Privacy policy

1. Introduction
LOS PAMBOS EVENT LTD makes every possible effort to protect your personal data to the fullest extent possible. Your security and the privacy of your personal life are of utmost importance to us.

For us, it is a top priority in this Privacy Policy to explain in a clear and understandable way why and how we process your personal information and, most importantly, how we protect it.

This Privacy Statement applies to the entire business of LOS PAMBOS EVENT LTD. It also concerns the personal data processed on the website pambos-events.com

2. Company Information:
LOS PAMBOS EVENT LTD, VAT 204946466, bulevard "Patriarh Evtimiy” 2, ent. B, ap. 3, Sofia, Bulgaria, Phone: + 359 888 354 771, E-mail: pambos@abv.bg

3. Terminology
In this statement, we use terms introduced by data protection legislation. They have the same meaning as in Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (General Regulation on data protection) (Regulation (s)).

We will try to briefly explain the meaning of the main terms used:

Personal data - any information that identifies a particular individual or relates to an identifiable individual.

Processing (personal data) - Any action taken with personal data - for example, collecting, recording, using, arranging, destroying, etc.

Administrator - A person who determines the purposes and means of processing personal data.

Personal Data Processing - A person who processes personal data on behalf of an administrator.

Supervisory Authority - an independent public authority responsible for the implementation of data protection legislation. In Bulgaria, this is the Commission for the Protection of Personal Data (CPDP).

 
4.Principles
We process your personal data in compliance with the applicable law - in a lawful, conscientious and transparent manner.

For all the personal data we process, there is a reason.

We collect a minimum amount of personal data limited to the purposes for which they are needed. We keep them in the required time, confiscating them confidentially.

The data are accurate and up to date, and all measures are taken to ensure timely erasure or correction if necessary.

We implement and implement all necessary technical and organizational measures to prevent a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to your personal data.

We provide you with information about your rights that you have with the processing of your personal information.

We are able to demonstrate to you that we adhere to the above-described basic principles of our work with personal data.

5. Processed personal data
Depending on the activity we process part or all of the categories of personal data described:

Data for individuals - name, first name, surname,

Data for legal entities - representing the company,

address - customer address,

Payments data,

Contact details: phone number, e-mail address,

Security data and / or service quality improvement - video recordings, voice recordings,

Website visit data (s) - IP address.

 
6. Collection of personal data
The administrator collects personal data in the following ways:

We collect personal data directly from you:

when you contact us to carry out an activity that is legally and / or negotiated,

when submitting a claim, complaint, objection and / or other documents directly to us,

when you register / use the above-mentioned Internet site (s).

We collect personal data from third parties:

when they turn to us on your behalf, in cases where you are not in a state and / or you have instructed a third party to contact us on your behalf.

 
7. Objectives and legal basis for processing
The administrator collects and processes your data only in connection with the execution of a service on the basis of a contract. We do not use your data for activities other than the services provided by the Administrator that are described in the above mentioned sites.

In certain cases, we are obliged to provide personal data to state bodies in the Republic of Bulgaria. We do this to comply with a legal obligation.

 
The tax and accounting legislation in the Republic of Bulgaria requires the Administrator to compile certain accounting and commercial information, including keeping for a specified period such information as well as any other information and documents relevant to taxation.

In the performance of this obligation, the relevant information and documents containing personal data of the users shall be kept by the Administrator for the periods stipulated in the respective laws.

   
8. When registering / using the above-mentioned site (s) with your consent, we process your personal data only for the explicitly stated purposes, which may be the following:
To use the Client Portal,

To send an inquiry via Contact Form,

To receive notifications about services for which you have subscribed by email.

You may at any time request the deletion of an account that you have created on the Administrator's Client Portal, and we undertake without delay to delete your data entered upon registration. The request to delete an account can be made on-site at office or email pambos@abv.bg

For this reason, we can process all the data specified in paragraph 5, except for security data and / or service quality improvements.

Your consent may be withdrawn at any time by sending an e-mail to pambos@abv.bg or by using one of the other means of communication specified in this Privacy Policy.

 
9. Categories of recipients of personal data
Your personal data as referred to in point 5 may be provided to processors who carry out activities on behalf of the administrator. This can only happen after the conclusion of a written agreement. The administrator performs careful scrutiny of the processor's personal data, as well as engages their responsibility in carrying out activities. They may not process the personal data they have provided for purposes other than the performance of the work entrusted to them. Processors are required to comply with all instructions of the Administrator.

The administrator takes the necessary measures to ensure that the processors strictly adhere to the data protection laws and instructions given and that they have taken appropriate technical and organizational measures to protect your data.

The processing of personal data on behalf of the Administrator may include:

Home Assistants,

Courier Services Providers,

IT Service Providers, incl. database storage services,

Law firms.

At point 7, we have indicated when it may be necessary to make personal data available to public authorities.

 
10. Processing of personal data outside the territory of the Republic of Bulgaria
The administrator processes your personal data only on the territory of the Republic of Bulgaria.

11. Storing personal data
The administrator keeps your personal data for as long as is necessary to achieve the objectives set out in this Privacy Policy or to comply with legal requirements.

As mentioned above, the Administrator keeps accurate and up-to-date data, so they are updated and corrected if necessary.

The administrator does not store data that is not necessary to achieve the purposes described in this Privacy Policy.

Destruction of personal data is carried out in a strictly determined manner, including by using technical means - shredder (s). Personal data processing - Operators for the management, storage and destruction of archive holdings are used if necessary.

12. Technical and organizational measures
After evaluating the appropriate level of security in view of the risks associated with the processing, we have put in place the appropriate technical and organizational measures in the Administrator, which fully comply with the applicable legislation.

They ensure that only personal data that is required for each specific processing goal is processed by default. Guarantee:

permanent confidentiality, integrity, availability and sustainability of processing systems and services,

ability to promptly restore availability and access to personal data in the event of a physical or technical incident,

regular testing, assessment and evaluation of the effectiveness of technical and organizational measures to ensure processing security.

The implemented technical and organizational measures implement the following aspects of protection - physical, personal, documentary and information. Encryption and pseudonymisation are used as far as applicable.

13. Your rights
Under the data protection legislation, you have a wide range of rights with respect to the processing of personal data by the Administrator.

We have to inform you that the opportunity to exercise rights has persons that can be identified by the Administrator. In this regard, additional information about your identity may be required.

Upon your request, we are obliged to take action within one month and, if necessary, this period may be extended by a further 2 months, taking into account the complexity and the number of requests. The Administrator will inform you of any such extension within one month of receipt of the request, giving the reasons for the delay.

If the Administrator fails to act upon your request, we will notify you without delay and at the latest within one month of receipt of the request for reasons not to act, as well as the possibility of filing a complaint to a supervisor and seeking protection under court order.

Finally, we point out that exercising your rights is completely free. We can not refuse to take action on your request or request a fee to you insofar as your claims are not manifestly unfounded or excessive, in particular because of its repeatability.

13.1. Right to information and access
You have the right:

of information on the processing of personal data by the Administrator - including types of processed personal data, purposes, recipients, storage, protection measures of the same, rights, incl. the complaint, etc. This information is included in this Privacy Policy.

receive a confirmation that personal data relating to you are being processed and that you have access to them and information about them.

13.2. Right of rectification
In the event that personal data processed by an Administrator is inaccurate or out of date, you are entitled to request that the data be corrected.

13.3. Right to delete
In some cases, you may require an Administrator to delete the personal data associated with you. The legislation has provided for express cases where this is permissible:

your personal data is no longer needed for the purposes for which it was processed,

you have withdrawn your consent if the processing is based on such and there is no other legal basis for the processing,

you have objected to a processing based on the legitimate interests of the Administrator, and there are no processing grounds that take precedence over the interests, rights and freedoms of the user, or the processing of data is necessary for the establishment, exercise or protection of legal claims,

personal data has been processed by the Administrator unlawfully,

personal data must be deleted in order to comply with a statutory duty of the Administrator.

 
If your personal data is necessary for the Administrator to fulfill a legal obligation that requires processing and / or for the establishment, exercise or protection of legal claims, the right of deletion as specified in this section is not applicable.

13.4. Right to Restrict Processing
You may ask the Administrator to restrict the processing of your personal data under the following conditions:

you dispute the accuracy of personal data,

processing is illegal, but you do not want to delete them,

The administrator does not need your personal data anymore, but you require them to establish, exercise or protect legal claims,

if you have objected to processing based on the legitimate interests of an Administrator, during the investigation

13.5. Right of portability
When you have provided your personal data to an Administrator, you are entitled to receive them in a structured, widely used and machine readable format, and you may transfer this data to another Administrator. You can request a direct transfer if this is technically feasible.

The cases where the right under this point is possible are the following:

where the processing takes place on the basis of your consent or performance of a contractual obligation on an Administrator,

when processing is done in an automated manner.

13.6. Right of objection
You have the right to object to processing based on the legitimate interests of the Administrator.

13.7. Right to appeal
You have the right to complain to the Commission for the Protection of Personal Data or to another supervisor within the territory of the European Union.

Please note that some of the rules in this section will be applicable as of May 25, 2018, and their current reference to the Declaration is intended to be informed about your rights.

14. Updating the Privacy Policy
This Privacy Statement is current as of 27.12.2018.

The same may be amended due to an amendment of the applicable legislation, at the initiative of the Administrator, to clients, competent.