NOTIFICATION PERTAINING TO PERSONAL DATA
Dear Ladies and Gentlemen, Dear Children, Customers of Children's Science Center "Muzeiko", colleagues,
MUZEIKO is cognizant of the importance of the confidentiality and protection of the personal data of all people and undertakes to process such personal data in compliance with the applicable legal requirements and the established standards and principles.
We respect your right to privacy and we have accordingly adopted and published this NOTIFICATION pertaining to your personal data. The NOTIFICATION determines how we collect and process personal information that you have provided, and also includes specifics as to how it will be used. The purpose of this document is to refer to the circle of persons in respect of whom the Company processes personal data, to inform you, and to direct you to the ways of protecting the personal data you have provided.
We at MUZEIKO do not use programs for automated processing of your personal data and decision-making, including your profiling.
The NOTIFICATION regarding personal data should be read in conjunction with and in addition to the General Terms and Conditions for the use of the services provided by Muzeiko, while in the case of the employees of the company together with the other documents concerning the working rules.
Please read carefully the current NOTIFICATION!
1. About us;
In this NOTIFICATION pertaining to personal data, references to "we" or "us" refer to MUZEIKO Ltd., Sofia, UIC 202772419, a company registered in Bulgaria with headquarters in Sofia, Prof. Boyan Kamenov "№ 3 in its capacity of a company also providing services as an employer.
The company is a data controller/has the capacity of a data administrator and as such processes personal data provided by users and employees as well as collects and stores information about them in a way that makes it possible to identify them while taking the necessary care to prevent access by third parties to the stored information.
For the purposes listed in this appendix, Muzeiko ensures that it collects and processes the shared personal data in good faith and in accordance with the law.
2. Collecting information;
2.1. As regards its counterparties (partners, suppliers, customers) as well as its visitors, the company collects and processes personal data as follows:
Personal card details - three names, PIN, address and ID card number. When necessary, we collect and process your personal data to identify you as natural persons - our contractors and / or as individuals - representatives of legal entities of our counterparts. Data is processed in accordance with statutory requirements for accounting and taxation. In this respect, the data can be provided to the competent state authorities, such as the NRA. Identifying data may be provided to judicial bodies in disputes and/or to bailiffs in connection with the performance of your obligations as natural persons arising from a contract or other relationships, and in connection with the realization of the legitimate interests of Muzeiko in case of need.
Business phone number and e-mail address for contact - We use your business phone numbers and e-mail address only for establishing business contact with you. These data are necessary for the performance of the contracts concluded between us or in view of the forthcoming signing of a contract.
Bank Accounts (IBAN) - We process your bank account data for financial accounting purposes and fulfillment of our payment obligations, which includes contracts where data relate to natural persons.
CCTV data - in order to protect our legitimate interest in securing the premises of the company and our employees, visitors, customers, and contractors, we collect video surveillance data from certain parts of the company's offices. Recordings are kept for a period not longer than 2 months after the filming.
Photos of you - we use photos of you (including by placing our web page and company profiles on social networks) or photos in which you appear and which are made during organized events of the company (teambuilding, company parties, and other similar ones) as well as photos you have provided for the site or brochures of the company. By using your pictures, we will in no way allow for your dignity and honor to be compromised.
MUZEIKO can process personal data of children who are clients of the company in accordance with established policies, including when special categories of data are required to undergo such a procedure in order to protect their lives and health. Where there is a need or no other legal basis for the processing of personal data of children, the consent of a parent or guardian is required. In some cases, the provision of personal data is a condition for the provision of a particular type of service (for example, information on the presence or absence of food allergies is needed to participate in culinary activities).
Personal data in the form of a document is provided by customers only for reference and in the following cases:
• if the client wishes to use a discount for children up to 4 years old - a document certifying the age of the child - upon request and for reference, after which the document is immediately returned;
• if the client wishes to use a discount for students - presentation of a valid ISIC card or other document certifying the quality – for reference purposes only, after which the document is immediately returned;
• if the client wishes to use a reduction for pensioners - a document certifying this quality - for reference purposes only, after which the document is immediately returned;
• if the client wishes to use a discount for persons with permanent disabilities - a document certifying this quality - for reference purposes only, after which the document is immediately returned;
• if the customer wishes to use a discount for persons with permanent disabilities who are in wheelchairs or have the right to escort - a document attesting to this quality and the right to escort - for reference purposes only, after which the document is immediately returned;
• if the client wishes to use a discount for teachers accompanying school groups - to certify or declare the quality of a teacher.
• If the client wishes to be issued an annual or seasonal card, he or she provides the company with the necessary information for the purpose of issuing the relevant card type, incl. personal details of family members, in the cases and/or services that are spelt out;
• In the annual and seasonal maps the names of the users of the service are entered in order to identify them when entering the museum;
• When it comes to a school group visit, the application must be duly filled in, providing information pertaining to the number and age of the children, not including their personal data, and the desired additional services. It is compulsory to also provide the details of the teacher who is in charge of the group in addition to any other information needed to organize and coordinate the visit;
• When organizing a birthday party for a child, the service is provided on the basis of a pre-order filled in by a parent indicating the child's details, the number of guests, and the desired additional services;
• at the request of the client for making use of the right to free entry for journalists and museum workers - a document certifying this quality;
We issue an informational bulletin that contains news about the program and the events at Muzeiko as well as up-to-date information pertaining to new products and discounts concerning the services that we offer.
In order to start receiving the informational bulletin, you need to register on our website www.muzeiko.bg or to indicate consent to registration for a bulletin in the request for services field (birthday party, kindergarten or school group visits, events organized by Muzeiko), feedback forms for visits of school groups or kindergartens, or a form for purchasing a seasonal or annual pass. We will use the e-mail address you have submitted solely for the purpose of delivering the informational bulletin.
You retain the right to cancel your e-mail account bulletin subscription at any time - this can be requested by sending an e-mail message to firstname.lastname@example.org without the need to provide any reasons for the decision, or you can use the link „Write off“ or „Unsubscibe“ at the end of each of our bulletins.
2.2. As an employer, the company processes personal data as follows:
Personal card details - three names, PIN, address and ID card number. We use this data for the purpose of human resources management and on the basis of the performance of the employment contract between us and the obligations imposed by the legislation as an employer, including the declaration of data about the employment relationship to state bodies such as NRA, NSSI, the Labor Inspectorate, and the Employment Agency. We keep this data until the company is terminated, in accordance in view of our statutory obligations for providing information to NSSI.
Personal and work phone number and contact e-mail address – we use your work phone numbers and e-mail address solely for the purpose of establishing business contact with you until the work relationship has been terminated and after that until completion of ongoing tasks and performance of obligations. We make use of your personal phone numbers only in exceptional cases when we need to call you due to an emergency concerning a professional matter and we are unable to reach you on your work phone number. We cannot exclude the possibility that even after the termination of your work contract with us your personal phone numbers that you have provided to your colleagues will continue to be kept by them in view of maintaining personal contact with you, but this is a matter that we are in no position to exercise control over.
Amount of wages - We keep your salary data for the purpose of managing human resources and fulfilling our legal obligations to declare data to government bodies as well as our payroll obligations. The data are kept until the activity of the company is terminated and the payroll fees are transferred to the NSSI or until the expiry of the deadlines set by Bulgarian legislation.
Banking details (IBAN) - We process your bank account data for financial and accounting purposes and fulfilling our payroll obligations. The data are stored until the termination of the employment relationship or until the payment of all the obligations under it.
Your health data (hospital sheets, TEMC documents, pre-medical check-up document/ medical certificate prior to employment, when required) – we process these data for human resources management and to fulfill our obligations in the field of labor law and social security (establishing the prerequisites for exercising the right to leave due to illness, pregnancy and childbirth or re-employment) and to ensure healthy and safe working conditions at the workplace (Data pertaining to your health status is also processed in connection with our concluded health insurance contract, if this is applicable). We keep the data only within the deadlines set by the Bulgarian legislation (to date - for hospital sheets - 3 years from 1 January of the year following the year in which they were issued).
Data on the acquired educational degree - we process data from your qualifications in terms of education or training to see if you meet the requirements for taking up the job. The data is stored until termination of the employment relationship.
Work experience data - We keep your workbooks (with your expressed consent obtained through a signed declaration for storing the employment book with your employer). We process data about your length of service in order to determine whether you meet the requirements for occupying the respective position and to determine the additional remuneration due under the applicable labor law. We keep the data until the termination of the employment relationship and/or until payment of all the obligations under it.
Video surveillance data - in order to protect our legitimate interests related to ensuring the security of the premises of our company and our employees and visitors, we collect video surveillance data from certain parts of the company's offices (the entrance area for the whole building). We do not perform individual video surveillance to monitor the performance of each and everyone of you, although it's possible that parts of the work spaces you make use of fall within the scope of CCTV. Recordings are kept for a period not longer than 2 months after filming.
Your photos - We collect this data for the purpose of identifying you as our employee (e.g. by placing them on your ID card), after we terminate the employment relationship, we delete them at your request and upon their return. With your consent, which you can withdraw at any time, we may also use (including by placing them on our website and company profiles on social networks) other photos on which you appear and that are made during company events (team buildings, company parties, and other similar events) as well as your any photos of you for the website or the brochures of the company. By using your photos, we will in no way allow for your honor and dignity to be compromised.
2.3. In the personnel selection procedures, the company processes personal data as follows:
When selecting personnel, the requirements of the special laws governing such activity shall be observed.
Muzeiko sets a three-year period for personal data storage of participants in personnel selection procedures.
Where a selection procedure requires the submission of original or notarized copies of documents certifying the applicant's physical and mental fitness, the required degree, and the length of service required for the post, the data subject who has not been approved for appointment may request the return of the submitted documents within 30 days of the final conclusion of the selection procedure. MUZEIKO returns the documents the way they are filed.
3. Using the provided personal information;
By submitting a request for a service (in any form), you acknowledge that your personal data may be collected, stored, used and shared by us for any of the following purposes:
(a) to provide, maintain, protect and improve the quality of services we provide and your satisfaction with your visit to the Children's Science Center Museum;
(b) to perform all the contractual agreements between us;
(c) to comply with the legal and regulatory requirements;
4. Storing the information;
Muzeiko does not store or process shared personal data longer than it is necessary to meet the objectives listed in the General Terms and Conditions and this NOTIFICATION. We store the personal information we collect from you to provide you with a service you have requested or to comply with the applicable legal, tax or accounting requirements.
When the need to process your personal data is no longer present, we will delete it or anonymize it or, if this is not possible (for example, because your personal data has been stored in an archive in an accordance with а proper legal cause and suitable guarantees), then we will securely store your personal information and isolate it from any other processing until deletion becomes possible.
5. Legal grounds for the processing of personal data;
The legal basis for the collection and use of personal data will depend on the relevant information you have shared with us and the specific cause and context in which it was collected.
We process personal data in the following cases - when we have your consent to undertake this or when we need this data to conclude a contract with you. In some instances, we may also be bound by a legal obligation to collect personal data. If we request you to provide personal information to comply with a statutory requirement or to enter into a contract with you, we will notify you whether or not giving out your personal information is mandatory (as well as the possible consequences if you choose not to provide your information).
6. Disclosure of personal data;
We may disclose and provide personal data to competent state bodies or others, in accordance with the law, and in cases where there is a corresponding obligation to provide them. Outside of these cases, we may provide your personal data to third parties as follows:
Identity card details (e.g., three names and PIN where applicable) - (a) airlines or other carriers and/or hotel service providers in connection with your business trips or other events in your capacity as staff ; (b) service providers such as accounting services, banks, additional health insurance, sports cards, and occupational medicine cards, (c) companies organizing company events, and (d) private enforcement agents in connection with the realization of the legitimate interests of Muzeiko in the case of necessity of compulsory collection of obligations.
Name, telephone, and contact e-mail address - of third parties, suppliers or customers of Muzeiko with a view to implementing and managing the contracts between the company and such third parties, whose assistance is necessary for the preparation of the documents related to your employment obligations. We will not, in any case, provide your personal telephone numbers to our customers and suppliers, but we cannot restrict you from doing so if you consider it necessary;
Wage amount, bank data (IBAN), health status data (hospital sheets, TEMP documents) and work experience data – to suppliers of accounting services for the purpose of human resources management and financial accounting; when the financial and accounting activity is performed by an external company.
Health and Medical Data - (a) service Providers such as Occupational Medicine and Additional Health Insurance; (b) where the data are of counterparties, visitors or customers, they may be shared with third parties solely for the purpose of protecting the vital interests of the data subject or a third party.
Muzeiko does not intend to provide your personal data to individuals or organizations outside the territory of the European Union. If this is necessary in exceptional cases, we will notify you and take the necessary precautions to protect you.
7. Personal data subjects' rights;
Data subjects have the right to receive information about the processing of their personal data by submitting a request for access. Data subjects may also request correction, deletion, restriction or blocking of their personal data. Data subjects can also benefit from their data transfer rights, right of objection and rights related to automated decision making, including profiling, under the General Data Protection Regulation (ARRD). According to the provisions of the General Regulation on Personal Data Protection (Regulation (EC) 2016/679), applicable as of 25 May 2018 and under the conditions set out therein, you are entitled as a data subject:
Right of access - You have the right to request a copy of the information we hold for you.
Right of correction - You have the right to request the rectifying of data we store for you that are inaccurate or incomplete.
Right of deletion ("to be forgotten") - under certain circumstances, you may request that the data we store for you is deleted from our records.
Right to restrict processing - If certain conditions apply, you may want to restrict processing.
Right of portability - You are entitled to the data we store for you, to be passed on to you or to be passed on to another organization in cases where it is handled in an automatic manner and on the basis of your consent or contract.
Right of withdrawal of consent - You have the right to withdraw your consent to the processing of personal data at any time in the same way as you provided it. It is important to note that the withdrawal of consent takes effect in the future.
Right of objection - You have the right to object to certain types of processing of your personal data. In this case, we will cease processing unless there are convincing legitimate grounds for the processing that take precedence over your personal interests, rights and freedoms.
Right of objection - You have the right to object to the processing of your data for direct marketing purposes. In these cases, you do not need to specify certain grounds and we are required to stop processing without undue delay.
Right to object to automated processing, including profiling - You also have the right not to be the subject of the legal consequences of a decision taken solely on the basis of automated processing or profiling. Muzeiko does not perform automated processing of personal data for profiling purposes.
Right to appeal - You have the right to file a complaint if you consider your rights to have been violated.
Personal data subjects who provide them in connection with the use of the services provided by Muzeiko should bear in mind that upon withdrawal of their consent to the processing of personal data, they also unilaterally terminate the service provision contract. The withdrawal of your consent will not affect the lawfulness of any processing that we have performed prior to the withdrawal, nor will it affect the processing of your personal data that is based on legal grounds for processing other than consent. The processing of claims for the exercise of the rights of data subjects is the responsibility of the data processing company.
The company as well as the data subjects owe assistance to each other in order to be able to respond comprehensively and in a timely fashion to requests for the exercise of the rights of the data subjects in addition to other inquiries and complaints regarding the processing of personal data.
When we update our NOTIFICATION pertaining to personal data, we will take appropriate steps to inform you, and any updates or amendments will be published on the Muzeiko website;
If you have any questions regarding the processing of your personal data or wish to exercise your rights, you can contact the Company Manager at 02/902 0000 or email email@example.com.
If you believe the processing of personal data is illegal, you have the right to file a complaint with the Personal Data Protection Commission. The address of the Commission is Sofia 1592, 2 Tsvetan Lazarov Blvd., Center for Information and Contacts - tel. 02/915 3518, E-mail: firstname.lastname@example.org, Website: www.cpdp.bg.