With reference to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or “GDPR”), enforced onto the territories of all Member States on the 25th of May 2018,Philly Vibe AD has the capacity of ADMINISTRATOR of the data of its employees, contractors, contractors under civil contracts, customers and other individuals whose data is being processed and stored by the Company.
“Data” is any information which directly identifies or is capable of identifying an individual.
“Data subject”is an individual who can be identified directly or indirectly by an identification/name, identification number, location data, online identification or feature(s) specific for the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity.
Philly Vibe AD keeps registers related to the subjects’ data which is processed and stored within appropriate terms. The Company has developed appropriate policies and internal rules and has undertaken the necessary technical and organizational measures to guarantee the protection of data of its customers, employees, contractors and other individuals- data subjects.
Philly Vibe AD complies with the GDPR (Regulation (EU) 2016/679) and shall process data of data subjects only under the terms and conditions enlisted in the GDPR.
According to GDPR the grounds for data processing are:
Data are processed only in relation to specific purpose and when the latter is completed or it drops off, the administrator shall not have the right to keep data. The data have to be stored for the shortest time period possible. This period has to be adjusted with the reasons for which the administrator processes data, as well as with all legal obligations for data processing for a certain time frame (for example national labor and tax laws or laws for fight against fraud which require from the administrator to store the data of its employees for a certain time period, duration of the product’s warranty etc.).
Philly Vibe AD complies with the rights of data subjects, enlisted in GDPR regarding personal data protection and precisely: right of information- during the individuals’(data subjects) data collection they have to be explicitly informed at least of: who the data administrator shall be; for what purpose shall their data be used; categories of personal date; legal grounds of their data processing; for how long shall the data be kept; who else can obtain them; whether their data shall be transferred to a recipient outside EU; the data subjects have to be informed of their right to obtain a copy of the data (personal data access right); right to correct the data; right to delete (right to be forgotten); right of objection before the administrator, right of the subjects to file a complaint with the Supervising authority (the Commission for personal data protection) when they consider that their rights are violated; right to withdraw their consent at any time ; right to request “human interference” in the event of automatic decision making; right to object against data processing through video surveillance; right to object against direct marketing.
Manner of exercising the data subjects’ rights:
(i) When you reckon that your data are not correct, as in this case the limitation is for a term during which the administrator shall verify the accuracy of the data;
(ii) When the data processing is unlawful however you do not wish for the data to be deleted, but rather their usage to be limited;
(iii) When the administrator does not need your data anymore for the purpose of the processing, but you, as a data subject, require the data to establish, exercise or protect legal claims;
(iv) When you have objected to the processing upon expecting a verification whether the legal grounds of the administrator have advantage over your interests.
For the purpose, if one of the conditions listed in this Section C) is present, you should file a request in free form (you can use blanks from the administrator; please, turn to the Data protection officer enlisted in the present declaration), addressed to the Data protection officer of the administrator. If the administrator refuses to limit your data, he has to do so explicitly and in written form, by relying on the legitimate reason for the refusal.
4) Right to request your data to be deleted without necessary delay i.e. the administrator shall erase your data from all systems and records where they are stored, and is to notify all third parties/data administrators to whom he has provided the data.
Request for deletion can be filed on the following grounds:
(i) Personal data are no longer necessary for the purposes for which they were collected.
(ii) When you have withdrawn your consent;
(iii) When you have objected to the processing when the latter is unlawful;
(iv) When the data have to be deleted for the purpose of preserving a legal obligation under EU law or the law of a Member State which is applicable to the administrator;
(v) When the data have been collected in relation to providing services to the information society.
For the purpose you have to file a request in free form (you can use blanks from the administrator; please, turn to the Data protection officer enlisted in the present declaration), addressed to the Data protection officer of the administrator at the enlisted contact details.
The administrator may refuse to delete the data on the following grounds:
A) Exercising the right of free speech and the right of information;
B) Compliance with a legal obligation by the administrator or for completion of a task of public interest, or exercising official powers which are provided to the administrator;
C) Reasons of public interest in thefield of public health;
D) For the purpose of archiving in public interest, for scientific or historical researches or for statistical purposes, as far as there is probability for the deletion to make impossible or to severely threaten the achievement of the processing’s purposes; or to establish, exercise or protect a legal.
If the administrator refuses to delete the data, he has to explain the reasons for that by notifying you of your right to file a complaint with the Supervising authority (Commission for personal data protection).
5) Right to object to data processing at any time. The objection should be addressed to the administrator at the enlisted contact details. The objection should include the grounds related to your case, on the basis of which you object to the processing. Your right to oppose to direct marketing is absolute (i.e. you do not need to point out grounds for the objection) After receiving the objection, the administrator shall terminate the data processing unless convincing legal grounds for the processing are provided which have advantage before your interests or to exercise legal claims. If the administrator overrules the objection he has to explain the reasons behind the decision by informing you of your right to file a complaint with the Supervising authority (Commission for personal data protection).
6) Right to complain against data processing or non-compliance with the rights of subjects with relation to data protection before the competent supervising authority. Contact details of the supervising authority: Commission for personal data protection: City of Sofia 1592, Blvd. Prof. Tsvetan Lazarov №2, https://www.cpdp.bg.
7) When there is a risk of data security breach, the administrator is obliged to notify of the nature of the breach and what measures were taken to eliminate it, as well as whether the Supervising authority had been notified.
Upon each data processing Philly Vibe AD provides to the subjects clear and detailed messages (under the form of Privacy Declarations) which contain information regarding what purpose, for what term and in what way the Company collects and processes their personal data; all details of the administrator and the Data protection officer appointed by him; contact details of the administrator; other recipients to whom personal data is revealed; the rights of the subjects and the practical means for their exercise. It is stated that he data shall be collected for specific and legal purposes and shall not be processed by means which are incompatible with these reasons.
On the website www.pizzalab.bgyou can find hyperlinks to Facebook, Instagram, and Youtube. If you are using Facebook, we kindly ask you to have in mind that the data administrator outside USA or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If the user clicks on the Facebook button at our website the social network keeps this information which links the personal Facebook profile of the user. The guidance for personal data protection is published at https://facebook.com/about/privacy.
YouTube is property of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA and is subsidiary of Google Inc. During a download of video content, YouTube and Google obtain information which specific subpage has been visited by the user, as this information is being associated with the according profile in YouTube.The provisions of YouTube for data protection can be found athttps://www.google.com/intl/bg/policies/privacy/.
If you are using Instagram, more information related to data protection can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy. Instagram is property of Instagram LLC, 1 Hacker Way 14, Menlo Park, California, USA.
For protection of the data subjects and to guarantee the security of personal data Philly Vibe AD has implemented appropriate technical and organizational measures.
In the event of personal data breach, the administrator Philly Vibe shall make a specific risk assessment and in specified by GDPR cases shall inform of the breach the Commission for personal data protection, as well as the data subject.
Any information related to their rights or other matters related to personal data protection, can be obtained by the subjects upon reaching the Data protection officer appointed by Philly Vibe AD via the following contact details: firstname.lastname@example.org, registered address: City of Sofia, Blvd. Tsarigradsko Shose № 115з, The Mall, level 2, Pizza Lab.
Contact details of the Commission for personal data protection: City of Sofia 1592, Blvd. Prof. Tsvetan Lazarov №2, https://www.cpdp.bg.