— Dunstain Fipaumutima MWAUNGULU
Malawi Supreme Court
Privacy and Personal Data Protection Policy
1. Introduction
Paraflow Communications Ltd. collects and processes personal data in accordance with the effective provisions regarding personal data protection and undertakes all actions necessary to ensure compliance with the legal and normative requirements.
This Privacy and Personal Data Protection Policy applies to the processing of personal data of natural persons in accordance with REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Paraflow Communications Ltd. observes the following principles related to the processing of personal data:
• lawfulness, fairness and transparency – personal data are processed lawfully, fairly, and in a transparent manner in relation to the data subject
• purpose limitation – personal data are collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• data minimization – personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
• accuracy – personal data are kept up to date by taking all reasonable measures to ensure the timely erasure or rectification of inaccurate data with regard to the purposes of their processing
• storage limitation – personal data are stored for no longer than is necessary for the processing purposes
• integrity and confidentiality – personal data are processed in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
2. Definitions
For the purposes of this Privacy and Personal Data Protection Policy, the definitions as identified in art. 4 of Regulation (EU) 2016/679 will be applied, including:
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
3. Personal data controller
Paraflow Communications Ltd. (the Company, Paraflow) is registered with UIC (unified identification code) 831913775, and has its seat and registered office at Sofia City, 79 Nikola Gabrovski St.
Contact: Managing Director
1700 Sofia City, Tunis Business Center, 79 Nikola Gabrovski St.
tel.: 02/ 960 42 00
fax: 02/ 960 42 18
For further questions relating to Regulation (EU) 2016/679 and to your rights:
e-mail: GDPR@paraflow.bg
4. Types of personal data and legal grounds for their processing
Paraflow collects personal data by clearly advising the subjects of the grounds on which it collects such data, and provides a separate privacy notice.
The processing of personal data is lawful if:
• the data subject has given consent for one or more specific purposes. The data subject may withdraw its consent at any time
• processing is necessary for compliance with a legal obligation applied in respect of the Company
• processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into contract
• processing is necessary for the purposes of the legitimate interests of the Company, without infringing on the interests or fundamental rights and freedoms of the data subject. Paraflow will notify the data subjects of the presence of such legitimate interest by means of the privacy notice relating to the specific processing.
5. Purposes of processing
Paraflow processes personal data for the specific purposes for which they have been collected. Those purposes can be recruitment, conclusion and performance of contracts, fulfillment of requests for products or services, marketing and social activities, and the like.
Paraflow notifies the data subjects of the purposes through the privacy notice for the specific processing.
6. Term of storage of personal data
Paraflow stores personal data until the purposes of processing have been achieved or within the statutory terms.
The terms of storage are specified in the privacy notices relating to the specific processing.
7. Categories of recipients of personal data
Paraflow can disclose personal data of subjects, depending on the purposes of processing, to the following categories of recipients:
• public authorities, institutions and persons to whom the Company is obligated to provide personal data by virtue of the applicable normative requirements of the local legislation
• legal persons who by virtue of a contract provide Paraflow with services in relation to keeping accounting reporting, legal defense, and others according to the applicable legislation
• authorized employees of the Company
For the needs of its commercial activity, Paraflow may only disclose personal data of subjects who are employees of the Company, to legal persons by virtue of a contract.
Paraflow will disclose personal data to a third party – processor only if the latter provides sufficient guarantees for the application of appropriate technical and organizational measures so that the processing proceeds in accordance with the requirements of Regulation (EU) 2016/679, and ensures protection of the rights of the data subjects.
Paraflow will not transfer personal data to third countries or international organizations.
8. Use of the http://www.paraflow.bg website
Paraflow maintains a website to popularize its offered products and services. The information which the users provide when visiting the website is used for responding to requests and questions, for contacting users, for sending requested information, for receiving orders, for sending ordered goods and services, for analyzing and improving user satisfaction, for improving the contents of the website, for marketing purposes, etc.
Contact and feedback forms
Any personal data that the website visitors fill in the contact forms are received in the electronic mail of the Company by the authorized employees responsible for their processing.
The contact and feedback forms include information about the required data that the users must provide. It may include name, contact information like e-mail and telephone, organization and position held. The collected data are processed only for the purposes of the particular request, suggestion or feedback.
Personal data that the users provide through the contact forms on the website:
• are not provided to third parties
• are not used for profiling
• are not used for direct marketing
• are not used for sending unsolicited messages (spam)
• are not used in any other way without the explicit written consent of the user, save for the instances envisaged by law, or a court decision
• are stored within the terms necessary for undertaking the necessary actions and for subsequent analysis and accountancy
Any other information, including electronic correspondence or other type of messages sent to Paraflow, will be considered non-confidential, will not be subject to this Policy, and the Company shall not be responsible for the storage and processing of such information.
The website of Paraflow Communications Ltd. is using Google Analytics cookies. Detailed information about cookies used by the Google platform on the website can be found here. Paraflow Communications Ltd. does not use cookies to collect personal data of users. Google Analytics data is available aggregated and anonymized. This data is used for statistical analysis, site management and improvement, traffic and audience profile monitoring. The terms in which Google Analytics cookies are stored are described here.
Users can opt out of Google Analytics cookies at any time here. Refusal of cookies will not limit users' access to the website of Paraflow Communications Ltd.