NOTICE REGARDING THE PROCESSING OF THE PERSONAL DATA OF THE CLIENTS OF MClimate Jsc. with UIC 204664844 (the "Company")
As of May 25, 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation", GDPR), which significantly changes the existing legal data protection regime.
In its capacity as a personal data controller, the Company processes personal data in accordance with the GDPR and its implementation acts, as well as with current national legislation and internal rules, procedures, policies, and data protection impact assessments. This notification has been developed by the Company specifically for its employees in accordance with Article 13 of the GDPR and contains information about:
- the administrator responsible for the processing of personal data;
- categories of processed personal data;
- the conditions under which personal data are processed;
- the purposes and legal grounds for the processing;
- storage terms and applied data security measures;
- the rights of customers as data subjects within the meaning of GDPR,
as well as in which cases and in what order we share your data with third parties.
WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
Responsibility for the processing of your personal data lies with:
- MClimate Jsc., UIC 204664844, with headquarters and management address in the city of Sofia 1729, Alexander Malinov 31 Boulevard
- In the event that you wish to receive more information or a copy of the archive with your personal data processed by the Company or to exercise your rights under the GDPR, as well as if you suspect that your data is being used in an unregulated manner, you can contact us at e-mail: firstname.lastname@example.org
WHY DO WE COLLECT YOUR DATA?
The company processes personal data of its customers with a view to their identification (hereinafter collectively referred to as "data subjects"), maintaining contact with them, providing services to them, including payment of the value of the provided service, conducting direct marketing, as well as and to fulfill the obligations stipulated by law for the Company in its capacity as a trader.
WHAT DATA DO WE COLLECT?
The Company processes the following categories of personal data about you: contact data, information related to orders and payments made, service and installation history, device information, records related to support tickets, history of use of the Company's products and services, data from participation in various surveys, competitions and promotions conducted by the Company.
ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?
In accordance with GDPR, the Company processes personal data only with a valid legal basis. The company processes your data on the following legal grounds:
- The legal basis for processing your data is the fulfillment of the commitments made in connection with the performance of a service requested by you.
- Next, the obligation to store personal data arises under the applicable legislation.
- Data processing is also necessary to protect the rights and interests of the Company as a party to a contract, for example in the event of a legal dispute over the payment of fees or irregular termination of the contract.
- On the basis of an expressly given consent for conducting direct marketing, promotions, surveys and competitions, as well as for the use of "cookies" on the Company's website.
WHAT MEASURES DO WE TAKE TO PROTECT THE DATA COLLECTED?
The protection and security of your data are important to us. In order to prevent loss, misuse, or unauthorized access to your data, we apply all reasonable measures and means of protection, including stipulating an obligation of confidentiality from all employees and contractors of the Company, applying technical measures to protect the computers and systems through which personal data is processed, as well as conducting data protection training among employees. If you suspect a violation, please contact us immediately using the contact details provided.
HOW LONG DO WE STORE YOUR DATA?
The company stores the personal data related to the services provided by it for a period not longer than necessary and/or due according to the requirements of the applicable law. Except when the storage of the data is not necessary for the fulfillment of obligations stipulated by the legislation applicable to its activity, the customer data is stored for a period of 5 (five) years, counted from the provision of the relevant service or for the period of the consent given by the person to carry out personal data processing.
WHAT RIGHTS DO YOU HAVE WITH THE PROCESSING OF YOUR DATA?
The GDPR provides a number of options for the protection of individuals in connection with the collection and processing of data, and in particular:
- right to information about the ways and terms for the processing of your data and the types of data processed, including a copy of the employment file and other data archives that we keep;
- right to object to the activities carried out based on the legitimate interest of the company, for example, video surveillance (if, for example, the same is carried out in unmarked places or in places where it could affect your rights and dignity); if the objection is upheld, the videos will be deleted;
- right to correct inaccurate data about you, reflected in the documents stored by the Company;
- right to request "to be forgotten" when the storage period has expired and the processing is no longer necessary or is initially unlawful;
- notwithstanding the exercise of the above rights, you have the right to lodge a complaint with the supervisory authority (see more below).
HOW DO WE SHARE YOUR DATA WITH THIRD PARTIES?
We may provide your data to third parties as follows:
- with competent state authorities during an inspection or when required by applicable tax, labor and social security law;
- with partners of the Company, as well as with accountants, lawyers and other consultants;
- in the event of team changes, mergers or acquisitions, your data may be shared with the new partner(s) and consultant(s), for which you will be notified.
HOW CAN YOU CONTACT THE COMPETENT SUPERVISORY AUTHORITY?
Regardless of the above, in case of complaints you have the right to contact the Commission for the Protection of Personal Data (CPDP):
- in person, at the address: Sofia, "Prof. Tsvetan Lazarov" No. 2;
- by letter, to the address: Sofia, p.c. 1592, Prof. Blvd. Tsvetan Lazarov" No. 2;
- by fax - 029153525;
- to the CPDP email - email@example.com;
- through the CPDP website at: https://www.cpdp.bg/.
Personal information we collect
Information you give us.
We receive and store any information you provide to us. For example, we collect personal information such as your name, address and email address when you register a user account in the service. We also collect information you provide to us regarding your household (such as heating type, living space and similar) and feedback or other information provided by you in our customer surveys. You can choose not to provide us with certain information, but then you may not be able to register an account or take advantage of all features of the service.
Information we collect about you.
When you use the service, we may collect information about your household from your electricity meter, sensors & devices connected to the service or information asked for in the service. Information collected from such sources, may include information about your electricity consumption, type of household, zip code and location of your supply point and information about temperature. We may also collect information about your use of the service, e.g. how you use the service, including page response times and settings.
What we do with your personal information
MClimate processes personal data for the following purposes and based on the following legal bases:
To register your account.
We will process your personal data in order to create your user account. The legal basis for this processing (i.e. why the data processing is necessary) is to enter into a contractual relationship with you regarding the service.
To provide the service to you.
We will process data related to your household and electricity consumption, in order to provide you with information and analysis regarding your electricity usage. The legal basis for this processing is to provide the service to you (i.e. to fulfil our contractual obligations towards you).
To give you recommendations.
We may process data related to your household and electricity consumption, in order to give you recommendations. For example, if we find that you have a high energy consumption, we may propose suitable measures to help you reduce it. This processing includes profiling. The legal basis for this processing is to provide the service to you and to pursue legitimate interests.
To communicate with you.
We may use your personal data to send you alerts or service messages regarding your electricity usage, e.g. recommendations. We may also use your data to send you important information regarding the service. The legal basis for this processing is to pursue legitimate interests. If you do not wish to receive such alerts or messages, you may turn off notifications in your account settings.
To develop and improve the service.
We may use aggregated and non-personal information (not related to you specifically) to develop and improve the service, including troubleshooting, data analysis, testing, research, and statistical purposes. The legal basis for this processing is to provide the service to you and to pursue legitimate interests.
Information we share
In addition, we may disclose information about you if we are required to do so by law or legal process, or to law enforcement agencies following an appropriate request.
Please note that we will not sell your personal details to third parties unless we have your permission to do so.
Where we store your personal data
We always strive to process your data within the EU/EEA. The data may however in certain situations be transferred to, and processed in, a destination outside of the EU/EEA by a supplier or subcontractor. In such cases, we will take all reasonable legal, technical, and organisational measures to ensure that your data is treated securely and with an adequate level of protection compared to and in line with at least the level of protection offered within the EU/EEA.
How long we keep your personal data
We keep your data only as long as necessary to fulfil our contractual obligations towards you, i.e. for as long as you have an active account for use of the service. However, we may keep your data for a longer period if we are required to do so by applicable statutory retention periods.
You have the right to know what personal data we process about you and may request a copy free of charge. You are also entitled to have incorrect data about you corrected and you may in some cases ask us to delete your personal data, for example if the personal data is no longer necessary for the purpose it was collected. You may also object to certain personal data about you being processed and request that processing of your personal data is limited. Please note that limitation or deletion of personal data may result in that we cannot provide the service to you. You also have the right to receive your personal data in a machine-readable format and have the data transferred to another party responsible for data processing.
MClimate uses technical and organisational security measures to help protect your personal data against loss and to guard it against access by unauthorised persons. We regularly review our security policies to ensure our systems are secure and protected.
How to contact us
Melissa Climate Jsc is registered in the Bulgarian companies register under the registration number 204664844 with principal place of business located at Gen. Gurko 4 Street, Sofia 1000, Bulgaria.
MClimate is the responsible entity (controller) for the processing of your personal data as described above. MClimate is subject to Bulgarian data protection legislation, including the General Data Protection Regulation (GDPR).
You can always reach out to us on matters of privacy and data protection by sending an email to firstname.lastname@example.org. You may also lodge a complaint to CPDP.bg (the Bulgarian Data Supervisory Authority) if you believe that we have not complied our legal obligations with regard to your personal data.