Data Protection and Privacy Policy
Policy brief & purpose
The core purpose of our business is cybersecurity and data protection. Because of that, we also have a policy for the information of our employees. This policy has the objective of clarifying how our organization processes personal data and how it applies data protection principles.
Scope
This policy and privacy notice refer to all parties (employees, job candidates, customers, suppliers, etc.) who provide any amount of information to us.
Who is covered under the Data Protection Policy?
Employees of our company and its subsidiaries must follow this policy. Contractors, consultants, partners, and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
Information about the company, being the personal data controller:
Name of the company, Seat and Registered Address | SECURE GROUP LAB OOD Sofia 1113, Iztok Dstr., 13b Tintyava str., floor 6 |
Contact with LUNR | accounting@securegroup.com Tel.: +35924167745 ext. 616 |
Represented by | Dominic Gingras and Evdokia Garkova |
Policy Elements
As part of our operations, we need to obtain and process information for you as our employee, containing personal data. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data, etc. Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply. Our data will be:
Accurate and kept up-to-date
Collected fairly and for lawful purposes only
Processed by the company within its legal and moral boundaries
Protected against any unauthorized or illegal access by internal or external parties
Your data, which you provide to us will not be:
Communicated informally
Stored for more than a specified amount of time
Transferred to organizations, states or countries that do not have adequate data protection policies
Distributed to any party other than the ones agreed upon by the dataβs owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling the data, the company has direct obligations towards you - individuals to whom the data belongs. Specifically, we must:
Let the individuals know which of their data is collected
Inform individuals about how weβll process their data
Inform individuals about who has access to their information
Dispose of with procedures in cases of lost, corrupted or compromised data
Allow individuals to request that we modify, erase, reduce or correct data contained in our databases
List of categories and types of personal data, which we shall process for you as employees of LUNR
In order for us to conclude an employment/ civil contract with you, we shall collect and use the following information of yours, which represents personal data: contact details:
name, permanent address, e-mail address, phone number;
data related to payment services and receipt of your employment remuneration/ fees: bank account number, financial status;
data in connection with education and qualifications: data from diploma for accomplished educational degree, membership in professional organizations, qualifications, etc.;
data about your professional experience: former job positions, employment length of service, social insurance length of service and references from previous employers;
data for the conclusion of the employment/ civil contract, related to the physical identity: three names, PIN, address, ID data, place of birth, citizenship, nationality.
In the event it becomes necessary for us to request additional information from you in the course of your work at the Company, we shall collect, keep and use (i.e. process) your personal data in accordance with this Data protection policy. Such additional data could be, for instance, data about your family identity, such as marital status regarding the payment of paid leave due to contracted marriage. In certain cases, in order to fulfill some statutory or other legal obligations, arising out of the concluded employment/ civil contract, we shall collect and process personal data provided by you, which pertains to your health status. Use of personal data provided when applying for a job position with our Company: When entering into employment/ civil contracts with the Company, we shall collect, keep and use the personal data, as provided by you by means of your CV and/or application form. In all events, all information representing personal data that have been extended to us for the purposes of your job application with us shall be collected, kept and used in accordance with this Privacy Notice.
Use of personal data during the course of your duties and functions:
Video data from the video surveillance system: in order to ensure smooth and unimpeded passing of the working process, as well as to protect the Companyβs assets from illegal encroachment in the offices and common premises.
Geolocation data: for accounting and reporting purposes and in connection with all company expenses, including fuel expenses and company cars consumables, as well as tracing out the observance of the working time, and reporting of time for performance of deliveries, we have placed GPS tracking devices on all company vehicles. During their driving, data are being reported and processed, including personal data, related to the location of the vehicle.
Data about the internet activity of the employees realized during work time or with company devices, such as visited IP address, time of visit, name, and version of the web-browser, operation system and other parameters, provided from the web-browser, through which the access is made and all other information in this respect.
How do we protect your personal data?
Your personal data are kept on electronic carriers on servers located in the European Union and are accessible only by other designated employees of the Company (the Manager, the Financial Manager and/or HR Administration) and/or employees of the external accountancy, for the processing purposes pointed hereinabove.
Transfer of personal data
We do not provide your personal data outside the EU/EEA. In the event that your personal data are provided (transferred) outside the borders of the EU/ EEA, we shall ask for your additional consent and shall, in addition, provide you with information about the safeguards, which the receiving party ensures in connection with the personal data protection.
Retention periods
We retain your personal data only for as long as necessary, so to observe the statutorily prescribed period of time, as defined by the labor legislation, as well as so to protect the legitimate rights and interests of LUNR in the event of possible claims, appeals, litigation proceedings, inquiries and investigations throughout or after termination of your employment/ civil contract. According to the requirements of the Labour Code, Tax and Social Procedure Code, the Accounting Act and the Ordinance of the Labour Record and the Labour Length of Service, the employer shall retain for a period not shorter than 50 (fifty) years, as of 1st of January of the reporting period, following the reporting period, which they pertain to, on paper and/ or electronic carrier, the employment contract, and all documents, attesting the remunerations paid to the employees. All other documents from the employee file will be kept, on paper and/ or electronic carrier, for a period of 6 (six) years as of the termination of the respective labor relationship. Civil contracts and documents attesting the remunerations paid to the contractors are to be kept for a period of 10 (ten) years, as of 1st of January of the reporting period, following the reporting period, which they pertain to, on paper and/ or electronic carrier; any other documents from the contractor file will be kept for a period of 5 (five) years as of termination of the respective relationship.
Your rights
You may accomplish each of the below-pointed rights, which you dispose of, by addressing us with an application in writing at the contact addresses listed in point I hereinabove. Your rights in connection with your personal data are the following:
The right of access to information regarding the modalities of the processing of personal data and information what personal data LUNR is processing for your;
In the event you consider that some personal data are untrue or incomplete, the right to request rectification or supplementation/ update of your personal data;
The right to request form the Company to restrict or prohibit the processing of your personal data for certain specific purposes;
The right to data portability;
The right to file a request for your personal data to be deleted; and
The right to file an appeal with the Personal Data Protection Commission
All applications and requests received by LUNR shall be reviewed in accordance with the relevant legislation in the sphere of personal data protection.
Your obligations as employee
You shall undertake to inform the representatives of the Company or the Manager of the department that you work in if you become aware of a breach or violation in the process of collecting, processing or storing of personal data.
You shall be acquainted with the overall policy for personal data protection, which the Company abides by.
You shall be acquainted with the risks relating to the personal data, processed by the Company.
As our employee, you undertake to not disseminate to third parties, including to other staff members from the personnel of the Company, the personal data which you have gained access to during or on the occasion of fulfilling your duties in the Company.
You shall undertake to destruct any information carriers (on paper and electronically), containing personal data, according to the Procedure for due destruction of personal data, adopted in the Company.
You shall be acquainted with and accept the Internal Employment Rules, approved by the Employer.
Procedure
To exercise data protection weβre committed to:
Restrict and monitor access to sensitive data
Develop transparent data collection procedures
Train employees in online privacy and security measures
Build secure networks to protect online data from cyber attacks
Establish clear procedures for reporting privacy breaches or data misuse
Include contract clauses or communicate statements on how we handle data
Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization, etc.)
Policy Violation
In case this policy is not abode by employees the following actions will be taken (depending on the severity of the behavior):
Disciplinary action: if a minor violation
Termination of Employment and legal action: if a severe violation
Last updated