Privacy Policy (GDPR)
1 – STOP BULGARIA’S WEB PRIVACY POLICY
1-Stop Bulgaria is a part of a global provider of language and translation services, united by the 1-Stop Brand, operating in full compliance with all applicable legislation and regulations regarding information security and personal data protection.
The whole group abides strictly by the General Data Protection Regulation (GDPR) effective in the European Union from May 2018, the requirements of the GDPR, the EU-US Privacy Shield Framework, and the Swiss-US Privacy Shield Framework, as well as the specific laws in the countries where we perform our activities. This Web Privacy Policy applies to all members of the group, including 1-Stop Bulgaria.
This Privacy Policy describes the types of information we collect, process, and retain through our website. It does not apply to information collected by us offline. Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made an information request to us.
- You have placed an order for one of our services.
- You have applied for a job or internship with us.
- You are representing your organization.
We collect and process your data to provide the services you are interested in. The legal basis for processing your data is either a specific regulatory requirement or your explicit consent to use your personal data. In all cases, we treat your data fairly and lawfully.
As a law-abiding data controller, we take all reasonable measures to ensure that your data is processed and stored securely. We have developed a comprehensive Management System certified to ISO 9001:2015, ISO 17100:2015 and ISO 18587:2017, which includes appropriate policies and procedures designed to ensure fair and transparent management practices covering all aspects of our activities, including information security and personal data protection. Furthermore, the company has developed a fully Integrated Management System which includes policies and procedures in compliance with ISO/IEC 27001 to ensure adequate information security measures.
To ensure that your personal data is processed and stored securely, we apply a range of organizational and technical security measures, which include but are not limited to:
- GDPR-compliant Information Security Policy and Data Protection Policy with specific guidance to our employees, sub-processors, and freelancers.
- Non-disclosure and confidentiality agreements with employees and contractors (sub-processors and freelancers).
- Development of a cloud-based platform where our data management processes take place, accessible with appropriate restriction worldwide by our employees and contractors.
- Providing guidance and demanding from our contractors full compliance with the best possible data protection measures, including their own desktop and mobile computers.
- Appropriate procedures and methods of data transfer via secure channels of communication and additional measures such as encryption.
- Appropriate policies for retention of documents containing personal data and deletion upon completion of the job related to a particular document.
- Adequate measures to ensure the preservation of documents from loss or destruction.
- Continuous review of data security practices to ensure full compliance with the applicable legislation and the client requirements set forth in agreements or specific instructions.
In case we identify actual or potential data breaches, we will immediately notify you and the respective data protection authority.
We store your personal data as long as needed to perform our services or until you decide that you want your personal data erased. Your right “to be forgotten” is subject to certain limitations if your data is available on contractual or financial documents (which we need to store for periods specified in the laws in the countries where we operate) or in cases when we need to ensure legal protection.
We acknowledge the rights granted to you by the GDPR within the respective legal framework, such as your right of access, right to rectification, right to erasure, right to restriction of processing (within limitations specified in the respective legislation), and right to data portability (where applicable).
We do not apply profiling techniques and do not transfer your personal data to third parties except in cases of legal requirements by law enforcement authorities or your explicit consent.
For any questions and issues related to data protection, you can raise your inquiries to our Data Protection Officer who is available to provide any additional information and explanations regarding personal data protection and accept any claims regarding data security. His contact particulars are:
Phone: +359-32-399-222
E-mail: bulgaria@1stopasia.com
Last updated: 1st July 2024