed of personal data.

4. How long do we retain your personal data?

  • Intelligent Systems Bulgaria retains collected personal data for the needs of the marketing only for the time that it is relevant
  • Job applicant‘s personal data is retained for a period not longer than one year.
  • Counteragent employee’s personal data is retained for the period during which a claim may be made in relation to our dealings with you.
  • Personal data that is provide to process by data administrator is retained only for the contract period for which it is processing.

5. When and how do we share your personal data – Intelligent Systems Bulgaria can share personal data when it is allowed by law, in relation with corporate or financial change in Intelligent Systems Bulgaria or linked with it legal entity. Personal data can be shared to protect data subject’s vital interests, Intelligent Systems Bulgaria’s legitimate interests (unless data subject’s interests should be preferred) or when Intelligent Systems Bulgaria decide is necessary to share them because of legal reasons or to respond to legal process or requirements by the competent supervisory authority.

6. Collection of data from persons under 16 years of age – Intelligent Systems Bulgaria does not process personal data from individuals under the age of 18. If we receive that kind of information through some of our communicative channels, we will delete it immediately.

Security of Personal Data

Intelligent Systems Bulgaria maintains a high level of competence and awareness among employees about that how important is to secure the retain and process of personal data which we process in our role as an administrator, as well as in cases where the Company process client’s personal data.

Intelligent Systems Bulgaria makes a contract and/or additional agreements with its clients on the processes in which the company is processing personal data, with subcontractors for the processing of personal data and also with persons to whom is assigns the processing of personal data but who are not subcontractors.

Intelligent Systems Bulgaria make agreements for confidentiality with its employees.
Intelligent Systems Bulgaria maintains registers for the processing of the personal data.
Intelligent Systems Bulgaria has implemented technical measures to protect personal data which includes:

    • Authentication
    • Access management
    • Retain access information
    • Security of the work station
    • Security of the portable information
    • Security of the internal network
    • Server protection
    • Security of the web sites
    • Continuity of services
    • Archive
    • Secure data destruction
    • Secure data exchange with customers
    • Physical security
    • Use of encryption
    • Data anonymization

When there is a risk a particular type of processing to jeopardize the rights and freedom of the individuals, as well as in cases specified by the Commission for the Personal Data Protection of the Republic of Bulgaria, Intelligent Systems Bulgaria makes an assessment of the impact of provided processing operations on the protection of personal data and takes all necessary measures to ensure the security of personal data.

Intelligent Systems Bulgaria documents every violation which is connect with the security of the personal data according to the current procedure for Information Security in project management, including the facts which are related to the personal data breach, its consequences and what actions are taken to handle it in accordance with the incident handling procedures and the improvement of the security of the information and notifies the Commission for Personal Data Protection or the administrator whose personal data is processed about the accident in 72 hours.

Access to information, questions, objections and solving disputes

Every individual, data subject can take advantage of:

  • Right to access: Has the right to receive a conformation if his personal data is processed and if it is so to has access to the collected data which are related with him and to exercise that right to be informed about the processing and to verify his legality.
  • Right to restrict the use of the personal information: To ask from the administrator to restrict processing your personal data when the accuracy of the personal data is disputed, the processing is unlawful or Intelligent Systems Bulgaria does not need anymore your personal data for the purposes of processing, but the data subject does not require his data to be deleted and also when the data subject has compliant against the processing
  • Right to be deleted (right “to be forgotten”): To ask his personal data to be deleted when the personal information is no longer needed for the purposes for which it was collected, there is no lawful reasons to be process or the personal data was illegally process.
  • Right to object: To object to the process of his personal information for marketing purposes (including profiling), no matter if it about initial or further process. The data subject is explicitly informed of the existence of this right which is presented to him in a clear and separate manner from any other information.
  • Right to withdraw: To withdraw his agreement to the processing of his personal information at any time. Withdraw to the agreement does not affect the lawfulness of processing during his initial agreement. The data subject is informed of this before giving his consent.
  • Right to correct: To ask from Intelligent Systems Bulgaria in its role of administrator to correct data subject’s incorrect personal data. Data subject has the right his incomplete personal data to be correct including by adding a declaration.
  • Right to data portability: To receive the personal data which is connect with him and which he has provided to the administrator in a structural, commonly used, and machin-readable format and to transmit this data to another data controller
  • Right to lodge a complaint with a supervisory authority: To lodge a compliant to the Commission for the Personal Data Protection of Republic of Bulgaria if he consider that processing of his personal data is in violation to his lawful rights or to or refer the case to the competent court, as well as obtain compensation for damages.

If you have any question about our privacy practice or if you have questions, demands or worries about your personal information please contact with us through our e-mail: privacy@isystems.bg

Changes to This Privacy Policy

We may change this Privacy Policy to reflect changes in the law or in the regulatory framework.