Vertigo Services Ltd.
Who are we?
Vertigo Services Ltd. is a personal data controller and has as its main activity the management and maintenance of the Vertigo Business Center, Vertigo Blvd. Bulgaria 109.
Contact details of Vertigo Services Ltd:
109 Bulgaria Blvd., Sofia, Bulgaria
Phone +359 2 850 84 80
E- mail: email@example.com
Contact details of the Data Protection Officer:
The Data Protection Officer, Ms Victoria Peshevska, can be contacted directly here:
Phone +359 2 850 84 80
E- mail: firstname.lastname@example.org
Main aim when processing personal data
How and why we use your personal data
1. For the performance of a contract or at the pre-contractual stage
“Vertigo Services Ltd. processes your identification data and other personal data in order to provide you with the services you have requested, as well as to fulfill our contractual obligations and enjoy the rights under the contracts concluded with you.
1.1.The processing is carried out for the purpose of:
- identification of the client;
- preparation of a contract proposal;
- management and execution of your requests and the performance of the concluded service contracts;
- preparing and sending bills/invoices for the services you use with us;
- to provide you with the comprehensive service you require and to collect technical and other information to maintain the services provided;
- use of courier services with pre-contractual information and draft contracts;
- servicing of a transaction cancellation;
- information on the amounts due for the services used;
- notification of anything related to the services you use with us, sending of various notifications, notification of problems, errors or to respond to your requests, complaints, suggestions;
- detect and/or prevent unlawful acts or acts contrary to the terms and conditions of the relevant services;
- processing your account/invoice data for purposes consistent with the original purpose for collecting it and drawing conclusions and analyses about the performance of our services;
1.2. What data we process:
Simple categories of data – three names, address, phone and email.
1.3. Shelf life:
The total retention period of personal data collected in the conclusion and performance of a contract is 6 years from the date of termination of the legal relationship.
1.4. Transmission of data to third parties:
We do not transfer personal data abroad. The transfer of data to third parties takes place only within the framework of the performance of contracts and on the basis of our legal obligations. Such data is transmitted to our external accounting, NRA, banks, insurers, service providers in compliance with all processing principles.
2. For video surveillance in Vertigo Business Center
2.1.The processing is carried out for the purpose of:
“Vertigo Services Ltd uses its CCTV system for security, safety and access control purposes. The CCTV system helps to control access to the building and ensure the safety of staff, visitors and residents. It also helps to deter, prevent and, where necessary, investigate security incidents, including cases of unauthorised access, theft, etc.
2.2. Limiting the targets:
The CCTV system shall not be used for any purpose other than the above, for example it shall not be used to monitor the work of employees in the building or their presence. The system does not provide for emergency or covert surveillance, all video cameras are placed in prominent locations marked with the appropriate sticker. The CCTV system is fully compliant with the principle of privacy of the subjects.
2.3. Special categories of data:
Vertigo Services’ video surveillance system is not intended to collect sensitive categories of data, such as data on racial or ethnic origin, political opinions, trade union membership, health or sexual orientation.
2.4. Legality of the video surveillance:
As part of the building management agreements with our clients, we are committed to ensuring the security and safety of the building’s occupants, our clients’ employees and visitors. We carry out video surveillance in fulfillment of our contractual obligation to you and on the basis of our legitimate interest to protect our property and safety (Art. 6 para. 1 lit. f) of Regulation (EU) 2016/679 of 27 April 2016).
2.5. Storage period of the video data
On the basis of the Private Security Act, video recordings shall be kept for 30 days, unless the relevant law enforcement authorities order storage for a longer period for the purposes of an ongoing investigation.
2.6 How we protect your personal data
To ensure adequate protection of the company’s and its customers’ data, we apply all necessary organizational and technical measures provided for in the GDPR as well as best practices from international standards.
The company has appointed a Data Protection Officer and a security breach and abuse prevention organisation to support the processes of protecting and securing your data.
2.7 We provide personal data from CCTV recordings to the following categories of recipients (data controllers):
- Competent authorities which by virtue of a legal act have the power to require the provision of information, including personal data, such as – courts, prosecutor’s office, various regulatory authorities such as the Consumer Protection Commission, Communications Regulation Commission, Commission for Personal Data Protection, Labour Inspectorate, Ministry of Interior and authorities with powers to protect national security and public order;
Your rights in relation to the processing of your personal data
Right to information:
You have the right to ask:
- information about whether data relating to you is being processed, the purposes of that processing, the categories of data and the recipients to whom the data is disclosed;
- a communication in an intelligible form containing your personal data being processed and any available information about its source;
- information about the logic of any automated processing of personal data concerning you, at least in the case of automated decisions.
Right of correction:
In the event that we process incomplete or incorrect data, you have the right, at any time, to request:
- delete, correct or block your personal data, the processing of which does not comply with the requirements of the law;
- notify the third parties to whom the personal data has been disclosed of any erasure, rectification or blocking, except where this is impossible.
Right to object:
At any time you have the right to:
- object to the processing of your personal data where there is a lawful basis to do so. Where the objection is well-founded, the personal data of the individual concerned may no longer be processed;
- object to the processing of your personal data for direct marketing purposes.
Right to restriction of processing:
You can request restriction of the processing of personalised data if:
- dispute the accuracy of the data, for the period in which their accuracy must be verified;
- the processing of the data is without legal basis, but instead of deleting it, you request its limited processing;
- We no longer need this data (for the purpose specified), but you need it to establish, exercise or defend legal claims;
- you have lodged an objection to processing, pending verification of whether the controller’s grounds are legitimate.
Right to data portability:
You may ask us to provide the personal data you have entrusted to our care in an organized, orderly, structured, commonly accepted electronic format if:
- process the data in accordance with the contract and based on the declaration of consent or contractual obligation;
- processing is carried out automatically.
Right of appeal:
If you believe that we are in breach of applicable law, you may contact us to clarify the matter. You have the right to lodge a complaint with the Commission for Personal Data Protection at. 1592 Sofia Blvd. “”Prof. 2(www.cpdp.bg).
We will decide on your request within 14 days of its submission. If a longer period is objectively necessary – in order to collect all the requested data and this seriously hinders our activity, this period may be extended to 30 days. With our decision we grant or refuse access and/or the information requested by the applicant, but always with a reasoned response.
How can I access my data that has been processed?
It is necessary to fill out a request for access in free text and send it to the contact details of Vertigo Services Ltd or directly to the contact details of the Data Protection Officer.
To verify your identity you need
provide three names and the company/organisation you represent or work for.
How the data subject may access the records of the performance of video surveillance:
The data subject shall have the right to request access to a video recording on which his or her personal data are available (on which he or she was filmed), but where personal data relating to a third party may also be disclosed in this way, the controller shall be obliged to provide the data subject with access to the part of the video recording relating only to him or her. For this purpose, he must take appropriate technical measures to delete/mask the images of the other persons subject to the CCTV. In the absence of such a technical possibility, access to video recordings may only be granted with the consent of all persons subject to video surveillance or by explicit police and/or court order.
This statement is reviewed and updated by us from time to time in order to be as clear, accurate and transparent as possible and to cover changes that occur to us (if necessary).
Date of last update – 09 September 2023.