PERSONAL DATA PROTECTION
The Administration of the President of the Republic of Bulgaria is tasked with implementing personal data protection guarantees. Personal data protection is regulated under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as under other legal acts of the European Union and under the legislation in its Member States.
Information presented when collecting personal data from the data subject or another source (information as per Art. 13 & 14 of the General Data Protection Regulation)
1. Data Controller information and contact details
The Controller of personal data processed during or in relation to the activity of the President and Vice President of the Republic is the Administration of the President of the Republic of Bulgaria.
The Data Controller’s contact details, as per your preferred method, are as follows:
- 1123 Sofia, 2, Dondukov Blvd., Chancery Directorate – you may send your requests for exercising rights to this address.
- You may personally submit your requests for exercising rights to the same address from Monday to Thursday between 10.00 AM and 12.00 PM and 2.30 PM and 5:00 PM.
- You may also undertake the aforementioned actions by sending your requests via fax at +359 (02) 9804484 /central office/ or via email at firstname.lastname@example.org.
2. Data Protection Officer contact details
A Data Protection Officer has been assigned at the Administration of the President by an order of the Secretary General, establishing the contact details, namely: Nevin Feti, Legal Adviser to the President of the Republic of Bulgaria, phone number: 9239 395, email email@example.com
3. Personal data categories, purposes and grounds for processing by the Administration of the President of the Republic of Bulgaria
The Administration of the President processes personal data for achieving the following goals, reflecting also the grounds for their processing:
3.1. Exercising the rights of the President of the Republic and abiding by legal obligations arising for the data controller (as per Art. 6, Para 1, item (c) and (e) of the General Data Processing Regulation)
For this purpose, the personal data is processed of natural persons approaching the President, Vice President, Secretaries, Advisers, Structural Bodies and Officers at the Administration of the President with petitions, complaints, proposals and other requests for their individualisation. Considering the nature of the request, this is data related to the physical identity, economic identity, data related to convictions and/or data regarding health status. Using data about the respective persons is for official purposes only, such as contacting them on the phone, sending correspondence regarding a petition, complaint or request, etc.
3.2. Initiatives of the President and the Vice President for charitable causes, encouraging donations, scientific initiatives and other similar goals of social importance for the development of Bulgarian society and stats (as per Article 6, Para 1, Item „?“ and Article 9, Para 2 Item „?“ GDPR)
For that purpose, personal data is processed of persons who express their free, specific, informed and unequivocal consent for this processing. In view of the initiative that is data regarding physical, cultural or social identity, as well as data regarding health status. Use of personal data is for the purpose of achieving the goals of the initiative, for sending correspondence, and for informing the public about the results of it.
3.3. HR management and financial accounting (as per Article 6, Para 1, Item “c“ and Article 9, Para 2, Item „b“ GDPR)
For that purpose, personal data is processed of job applicants, members of staff of the Administration of the President, as well as of natural persons contracting the latter. The processed categories of data include data about physical, social, family and economic identity, criminal record, as well as data on the health status of the persons. Use of personal data is for compliance with the legal obligations regarding the contractual relations with the persons and for financial accounting.
Personal data is not reused for non-compatible goals. Processing is only for the purposes for which data is collected, as well as for their archiving in the interest of the public, for scientific and historical research and statistical purposes.
4. Categories of recipients of personal data outside the Administration of the President of the Republic of Bulgaria
The Administration of the President discloses personal data to third parties and recipients only if there are legal grounds for the latter to receive it. The categories of recipients of personal data are determined for each specific case, depending on the legal grounds for them to receive it, which can be as follows:
- state bodies in conjunction with their powers (for instance the National Revenue Agency, the National Social Insurance Institute, the Council of Ministers, line ministries etc.);
- banks for the purpose of payment of due remuneration to the members of staff of the Administration of the President;
- for postal and courier services when sending correspondence to natural persons.
The Administration of the President does not disclose personal data for the purposes of direct marketing.
5. Data storage period
The administration of the President applies the storage limitation principle and stores personal data for a period of time which is appropriate for the purpose the data is processed for, whereby its scientific historical or reference importance is also taken into consideration. The storage period depends on the type of data.
The Decrees of the President and Vice President are kept for a period of 20 years and then transferred for storage at the Central State Archives as per Article 46 of the National Archives Fund Act. Documents regarding employment relations are defined as due for storage for 50 years. Documents of temporary significance for operations or reference have a period of storage of 1, 3, 5 or 10 years according to the File-Naming Register for files subject to safekeeping for certain periods of time.
6. Rights of the natural persons
GDPR provides for the following rights of natural persons regarding personal data processing:
- Right of access to personal data related to the person, which is processed by the controller;
- Right to rectification of incorrect or incomplete personal data;
- Right to erasure (“right to be forgotten“) of personal data which is processed illegally or with expired legal grounds (expired storage period, withdrawn consent, completed initial purpose, for which it has been collected, etc.);
- Right to restrict processing in the case of legal dispute between the controller and the natural person until the dispute is resolved and/or for establishing, exercising or defending legal claims;
- Right to data portability when personal data is processed automatically, based on agreement or contract. For that purpose data is submitted in a structured, widely used and machine readable format;
- Right to object at any time and based on considerations related to the specific situation of the person, provided no conclusive legal grounds exist for processing, that prevail over the interests, rights and freedoms of the data subject, or litigation;
- Right of the data subject not to be subjected of fully automated decision making, including profiling, which creates legal consequences for them or affects them in a significant manner.
You can exercise the rights derived from the GDPR by a written or e-application to the controller of personal data. In the application, you should state your name, address and other data for your identification as data subject, and describe what your request is about, your preferred way of communication and action on your request. You have to sign your request, write the date of submission and the address for correspondence with you.
7. Right to complain to the Commission for Protection of Personal Data or to the court
If you believe that your rights as per GDPR are infringed, you have the right to file a complaint with the Commission for Protection of Personal Data or with the court.
8. Absence of automated individual decision-making including profiling
The Administration of the President does not apply automated individual decision-making including profiling.
9. Transfer of personal data to third countries or international organizations
The Administration of the President does not transfer personal data to third countries or international organisations.
10. Importance of submitted personal data
In the majority of cases when the Administration of the President processes your personal data, it is a compulsory requirement for performing our official powers and legal obligations. Nondisclosure of your personal data in those cases prevents us from the ability to take action on your requests submitted anonymously.
We process your personal data with your consent when you freely decide whether to take part in announced initiatives of the President and the Vice President of the Republic. In those cases, you have the right to withdraw your consent at any time. Withdrawal of consent results in termination of your participation in the respective initiative, due to cancellation of the possibility for further processing of your personal data If the initiative is related to receiving financial support and you have received it, we will keep your personal data for the purpose of financial accounting required according to the rules of the initiative.
11. Sources from which we receive personal data
Personal data processed by the Administration of the President is submitted by the respective natural persons, as well as other persons as provided by law, which is contained in their applications, proposals, complaints, requests, etc., or in documents submitted by public authorities.
The cookies used on the website of Google Analytics collect statistical data in an anonymous manner for the purpose of analysis, without identifying the visitors individually. You can learn more about the cookies generated by Google Analytics here.
If you use a link that redirects you to another website, that website will have its own cookies and security policies, over which we have no control.
13. Log files
The website of the Administration of the President collects data in log files. This information comprises the IP address, browser used (e.g. Mozzilla, IE, Chrome etc.), operating system (Linux, Windows, iOS), when the website was visited, and the pages visited. The use of user IP addresses for disclosing their identity is only in cases necessary for compliance with the law.