I. GENERAL

 

 

These Internal Rules of Conduct establish the terms and conditions on collecting and processing personal data by BioPharma Laboratories Ltd. They are structured in two sections: SECTION A, concerning our privacy policy and SECTION B, setting forth the internal procedures for collecting and processing data.

 

II.  SECTION A

 

This section contains information on the privacy policy of „BioPharma Laboratories”Ltd and is to be provided to data subjects in accordance with articles 13 and 14 of Regulation 2016/679 (GDPR).

 

1. Categories of Data Subjects and personal data, collected and processed by „BioPharma Laboratories” Ltd 

 

As part of its activities, „BioPharma Laboratories” Ltd   collects and processes personal data of the following categories of data subjects:

A) Employees;

B) Job seekers;

C) Customers;

D) Suppliers;

 

 

2. Employees

 

2.1 Terms of collection and processing

 

 

(1)”BioPharma Laboratories” Ltd collects and processes personal data of its employees for the duration of the employment relationship, as well as 3 years after the termination thereof.

 

(2) Within the duration of the employment relationship, personal data are processed on ground of Art. 6, para. 1, letter “b” of Regulation 2016/679 (GDPR).

 

(3) Upon termination of the employment contract, personal data are collected for up to 3 years on grounds of Art. 6, para. 1, letter “e”, for the purpose of preserving the legitimate interest of „BioPharma Laboratories” Ltd in case of potential claims. In case of court proceedings or other dispute resolution, „BioPharma Laboratories” Ltd processes the personal data until the dispute has been settled by a final act.

 

(4) Payroll records for employees are preserved for a period of 50 years pursuant to Art. 12, para. 1, p. 1 of the Accountancy Act of the Republic of Bulgaria.

 

(5) Personal data are collected in print and on paper and technical carrier pursuant to SECTION B of these Internal Rules.

 

 

2.2 Categories of personal data

 

2.2.1 Physical identity of the data subject: name, identification number, serial number of identification document, date and place of birth, address, place of birth, telephone and email-address.

 

2.2.2 Family: children under 18 years. The data are necessary for granting employees rights, enshrined in the labor legislation, such as additional leave and remuneration.

 

2.2.3 Education: type and place of education, diploma number, date of issuing and issuing institution, grades, additional qualifications, including certificates. The data in necessary for the preparation of personal files of employees in accordance with the respective job description.

 

2.2.4 Employment history: professional biography, former employers, labor experience and periods of effective social security, as well as other data, included in the personal labor dossier of the employee.

 

2.2.5 Personal data, required for temporary leaves due to illness: duration of the illness, diagnosis, other data, necessary for „BioPharma Laboratories” Ltd to fulfill its obligation as an employer and social security contributor pursuant to the legislation of the Republic of Bulgaria.

 

2.2.6 Personal data, concerning the health of the employee: for the purposes of allocation of special rights to certain employees, pursuant to Art, 9, para. 2, letter “b”of the GDPR.

 

2.2.7 Economic activity – bank account(s);

 

2.3 Means of collection of personal data

 

Personal data of employees are provided to „BioPharma Laboratories” Ltd   by the employees themselves. Personal data may also be collected from different public registers, as well as from other public information sources, including such, made public by the data subjects.

 

3. Job-seekers

 

3.1 Terms of collection and processing

 

(1)”BioPharma Laboratories” Ltd   collects and processes personal data of job-seekers on grounds of Art. 6, para. 1, letter “b”, second hypothesis.

 

 

(2) Personal data are collected and processed for the duration of the hiring process, as well as one month upon its termination.

 

 

(3) Job-seekers may provide explicit consent for the collection and processing their data by „BioPharma Laboratories” Ltd   for a period of 3 years for the purposes of following hiring campaigns. The job-seeker may withdraw their consent at any time before the expiration of the term of processing.

 

 

(4) Personal data are collected in print and on a technical carrier pursuant to SECTION B of these Internal Rules.

 

 

3.2 Categories of personal data

 

3.2.1 Physical identity of the data subject: name, address, telephone and email-address.

 

 

3.2.2 Education: type and place of education, diploma number, date of issuing and issuing institution, grades, additional qualifications, including certificates. The data in necessary for establishing the required qualities of the job-seeker in accordance with the respective job description.

 

 

3.2.4 Employment history: professional biography, former employers, labor experience and periods of effective social security, as well as other data, included in the personal labor dossier of the employee.

 

 

3.3 Means of collection of personal data

 

Personal data of job-seekers are provided to „BioPharma Laboratories” Ltd   by the job-seekers themselves. Personal data may also be collected from different public registers, as well as from other public information sources, including such, made public by the data subjects.

 

4. Customers

 

4.1 Terms of collection and processing

 

(1) „BioPharma Laboratories” Ltd   collects and processes personal data of its customers pursuant Art. 6, para. 1, letter “b” of the GDPR for the duration of the contractual relationship between them.

 

(2) Upon termination of the contractual relationship, „BioPharma Laboratories” Ltd   may preserve personal data of customers pursuant Art. 6, para. 1, letter “e”of the GDPR until all potential claims are extinguished or settled by a final act.

 

(3) „BioPharma Laboratories” Ltd   keeps accounting records and financial reports, including documents regarding audits and financial inspections, that may include personal data, for a duration of 10 years pursuant Art. 10, para. 1, point 2 of the Accountancy Act of the Republic of Bulgaria.

 

 

(4) „BioPharma Laboratories” Ltd   may keep personal data beyond the periods established above, if it has a legal obligation to do so. In such cases, personal data are preserved until the time period, specified in the legal act, expires.

 

(5) Personal data may be collected in print and/or on a technical carrier pursuant to SECTION B of these Internal Rules.

 

 

4.2 Categories of personal data

 

Physical identity of the person: names, identification number, identification card, address, telephone, email address.

 

4.3 Means of collection of personal data

 

Personal data of customers are provided to „BioPharma Laboratories” Ltd  by the customers themselves. Personal data may also be collected from different public registers, as well as from other public information sources, including such, made public by the data subjects.

 

5. Suppliers

 

5.1 Terms of collection and processing

 

(1) „BioPharma Laboratories” Ltd   collects and processes personal data of its suppliers pursuant Art. 6, para. 1, letter “b” of the GDPR for the duration of the contractual relationship between them.

 

 

(2) Upon termination of the contractual relationship, „BioPharma Laboratories” Ltd   may preserve personal data of suppliers pursuant Art. 6, para. 1, letter “e”of the GDPR until all potential claims are extinguished or settled by a final act.

 

 

(3) „BioPharma Laboratories” Ltd   keeps accounting records and financial reports, including documents regarding audits and financial inspections, that may include personal data, for a duration of 10 years pursuant Art. 10, para. 1, point 2 of the Accountancy Act of the Republic of Bulgaria.

 

(4) „BioPharma Laboratories” Ltd   may keep personal data beyond the periods established above, if it has a legal obligation to do so. In such cases, personal data are preserved until the time period, specified in the legal act, expires.

 

(5) Personal data may be collected in print and/or on a technical carrier pursuant to SECTION B of these Internal Rules.

 

5.2 Categories of personal data

 

Physical identity of the person: names, identification number, address, telephone, email address.

 

5.3 Means of collection of personal data

 

Personal data of suppliers are provided to „BioPharma Laboratories” Ltd   by the suppliers themselves. Personal data may also be collected from different public registers, as well as from other public information sources, including such, made public by the data subjects.

 

 

6. Persons, who may receive access to personal data

 

Personal data, controlled by „BioPharma Laboratories” Ltd   can be disclosed solely to the following categories of persons:

 

6.1 Data subjects themselves in regard to their own personal data. Data subjects need to identify themselves before receiving access through the following information: name, identification number, address for correspondence;

 

6.2 Empowered representatives of data subjects in regard to personal data of that data subject. Representatives need to identify themselves before receiving access through the following information: name, identification number (for legal persons only), address for correspondence, power of attorney.

 

 

6.3 Other persons/entities that have a right to access personal data of a certain individual on grounds of legal provisions, only in regards to the data of that individual. Data is provided only after the person identifies themselves through name, identification number (in case of legal persons), and address for correspondence as well as the legal grounds for access.

 

6.4 Persons/entities that supply services to „BioPharma Laboratories” Ltd  , including accounting, auditing, legal, IT and others, based on existing contractual relationship. In those cases, „BioPharma Laboratories” Ltd   ensures that such persons are bound by contractual obligations in writing in regards to confidentiality and proper handling of the data, before any access is granted.

 

7. Rights of Data Subjects

 

All data subjects whose data is collected and processed by „BioPharma Laboratories” Ltd   have the following rights:

 

 

7.1 Right of Access

 

(1) Data subjects have the right to receive information on whether their data is being processed, the categories of data, and the purposes of processing and third persons to have access to any data. When the data has not been provided by the data subjects, the latter are informed of the source of the data.

 

(2) Data subject have the right to receive a free copy of the processed data on paper or by technical means. For any further copies, the data subject needs to pay a fee in the amount of 1 BGN per page, but not exceeding 30 BGN.

 

 

7.2 Rectification

 

Data subjects whose data are processed by the „BioPharma Laboratories” Ltd  have the right to request rectification of their data in case of any discrepancies.

 

 

7.3 Erasure

 

Data subjects whose data are processed by the „BioPharma Laboratories” Ltd have the right to request erasure of their data pursuant to Art. 17 of the GDPR. „BioPharma Laboratories” Ltd may object to that erasure pursuant to art. 17, para. 3 of the GDPR.

 

 

7.4 Restriction of Processing

 

(1) In case of doubts on the accuracy of the data or in case of their unlawful processing, when the Data Subject does not request erasure, the latter has the right to request restriction to the processing of their personal data.

 

(2) The previous paragraph applies also when „BioPharma Laboratories” Ltd does not have any legitimate interest in the processing of the personal data, but the Data Subject requires them for the purposes of establishing or justifying legal claims, as well as when the legitimate interests of „BioPharma Laboratories” Ltd   override any concerns under Art. 17 of the GDPR.

 

7.5 Data Portability

 

Data Subjects, whose data is processed on grounds of Art. 6, para. 1, letters “a” and “b”, have the right to receive their data in a structured, widely used, machine reading available format. Data subjects may transfer all the data, processed by the „BioPharma Laboratories” Ltd   to another controller without any objection of behalf of the „BioPharma Laboratories” Ltd  .

 

 

7.6 Objection

 

Data Subjects whose data is processed on grounds of Art. 6, para. 1, letter “e” have the right to object to the processing of their data, unless „BioPharma Laboratories” Ltd   processes them also on other legal grounds or has an overriding legitimate interest, such as the pursuit of legal claims.

 

7.7 Right of Appeal

 

All Data Subjects have the right to appeal the actions of „BioPharma Laboratories” Ltd   in front of the Data Protection Authority, as well as the competent court of law in Bulgaria.

 

8. Exercising rights under Art. 7

 

(1) Data Subjects may exercise their rights pursuant Art. 7, except under Art. 7.7 of these Rules of Conduct through a written request at the following email address:

 

info@biopharmahair.com

4000 Plovdiv, post box 33,

Bulgaria

 

 

(2) Requests are to be addressed to Mr. Stefan Dernev, charged with the application of these Rules of Conduct within “BioPharma Laboratories” Ltd.

 

 

(3) „BioPharma Laboratories” Ltd   provides the Data Subject with adequate information on any actions undertaken to address the request within a month of its receipt. This term may be continued by another two months where the requests are complicated or multiple. „BioPharma Laboratories” Ltd   is to inform Data Subjects for all such continuations within the initial time period, along with the provision of the reasons for it.

 

 

(4) In case of a request pursuant Art. 7.2, 7.3 and 7.4, the „BioPharma Laboratories” Ltd   informs all third persons who have access to the data without undue delay.

 

 

(5) Data Subjects have the right to receive the information contained in this Section A free of charge through a written request within seven days.

 

(6) Data Subjects whose data is processed on grounds of Art. 6, para. 1, letter “e” have the right to be informed of the legitimate interest of the „BioPharma Laboratories” Ltd   for the processing of such data.

 

9. Data Breach Notification

 

9.1 In case of a data breach, „BioPharma Laboratories” Ltd informs the competent authorities pursuant to Art. 33 of the GDPR without undue delay, and when possible, within 72 hours.

 

9.2 In case the breach bears high risk for the rights and legal interest of the data subjects, the „BioPharma Laboratories” Ltd informs the latter of the breach without undue delay, unless:

 

A. The „BioPharma Laboratories” Ltd has undertaken adequate and appropriate measures to limit any risks for the right and interest of data subjects, such as encryption of the data;

 

B. The „BioPharma Laboratories” Ltd   has undertaken adequate measures following the breach, that objectively limit the risk;

C. Notification of the breach would require disproportionate efforts on behalf of the „BioPharma Laboratories” Ltd  ;

 

10. Cookies

 

10.1 The „BioPharma Laboratories”Ltd allows the use of cookies on its websites www.biopharmahair.com, www.bravenewhairworld.com and www.bravenewhair.com on ground of Art. 6, para.1, letter “a” of the GDPR. 

 

10.2 Users provide consent for the use of cookies by clicking “I allow” in a message, appearing on the web page on its initial visit.

 

10.3 Cookies are used for supporting the site’s full functionality, as well as the analysis of statistical data for a duration of 3 months.

 

10.4 In case a user declines the use of cookies, the latter may not be able to receive access to the full functionality of the website.

 

10.5 Any user may refuse the use of cookies by withdraw of the consent at any time. Withdraw is done on a special section on „BioPharma Laboratories” Ltd’ website

© 2018 BRAVE NEW HAIR TM.  Property of Biopharma Laboratories LTD. 

_Brave-New-Hair-Logo-White_edited.png