Your privacy is important for us. This Privacy Notice explains BMF Port Burgas EAD policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. Please read this Privacy Notice carefully.
BMF Port Burgas EAD is a company organized and existing under the laws of the Republic of Bulgaria under registration number 201618489. Our registered office is at 1 Knyaz Aleksandar Batenberg, 8000 Burgas, Bulgaria. Your personal data may be shared with associated entities as necessary and appropriate, under the condition that appropriate measures are put in place.
If you have any questions about this Privacy Notice, or if you want to exercise your rights, please contact BMF Port Burgas’ Data Protection Officer:

  • By email: dpo@navbul-portburgas.com;
  • By telephone: +359 56 858 283;
  • By post: 1 Knyaz Aleksandar Batenberg, 8000 Burgas, Bulgaria

The term “Personal data” in this Privacy Notice has the same meaning as in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“). In summary, it means information that identifies you, whether directly or indirectly (combined with other data likely to come into our possession), including for example your name, gender, address, email address, phone number, date of birth, provided by you to us or received by us from other sources, online identifiers etc.
We collect and use personal data in order to carry out our main business activities (provision of port services) as well as other supporting activities. Our purposes and lawful grounds for processing your personal data vary, depending on our relationship with you and on the activity in question. The information we collect and use is limited to what is necessary in relation to the purposes for which your data is processed with minimum intrusion.
The personal data of our employees, contractors and third parties that we collect and use, the lawful grounds and purposes for collecting and using such personal data is available in our “Instruction for personal data protection”.
In summary our policy of protection of personal data contains the following rules:

We will store your personal data in compliance with the requirements of the GDPR. We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, to satisfy any legal, accounting or reporting requirements or to protect our legitimate interests. If there is no legal requirement for the period of retention of the personal data we determine the appropriate retention period for personal data by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable limitation periods for claims which might be brought against us or by us against you.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you.

We aim to ensure that your personal data are secure. In order to prevent unauthorised access, destruction or disclosure of your personal data we have put in place appropriate physical, technical and organisational measures. Our service providers are required to do the same.

 

You may contact our Data Protection Officer at email: dpo@navbul-portburgas.com in order to receive full information what personal data, related to you we process.
You may find out more information by clicking on the following links below.

Learn more (What we collect and how we use it) - Information for our Employees and Job applicants

EMPLOYEES AND JOB APPLICANTS
We process personal data of individuals who are in labor relationships with BMF Port Burgas EAD. The following categories of personal data are processed:

1. Types of personal data we process
The type of personal data we collect and process may include some or all of the below listed depending on our relationships with you:
Identity Data: First name, given name, last name, gender, date of birth, national ID number, signature, photos;
Contact Details: home address, telephone, mobile phone number, email addresses and other contact details as appropriate;
Education and working experience: education, alma mater, diplomas, past working positions and titles, professional specialism, qualification, certification and licenses, employment history;
Closed-circuit Television “CCTV” (HDCVI and IP cameras);
Financial Data: bank details;
Office data provided by us: position or title, business address, business phone and mobile numbers, fax number, business e-mail address, professional ID number;
‘Special category’ data (health condition): That type of data is processed on the lawful basis of necessity of the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.
Data relating to criminal convictions and offences: That type of data is processed on the basis of compliance with a legal obligation to which the data protection controller is subject.
Other information: Information we receive during the course of our labor relationships.
In these regards in the course of our activity it is possible we process ‘special category’ data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation). That type of data may can be processed on the following lawful basis: your explicit consent; where processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.

2. How is your personal information collected?
This information is either (a) provided by you, (b) obtained from public sources (public registers, information available from searching the internet or on business networking sites) or (c) created by the employer in the course of his relationships with his employees or (d) obtained from the CCTV (HDCVI and IP cameras) accomplished on the territory of the port and in the buildings where the company is doing its activity.

3. Purposes and lawful grounds for processing your personal data

We need to collect and hold information about you for the following purposes:
o To establish, amend, suspend and terminate labor relationships;
o To provide you with access pass for the territory of the port and the buildings where the company is doing its activity;
o To process financial transactions (for paying you wages), for making tax deductions and social security contributions);
o To comply with legal and regulatory obligations, requirements and guidance, especially those on safety and health of employment;
o To comply with our safety procedures and to be able to react in the event of emergency;
o To ensure the security of you and our buildings, to prevent and detect crimes, terrorism and damages on our property;
o To confirm your location;

We rely on the following legal bases to use your personal data:
o The performance of a contract of employment to which you are party or in order to take steps at your request prior to entering into a contract;
o Where it is in our legitimate interests to do so, such as: to conduct our core business activity (provision of port services), supporting activities; where we need to share your personal information with people or organizations in order to run our business or comply with any legal and/or regulatory obligations; to protect you and our property; to keep you and other persons in the building safe and to protect them from crimes, damages and intrusions; to develop our business relationships with our clients and partners;
o Where the processing is necessary for complying with our legal obligations;
o We may process personal data also with data subject consent or explicit consent;
o Special categories of data (disability, health, food preferences, allergies etc.) may be processed on the basis of your explicit consent, where it is necessary to protect your or other individual vital interests; where you are physically or legally incapable of giving consent; where you have made them public or for establishment, exercise or defence against legal claims.

Where necessary or required we share information with:
o Professional advisors and consultants;
o Auditors;
o Debt collectors;
o Service providers;
o Local and central public authorities (including port authorities, customs and maritime administrations, border authorities, law enforcement authorities);
o Ambulance, fire and civil protection services;
o Regulatory authorities;
o Courts, tribunals and arbitrators;
o Legal representatives, defence solicitors;
o Survey organizations;
o Banks, insurers and brokers.
Your personal data may be disclosed also with your consent, when allowed by law or for protecting or in order protect lives, vital interests, rights or property of “BMF PORT BURGAS” EAD or third parties.

[collapse]
Learn more (What we collect and how we use it) - Information for Contractors

CONTRACTORS: CLIENTS, SUBCONTRACTORS AND OTHER CONTRACTING PARTIES
We process personal data of individuals who work for clients, subcontractors, brokers, and other contracting entities. We also include in that list our business partners or negotiators with whom we have not concluded contract yet but we are being in negotiation in order to conclude future contracts. We may not be able to provide you/your organization with specific service or product if we do not have enough information.
1. Types of personal data we process:
The type of personal data we collect and process may include some or all of the below listed depending on our relationships with you:
Identity Data: First name, given name, last name, gender, date of birth, national ID number, employer and title of contract signatory, in some circumstances identification documents, identity numbers and other identity information;
Contact Details: Business address, home address, telephone, fax number, mobile phone number, email addresses and other contact details as appropriate, communication preferences;
Employment Information: Organization name, position/title, working experience, professional specialism, qualification, certification and licenses, employment history;
Closed-circuit Television “CCTV” (HDCVI and IP cameras);
Service Data: Details about services and products you or your organization have requested or which we have provided to you or to your organization;
Financial Data: Where the contracting party is an individual: bank details; transactions history and other as appropriate;
Preferences and requirements (for participant in business events): food preferences including due to ethnic origin, religious beliefs or health problems, food allergies, disability), accommodation preferences (if we are assisting you to find a suitable stay), transportation preferences and others.
Other information: Information we receive during the course of our provision of services, existence of our contractual relationships with you or your organization (for instance your personal opinions, advices, tax residency).
In these regards in the course of our activity it is possible we process ‘special category’ data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation). That type of data may can be processed on the following lawful basis: your explicit consent, fulfillment of obligations and exercising specific rights in the field of employment and social security and social protection law, protection of the vital interests of an individual, establishment, exercise or defense of legal claims and publicity of the data.

2. How is your personal information collected?
This information is either (a) provided by you, (b) provided by your organization, (c) obtained from third parties (for instance brokers, managers, your service providers), (d) obtained from public sources (public registers, information available from searching the internet or on business networking sites) or (e) created by us in the course of your/your organization relationships with us or (f) obtained from the CCTV (HDCVI and IP cameras) accomplished on the territory of the port and in the buildings where the company is doing its activity.

3. Purposes and lawful grounds for processing your personal data

We need to collect and hold information about you for the following purposes:
o To communicate with you for the purposes of discussing rendering of services/supply of goods (or others) to you/your organization;
o To confirm your identity for providing some services;
o To confirm your location;
o For Assessing an application for a product or service, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms;
o To enter into contract with you/your organization, to provide services/goods to you / your organization or you / your organization to us, to manage the service/product you/your organization has with us;
o To provide you with access pass for the territory of the port and the buildings where the company is doing its activity;
o To respond to your inquiries, requests, complaints, claims and others;
o To analyse our business trends and profiles and to receive feedback from our clients;
o To process financial transactions (to receive payments and verify if payments from you or your organization are made);
o To enable our group members to carry out any of the purposes set out above, to enable third parties to carry out any of the purposes set out above on our behalf or to enable provision of services of third parties appointed by you/your organization;
o To comply with legal and regulatory obligations, requirements and guidance;
o To comply with our safety procedures and to be able to react in the event of emergency;
o To check if you are included in the list of persons, for which the Ministry of Interior of Republic of Bulgaria recommends us to reject access pass for the territory of the port as area with restricted access;
o To ensure the security of you and our buildings, to prevent and detect crimes, terrorism and damages on our property;
o To make suggestions and recommendations to you/your organization about the services/goods that we offer and to send you market and industry specific information and reports;
o To take legal steps against you or your organization or protect ourselves against claims raised by you/your organization.

We rely on the following legal bases to use your personal data:
o Where it is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
o Where it is in our legitimate interests to do so, such as: to conduct our core business activity (provision of port services), supporting activities; for establishment, exercise or defence of legal claims and other claims; to exercise our rights under a contract concluded with you/your organization; where we need to share your personal information with people or organizations in order to run our business or comply with any legal and/or regulatory obligations; to improve the operation of our business and that of our business partners; to develop new products and services and to improve existing products and services; to protect our property; to keep safe our employees and business and the employees and business of our contractors, visitors or negotiating parties; to keep you and other persons in the building safe and to protect them from crimes, damages and intrusions; to develop our business relationships with our clients and partners;
o Where the processing is necessary for the purposes of your/your organization/third parties legitimate interests: to conduct a business (for instance when you/your organization have appointed third party to do something on your/its behalf or we process your data for the purposes of enabling vessels owner or a group member to conduct their business);
o Where the processing is necessary for complying with our legal obligations;
o We may process personal data also with data subject consent or explicit consent;
o Special categories of data (disability, health, food preferences such as allergies etc.) may be processed on the basis of your explicit consent, exercise or defence against legal claims.

Where necessary or required we share information with:
o Your organization;
o Professional advisors and consultants;
o Auditors;
o Debt collectors;
o Service providers used by us or you/your organization;
o Local and central public authorities (including port authorities, customs and maritime administrations, border authorities, law enforcement authorities);
o Ambulance, fire and civil protection services;
o Regulatory authorities;
o Courts, tribunals and arbitrators;
o Legal representatives, defence solicitors;
o Survey organizations;
o Banks, insurers and brokers.
Your personal data may be disclosed also with your consent, when allowed by law or for protecting or in order protect lives, vital interests, rights or property of “BMF PORT BURGAS” EAD or third parties.

We usually do not use your Personal Data (Identity and Contact and Service Data) for direct marketing but if we send you marketing message (for instance invitations to meetings or marketing events) you may at any time request us to stop doing that by contacting our Data protection Officer at dpo@navbul-portburgas.com without you/your organization suffering any negative consequences.

[collapse]
Learn more (What we collect and how we use it) - Information for visitors and third parties

VISITORS TO THE PORT TERRITORY AND THIRD PARTIES
We process the following categories of personal data of individuals who visit the Port of Burgas (or representatives of juridical person on behalf of whom they enter on the port territory).

We process the following personal data:

1. Types of personal data we process
We may collect and process the following categories of personal data, as applicable:
Identity Data: First name, given name, last name, date of birth, national ID number,
Contact Details: Business address, home address, telephone number, fax number, mobile phone number, email address and other contact details as appropriate, communication preferences;
Business Information: Organization name, position/title;
Closed-circuit Television “CCTV” (HDCVI and IP cameras);
Service Data: Details about services and products you or your organization have requested or which we have provided to you or to your organization or which you / your organization would like to offer us;
Preferences and requirements (for participant in business events): food preferences, transport and accommodation preferences, health data (for instance disability, allergies, etc.);
Other information: Information we receive during the course of your visit (for instance your personal opinions, advices).
In these regards in the course of our activity it is possible we process ‘special category’ data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation). That type of data may can be processed on the following lawful basis: your explicit consent, exercise or defence against legal claims.

2. How is your personal information collected?
This information is either (a) provided by you, (b) provided by your organization, (c) obtained from public sources (information available from searching the internet or on business networking sites) (d) obtained from third parties (for instance brokers, managers, your service providers), (e) created by us in the course of your/your organization relationships with us, or (f) obtained from the CCTV (HDCVI and IP cameras) accomplished on the territory of the port and in the buildings where the company is doing its activity.

3. Purposes and lawful grounds for processing your personal data

We need to collect and hold information about you for the following purposes:
o To ensure the security of you and our buildings, to prevent and detect crimes, terrorism and damages on our property;
o To provide you with access pass for the territory of the port and the buildings where the company is doing its activity;
o To comply with our safety procedures and to be able to react in the event of emergency;
o To confirm your location;
o To provide you with food, refreshment and for ensuring access and your comfort during your visit;

We rely on the following legal bases to use your personal data:
o Where it is in our legitimate/third party interests to do so, such as: to ensure the security of the port; to protect our property; to keep you and other persons in the building safe and to protect them from crimes, damages and intrusions; to develop our business relationships with our clients, suppliers/service providers, business contacts and others;
o Where it is necessary for protection of your or third party’s vital interest;
o Where we need to comply with legal obligation to which we are subject;
o We may process personal data also with your consent.
o Special categories of data (food preferences due to religious beliefs or ethnical origin or due to health problems, food allergies, disability) may be processed on the basis of your explicit consent, where it is necessary to protect your or other individual vital interests where you are physically or legally incapable of giving consent or where you have made them public or for establishment, exercise or defence of legal claims.

Where necessary or required we share information with:
o Your organization;
o Professional advisors and consultants;
o Auditors;
o Local and central public authorities (including port authorities, customs and maritime administrations, border authorities, law enforcement authorities);
o Ambulance, fire and civil protection services;
o Catering services and other service providers;
o Courts, tribunals and arbitrators;
o Legal representatives, defence solicitors;
o Survey organizations;
o Banks, insurers and brokers;
o Regulatory authorities.
Your personal data may be disclosed also with your consent, when allowed by law or for protecting or in order protect lives, vital interests, rights or property of “BMF PORT BURGAS” EAD or third parties.

We usually do not use your Personal Data (Identity and Contact and Service Data) for direct marketing but if we send you marketing message (for instance invitations to meetings or marketing events) you may at any time request us to stop doing that by contacting our Data protection Officer at dpo@navbul-portburgas.com without you/your organization suffering any negative consequences.

[collapse]
Learn more (Transfer of personal data to third countries)

TRANSFER TO COUNTRIES WITH “ADEQUATE LEVEL OT PROTECTION”
In the course of our activity the personal data we collect may be transferred to third countries, international organizations or territories outside the EU and European Economic Area (“EEA”) (EU countries, Norway, Island and Lichtenstein) for which the European Commission has determined that they offer an adequate level of protection of the personal data. Transfers of personal data to that third country or international organization may take place without the need to obtain any further authorisation. The up-to date list of countries, territories, sectors and international organizations recognized by the European Commission as providing ‘adequate level of protection’ is available under: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. For more information regarding transfers of data for commercial purposes to USA based entities who are part of the Privacy Shield, see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
If your personal data are to be transferred outside the EEA we will endeavour to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with “BMF PORT BURGAS” EAD and the practices described in this Privacy Notice.

TRANSFER TO COUNTRIES WITHOUT “ADEQUATE LEVEL OT PROTECTION”
The personal data related to you may be transferred to, and stored at, countries and territories outside the EEA. They may be processed by entities belonging to BMF PORT BURGAS EAD’s or its parent company groups, or by our service providers located outside of the EEA.

Intragroup transfers
We use Standard Contractual Clauses (specific contracts approved by European Commission (for more information see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)) where personal data is transferred to companies within our group which are located in the countries not determent by the European Commission as providing ‘adequate’ protection of the personal data.

Transfers to third parties
Where appropriate, we may (usually on an ‘ad hoc basis’) use service providers located outside the EEA which enable us to provide our service or supply goods (for instance brokers) or your personal data may be disclosed to our professional consultants in such countries or to other organizations.
Where the recipient is located in a country which not been deemed by the European Commission to have adequate laws in place to protect your data, we transfer the personal data using one of the following measures:
• Where we use regularly do business with such entity or individual, we will seek to put in place the above mentioned Standard Contractual Clauses;
• Where the transfer is on an “ad hoc basis” or when we couldn’t manage to sign Standard Contractual Clauses, we will only transfer the personal data if:
o We have explicitly consented to such transfer;
o The transfer is necessary for the conclusion or performance of a contract in your interest, and we are party to that contract;
o The transfer is necessary in order to perform a contract between us and you, or the implementation of pre-contractual measures taken at your request,
o The transfer is necessary for the establishment, exercise or defense of legal claims; or
o The transfer is made from a register which according to EU or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by EU or Member State law for consultation are fulfilled in the particular case;
o The transfer is necessary in order to protect yours or other persons vital interests where and you are physically or legally incapable of giving consent;
o The transfer is necessary for important reasons of public interest.

[collapse]
Learn more (Additional information to some categories of personal data)

• Storage of e-mails
In the course of our business we constantly receive and send email messages with purpose of correspondence with our contractors or third parties. The messages may contain various types of personal data (especially contact data in the signature). As lawful ground of processing emails for that purpose we consider that the positive act of email sending by the expeditor constitute his clear confirmatory action of giving consent to the processing of his data for the sole purpose of the correspondence. We understand that to process lawfully the personal data, the emails may be stored and processed for the sole reason of the correspondence. In these regards “BMF PORT BURGAS” EAD declares that the data especially the contact data shall not be used for another purpose such as sending you marketing offers or sharing your contacts with third parties without your express consent.

• Cookies
Our website (www.navbul-portburgas.com) uses uniquely system cookies. They do not contain personal data of users and cannot lead to identification of natural persons. They only contain anonymized system codes vital for the functioning of our website. For that reason, these cookies cannot enter in the application scope of GDPR.
Our website does not support any other kind of cookies, such as cookies storing personal data or navigation history of users.

• Close-circuit Television or CCTV (Video surveillance)
The company “BMF PORT BURGAS” EAD is entrusted with port for public transport with national importance from Republic of Bulgaria through concession contracts. The company is also in charge of border and custom area and external border of the European Union. In these regards, “BMF PORT BURGAS” EAD applies video surveillance on the territory of the port object of the concession contracts. The purpose of CCTV is the security of the area with restricted access. The lawful basis of the CCTV is the protection of the legitimate interests of “BMF PORT BURGAS” EAD which are: security of the port territory and the persons working there, as well as prevention of terrorism and other unlawful acts.

[collapse]
Learn more (Data Security)

In assessing the appropriate level of security, we take into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data collected, stored or otherwise processed. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you, we control the access to systems and networks which allows us to stop people who are not allowed to view your personal information from getting access to it. We train our employees about the importance of confidentiality and maintaining the privacy and security of your information and have put in place appropriate policies and procedures. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

The GDPR provide certain data protection rights for you including to request access, rectification, restriction, deletion or transferring (“porting”) of your data, and to object to our use of your data, including for direct marketing. Our response to your requests may depend on which legal grounds we are using to process the data in question.
You have the right to complain about us to the relevant supervisory authority (in Bulgaria Commission for personal data protection, (Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, website: www.cpdp.bg, +359 2 91 53 518) but if you are concerned that our processing of your personal information is not compliant with the GDPR, please contact us first. We will try to help you.

More information about your rights under the GDPR you may find by clicking on the following section.

[collapse]
Learn more (Your Rights)

• Right of access
The GDPR gives you the right to find out whether we are processing your personal data and, where that is the case, to receive a copy of the personal data undergoing processing and information on:
o The purpose/purposes of the processing of personal data (why we are processing it);
o the categories of personal data, related to you that we process;
o the recipients or categories of recipient to whom the personal data has been or will be disclosed;
o where possible, how long we plan to keep your personal data or the criteria we use to determine that period;
o information on your rights under the GDPR (the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing and the right to lodge a complaint with a supervisory authority);
o where the personal data are not collected from you, any available information as to their source;
o the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, and
o if we transfer your personal data outside of the EEA, details of the appropriate safeguards we have used to protect your personal data and uphold your personal data protection rights.
The first copy of the personal data undergoing processing is free of charge. Any further copies may be subject to a reasonable administrative fee taking into consideration our administrative expenses. Where providing you with your personal data will infringe the rights of third parties (for instance where your data are inseparable for other individual’s personal information), we reserve the right to redact or withhold it. We may withhold your personal data if permitted by relevant provisions of the law applicable to us. If we process large amount of information about you we may request you to specify the information that you require or processing activities to which your request relates.

• The right to request amendment
You have the right to request the amendment of your personal data at any time if it is inaccurate or old, as well as to request incomplete data taking account, taking into account the purposes of processing. We reserve the right not to comply with your request for completion of incomplete data if the additional information is not necessary for the purposes of processing

• The right to withdraw your consent to the processing of your personal data
If we process your personal data on the grounds of your consent or explicit consent, you have the right to withdraw your consent at any time. This will not affect the legality of our processing of your personal data up until the point at which you withdraw your consent. Please note that notwithstanding such withdrawal of consent we may still continue to process your personal data on other legal ground/s. The processing of your personal data may as well continue on the grounds of Article 17 (3) of GDPR (for instance for the establishment, exercise or defence of legal claims).

• The right to object to processing of your personal data
You have the right to object free of charge to our processing of your personal data if we are using the lawful grounds ‘legitimate interest’ or the processing in performance of a task carried out in the public interest. When we receive your objection we will assess our legal grounds for processing and will stop processing the personal data if we cannot demonstrate compelling legitimate grounds to continue processing the personal data. Please note that in any case we will not stop processing your personal data if such personal data are processed for the establishment, exercise or defence of legal claims.

• The right to request the restriction of your personal data
You have the right to ask us to restrict our processing of (ie. stop using) your personal data if you think that it is inaccurate, that we are processing it illegally, that we no longer need it for the purposes for which it was collected or when you have objected to processing pursuant to lawful grounds ‘legitimate interest’ or ‘public interest’. While we consider your request we will stop processing your personal data within a reasonable time from the date we receive your request. We will notify you of our decision and any justifications for continuing to process your personal data in accordance with the internal procedures of BMF PORT BURGAS EAD and the applicable law.
Where processing has been restricted at your request, such personal data shall, with the exception of storage, only be processed with your consent. Please note that in any case we will not stop processing your personal data if such personal data are processed for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State

• The right to erasure (‘to be forgotten’)
You have the right to request us to delete your personal data without undue delay where one of the following applies:
o the personal data is no longer necessary for the purposes for which they were collected or otherwise processed;
o you withdraw your consent to us for processing your personal data and we have no other legal grounds for processing it;
o the personal data has been unlawfully processed;
o the personal data must be erased for compliance with a legal obligation under the EU law or law of the Member state to which we are subject;
o you have objected to our processing of your personal data if we are using the lawful grounds ‘legitimate interest’ or that of processing in public interest and there are no overriding legitimate grounds for the processing, or you have objected to the processing for the direct marketing purposes;
o the personal data relates to a child under 16 and was collected in relation to the offer of social services.

Please note that the right of erasure is not an absolute right. We will continue to process your personal if the processing is necessary:
o for exercising the right of freedom of expression and information;
o for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
o for reasons of public interest in the area of public health;
o for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
o for the establishment, exercise or defense of legal claims.

• The right to personal data portability
You have the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable and interoperable format and have the right to transmit those personal data to another personal data controller, if we are processing it on the grounds that you have consented to that processing or because it was necessary in order to perform a contract with you, and if we have no other legal bases for processing it and the processing is carried out by automated means.
If you will be subject to a decision based solely on automated processing, including profiling (‘automated means of decisions’), which produces legal effects concerning you or similarly significantly affects you we will notify you.

• The right to lodge a complaint with a supervisory authority (in Bulgaria – Commission on personal data protection)
Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR.

When you decide to exercise your rights, please first contact the Data protection officer of “BMF PORT BURGAS” EAD. He is contact point between individuals giving their data to “BMF PORT BURGAS” EAD and the company. The primary task of this employee is to help natural persons to exercise their rights.

We may request additional information (including copies of documents) from you for the purposes of verifying your identity.
We will respond to your request without undue delay (usually within one month) and will give you our reasons where we do not intend to comply with your requests. If we need more time to respond (particularly due to the complexity of your request or if you have made number of request) we will notify you.
You may exercise any of your rights without paying a fee to us. However where your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either:
o charge a reasonable fee; or
o refuse to act on the request.

[collapse]
 
This Privacy Notice is subject to change from time to time. The most current version of the notice will govern our use of your information and will always be at www.navbul-portburgas.com.
We may e-mail periodic reminders of our notices and may periodically request by email (if available) updates of your personal information used by us.
 
Please check back frequently to see any updates or changes to our Privacy Notice.
Thoughts or questions about this Privacy Notice or your rights? Please, let us know by contacting our Data Protection Officer at these contact details:

Data Protection Officer
Name: D. Marinov
E-mail: dpo@navbul-portburgas.com
Phone: +359 56 858 283
Post:
1 Knyaz Aleksandar Batenberg
Burgas, 8000
Bulgaria
Attn.: Data Protection Officer