Plan A is a provider of software solutions and services operating in full compliance with all applicable legislations. In view of the entry into force of the General Data Protection Regulation (GDPR) in May 2018 the company has upgraded its policies, procedures and practices regarding personal data protection. In all our activities we abide strictly by the requirements of the GDPR, the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. These regulations require that all controllers, processors and sub-processors ensure the best possible protection of personal data. We at Plan A Ltd. achieve this by appropriate organizational and technical measures, by endorsing policies and procedures aiming at adequate data protection by all our staff, sub-processors and freelancers.
- Why we collect your information
- What purpose we are processing it for
- How long we store it
- Whether there are other recipients of your personal information
- Whether we intend to transfer it to another country, and
- Whether we do automated decision-making or profiling.
Plan A Ltd. collects, processes and retains personal data only on the as-needed principle in order to comply with the applicable legislation and to perform its services. The data collected from our clients and sub-processors normally include business contact data but when personal data are present in documents such as agreements, these documents are handled within the best data security practices. Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made an information request to us.
- You have placed an order for one of our services.
- You have applied for a job or secondment with us.
- You are representing your organization.
The purpose for which we collect and process your personal data is to ensure that we provide the services you are interested in. The legal basis for processing your data is either a specific regulatory requirement or your explicit consent to use your personal data. We store your information as long as needed depending on the reason it has been collected. For instance, data of persons who have become our full- or part-time employees are stored for the periods specified in the labour legislation. The data of job applicants are stored for the period specified by the applicant (if applicable) or for a maximum of 3 years unless the applicant requests “to be forgotten”. The data of persons with whom we have signed agreements and payments have been made, the data are stored under the Accounting Law. We ensure that you can benefit from the rights granted to you by the GDPR within the respective legal framework such as your right of access, right to rectification, right to erasure and right to restriction of processing (within limitations specified in the respective legislation), and right to data portability (if applicable). We do not apply profiling techniques and do not transfer your personal data to third parties except in case of legal requirements by the law enforcement authorities or your explicit consent.
2. Disclosure to third parties
Personal data may be disclosed to third parties only when required by the law enforcement authorities or other public authorities which have legal right of access to these data. Disclosure to any other parties (such as our business partners) may be done only with the explicit permission of the data subject. Whenever possible, personal data in documents such as CVs are de-identified by pseudonymization or other appropriate methods. Whenever personal data are transferred to countries outside the European Union or the Privacy Shield areas, the same level of data security is demanded by all processors (e.g., subcontractors).
3. Personal data protection
Plan A Ltd. has developed appropriate policies and procedures to ensure compliance with all applicable laws and regulations regarding data security and personal data protection. These include the following, but are not limited to:
- Organizational and technical security measures regarding data collection, processing and retention of hard copies and electronic files.
- Non-disclosure and confidentiality agreements with employees and contractors.
- Providing guidance and demanding from our contractors full compliance with the best possible data protection measures.
- Appropriate procedures and methods of data transfer via secure channels of communication and additional measures such as encryption.
- Appropriate procedures for retention of documents containing personal data and deletion whenever this is requested by the data subject, or when the document is no longer needed, or when this is specified in the respective procedure.
- Adequate measures to ensure the preservation of documents from loss or destruction.
- Continuous review of data security practices to ensure full compliance with the applicable legislation and the client requirements set forth in agreements or specific instructions.
- Procedures to meet all obligations under the GDPR such as providing access and allowing data subjects to exercise their rights under the GDPR, including the right of notification in case of actual or suspected personal data breach.
4. Information and complaints
The law which governs this Policy and all disputes arising under it is the GDPR and the Bulgaria Data Protection Act. All disputes of whatsoever nature including failure to perform and performance shall be determined by the courts of the Republic of Bulgaria. Any claims may be raised to the Committee for Personal Data Protection at No. 2, Tsvetan Lazarov Street, 1592 Sofia, Bulgaria (www.cpdp.bg). Plan A Ltd. has appointed a person responsible for data protection who is available to provide any additional information and explanations regarding personal data protection and accept any claims regarding data security. You may send your requests and/or claims at: firstname.lastname@example.org.
What are cookies?
Website cookies are tiny data files that websites place and store on the computers and mobile devices of users who visit those sites. These files contain information about the user’s actions on the website. They are most often used to recognize return users and remember information about them, such as their browsing activity, information they enter into text fields – including names, email addresses, login information, etc.
Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies. The cookies used on the website include those which are strictly necessary cookies for access and navigation, cookies that track usage (performance cookies), remember your choices (functionality cookies), and cookies that provide you with targeted content or advertising. We may use the information we obtain from your use of our cookies for the following purposes: 1. to recognise your computer when you visit the website 2. to track you as you navigate the website 3. to improve the website’s usability 4. to analyse the use of the website 5. in the administration of the website 6. to personalise the website for you, including targeting advertisements which may be of particular interest to you.
How we process the data gathered?
How to control cookies
The “Help” section on the menu bar of most internet browsers will tell you how to prevent your browser from accepting new cookies, how to make the browser notify you when you receive a new cookie and how to disable cookies altogether. Please note that certain features of the Website may no longer be available to you if you disable cookies. You also can manage your cookies preferences using the following links for some of the most popular internet browsers: Google Chrome Microsoft Edge Mozilla Firefox Microsoft Internet Explorer Opera Apple Safari
Updates & contact