Privacy policy
Zara Consult Ltd. respects the privacy of every individual who visits our website, sends us e-mail or is our client, partner or staff member. Therefore, we comply with applicable data privacy legislation in regards to processing personal data. This Policy describes how and why Zara Consult Ltd. uses your personal information, how we protect your privacy when doing so, and your rights and choices regarding this information. This Policy constitutes the entire agreement between you and Zara Consult Ltd. relating to the publicly accessible portions of our website. By your use of our website, you consent to be governed by this Privacy Policy.
This policy is effective from 25th May 2018.
WHO WE ARE
In this Privacy Policy, “Zara Consult Ltd.”, “we”, or “our” means
ZARA CONSULT Ltd., entered in the Commercial Registry with UIC 130444955, with its seat and address of management in Bulgaria, Sofia 1000, 10 Stefan Karadzha str., fl. 3-4, represented by Pavlina Petrova – Managing Director.
We are a leading national provider of accountancy and business services, offering a comprehensive range of financial, payroll and tax-legal services, business advisory and audits, company formation and other tailored corporate services, so we use personal information on a day to day basis in order to operate. For many years we have been handling this data with care, discretion and a high level of security measures.
WHAT PERSONAL INFORMATION WE COLLECT
The type and quantity of information we collect and how we use it depends on why you are providing it.
When you engage with us by phone, mail, in person or online, we may collect information about you (referred to in this Privacy Policy as ‘personal information’). This may include your name, ID card/passport number, Social number, address, email address, telephone number, date of birth, job title, bank details, and other information relating to you personally which you may choose to provide to us.
Sensitive data
Data protection law recognizes that certain types of personal information are more sensitive. This is known as ‘sensitive’ or ‘special category’ personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person’s sex life or sexual orientation. Sensitive information will only be collected where necessary, for example, we may need to collect health information from you when providing payroll services. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.
Children
We strongly believe in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain personal information from persons under 14 years of age, and no part of the Website is directed to persons under 14 years of age. If you are under 14 years of age, then please do not use or access the Website at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 14 years of age.
HOW WE COLLECT INFORMATION ABOUT YOU
We collect information in the following ways:
- When you give it to us DIRECTLY
You may give us your information in order to sign up service contract or communicate with us.
- When you give permission to OTHER ORGANISATIONS to share or it is available publicly
- When we collect it as you use our WEBSITES OR APPS
“Cookies”
Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies are small text files which are downloaded to and stored on your device when you visit a website. Cookies are widely used by website owners to provide you with a good experience while you browse, and also to provide information which can help website owners to improve websites.
Our site uses cookies to:
- make our site work
- collect anonymous data on how users navigate our site, which helps us to improve it
- allow you to share our content on social networks
- to help us provide relevant advertising to those who may be interested in it.
We do not use cookies to:
- collect any personally identifiable information
- pass personal identifiable data to third parties.
Most internet browsers automatically accept cookies unless you change your browser settings. If you wish to restrict, block or delete the cookies which are set by any websites, you can generally do this through your browser settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. Please note however that if you set your internet browser preferences to block all cookies, you may not be able to access all or parts of our site. Unless you have adjusted your internet browser settings to block cookies, our site will set cookies.
HOW WE USE YOUR INFORMATION
We will use your personal information to:
- provide you with the services or information you asked for;
- for initial company registrations, to appoint owner(s) and manager(s) of new companies and to administer additional changes of these data;
- administer and keep a record your contractual relationship with us;
- respond to or fulfil any requests, complaints or queries you make to us;
- for internal training, quality monitoring or evaluating the services we provide and to understand how we can improve our services or information by conducting analysis and market research;
- send you correspondence and communicate with you;
- administer our websites and to troubleshoot, perform data analysis, research, generate statistics and surveys related to our technical systems;
- testing our technical systems to make sure they are working as expected;
- generate reports on our work, services and events;
- conduct due diligence and ethical screening;
- audit and administer our accounts;
- meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies;
- carry out fraud prevention and money laundering checks;
- establish, defend or enforce legal claims.
We won’t do anything with your information you wouldn’t reasonably expect.
LEGAL BASIS FOR PROCESSING
Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current Bulgarian data protection legislation.
Specific consent
Consent is where we ask you if we can use your information in a certain way, and you agree to this.
Legal obligation
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations.
Performance of a contract / take steps at your request to prepare for entry into a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are using one of our services or if you are applying to work with us.
Vital interests
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance if there were to be an issue which required us to contact people unexpectedly or share their information with emergency services.
Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights). We consider our legitimate interests to include all of the day-to-day activities Zara Consult Ltd. carries out with personal information. We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
HOW WE KEEP YOUR INFORMATION SAFE
We use technical and corporate organizational safeguards to ensure that your personal information is secure. For example our online contact forms are always encrypted and our network is protected and routinely monitored. We limit access to information on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this Privacy Policy. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
HOW LONG WE KEEP YOUR INFORMATION
Zara Consult Ltd. has specific criteria to determine how long we will retain your information for, which are determined by legal and operational considerations, taking into account guidance issued by the Commission for Personal Data Protection. Generally, we will retain it for no longer than necessary for the purposes for which it was collected.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
SHARING YOUR INFORMATION WITH OTHER ORGANISATIONS
We will only use your information for the purposes for which it was obtained. We will not, under any circumstances, sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies as a result of giving your details to us.
We will only share your data for the following purposes:
- Third party suppliers and sub-contractors who may process information on our behalf: We may need to share your information with data hosting providers or service providers, etc. who help us to deliver our services. These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses. We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Policy.
- Where legally required: We will comply with requests where disclosure is required by law. Further, we safeguard the sharing of such information by using formalised information sharing agreements with organisations where appropriate, or on an ad hoc basis after ensuring the request and disclosure are legally compliant.
In compliance with local legislation and regulations we share information on labor contracts with the National Revenue Agency. Personal data included in company formation documents is shared with the Bulgarian Trade Register. For opening a company bank account, personal data can be shared with the bank of choice of the person(s) involved.
When we use external companies to process personal data on our behalf we do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to.
We may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA. However we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the European Commission approved standard contractual clauses. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
KEEPING YOUR INFORMATION UP TO DATE
Where possible we use publicly available sources to keep your records up to date. We really appreciate it if you let us know if your contact details change.
YOUR RIGHTS
Data protection legislation gives you the right to request access to personal information about you which is processed by Zara Consult Ltd. and to have any inaccuracies corrected.
If we have collected and process your personal information on the basis of your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You also have the right to ask us to erase your personal information, ask us to restrict our processing of your personal information or to object to our processing of your personal information.
If you wish to exercise these rights, please complete our request form (provided upon request) and send it along with copies of two separate identification documents which provide photo identification and confirm your address, such as a passport, driving license, etc. Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records. You can send us the documents via post to: Bulgaria, Sofia 1000, 10 Stefan Karadzha Str., floor 3 and 4, Pavlina Petrova. Alternatively email a copy of the form along with scans or photos of your two forms of identification to: gdpr@zaraconsult.com. We will respond within 30 days on receipt of your written request and copies of your identification documents.
COMPLAINTS
If you would like more information, or have any questions about this policy, to make a formal complaint about our approach to data protection or raise privacy concerns please contact us: gdpr@zaraconsult.com.
You also have the right to lodge a complaint about any use of your information with the Commission of Personal Data Protection (www.cpdp.bg) – the Bulgarian data protection regulator.
CHANGES TO THIS POLICY
We reserve the right, at our discretion, to change, modify, add, or remove portions of this Privacy Policy, at any time. Any such modification that materially affects your rights to your personal information will not take effect until 30 days after notice of such change is posted on this website, during which time you may notify us that you do not accept such change. Your continued use of this website following the 30-day period will be conclusively deemed acceptance of the changes to this Privacy Policy. Further, you agree that such notice posted on this website constitutes reasonable and sufficient notice. At all times, you are bound by the then-current version of the Privacy Policy and all applicable laws. We highly recommend that you review this Privacy Policy from time to time to ensure that you are familiar with the most recent version.
(Last updated: 25 May 2018)
CONTACT US
If you have any questions, comments or suggestions, please let us know by contacting us: gdpr@zaraconsult.com
Date: 25th of May 2018
Approved by:
Pavlina Petrova
Managing Director