Personal data protection policy,
applied by the management company Plesio Computers JSC
This Privacy Policy (The “Policy”) aims to provide the data subjects whose personal data Plesio Computers JSC processes in a clear and comprehensible manner.
• about Plesio Computers JSC in its capacity of personal data administrator;
• Personal data of which persons (data subjects) are processed by Plesio Computers JSC;
• What personal data does Plesio Computers JSC process;
• The grounds on which the processing of personal data by Plesio Computers JSC is based and the purposes for which such processing is carried out;
• Is the provision of personal data mandatory and in which cases;
• What is the processing of personal data carried out by Plesio Computers JSC;
• To which persons and in which cases Plesio Computers JSC may disclose personal data;
• What is the term of storage of the personal data that Plesio Computers JSC processes;
• What rights do data subjects have in relation to their personal data processed by Plesio Computers JSC, and how these rights can be exercised;
• How Plesio Computers JSC guarantees the security of the processed personal data.
The policy does not contain a comprehensive description of the measures and procedures applied by Plesio Computers JSC in order to fulfill its obligations in relation to the processing of personal data, but summarizes only the basic aspects in connection with the processing for the purposes of informing data subjects, including in relation to the possibility of exercising the rights conferred on them in that capacity.
Who is the administrator of personal data
Administrator of your personal data is Plesio Computers JSC, UIC 131262158, with registered office and address of management: Sofia 1000, str. Angel Kanchev 5,(the "Company"), represented by Giannis Saroulidis.
As the controller of your personal data, the Company and its employees should, to the highest extend, guarantee your rights and legitimate interests arising from the personal data protection legislation.
Contact with the Company in connection with the processing of personal data, as well as in order to exercise your rights as a data subject can be made at the specified address of management, as well as on tel. 080018200 and e-mail info@plesio.bg.
Persons whose personal data the Company processes
As a management company, employer and legal entity, the Company enters into relations with various persons, on the occasion and in the implementation of which it receives and processes personal data of various categories of individuals (data subjects).
Employees and other persons working for the Company, job candidates, members of the Board of Directors, shareholders, their representatives and owners
In order to function, the Company needs both appropriate management and employees to ensure the implementation of its activities. In this regard, the Company establishes relationships with different categories of persons and processes their personal data accordingly. These are the members of its board of directors, employees of the Company (and persons carrying out activities under a civil contract with the Company) and candidates for employment in the Company. If you fall into any of these categories (now or in the past, provided that the deadlines for storing of the relevant data have not expired), the Company processes your personal data.
Exceptionally, the Company processes personal data of other persons on the basis of their connection with its employees - data of persons provided by employees of the Company (and persons equated in this respect) with a view to the use certain rights granted by the employment and insurance legislation (in connection with the use of certain types of leave, protection against dismissal, etc.).
Insofar as the Company is backed by certain persons - its shareholders, the Company processes personal data of such persons, their representatives and beneficial owners, in order to exercise shareholder rights and fulfill an administrative obligation in connection with the establishment of actual ownership of the Company.
Customers (including potential), shareholders, their representatives and owners
The main category of persons with whom the Company enters into relations are its clients and potential clients - persons to whom the Company provides (or will potentially provide) services within the framework of its license. Clients in this sense are clients under contracts for purchase and sale of units / shares under collective investment schemes managed by the Company (mutual funds or investment companies), clients under portfolio management contracts, clients under investment consulting contracts, personalized collective investment schemes and national investment funds under contracts for management of the activity, as well as clients under contracts for other services, which the Company may provide under the owned license.
When these customers are individuals, the Company processes their personal data. In addition, the Company processes personal data of the legal representatives of its clients (individuals and legal entities), proxies - individuals, legal representatives of proxies - legal entities, beneficial owners. If you fall into any of these categories, the Company processes your personal data. In addition, the Company also processes personal data of persons who are prominent political figures and with whom a client, potential customer or actual owner of such is connected in accordance with the Anti-Money Laundering Measures Act.
Providers
In connection with the services provided to customers, the Company enters into relationships with various service providers - both engaged by it and suppliers to its customers. Such service providers are mainly depository institutions (safekeeping financial instruments issued by the Company's collective investment undertakings or owned by its clients), depositories of the Company's collective investment undertakings, investment intermediaries to which the Company submits orders for transactions with financial instruments of clients, providers of market and financial information, software, telecommunication services and others. In case you are a legal representative of such provider or its authorized person in connection with its relations with the Company, as well as an employee responsible for any aspect of this person's relations with the Company, the Company processes your personal data.
Officials in the administration of supervisory authorities
The activity of the Company is subject to supervision by various state bodies, incl. Financial Supervision Commission, State Agency for National Security, National Revenue Agency, Executive Agency "General Labor Inspectorate", Commission for Personal Data Protection. When these bodies carry out their supervisory activity towards the Company, the Company may receive personal data of the employees who carry out this activity (inspectors, document compilers, etc.).
Users of the Company's website
In case you visit the website of the Company, you provide your personal data as users of this page and accordingly the Company processes the same.
Personal data, processed by the Company
Personal data is any specific information, concerning you through which your identity can be established. For example, such information is your name, address, financial information and others.
Depending on the relationship in which the Company processes your personal data, this may be data in one or more of the following categories.
Data on physical identity - names, Personal Identification Number or other number, address, data from an identity document (a copy of an identity document is processed in connection with the establishment of relations with customers according to the applicable requirements), contact data, online identifiers address), data from audio recordings and video recording. As a data subject, whose personal data the Company processes, the subject of such processing may be all or part of this data, and the specific type of data is determined by the relationship in which the Company processes your personal data. For example, if you are a customer of the Company, the Company processes all of the specified data (possibly with the exception of the online identifier, if you do not use the Company's website, respectively audio and video recording), if you are a representative provider, the Company probably processes most of the specified data (depending on the relationship, provided to it in relation to the supplier, with the above exceptions), if you are an employee of a supervisory authority on the Company's website (and you have no other relationship with it), the Company processes data about your online identifier.
Data on health condition - The Company processes personal data in this category only in
connection with relations with its employees and on occasion of the exercise of their employment and insurance rights.
Data on social identity - education, professional experience, qualification, criminal record,
imposed measures for administrative coercion, membership in a professional organization. The company processes personal data of this category only in connection with relations with its employees (or candidates for the position), insofar as such data are necessary for the assessment of compliance with the requirements for holding the position, regarding the members of its board of directors (and candidates for such), as well as in connection with relations to client relationships of the Company under contracts for trust management and investment consulting in connection with the assessment of suitability of the provided service and the categorization of the client (data on criminal record and imposed coercive measures on clients are not processed).
Data on family identity - marital status and relationships. The company processes personal
data of this category in connection with relations with its employees, insofar as the provision of these data is carried out in connection with the exercise of rights under labor or social security legislation. In connection with its relations with clients and potential clients, the Company processes data on family relationships and in cases when a client, potential client or actual owner of a client is a related person with a prominent political figure for the purposes of implementing anti-money laundering measures.
Data on economic identity - The Company processes data in this category in connection with
relations with its clients (data on financial condition, origin of funds, commercial, professional or other business relations with persons who are prominent political figures, tax registration, bank account,
results of the activity performed for the client) in connection with the assessment of the suitability of the provided service, for the purposes of counteracting money laundering and in view of the fulfillment
of the obligations in the provision of services, the categorization of the client. The company exceptionally processes such data in connection with persons working for it (bank account for the purposes of payment of remuneration, data in connection with the declaration and establishment of conflicts of interest).
Data on behavior and preferences - investment goals, risk profile, transactions with financial instruments, data from Internet activity (visited pages, visited sections of the Company's website, time of visit, searches made, etc.), marketing data (models of behavior , preferences, satisfaction with the services provided, etc.). The Company processes data from the specified category in connection with customer relations (investment objectives, risk profile, transactions, marketing data, data from Internet activity, when the customer uses functionalities on the Company's website in connection with the services provided), users of its website (data from internet activity), employees of the company (data for internet activity as a result of the monitoring of the implementation of the assigned activity).
Special categories of personal data - The Company does not process special categories of
(sensitive) personal data, including personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification of an individual, data on sexual life or sexual orientation), as the only category of sensitive personal data that the Company may process are those on the health of the data subject that the Company receives in order to fulfill its obligations as an employer.
Data provided by the data subject and data of third parties
As a rule, the Company processes personal data provided by the respective data subject. In these cases, you as a data subject are aware of the data you provide for processing (e.g. data provided by you as a customer of the Company in connection with the conclusion and execution of the service contract). The Company accepts that the received personal data as a result of audio recordings, made with your knowledge, (the clients of the Company should keep in mind that such recordings are made in order to certify the realized communication), video recording (if you are a person operating for the Company or visiting its office for other reason, e.g. as a customer, you should keep in mind that the Company may take video recordings in order to ensure the security of the premises in which it operates and / or to verify the implementation of the activity), recording of electronic communication (if you communicate with the Company in this way, you should keep in mind that the Company records and stores electronically exchanged information), data on the behavior of the data subject on the Company's website (for users of the website) or through devices of the Company ( e.g. a computer provided to an employee) are provided by the data subject. Data provided by the subject are also considered to be the data that are generated in the course of fulfillment of obligations assigned to the Company (e.g. data on the formed portfolio of a client in the course of execution of a concluded contract).
Exceptionally, the Company may process personal data provided by a person other than the data subject - in cases where the Company is obliged to process personal data in order to fulfill regulatory obligations (e.g. in order to establish the actual owner of a client) and / or exercising the rights of data subjects (e.g. when providing data by an employee to a person, in relation to whom the employee enjoys certain rights).
In some cases, the Company may also process data, received from public sources (mainly when conducting customer inspections for the purpose of counteracting money laundering).
Personal data of minors
The Company does not process personal data of minors, except in cases when such data are provided by their legal representatives for the purpose of providing services by the Company to such persons, for the purpose of using employment or insurance rights by entitled persons– employees of the Company, as well as when this is necessary in order to fulfill a regulatory obligation.
Basis and objectives of processing
Basis for processing personal data
The company processes personal data only if there are any of the following reasons:
- fulfillment of a legal obligation of the Company, requiring processing of personal data (for
example, identification of a potential client, collection of information about clients related to the client -prominent political figures, establishment of requirements for holding a position, etc.);
- performance of a contract or performance of actions at the request of the data subject before (in view of) the conclusion of a contract;
- consent of the data subject to the processing of personal data for specific purposes (e.g. for the processing of data for marketing purposes, including for the purpose of sending marketing messages);
- ensuring the legitimate interests of the Company or third parties (unless the interests or fundamental rights and freedoms of the data subject take precedence).
At present, the Company does not process and does not consider that it could be processed personal data on any other permitted by applicable legislation.
The basis for processing is assessed in connection with the collection of each specific type of personal data depending on the relations in connection with which these data are collected, as well as in view of the admissible actions for the processing of the data thus collected.
The processing of personal data without justification is illegal. In case the Company establishes that there are no grounds for processing personal data of a specific type and / or for a specific data subject, it shall immediately terminate the processing of such personal data by deleting / destroying the same.
Purposes of personal data processing
The Company processes personal data in view of one or more of the following purposes:
- Providing the necessary human resources for the implementation of the Company's activities
and its management - recruitment of employees, other persons carrying out activities under contract with the Company, development and incentives for employees, including providing the necessary training, determining of remuneration and bonuses, checking performance, termination of relations, performance of obligations under applicable labor and social security legislation;
- Concluding and executing contracts with clients - collecting the necessary data for the purpose
of concluding a contract: identification data, data in connection with the provision of the service (data necessary for categorization and assessment of suitability, ensuring execution in accordance with the client's goals and interests ), data on the origin of funds and relationships (for the purpose of counteracting money laundering), data on determining the tax status of clients, data on correspondence with clients, as well as other data in order to meet specific regulatory requirements, and collection of data in the course of the performance of the contract, including for the purpose of proving performance in accordance with the applicable contractual and regulatory requirements;
- Concluding contracts with suppliers of the Company and ensuring appropriate communication
and implementation in connection with relations with suppliers of the Company or customers -data collection in order to establish proper representation, ensuring unimpeded communication and timely and accurate execution;
- Ensuring physical security and proving proper performance - performing video surveillance and
recording, audio recordings and recordings of electronic communication;
- Improving the quality of the provided services and the marketing strategy - collecting data from
clients and users on the Company's website;
- Accounting and regulatory reporting - collection of relevant data from persons working for the
Company, customers and contractors;
- Compliance with regulatory requirements - data collection for the beneficial owner, data
collection when establishing relationships with customers.
Voluntary provision of personal data
For the purposes of establishing and realizing the relations in which it participates, the Company may require the provision of various categories of personal data. An insignificant part of these data is required only on the initiative of the Company in view of its interests, as the main part of the required personal data should be provided on the basis of a legal requirement or with a view to concluding or executing a contract, and without the relevant details the Company may be unable to conclude or fulfill obligations under a contract already concluded with you.
In case of a job’s applicant refusal to provide personal data in connection with the identification or data in order to establish compliance with the requirements for holding the position (criminal record, qualification, etc., when required), the Company will not be able to assess the candidate, as well as to ensure the fulfillment of its administrative obligations (e.g. for registration of the contract, notification to the regulator) and accordingly a contract with such a candidate will not be concluded. The lack of contact details, the provision of which is not mandatory but is required by the Company, on the other hand, is not an obstacle to concluding a contract, but in reality, such may not be reached, although only because the Company does not have opportunity to contact a candidate.
In case of non-provision by a potential client of specific data, allowing his identification, fulfillment of the obligations of the Company in relation to the legislation regulating its services (e.g. in case of non-provision of information, required for the assessment of the appropriateness of the service) or for the prevention of money laundering (e.g. refusal to provide information on the origin of funds), the Company has no right to enter into a contract and provide services to such a person.
The refusal of a potential supplier of the Company to provide data on the identification of the representatives does not allow the Company to establish relations with such a supplier. On the other hand, not giving contact details (of the Company's supplier or customer) may hinder or impede the implementation of the relationship with such provider.
The provision of data on the shareholders of the Company and their beneficial owners is necessary in order to register the property and accordingly meet the requirements, applicable to the Company for disclosure to its owners.
The users of the Company's website may choose not to collect and subsequently process the data provided in connection with the visits to this page by the Company, without interfering with the use of its website.
How the Company processes personal data
The first and obligatory stage of the processing of your personal data is their collection by the Company. The company collects personal data mainly when they are provided by data subjects, and may exceptionally receive personal data from third parties or from public sources.
The personal data collected by the Company can subsequently be processed in different ways, through different operations and sets of operations, incl. be recorded (in the course of their collection, e.g. when recording a telephone conversation or behavior on the Internet, or subsequently, e.g. in order to create an archival copy of information), arranged, organized or structured in a certain way (including in order to facilitate of their access and retrieval if necessary, their processing for marketing purposes, etc.), modified (in case of inaccurate, incomplete or outdated data), disclosure (in case of transmission or provision of access), their use in another way.
The final stage of the processing of personal data is their deletion (for data stored on electronic media) or destruction (in respect of physical media).
Regardless of the type of personal data processing it performs, the Company subordinates the performed actions to the following principles:
- Processes personal data only in the presence of any of the above reasons;
- Takes due care of the lawful processing of personal data, while ensuring your rights as a data
subject, including by providing you with the information due in this regard;
- Processes personal data for the purposes specified in this Policy or for specific purposes
explicitly shared with you (including in a specific notification, in accordance with the specifics of the relationship and the processed personal data), or for purposes for which you have provided your consent;
- Strives to limit the processed data to a minimum in view of the purposes for which the
Company processes this data;
- Maintain and update the data processed, including by carrying out the necessary checks,
comparisons, requesting additional information and updating data in case;
- When your personal data is no longer needed, the Company deletes / destroys them or
anonymizes them so that they do not allow the establishment of your identity;
- Takes the necessary measures to protect the processed personal data.
Recipients of personal data
Your personal data may be disclosed to a certain category of recipients, but strictly compliance with the requirements of personal data protection legislation and to the extent necessary to achieve these objectives.
Depending on the specific relations in connection with which the Company processes your personal data, the latter may be disclosed in the following categories of recipients:
- Employees of the Company in compliance with the principle of "need to know" and insofar as
this is necessary in order to fulfill their obligations and carry out the activities of the Company;
- Counterparties that have committed to confidentiality in compliance with legal or contractual
obligations in compliance with applicable data protection legislation, including:
• persons providing postal and courier services;
• persons providing accounting and auditing services;
• persons providing information and telecommunication services;
• persons providing legal and other external consulting services in various fields.
- Bodies, institutions and persons in respect of which the Company is obliged to provide
personal data under the applicable legislation (Financial Supervision Commission, Central Depositors, State Agency for National Security, National Revenue Agency, National Social Security Institute, Commission for protection of personal data and other DPC (Data Protection Commission);
- Banks, insofar as it is necessary for the payment of due fees and payments in connection with
contracts with customers.
The company does not disclose your personal data to persons established outside Member States (outside the EU and the EEA).
In cases where the Company provides your personal data for processing to a third party outside the structure of the Company, on behalf and on behalf of the Company, the Company enters into a special contract with this person, which applies specific requirements guaranteeing the personal data provided.
Terms of storage of personal data
The company provides your personal data only for the period necessary to achieve the purpose for which they were collected.
After achieving the goal, the Company terminates the processing of data and, exceptionally, stores them until the final settlement of all financial relations, in the presence of reasonable legitimate interest and / or expiration of the statutory deadlines provided by applicable law: Markets in Financial Instruments Act and the activity of collective investment schemes and other collective investment undertakings (e.g. 5 years for customer relationship information), Delegated Regulation (EU) 2017/565,
Anti-Money Laundering Measures Act, Accounting Act, Tax and Social Security Procedure Code , The Commercial Law, the Law on Value Added Tax, the Law on Obligations and Contracts and other laws, which provide for a minimum term for storage or exercise of legal claims.
Other documents with personal data, for which no minimum normative term for storage is provided, shall be stored until the expiration of the limitation periods set out in the Obligations and Contracts Act for the submission of legal claims (three or five years depending on the type of claim) in view of the legitimate interest of the Company in establishing, claiming and defending legal claims, as well as providing the necessary documents to clarify the legal dispute, respectively in short terms, when such are provided in the current legislation (e.g. to for reporting against the Company for discrimination).
Data on user behavior on the Internet is stored for the period of validity of the respective “cookie”.
Your rights as a data subject
As a data subject, you have certain rights, provided in the legislation for personal data protection related to the processing of personal data by the Company, as follows:
Right of access
You have the right to request information and a copy of your personal data from the Company and the right to access your personal data at any time.
Right of correction
You have the right to request correction of your personal data in case they are not accurate, up-to-date or incomplete.
Right of portability
You have the right to request your personal data in a form convenient for transferring to another data controller, or to ask us to do so.
It is important to keep in mind that this right applies only when:
• The processing is based on your consent or in connection with the performance of a contract;
• Processing is performed by automated means;
Right to be deleted ("right to be forgotten")
You have the right to ask the Company for your personal data to be deleted.
It is important to keep in mind that this right is only applicable when any of the following grounds exist:
• your personal data is no longer needed for the purposes for which it was collected;
• withdraw the consent that you have previously given for the processing of your personal data and there is no other legal basis for their processing;
• object to the processing of your personal data for the purposes of direct marketing;
• object to the processing of your personal data for the legitimate interests of the Company and there are no legal grounds for the processing to take precedence;
• your personal data is not processed lawfully;
• Your personal data must be deleted in order to comply with the law.
Right to limit processing
You have the right to ask the Company to restrict the processing of your personal data, in which case the data will only be stored, but not otherwise processed.
It is important to keep in mind that this right is only applicable when any of the following grounds exist:
• you do not consider that the personal data processed by the Company are accurate and up-to-date;
• personal data is not processed lawfully, but instead of deleting, you want to limit their processing;
• The Company no longer needs your personal data for the purposes for which we collected them, but you require the data for the purpose of establishing, exercising or defending legal claims;
• You have objected to the processing of your personal data and you are awaiting confirmation as to whether your interests in connection with such an objection take precedence over the legitimate grounds for the processing of your data.
Withdrawal of consent
You have the right to withdraw your consent to the processing of your personal data at any time with a separate request addressed to the Company, if your data is processed only on the basis of consent (e.g. data processed for marketing purposes).
Right to object
You have the right to object to certain types of processing, such as direct marketing (including unsolicited advertising).
The right not to be subject to automated decision making
You have the right to object to automated processing, including profiling, based on a legitimate interest.
Automated decision- making means that certain decisions are made automatically without human intervention.
If this is provided and necessary for the purposes of execution of a contract concluded with a client and / or with the consent of the client, provided personal data may be used for automated decision -making, for which purpose the Company will provide the client with relevant information in each case.
Right to appeal to the supervisory authority
In case you believe that the Company does not process your personal data lawfully, please contact us at the above contact details to clarify the issue.
However, you have the right to lodge a complaint directly with the Data Protection Commission, as well as the right to judicial protection.
The address for filing a complaint to the Commission for Personal Data Protection is: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2, telephone number: 02/9153594, e-mail: kzld@cpdp.bg, website: www.cpdp.bg
Additional information
It is important to know that the specific conditions and procedure for exercising your rights related to the protection of your personal data are regulated in detail in the General Data Protection Regulation and the Bulgarian Personal Data Protection Act. The company will provide the necessary assistance to exercise the rights granted to you by law.
Exercise of rights
The request to exercise your right should be addressed to the contact specified in this Policy.
The Company provides, including publishing on its website, a request form for the exercise of the data subject's rights.
The Company does not collect fees for exercising the rights granted to you as a data subject. However, please note that where your requests are manifestly unfounded or excessive, in particular because of their repetition, the Company may charge a fee commensurate with the administrative costs of providing the information or communication or taking the requested action, or refuse to take action on the request.
The Company will make reasonable efforts to grant your request within 30 days of receipt, and if necessary and in view of the complexity and number of requests, that period may be extended by a further two months.
The Company may request specific information to help it verify your identity and respect your right to access information (or any of your other rights). This is an appropriate additional security measure to ensure that your personal data is not disclosed to persons who are not entitled to receive it.
Ensuring the security and protection of the processed personal data
The Company strives to ensure the protection and security of your personal data by providing appropriate technical and organizational measures for personal data protection. The Company has adopted and implemented rules and procedures for personal data protection, which aim to protect your personal data from unauthorized access and improper use, including rules for access to premises and media, security of information systems and protecting information, including encryption, training of employees and taking on confidentiality obligations and others.
If you would like additional information about how the company handles your personal data or have any questions relating to the operation and application of this Notice of transparency in the processing of personal data of job applicants, you may contact the Company at the contacts mentioned in this Policy.