The Center for the Study of Democracy (CSD) is a voluntary, independent, non-profit association of citizens acting for the public benefit, registered under the provisions of the Law on Not-for-Profit Legal Persons under company file No 1092/1990 of Sofia City Court and re-registered in the Commercial Register and the Register of the Not-for-Profit Legal Persons under UIC 000713046. CSD is represented by Dr. Ognian Shentov, Chairman of the Governing Board. The Center has its headquarters in Sofia, at 5, Alexander Zhendov Street, T: 02 971 3000, F: 02 971 2233, e-mail: csd(at)online(dot)bg, website: www.csd.bg.
CSD’s consulting arms – Vitosha Research EOOD and Project 1 EOOD – are wholly owned by CSD and the three entities form the CSD Group.
Vitosha Research EOOD is a commercial company specialised in research and development activities in the area of social and economic policy, social analysis and assessment, economic and political behavior, political attitudes and value systems. The Director of Research of CSD is General Manager of the company. Vitosha Research EOOD is registered in the Commercial Register and the Register of the Not-for-Profit Legal Persons under UIC 130281981 and has its headquarters in Sofia, at 5, Alexander Zhendov Street, T: 02 971 3000, F: 02 971 2233, e-mail: office(at)vitosha-research(dot)com..
Project 1 EOOD is a commercial company in charge of CSD Group’s real estate investment activities and the management of tender and consultancy projects. The Manager of Project One EOOD is the Executive Director of CSD. Project 1 EOOD is registered in the Commercial Register and the Register of the Not-for-Profit Legal Persons under UIC 131128180 and has its headquarters in Sofia, at 5, Alexander Zhendov Street, T: 02 971 3000, F: 02 971 2233, e-mail: project1(at)online(dot)bg.
The three organisations share facilities as well as human and financial resources in order to better achieve their goals and mission.
With this Policy, the CSD Group recognises the integrity of the person and seeks to protect personal data of individuals against unauthorised processing. This document contains information about the type of personal data collected, the purpose of use of the collected personal data, the access of third parties to such data, security measures to be taken in this respect, as well as the options available to individuals concerning the use of the personal data provided by them. All personal data are dealt with in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with current legislation in the field of personal data protection in Bulgaria.
Principles relating to processing of personal data:
§ fairness and transparency;
§ relevance to purposes;
§ accuracy and up-to-dateness;
§ data minimisation;
§ storage limitation;
§ accountability, integrity and confidentiality;
§ user consent for data processing.
Type, Purpose and Grounds for Personal Data Processing
1. Data specific to the physical and social identity of the individual with regard to the following:
§ performing an activity under an employment or service contract: name, date and place of birth, national identification number, ID card number, date and place of issuance, permanent and current address, contact telephone number, e-mail, bank account details.
§ staff recruitment and interns’ admission: name, contact telephone number, address, e-mail, CV, diplomas, certificates, references from previous employers, motivation letter. § participation in events organised by CSD: name, institution, e-mail, telephone number. § project application, project implementation, contract conclusion and performance: name, institution, e-mail/telephone number, CV, bank account details, postal address.
2. Separate categories of personal data related to specific activities or to particular regulatory requirements, as regards the following:
§ sociological surveys/interviews/focus groups: name, e-mail; data revealing the individual’s affiliation to a particular vulnerable group, ethnic origin;
§ business trips related to the implementation of projects where CSD is a beneficiary: name, ID document data, date and place of birth, address, telephone number, e-mail.
3. The aim of personal data processing is to identify uniquely natural persons who are or will be carrying out activities assigned by CSD, contractors, invitees and participants in events held in relation to the implementation of CSD’s activities. The processing is performed for the purposes of:
§ fulfilling legal obligations arising from the specific requirements set out in financial reporting and accounting, retirement, health insurance and social security, and human resource management regulations;
§ performing a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract;
§ implementing CSD’s activities – for one or more specific purposes, based on the consent of the data subject; pursuing CSD’s or a third party’s legitimate interests , based on the consent of the data subject, as in: sending invitations for participation in project application procedures, news and releases related to the project implementation; submitting project proposals; sending invitations, news and releases about events organised by CSD; distribution of CSD publications.
4. Grounds for processing:
§ conclusion of an employment or service contract;
§ statement of the explicit, clear and informed consent of the data subject (which can be withdrawn at any time);
§ legal obligation of personal data processing stipulated in the Law on Accounting, the Law on Value Added Tax and other applicable legislative acts.
Security Measures, Third-Party Access, Manner and Period of Storage
1. In compliance with the applicable legislation on personal data protection, CSD has adopted and adheres to procedures for the prevention of any authorised access and personal data misuse. Business systems and procedures for personal data security and protection have been developed; security procedures along with technical and physical bans to access and use personal data on the available servers have been set down. Only authorised staff members have access to the subjects’ personal data for the implementation of CSD activities.
2. No personal data provided are used for commercial or marketing purposes.
3. Personal data can be provided to third parties solely in connection with the performance of a specific contractual obligation related to the management and implementation of grant programs and projects, or the performance of other contractual obligations, only based on the explicit consent of the data subject.
4. Personal data can be made available to the national auditing authorities, auditors from the European Commission, the European Anti-Fraud Office (OLAF), the European Chamber of Auditors, the Council for Coordination in the Fight against Infringements Affecting the European Union Financial Interests, financing institutions and agencies. These institutions are entitled to carrying out on-site checks on the implementation of projects in which CSD is involved, as well as to checking accounting and any other documents relevant to project financing and containing personal data.
5. Personal data are stored for as long as necessary to implement the activities within the scope of the Center for the Study of Democracy and in compliance with current Bulgarian legislation.
6. The collected personal data are stored on paper or electronically as per their type and the legal grounds for their processing.
7. The storage periods are set in accordance with current Bulgarian legislation; in the cases where none are stipulated, the following apply:
§ personal data collected under recruitment procedures – 3 years;
§ candidates for CSD Internship program – 1 year;
§ participants in project application procedures – 5 years;
§ participants in CSD projects and events – up to 7 years after the end of the project based on the particular document storage requirements of each project funding organisation and for the purpose of making them available to external auditors’ on-site checks of the respective project’s implementation as well as full audits of all project-related documents.
8. Personal data are only stored until the data subject specifically requests their erasure, unless this affects the legitimate interests of the Center for the Study of Democracy.
Data Subject Rights
Data subjects have the following rights in respect of their personal data:
1. Right to be informed about details which identify the Center for the Study of Democracy as a data administrator, the purposes of processing personal data, the recipients or recipient categories to whom personal data might be disclosed, the obligatory or voluntary nature of providing personal data and the possible consequences of failure to provide such data.
2. Right of access to one’s personal data. In the cases when granting the right of access possibly involves disclosure of a third party’s personal data, the administrator is obligated to provide the data subject with partial access without revealing any personal data of the third party.
3. Right to object before the Center for the Study of Democracy to the processing of one’s personal data, where there is a legitimate reason for doing so.
4. Right to have one’s inaccurate personal data rectified or completed if incomplete.
5. Right to request the restriction, instead of erasure, of one’s personal data in certain circumstances.
6. “Right to be forgotten”, i.e. having one’s personal data erased where one of the following grounds apply:
§ the personal data is no longer necessary for the purpose they were collected for or otherwise processed;
§ the data subject withdraws consent on which the processing is based;
§ the personal data have been unlawfully processed;
§ the data subject objects to the processing;
§ other cases provided for in the legislation governing personal data protection.
7. Right of defence before the Commssion for Personal Data Protection (https://www.cpdp.bg/) or before the court.
Consequences of Failure to Provide Personal Data
1. No express consent from the data subject is necessary provided there is legal grounds for personal data processing, such as a legally established obligation arising from the requirements of labor, tax and social security legislation, the Law on Obligations and Contracts, the Law on Accounting, the Law on Measures against Money Laundering Measures, the Law on Measures against the Financing of Terrorism, etc.
2. Failure to provide one’s personal data or withdrawal of consent may prevent the individual from obtaining information provided by the Center for the Study of Democracy or from opportunities to participate in the organisation’s activities.
Procedures for the Exercise of Rights of the Data Subjects
1. Natural persons exercise their rights by submitting a written request to the Center for the Study of Democracy on paper or by e-mail to email@example.com with a subject Personal Information Request which needs to contain at least the following information:
§ name, address and other identification data of the individual concerned;
§ description of the request;
§ preferred form of the requested information;
§ signature, date of submission and correspondence address.
2. The procedure for the exercise of rights of natural persons with regard to their personal data is free of charge. However, the administrator may refuse to provide free information if a person submits repeated requests at short intervals.
3. To avoid data abuse, in the cases when the request is submitted by an authorised person, it must be accompanied by a notarised power of attorney.
Terms and Definitions Used
For the purposes of this Policy:
1. ”Personal data” means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific characteristics;
”Data processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. ”Personal data administrator” is the Center for the Study of Democracy which alone or jointly with another entity / via an authorised entity processes personal data.
* * *
This web-site uses two additional tools (AddThis by Oracle and Analytics by Google) for functional purposes.