Dear Ladies and Gentlemen, Dear Children, Customers of Children's Science Center "Muzeiko", colleagues,
MUZEIKO is cognizant of the importance of the confidentiality and protection of the personal data of all people and undertakes to process such personal data in compliance with the applicable legal requirements and the established standards and principles.
We respect your right to privacy and we have accordingly adopted and published this NOTIFICATION pertaining to your personal data. The NOTIFICATION determines how we collect and process personal information that you have provided, and includes details as to how it will be used. The purpose of this document is to refer to the range of people in the name of whom the Company processes personal data, to inform you, and to guide you with regard to the ways of protecting the personal data you have submitted.
We at MUZEIKO do not use programs for automated processing of your personal data and decision-making, including your profile.
The NOTIFICATION regarding personal data should be read in conjunction with and in addition to the General Terms and Conditions for the use of the services provided by Muzeiko, while in the case of the employees of the company, together with the other documents concerning the working rules.
Please read the current NOTIFICATION carefully!
Muzeiko is a company registered in Bulgaria, with UIC 202772419, with registered office and address of management in Sofia, 3 Prof. Boyan Kamenov St. It has the following website -https://muzeiko.bg/bg, e-mail firstname.lastname@example.org, and tel. 02/902 0000;
Muzeiko is the first Children's Science Center in Bulgaria with over 130 interactive exhibits and a team of over 40 professionals in science communication for children. Muzeiko EOOD is a personal data Controller, determining the purposes and means for the processing of personal data. You can contact our Official responsible for personal data protection at the following e-mail address email@example.com;
The General Data Protection Regulation (GDPR) requires data controllers to provide certain information to individuals about how their personal data is processed. We at Muzeiko fulfil this obligation through this Privacy Notice. The privacy notice contains information about the personal data controller, the contact details for Muzeiko, the Officer responsible for personal data protection and the supervisory body for personal data protection (CPDP). In this Notice, you will find information on the purposes of the processing of personal data, the retention period of the data, the legal grounds for processing and, where applicable, the recipients of the data, the transmission of personal data to third parties, and information on your rights as a subject.
Muzeiko Ltd. Collects, processes and stores personal data in connection with the conclusion and execution of contracts with employees, job candidates, site visitors as well as contractors (customers, partners and suppliers). For your convenience, the Privacy Notice is divided into chapters containing general information as well as those relating to specific categories of entities.
Muzeiko carries out its activities in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Personal Data Protection Act as well as other European and Bulgarian regulations in the field of personal data protection.
Muzeiko Ltd. observes the following principles in the processing of your personal data:
- Legality, good faith and transparency;
- Collection for specific, explicitly stated and legitimate purposes;
- Minimizing the collected data;
- Accuracy and timeliness of data;
- Limitation of the shelf life, in order to achieve the objectives;
- Processing in a way that ensures an appropriate level of security of personal data.
For our personal data processing activities, we rely on the following grounds for their lawful processing:
- the processing is necessary for the observance of a legal obligation, which is applied to the Controller (art. 6, paragraph 1, item c) of the GDPR.
- the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject before the conclusion of a contract (Article 6 (1) (b)) of the DPA);
- the data subject has consented to the processing of his/her personal data for one or more specific purposes (Article 6 (1) (b) (a) of the GDPR);
- processing is necessary for the purposes of the legitimate interests of the Controller (Article 6, paragraph 1, letter f) of the GDPR.
When Muzeiko processes sensitive data, such as health data, we comply with the additional requirements of the GDPR. Thus, when fulfilling goals related to our main function, we process sensitive data when:
- the processing is necessary for the purposes of fulfilling the obligations and exercising the special rights of the controller or of the data subject by virtue of the labour and social security law (Art. 9, paragraph 2, item b) of the GDPR;
- the processing is necessary for the purposes of preventive or occupational medicine, for assessment of the employee's ability to work, medical diagnosis, provision of health or social care or treatment (Article 9, paragraph 2, item h) of the GDPR.
Where necessary, personal data may be shared with one or more third parties, whether or not they are related, in order to process personal information based on appropriate instructions and data protection clauses. Data processing companies can follow instructions related to occupational medicine, training, payroll processing and other activities. They are obliged by contract to apply appropriate technical and organizational security measures in order to protect personal information and process it only in accordance with the instructions received.
Muzeiko takes technical and organizational security measures to protect the administered personal data from manipulation, loss, destruction or access by unauthorized entities. Our security measures are constantly improving in line with new technological developments.
Your rights as data subjects
In connection with your personal data being processed, you have the following rights:
- to access to your personal data;
- of correction or removal of your personal data.
- of limiting their processing.
- objecting to the processing of your data.
- of data portability (in automated processing and only in cases of contract and consent).
In order to exercise any of your rights listed above, please submit the relevant request to the personal data controller, Muzeiko, at the following address: Sofia 1700, 3 Prof. Boyan Kamenov St or by e-mail: firstname.lastname@example.org
The request must meet the minimum legal requirements – to be in writing and contain the following:
- name, address, unique civil number or personal number of a foreigner or other similar identifier, or other identification data of the natural person, determined by the Controller, in connection with the activity performed by him;
- description of the request;
- preferred means of obtaining information in the exercise of rights;
- signature, date of submission of the application and address for correspondence;
- when submitting an application by an authorized person, the power of attorney is to be attached to the application.
Contact details of the person responsible for data protection - e-mail: email@example.com;
You have the right to appeal to the supervisory authority if your rights have been violated during the processing of your personal data. The supervisory body in the Republic of Bulgaria is the Commission for Personal Data Protection, Sofia 1592, 2 Prof. Tsvetan Lazarov St, tel .: +359 2 915 3 518, firstname.lastname@example.org, email@example.com, www.cpdp.bg.
The main purposes of processing the personal data of former and current employees of Muzeiko Ltd. are as follows:
- To ensure the payment of wages and benefits as well as other obligations under the employment contract or in connection with obligations under enforcement proceedings against you.
- To maintain a work record.
- To prepare and provide information to public organizations.
- To issue an employment record book.
- For contact with the employee.
- The legal grounds on which we process your personal data are contractual and for fulfilment of a legal obligation (Art. 6, para. 1, b. “b” and “c”) of the GDPR:
- The data in connection with the employment contract are processed pursuant to Ordinance № 4 of 11.05.1993 on the documents required for concluding an employment contract.
- The data on health in the course of the employment relationship are processed in compliance with the Labour Code, the Health Act as well as the related by-laws.
- For specific positions and specific cases that have arisen over the course of the employment relationship, so that the special requirements of the already listed normative acts as well as of other relevant ones are also fulfilled.
The main categories of data we process for you are:
1. Provided by you and collected in the course of your application for the respective position, which are stored in the employment file that we maintain for you.
2. Data necessary for the conclusion of an employment contract, namely:
- Physical identity - three names, PIN, address, data from the identity document, place of birth;
- Social identity - acquired education, specialty, qualification, legal capacity required for the position, length of service,
- Health data - in the form of a document for medical examination, in cases where the law requires it;
- Contact details – e-mail address, telephone number
3. Information collected over the course of the employment relationship:
- Physical identity – photos;
- Economic identity - insurance income, amount of remuneration, bank account;
- Information related to the existence, change and termination of employment;
- Data on health - information from sick leaves, TEMP, etc.;
- Social identity - education, employment; data on foster children in case of imposed seizure of remuneration;
- Data on existing liabilities - in case of imposed attachment of remuneration;
- Contact details - business phone number, e-mail address;
- Video surveillance data.
Most of the information we have is provided by you personally.
Some of the documents certifying the processed information are accepted only for the purpose of recording the relevant information.
We do not collect copies or originals of documents unless we have a legal basis to do so.
As a rule, we do not provide your data to third parties, except in the cases specified here.
Information about you is provided to third parties, mainly public authorities, in connection with the requirements of the labour legislation in the Republic of Bulgaria. Recipients of information can be: the General Labor Inspectorate, NRA, NSSI, Employment Agency, bailiffs, the Ministry of Interior Affairs or others.
As a rule, we do not provide your data to third parties, except in the cases specified here. Information about you is provided when making business trips only with the objective of fulfilling the contract concluded with you. When handing over data, Muzeiko will check whether there is adequate protection of personal data in the country where the transfer is taking place. In the absence of a decision of the European Commission on the existence of an adequate level of protection, Muzeiko will transfer personal data to a third country or international organization only if appropriate guarantees, the applicable rights of data subjects, and effective remedies are provided. In the absence of one of the two conditions, the transfer or combination of transfers of personal data to a third country or international organization will be carried out on any of the grounds specified in Art. 49, para. 1, point a) or b) of GDPR.
We will not store your personal data for longer than necessary to achieve the processing purposes. In determining the appropriate retention period, we take into account the amount and nature of personal data, the purposes for which we process them, and whether we can achieve these goals by other means. We also comply with the relevant legal requirements for the storage of certain categories of data (e.g. Social Security Code, Accounting Act) in order to fulfil our obligations arising from a legal act or contract, as well as to protect our legal rights in case of a claim being filed.
According to Art. 5, para. 7 of the SIC we keep payrolls for 50 years; employment contracts, supplementary agreements/reassignment orders, appointment orders, orders for unpaid leave for a total of more than 30 working days in a calendar year; orders for termination of employment or service legal relations.
The processing of your data in the process of recruiting new employees is in order to assess whether you are suitable for the position for which you are applying, as well as for contacting you.
Taking steps before concluding a contract - Art. 6, paragraph. 1, p. b) by the GDPR, and with regard to the special categories of personal data we apply Art. 9, paragraph 2, letter b. and h) of the GDPR in connection with the labour legislation of the Republic of Bulgaria;
Your consent - under Art. 6 (1) of the GDPR may be required to store your personal data collected in the framework of a recruitment procedure for a period longer than 6 months.
The main categories of data we process are as follows:
- Personal information - names, date of birth, place of birth, as well as contact information - address for correspondence, telephone number, e-mail, etc.
- Information for educational training - educational degree, additional qualification, etc.
- Information about professional experience - previous or current organizations in which you have worked, freelancers, and so on.
Muzeiko returns the documents in the way they were submitted.
As a rule, we do not share your data with third parties, except in cases that are explicitly stated here. Information about your person may be handed over to third parties if we are required by law to do so.
The data are stored for 6 months from the moment of final completion of the selection procedures. For non-selected candidates, the personal data provided shall be destroyed no later than six months after the completion of the selection procedure.
A data subject who has not been approved for appointment may request originals or notarized copies of documents certifying the mental and physical fitness of the candidate as well as the required qualification and experience to be returned within 30 days of the final completion of the selection procedure.
Muzeiko returns the documents in the way they were submitted. Internal documents of the employer, which are from the conducted selection, can be stored for 3 years.
When you visit our site, we store and process personal data about you. This data is sent and stored in the form of small files called cookies. They are necessary for the service of purchasing online tickets through the website as well as for improving our services to you, by maintaining preferences and settings.
Some of this information is of minimum necessity for the operation of the site and protection against unauthorized actions against us, as a result of which it cannot be refused or altered. For others, we have provided the option to manage them - accept or reject, and by default they are not included automatically, but are in a neutral position.
At your disposal is the opportunity to purchase tickets online. The personal data provided there are email address, first name and last name. We may process your personal data or that of your children in connection with organized events and games in order for the service to be performed and to contact you in case an update is needed, for which we will explicitly require your consent.
The retention periods for this data are in line with the fulfilment of the stated purposes, and the erasure of the same data will be performed within a reasonable time interval, as stipulated by our internal rules.
We issue a Newsletter containing news about the program and events of Muzeiko as well as up-to-date information about new products and discounts related to our services. To receive the newsletter, you must register on our website www.muzeiko.bg or give consent for newsletter registration in service requests (birthday, visits to kindergartens or school groups, events organized by Muzeiko), feedback forms when visiting school groups or kindergartens, or a form for purchasing a seasonal or annual ticket.
We will use the email address provided by you only for the purposes of delivering the Newsletter. You have the right to unsubscribe from receiving the newsletter by e-mail at any time by sending an e-mail to firstname.lastname@example.org, without specifying reasons or by using the "Unsubscribe" link at the end of each of our newsletters.
Information about the identity of the persons is used for communication between the parties related to the initiation, performance and/or termination of a contract or in the context of pre-contractual relations. It can also be used for correspondence between the parties concerning the type and content of the contractual relationship - consideration of offers, negotiations, coordination of the terms of the contract, etc. Furthermore, such information may be obtained for performing operational activities with regard to the implementation of the contract: acceptance of the work, reporting, bank transfers, and so on.
- Physical identity - three names, PIN, address, data from the identity document, photos;
- We use your photos (including by posting on our website and company profiles on social networks) or photos of you attending events and which are taken at organized social activities (team building, company parties and the like) as well as photos you have provided to us for the website or for brochures of the company.
- Data on health - by voluntarily providing for reference a document proving permanent disability, in cases where the person wishes to use a discount in this capacity;
- Contact details - business phone number, e-mail address
- Economic identity - insurance income, amount of remuneration, bank account;
- Social identity - education, employment;
- Data from video surveillance - in order to protect our legitimate interests related to ensuring the security of the company's premises and our employees, visitors, customers and contractors, we collect data from video surveillance of certain parts of the company's premises. The data are stored for a period of no longer than 2 months after the recording.
We receive personal data from you, personally, as well as from the available public registers.
Information about you may be provided to third parties if we are required by law to do so.
Upon expiration of the contract, the processing of personal data for the purposes related to the contractual relationship is terminated. The duration of data retention (documentation and correspondence) is determined by the final settlement of all financial obligations or any claims/objections between the parties. The commercial, technical and financial accounting documentation that has been obtained shall be stored in accordance with the normatively determined terms in the Accounting Act, the Obligations and Contracts Act and other applicable local legal regulations.
The period for processing personal data may be extended if necessary to establish, exercise or defend legal claims to which the data relate. In these cases, the specified data may be processed until the final resolution of the legal claims in the manner prescribed by law.
Muzeiko Children’s Museum may change this policy from time to time by updating this page. You should check it regularly to make sure that you are happy with the changes in question. This policy is effective from 12 January 2021.