PRIVACY NOTICE FOR INDIVIDUALS - WEBSITE VISITORS, CUSTOMERS, CONTRACTORS, AND SUPPLIERS
With this privacy notice ("the Notice", "the Notice"), we at the international corporate group STAMH ("we", "our", "STAMH") want to inform you, the visitors of our global website - https://stamh.com and its country-specific subpages ("the Website"), including to inform our customers, contractors and/or suppliers regarding how we process your personal data, including what measures we have implemented in place to protect it.
Your personal data is processed by the STAMH Group company with which you have entered into a contract or made an inquiry via the contact form, telephone, or email, available on the Website and its subpages serving the various companies of the STAMH Group.
Specifically, the controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") of your personal data is:
Domain through which access is made
+359 700 42 111
+43 660 261 8226
Serbia and Bosnia and Herzegovina
+381 11 7493 541
+381 65 4053 051
+30 211 199 28 33
Romania and Moldova
+4 0799 965 445
+385 98 880 491
+39 347 300 92 79
North Macedonia and Albania
+389 712 097 36
From this notification, more will get comprehensively, according to the requirements of the GDPR the following mandatory information:
1. What is personal data and what categories of personal data do we collect about you;
2. For what purposes and on what legal grounds do we process your personal data;
3. The legal grounds for the processing;
4. Do we share your personal data with third parties;
5. Retention periods for personal data;
6. Your rights as data subjects;
7. Measures that STAMH implements in order to protect your privacy.
WHAT IS PERSONAL DATA?
As defined in the GDPR, personal data is:
"Any information relating to an identified natural person or an identifiable natural person (a "data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the person concerned.”
CATEGORIES OF PERSONAL DATA WE COLLECT AND PROCESS ABOUT YOU
In the ordinary course of our business, including within the use of the Website, we may collect directly from you as a data subject the following information which is of a nature to identify you as an individual:
- Your physical identity: names; personal identification number; details of identity documents, signature (including electronic signature if used);
- Contact details: permanent/local address; telephone number; email address;
- Your social (work) identity: details of any position held in a company where you are acting as a representative and/or contact person for our customer, contractor, and/or supplier;
- Your economic identity: bank account information for payments where you are our customer, contractor, and/or supplier;
- Information relating to your inquiry, comment, consultation, or quotation received about the products and services provided by STAMH, where that information is of a nature to identify you as an individual;
- Information about your user behavior on the Website and identifiers created for you by cookies placed on your end device: IP address; online identifier created by cookies placed when using the Website; information on the number of visits to the Website, number of conversions, etc.
We do not process special categories of personal data about you ("sensitive personal data") within the meaning of the GDPR relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning sex life or sexual orientation.
FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA
Within the framework of the (pre)contractual relationship with you or with the company you represent/for which you are the designated contact person, we receive and process your personal data in relation to any of the following purposes:
- to provide you with commercial information (an offer) concerning products and services provided by STAMH in the ordinary course of its business;
- to respond to your requests, inquiries, and complaints about STAMH’s products and services;
- to perform our obligations to you arising from executed contracts;
- to comply with legal, regulatory, and other requirements (such as in the areas of tax law and accounting), to conduct our business in accordance with applicable law and professional standards and rules, and to respond to requests from local or foreign regulatory, governmental or judicial authorities;
- to improve the services we provide, including for internal purposes such as audits, surveys, analysis, and studies to help us improve our operations, or to monitor and analyze trends and usage of our services;
- to protect the rights and legitimate interests of the Company in the event of legal disputes in the assertion of, or defense against, claims concerning the performance or termination of a contract entered with you as our customer, contractor, and/or supplier.
We receive your personal data processed for the above purposes when you contact us through the contact channels available on the Website, including through the dedicated inquiry form on the Website.
Where we process your personal data for the purposes of our core business and to comply with our legal obligations, such processing is mandatory for the performance of those purposes. Without this data, we could not carry out our business. For example, if you do not provide us with your name and address, we would not be able to conclude a contract with you or provide you with the information necessary for its performance. In other cases, when collecting your personal data, we will let you know whether providing the data is necessary and what the consequences are if you refuse.
When you use our Website we receive personal data about you which we process in connection with another group of purposes:
- to inform you about the latest news concerning our products and services (direct marketing) when you explicitly sign up via the Website to receive our e-newsletter;
- improving the Website service and providing personalized advertising content through cookies, including identifying your access to the Website, so it is secure and uninterrupted functioning, tracking your user behavior and preferences regarding the Website content, ensuring the uninterrupted playback of video or audio content, saving your preferences for settings (regarding cookies, Website language, etc.)..
In accordance with the data minimization principle, we process personal data only for the purposes for which the data was originally collected. If we change the purpose of the processing, we will notify you immediately and ask for your explicit consent if we cannot use another valid legal basis for this new processing of personal data.
We process your personal data on one of the following legal grounds within the meaning of Article 6 of the GDPR:
- where the processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract - Article 6(1)(b). "b" of the GDPR;
- where the processing is necessary for compliance with a legal obligation applicable to us, for example in the field of tax law and accounting - Art. 6 (1) b. "c" of the GDPR;
- where you have given your explicit and free consent to your data being processed for direct marketing purposes, for the placing of marketing and analytical cookies (optional cookies) - Art. 6, para. "a" of the GDPR;
Your explicit consent to the processing of your personal data is only necessary in cases where it serves to receive information about our services and products, outside the framework of the concluded contract, newsletter, conducting surveys, placing optional cookies on your device, etc.
Consent may be withdrawn at any time by writing a free-form letter to the email address above unless there is another ground that obliges or entitles us to continue to process the personal data of the person;
Where the processing is necessary for the purposes of our legitimate interest in relation to any legal claims that may be brought against us, including for the operation of strictly necessary cookies on the Website - Art. 6, para 1, b. "f" of the GDPR.
WITH WHOM WE SHARE YOUR PERSONAL DATA
In the course of processing, STAMH provides your personal data to the following groups of organizations and third-party recipients:
- National Revenue Agency, other state and local authorities to whom provide personal information in relation to specific and clear legal obligations;
- our service providers in the field of IT solutions for information systems support and information security, courier service providers, banks, insurance companies, notaries, bailiffs, etc.;
- our lawyers, professional consultants, and auditors;
- other third parties upon your authorization and express instruction.
In all cases, we enter into written data processing agreements with business entities we work with, requiring them to take the necessary measures to ensure the protection of your personal data. We will only provide these suppliers of ours with the information they need to provide us with the agreed services, without allowing them to use your information for their own purposes. We will not provide your personal data to third parties to send you unsolicited marketing communications unless you have given the necessary consent to do so. If you receive unsolicited marketing communications from business entities with whom we work, please notify us at the contact address or email listed at the end of this document.
DATA RETENTION PERIOD
STAMH will store your personal data for the following periods:
- 5 (five) years concerning personal data processed in connection with the conclusion or for the performance of a contract, including those contained in the documents relating to the performance of the contract. This period begins to run from 01.01. (first January) of the year following the year in which the contract was terminated, or from the last contact made with you.
- We will not erase or anonymize your personal data if it is necessary for a pending judicial or administrative proceeding or a proceeding to investigate a complaint against us.
- Until the expiry of the relevant statutory periods in relation to personal data processed in the performance of a legal obligation of a company of the STAMH Group;
- 2 (two) years from the time of receipt of your explicit consent, concerning personal data processed for direct marketing purposes based on your explicit, informed consent.
Some of the retention periods depend on legal obligations to keep documents and information for certain minimum or maximum periods under the tax, accounting, or other specific legislation of the country of establishment of the relevant STAMH group company. In the case of such mandatory national legal provisions, the retention period stipulated in the legislation of the country of establishment of the relevant STAMH Group company will apply.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT
At any time while we are storing or processing your personal data, you have the following rights:
- Right, to access personal data relating to you - you can request more detailed information about how we use your data and a copy of the information we hold about you;
- The right to ask STAMH to correct, without undue delay, your inaccurate personal data as well as data that is no longer up to date;
- The right to ask STAMH to restrict the processing of personal data relating to you - in cases where there is a complaint that is being investigated;
- The right to object to the processing of personal data - where it is based on STAMH's legitimate interest, unless there are compelling legitimate grounds for the processing, or it is necessary for legal claims;
- The right to request from STAMH that your personal data be erased without undue delay where the personal data is no longer necessary for the purposes for which it was collected, where the processing is unlawful, and where the personal data must be erased to comply with a legal obligation under EU or Member State law that applies to us as a data controller.
We may refuse to erase your personal data for the following reasons: (i) to comply with a legal obligation on our part or to carry out a task in the public interest, (ii) for public health reasons.
All the above requests will be forwarded if there is a third party (recipient) processing your personal data.
- Right to lodge a complaint with the supervisory authority
You have the right, where you consider that a breach of the GDPR has occurred, to lodge a complaint directly with the competent supervisory authority for the EU Member State in which (a) you are located and (b) where STAMH has an establishment.
Moreover, in case you are located outside of the EU, you may be able to lodge a complaint before your local data protection authority depending on the applicable legislation.
Insofar as STAMH's principal place of establishment is the Republic of Bulgaria, the lead supervisory authority for the purposes of the GDPR is the Bulgarian Commission for Personal Data Protection, with an address in Sofia, 1592, 2 Prof. Tsvetan Lazarov Blvd., Phone: 02/91-53-519; 02/91-53-555; fax: 029153525; email address: firstname.lastname@example.org; and website: www.cpdp.bg
In case you wish to lodge a complaint regarding the processing of your personal data through any of the companies of the STAMH group, you can do so at the contact details above.
You can exercise all your rights listed above in relation to the processing of your personal data by sending a free-form email with your request to the relevant contact email address listed above with STAMH. In case you still find it difficult, you can request assistance to realize your rights at the contact details with STAMH.
HOW DO WE STORE AND KEEP PERSONAL DATA ABOUT YOU THAT WE PROCESS?
STAMH will process (collect, store, and use) the personal information provided by you in a manner consistent with GDPR requirements and the mandatory provisions of the national laws of the countries of the establishment of the relevant STAMH group companies. We will endeavor to keep the information as accurate and up-to-date as possible.
We will not retain information about you longer than reasonably necessary to fulfill the specific purposes for which it was collected and about which you are notified here.
We have taken all reasonable technical and organizational measures to ensure that your data is protected from unauthorized access, use, or disclosure. For example, we use cryptographic protection of files containing personal data, we use up-to-date anti-virus programs in line with technological advances in the field, and we restrict access through passwords and profiles. In addition, we provide physical protection of premises and media by locking rooms and cabinets where documents containing personal data are stored.