top of page
— Dunstain Fipaumutima MWAUNGULU
Malawi Supreme Court
Privacy and Personal Data Protection Policy
1. Introduction
Paraflow Communications Ltd. collects and processes personal data in accordance with the effective provisions regarding personal data protection and undertakes all actions necessary to ensure compliance with the legal and normative requirements.
This Privacy and Personal Data Protection Policy applies to the processing of personal data of natural persons in accordance with REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Paraflow Communications Ltd. observes the following principles related to the processing of personal data:
• lawfulness, fairness and transparency – personal data are processed lawfully, fairly, and in a transparent manner in relation to the data subject
• purpose limitation – personal data are collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• data minimization – personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
• accuracy – personal data are kept up to date by taking all reasonable measures to ensure the timely erasure or rectification of inaccurate data with regard to the purposes of their processing
• storage limitation – personal data are stored for no longer than is necessary for the processing purposes
• integrity and confidentiality – personal data are processed in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
2. Definitions
For the purposes of this Privacy and Personal Data Protection Policy, the definitions as identified in art. 4 of Regulation (EU) 2016/679 will be applied, including:
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
3. Personal data controller
Paraflow Communications Ltd. (the Company, Paraflow) is registered with UIC (unified identification code) 831913775, and has its seat and registered office at Sofia City, 79 Nikola Gabrovski St.
Contact: Managing Director
1700 Sofia City, Tunis Business Center, 79 Nikola Gabrovski St.
tel.: 02/ 960 42 00
fax: 02/ 960 42 18
For further questions relating to Regulation (EU) 2016/679 and to your rights:
e-mail: GDPR@paraflow.bg
4. Types of personal data and legal grounds for their processing
Paraflow collects personal data by clearly advising the subjects of the grounds on which it collects such data, and provides a separate privacy notice.
The processing of personal data is lawful if:
• the data subject has given consent for one or more specific purposes. The data subject may withdraw its consent at any time
• processing is necessary for compliance with a legal obligation applied in respect of the Company
• processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into contract
• processing is necessary for the purposes of the legitimate interests of the Company, without infringing on the interests or fundamental rights and freedoms of the data subject. Paraflow will notify the data subjects of the presence of such legitimate interest by means of the privacy notice relating to the specific processing.
5. Purposes of processing
Paraflow processes personal data for the specific purposes for which they have been collected. Those purposes can be recruitment, conclusion and performance of contracts, fulfillment of requests for products or services, marketing and social activities, and the like.
Paraflow notifies the data subjects of the purposes through the privacy notice for the specific processing.
6. Term of storage of personal data
Paraflow stores personal data until the purposes of processing have been achieved or within the statutory terms.
The terms of storage are specified in the privacy notices relating to the specific processing.
7. Categories of recipients of personal data
Paraflow can disclose personal data of subjects, depending on the purposes of processing, to the following categories of recipients:
• public authorities, institutions and persons to whom the Company is obligated to provide personal data by virtue of the applicable normative requirements of the local legislation
• legal persons who by virtue of a contract provide Paraflow with services in relation to keeping accounting reporting, legal defense, and others according to the applicable legislation
• authorized employees of the Company
For the needs of its commercial activity, Paraflow may only disclose personal data of subjects who are employees of the Company, to legal persons by virtue of a contract.
Paraflow will disclose personal data to a third party – processor only if the latter provides sufficient guarantees for the application of appropriate technical and organizational measures so that the processing proceeds in accordance with the requirements of Regulation (EU) 2016/679, and ensures protection of the rights of the data subjects.
Paraflow will not transfer personal data to third countries or international organizations.
8. Use of the http://www.paraflow.bg website
Paraflow maintains a website to popularize its offered products and services. The information which the users provide when visiting the website is used for responding to requests and questions, for contacting users, for sending requested information, for receiving orders, for sending ordered goods and services, for analyzing and improving user satisfaction, for improving the contents of the website, for marketing purposes, etc.
Contact and feedback forms
Any personal data that the website visitors fill in the contact forms are received in the electronic mail of the Company by the authorized employees responsible for their processing.
The contact and feedback forms include information about the required data that the users must provide. It may include name, contact information like e-mail and telephone, organization and position held. The collected data are processed only for the purposes of the particular request, suggestion or feedback.
Personal data that the users provide through the contact forms on the website:
• are not provided to third parties
• are not used for profiling
• are not used for direct marketing
• are not used for sending unsolicited messages (spam)
• are not used in any other way without the explicit written consent of the user, save for the instances envisaged by law, or a court decision
• are stored within the terms necessary for undertaking the necessary actions and for subsequent analysis and accountancy
Any other information, including electronic correspondence or other type of messages sent to Paraflow, will be considered non-confidential, will not be subject to this Policy, and the Company shall not be responsible for the storage and processing of such information.
The website of Paraflow Communications Ltd. is using Google Analytics cookies. Detailed information about cookies used by the Google platform on the website can be found here. Paraflow Communications Ltd. does not use cookies to collect personal data of users. Google Analytics data is available aggregated and anonymized. This data is used for statistical analysis, site management and improvement, traffic and audience profile monitoring. The terms in which Google Analytics cookies are stored are described here.
Users can opt out of Google Analytics cookies at any time here. Refusal of cookies will not limit users' access to the website of Paraflow Communications Ltd.
9. Use of social media
Paraflow maintains pages in the social media (Facebook, LinkedIn, Twitter, Youtube, Instagram) to popularize its offered products and services. The Company assumes no responsibility whatsoever for publications by data subjects on those pages. The social media have their own provisions regarding use and confidentiality that their users should be aware of.
As a reminder, publications in the social media can be associated with certain risks, including with regard to the confidentiality of the personal data of the subject or of other persons whom the subject shares.
10. Security of personal data
Paraflow applies a complex of technical and organizational measures to ensure the security of the personal data which it processes. The measures are aimed at protecting the data from unauthorized access, unregulated use, accidental loss or damage to their integrity.
The measures applied to control the security of the information are subject to periodical independent auditing.
11. Automated decision making, including profiling
The personal data which Paraflow Communications Ltd. processes are not subject to automated decision making, including profiling.
12. Your rights
According to the applicable legislation in the field of personal data, all data subjects have the rights described below. Paraflow undertakes to respond to any requests relating to those rights within one month from their receipt without any fee being due. If necessary, this term can be extended by another two months, of which the Company will notify the data subject within one month from receiving the request.
You can address any requests relating to the rights of the data subjects to the following e-mail: GDPR@paraflow.bg.
In cases where any requests of a data subject are evidently groundless or excessive, especially due to their repetitiveness, the Company may:
• impose a reasonable fee, taking into account the administrative costs for providing the information or the communication or the taking of the requested actions, or
• refuse to take actions relating to the request.
If the Company refuses to take actions relating to a given request, it will inform the data subject about the reason.
As a subject of data which are processed by the Company you have the following rights:
Right of access
You can request information as to whether we process any personal data concerning you. You can request access to such data.
We will provide you with a report on the personal data that are in the course of being processed, as well as on the purposes of such processing. When you submit a request via electronic means, if possible, we will provide the information in the commonly used electronic form, unless you have requested otherwise.
Right to rectification
If we process incomplete or untrue personal data from you, you can request their rectification or supplementation at any time.
You are responsible for the provision of correct personal data and to inform Paraflow about all relevant changes (e.g. changes in address or name).
Right to erasure
You can request the erasure of your personal data in the following instances:
• the personal data are no longer necessary for the purposes for which they have been collected or otherwise processed;
• you withdraw your consent on which the processing of the data is based and there are no other legal grounds for the processing;
• you reckon that the personal data have been processed unlawfully;
• you have objected to the processing of the data and there are no overriding legitimate grounds for the processing;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject.
Please note that there can be other reasons that may prevent the immediate erasure of your data, such as legally regulated obligations for storage, establishment, exercise or defense of legal claims, etc.
Right to restriction of processing
You have the right to request restriction of processing if:
• you contest the accuracy of the personal data, for a period enabling us to verify their accuracy;
• the processing is unlawful, but you do not wish the personal data to be erased, and you request the restriction of their use instead;
• we no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise or defense of legal claims;
• you have objected to the processing of the data pending the verification whether the legitimate grounds of the Company for processing the data override your interests.
When restriction of processing has been requested, Paraflow will inform you before it is lifted.
Right to data portability
You can request the Company to provide you with the personal data which concern you and which you have provided, in a machine-readable format, and transmit them to another controller. This will be applied only in cases where:
• the processing of the specific data is based on your consent or is in relation to the conclusion and performance of a contract to which you are a party; and
• the processing is performed by automated means.
Right to object
You have the right, at any time and on grounds relating to a particular situation, to object to the processing of your personal data, where the objection is based on:
• the fulfillment of a task of public interest or in the exercise of official powers granted to the Company;
• the legitimate interests of the Company or of a third party.
Paraflow will terminate the processing to which you have objected, unless there are compelling legitimate grounds therefor or for the purposes of establishment, exercise or defense of legal claims.
Right to lodge a complaint
If you reckon that we have violated any applicable legislation relating to the protection of personal data in the course of processing your data, and have as a result infringed your rights, please contact us at the following e-mail address: GDPR@paraflow.bg.
You have the right to lodge a complaint with the competent supervisory authority in charge of overseeing the compliance with Regulation (EU) 2016/679.
13. Conclusion
Current document was approved on 01.11.2018 and was enforced as of 01.11.2018.
Paraflow Communications Ltd. reserves its right, if needed, to correct this Policy with a view to ensuring lawfulness, or in the event of changes in the internal rules. The up-to-date version of this Privacy and Personal Data Protection Policy is accessible to all data subjects via the following webpage: www.paraflow.bg.
bottom of page