Information in Accordance with Article 13/14 of the General Data Protection Regulation
Identity of the controller:
EOS Matrix EOOD, company ID 131001375,
Address: 6 Racho Petkov Kazandjiata, Str. Sofia, 1766, Bulgaria
You can contact the Data Protection Officer via the above-mentioned postal address or by e-mail: DPO@eos-matrix.bg.
Additional information about our company, details about the empowered representatives and additional contact options is available on our website: https://bg.eos-solutions.com.
1. Purposes for processing and legal basis:
Data processing is carried out for the purposes of exercising of a credit contract (or other contract/agreement) as well as the collection of the receivable under such contract in accordance with Art. 6, par. 1 (b) of the GDPR.
The processing is carried out also for fulfillment of the legal obligations of the controller in accordance with Art. 6, par. 1. (c) of the GDPR (for example for applying anti money-laundering measures and measures against terrorism financing, obligations for sending information to Central Credit Register etc.).
Personal data processing is needed also for the purposes of the legitimate interests of the controller - Art. 6, par. 1. (f) of the GDPR for example: for collection of receivables under contract, concluded with the previous creditor, when the receivables have been transferred to the controller, including for enforcement procedures, as well as for initiation of court and out-of-court proceeding for debt collection and maintaining contact with the debtor, as well as for debt managing.
Another purpose for processing is notifying for the cession agreement in the name of the previous creditor, in cases when we have been empowered for such action by the the previous creditor.
When the controller processes your personal data, you are not subject to automatic decisions, including profiling.
2. Data categories and data sources:
We process some or all of the following categories of data: Personal master data (name, PIN etc.), address data, communication data, data for working place and employer, property status, contract data, receivables data, payments information, bank account, previous/initial creditor, if applicable.
The data from these categories was either supplied to us bythe initial/previous creditor, by you or by any of the recipients hereunder.
Regarding the business activities of the controller your personal your data will be processed by employees of the company, who have undertaken confidentiality obligations about the information they have acknowledged in connection to their occupational obligations and which have received such data in connection to their responsibilities in the company, on a need-to-know basis.
We may disclose your data, if necessary and according the requirements of legislation applicable, to any of the following categories of recipients: competent administrative institutions when provided by law, courts, Ministry of Internal Affairs, State Agency National Security, prosecutor’s office, bailiffs, Central Credit Register, lawyers, service suppliers, e.g. post office services, banks, companies for receivable management. Disclosing of data to third parties can be done after consideration of the necessity the basis for each case.
We may provide data to personal data processors in case your data will be processed by data processor according to Art. 28 GDPR.
Your data will be processed only within the EU. In case in the future it is needed the data to be transferred to third countries or international organizations outside EU, this will be done by following the requirements of GDPR and only if the third country has been confirmed an adequate level of personal data protection by the European committee or if other appropriate level of security is presented (e.g. standard contractual clauses, approved according to GDPR or obligatory company rules).
4. Duration of storage:
After total repayment of the debt/s (via repayment, set-off etc.) or termination of the legal obligations with company on other basis, we will store our data for a period of 5 (five) years and after that, when we protect our legitimate and/or legal interest, until their protection is realised, unless we have legal right or obligation to store the data for a longer period. Personal data, for which there is no legal basis for storage for a longer period, will be deleted after fulfillment of the purposes for which the data have been collected and processed.
5. Rights of the data subject:
In accordance with Art. 15–22 of the GDPR, you have the following rights if the legal requirements are applicable:
Right to access:
As per Art. 15 GDPR you have right of access to your personal data processed by the Controller.
We notify you that if you file a non-written request, we could ask you to provide an additional proof for your identity.
Right to personal data rectification:
As per Ar. 16 GDPR you have the right to require rectification of non-correct personal data or supplementation of your personal data storage by us.
Right to erasure:
As per Art. 17 GDPR you have the right to erasure (right to be forgotten) of personal data which have been processed unlawfully or on expired legal basis (expired period of storage, withdrawn consent, fulfilled purpose for which the data have been collected etc.)
Right to restriction of processing:
As per 18 GDPR you have the right to restriction of processing of your personal data in case the accuracy of the data is being disputed or the processing is unlawful, but you do not want erasure, or in case we do not need the data, but you require establishment, exercising or protection of legal claims or you have filed objection against processing as per Art. 21 GDPR.
Right to data portability:
As per Art. 20 GDPR you require to receive your personal data, which you have provided to us in a structured, commonly used and machine-readable format or their transfer to another controller.
As per Art. 7, para 3 GDPR you can withdraw your consent for personal data processing which you have previously given to us at any time. In such case we would not be able to continue personal data processing, based on your consent.
Right to object:
In cases in which processing is based on legitimate interest of the company or processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller you have the right to object against processing meeting the requirements of Art. 21 GDPR.
Right to file a complaint:
Pursuant to Article 77 GDPR, you have the right to lodge a complaint before the competent court or a Data Protection Supervisory Authority, namely Commission for Personal Data Protection, address: 2 bul. Prof. Tzvetan Lazarov, Sofia, 1592, Republic of Bulgaria.
Date of this Information: July 2020