PRIVACY POLICY

1. Subject, Purpose and Scope

In the exercise of its activities, All Channels Communication Ltd (hereinafter referred to as “All Channels” / “Controller”) recognizes that it is important for natural persons to understand the process of collection, storage, disclosure and use of any information that constitutes personal data.

All Channels Communication Ltd, in its capacity as a personal data controller under the Personal Data Protection Act and the EU General Data Protection Regulation (Regulation (EU) 2016/679 — hereinafter “the Regulation” or “GDPR”), aims to ensure compliance with national and EU legislation regarding the processing of personal data and the protection of the rights of data subjects whose personal data it collects and processes.

Depending on the context, All Channels Communication Ltd may process data as a processor under the Regulation.

This Policy provides information on the principles and rules related to personal data processing, the rights of data subjects, the methods of processing personal data, and the means of data protection by All Channels, as well as the obligations and responsibilities it bears in its capacity as Controller and/or Processor of personal data.

This privacy policy (“Policy”) is part of the technical and organizational measures applied by All Channels to ensure compliance with the applicable law.

2. Principles of Data Processing and Protection

Personal data are processed in accordance with the following data protection principles:

2.1 Lawfulness

Personal data shall be processed lawfully, fairly and transparently. Lawful processing means full compliance by the Controller not only with data protection laws but also with all applicable legislation. Each processing activity is based on a valid legal basis which may include:

Compliance with a legal obligation applicable to the Controller;

Performance of a contract to which the data subject is a party or pre-contractual measures at the request of the data subject;

Consent of the data subject for one or more specific purposes;

Protection of vital interests of the data subject or another person;

Performance of a task in the public interest;

Legitimate interest of the Controller, unless overridden by the data subject’s interests or fundamental rights and freedoms.

2.2 Fairness

Fair processing means that personal data is not handled in a way that unjustifiably harms the data subjects, and all information and communication regarding personal data processing must be easily accessible, clear and unambiguous.

2.3 Transparency

The Controller must provide specific information to the data subject necessary for the purposes of processing in an understandable manner, whether data is obtained directly from the subject or other sources. This includes:

Identity and contact details of the Controller;
Purposes and legal basis of processing;
Storage period;
Rights of the data subject;
Categories of personal data;
Recipients or categories of recipients.

3. Lawful Purposes of Data Collection

Personal data shall be collected only for specified, explicit and legitimate purposes. The controller processes personal data for purposes including but not limited to:

Compliance with legal obligations (accounting, tax, social security, etc.);

Performance of employment, civil and commercial contracts;

Legitimate interest — protection of the Controller’s rights;

Consent of the data subject.

4. Rights of Data Subjects

Under this Policy and GDPR, data subjects have the following rights:

4.1 Right of Access

The right to obtain information on whether personal data relating to them is being processed, and details about processing, recipients, storage period, legal basis, etc. 

4.2 Right of Rectification

The right to request correction of inaccurate or outdated personal data.

4.3 Right of Erasure (“Right to be Forgotten”)

The right to request deletion of personal data without undue delay when there is no legal basis for continued processing.

4.4 Right to Restrict Processing

The right to restrict processing where appropriate.

4.5 Right to Object

The right to object to processing, especially for direct marketing purposes.

4.6 Right to Lodge Complaint

The right to lodge a complaint with a supervisory authority if GDPR rights are violated. 

4.7 Right to Data Portability

The right to receive personal data in a structured, commonly used and machine-readable format.

4.8 Right to Withdraw Consent

The right to withdraw consent at any time without affecting the legality of processing based on consent before its withdrawal.

5. Consent to Data Processing

Consent must be freely given, specific, informed and unambiguous. It must be explicit for the purposes of data processing and may be withdrawn at any time.

6. Security of Personal Data

The Controller shall implement appropriate technical and organizational measures to ensure security, including protection against unlawful processing and accidental loss, destruction or damage. This includes but is not limited to:

Password-protected systems;

Automatic lock on idle workstations;

Antivirus software and firewalls;

Restricted access to data storage areas;

Secure storage of physical records.

7. Disclosure of Personal Data

Personal data may be disclosed to external organizations (e.g., service providers, partners, public authorities, banks, insurers, etc.) only on appropriate legal grounds and/or contractual basis. 

8. Retention and Destruction of Data

Personal data is kept only as long as necessary to achieve the purposes for which it was collected, including statutory retention periods (e.g., accounting and tax records — 10 years).

9. Cooperation with Supervisory Authority
to Data Processing

The Controller cooperates with the supervisory authority (Commission for Personal Data Protection, Sofia, Bulgaria) and data subjects may submit requests or inquiries regarding exercise of their rights to the Controller’s registered office or email. 

Аpplicable Law

This Policy is prepared on the basis of Regulation (EU) 2016/679 (GDPR).