Personal Data Protection Policy
ITAL FOOD ("the Company" or "We") treats its obligations under the General Data Protection Regulation (Regulation (EU) 2016/679) and, respectively, the Bulgarian legislation, quite seriously and puts in a great deal of effort to meet the applicable standards and establish good practices for personal data processing. The competent leading regulatory body regarding personal data protection, processed by ITAL FOOD is the Commission for Personal Data Protection of the Republic of Bulgaria.
- Controller: The organization or the natural person setting the purposes and means for personal data processing.
- Processor: The organization or the natural person processing personal data on the part of the controller.
- Data subject: An identified or identifiable living natural person.
- Personal data: Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person shall mean a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Special categories of personal data: Any personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
- Processing: Any operation or set of operations which is performed on personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Third party shall mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct guidance of the controller or processor, are authorised to process personal data.
- Personal data breach shall mean an action/ circumstance, leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Personal data protection
The General Data Protection Regulation ("GDPR") will be applied in the EU Member States from 25 May 2018. ITAL FOOD is making its business activity compliant with GDPR and the data protection principles outlined in the European and national legislation.
ITAL FOOD ensures that the personal data processed by it will be:
- processed legally, in good faith and transparently, regarding natural persons
- collected for specific, expressly stated and legitimate purposes and will not be further processed in a way inconsistent with these purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and if required maintained up-to-date
- stored in a form enabling data subject identification, for a period not longer than the one relevant to the purposes for which the personal data are processed
- processed in a way ensuring an adequate level of personal data security
The natural persons – data subjects have the following rights regarding their personal data:
- right to information (this right is established through provision of explicit and easily comprehensible privacy notices, explaining the purposes for which we use your personal data, as well as your rights related to the processing of personal data)
- right of access to the personal data being processed and to information concerning their processing
- right to have personal data rectified, where they are inaccurate or incomplete
- right to restriction of processing under the conditions stipulated in the law
- right to erasure of personal data, where there is no ground for proceeding of the data processing
- right to data portability of your data between different controllers (such as between different service providers)
- right to object to certain personal data operations, such as direct marketing
- the right not to be subject to decisions having considerable influence on you, which have been taken solely using automated means
- right to separation of the personal data processing consent
- right to complaint lodging to the to the competent supervisory authority
Six lawful bases for personal data processing are set out in the GDPR:
- the data subject has provided his/ her informed consent for personal data processing for a specific purpose
- processing is required for entering into or execution of a contract with the data subject
- data processing is required for the fulfilment of a legal obligation
- processing is required for the protection of vitally important interests of the data subjects or another natural person
- processing is required for the performance of a task carried out in the public interest
- processing is required for purposes related to the legitimate interests of the controller or a third party, except in the cases where this interest is dominated by the basic rights and freedoms of the data subject
Personal data processed by ITAL FOOD
Personal data include not only facts but also opinions/ assessments expressed in relation to a specific natural person. Personal data processed by ITAL FOOD may be conditionally divided into four categories:
- Staff and associates of ITAL FOOD, job applicants and former employees;
- Natural persons who are customers of ITAL FOOD under purchase and sale agreements for finished products, etc.;
- Natural persons (such as lawyers, auditors, other independent consultants) and representatives, contact persons, employees of customers, partners and goods suppliers / service providers, with which ITAL FOOD has or is considering beginning contractual or factual relationships (such as a customers’ legal representative – legal persons, providers of transport and freight forwarding services, providers of telecommunication services, software and/or hardware solutions and infrastructure).
- Visitors to the website of ITAL FOOD and the official websites in the social networks, for instance Facebook and Instagram
- Participants in games/ raffles/ campaigns organized by ITAL FOOD on our websites, on official websites of ITAL FOOD on Facebook and Instagram or through partners – marketing agencies
- Visitors to facilities owned or rented by ITAL FOOD
Employees, associates, job applicants: ITAL FOOD processes personal data, including special categories of personal data related to an employment contract or a contract for services, data of job applicants. Generally ITAL FOOD processes such data for the purpose of preparing and carrying out of employment or other type of contracts, as well as to fulfil its legal obligations as an employer.
Natural persons – individual customers: ITAL FOOD processes data of natural persons – individual customers under purchase and sale agreements. We may process the data of our customers or counterparties – natural persons based on the necessity for carrying out the contract concluded with them, sending of offers, current rates and related information, everyday communication regarding orders and deliveries; for fulfilment of legal obligations, as well as based on your consent voluntarily granted upon establishing contact with us.
For further information, please, read the Privacy Notice of ITAL FOOD towards customers - natural persons using this link.
Representatives, contact persons and employees of customers, partners and suppliers of ITAL FOOD – usually we receive your personal data from your employer or from you personally, whenever we need to prepare, conclude or execute a contract with it or establish a commercial relationships. For instance, you might be appointed as a legal representative or a contact person in a contract or business correspondence in relation to the conclusion, execution or termination of a contract, making an offer, settlement of commercial disputes which have arisen and other.
Visitors in the buildings of ITAL FOOD – in case of visits to the office spaces, production facilities and common areas of the company, for the purpose of ensuring the security of our property and the bodily integrity of our employees, as well as access control, there are technical devices in place, which will register your visit.
Sharing of personal data
Usually ITAL FOOD maintains complete confidentiality regarding your personal data and does not disclose them to any third parties.
Occasionally „ITAL FOOD“ may share the personal data of its employees or the representatives of its customers, partners, couriers, carriers, contractors or suppliers with state authorities, as well as with other natural or legal persons – such as providers of software and/ or hardware solutions or infrastructure, with outside consultants in relation to the establishing and exercising of rights, based on a legal obligation or with regard to its legitimate interest, depending on the particular situation. Such disclosure of data is possible only if there is a justifiable reason therefor and if an adequate level of protection is ensured, including through written arrangements with third parties, to which the personal data are disclosed, whenever possible.
Special categories of personal data
ITAL FOOD does not process any sensitive personal data of its customers – natural persons or of employees/ representatives of customers, partners and suppliers, visitors to the websites and the social network websites.
Personal data storage
ITAL FOOD stores different types of personal data both electronically and on hard copies, which data are contained in different documents, for a firmly fixed period of time. The set periods for data storage always comply with the purposes for which the personal data are processed. These periods are set out in the Policy for document storage and destruction of ITAL FOOD.
Exercising of the rights of the data subjects
If requests for the exercising of the rights of the data subjects have been submitted, ITAL FOOD establishes communication with the natural person in a short, transparent, comprehensible and easily accessible form, using intelligible and plain language, especially where underage persons are concerned.
Where the rights of the data subjects are being exercised ITAL FOOD is obligated to duly identify the natural person in order to avoid the risk of unauthorized access to personal data.
Information concerning the actions taken by ITAL FOOD in response to the request submitted for the exercise of rights, shall be provided to the natural persons, without any undue delay and usually within one month from receipt of the request.
All the information related to the exercise of the rights of the data subjects is provided by ITAL FOOD free of charge, except in the cases where the requests are apparently unfounded or excessive.
Further information concerning your rights related to the processing of personal data by ITAL FOOD is provided in our Data Subjects Rights Policy.
Personal data security
- ITAL FOOD protects the collected personal data from unreasoned use and sees to their processing.
- ITAL FOOD maintains secure computer systems for the personal data protection. Adequate control mechanisms for data separation and data management are employed in our systems
- ITAL FOOD has strict policies and procedures applicable to its staff, for minimizing the risks of personal data processing.
- The employees of ITAL FOOD are aware of the applicable rules and are trained to process personal data by exercising the utmost care and by observing the good practices.
- In conducting its business ITAL FOOD works only with acknowledged organizations and avoids working with companies which it considers that might pose hazards to personal data security.
- ITAL FOOD adopts good practices for the introduction and administration of security systems and keeps up with technology regarding possible risks to the security of the information in the company.
- ITAL FOOD observes the security of computer systems and personal data contained therein, including the possibilities for access to certain personal data by its employees.
- ITAL FOOD provides access only to those personal data necessary for the performance of the duties of the respective employee.
Personal data breach
ITAL FOOD has adopted procedures for effective establishing, reporting and investigating personal data breaches. In case of personal data breach ITAL FOOD will take immediate measures to limit the effect of the breach and to inform the affected data subjects and the regulatory body in charge of personal data protection.
ITAL FOOD will update, in a timely manner, by changing and complementing this policy, at all times in the future, whenever necessitated by the statutory provisions or other circumstances.
If you wish to receive further information concerning the processing of personal data carried out by ITAL FOOD or if you have any questions or complaints regarding this privacy notice, or regarding the ways in which and purposes for which we use your personal data, please contact us or our data protection officer at:
For ITAL FOOD: Bulgaria, the town of Shumen 10, Trakiyska Str., email: [email protected]
You may contact our data protection officer at: [email protected]