StampIt

CONTACT US
+359 2 965620024 hours
Български sitemap contact us

News

a+aa-

Information concerning the data subjects based on art. 13 of the General Data Protection Regulation effective from 25.05.2018

06.07.2018

Categories of personal data that are processed by Information Services JSC. Purpose and legal basis for processing

In the capacity of certification services provider, Information Services JSC issues qualified certificates for electronic signature, qualified certificates for electronic stamp and qualified website authenticity certificates. Certificates are issued in strict compliance with the provisions of the Electronic Documents and Electronic Certification Services Act and Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Pursuant to article 24, paragraph 1 and paragraph 2, letter "h" of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC and for the purpose of establishing the identity of the individuals to whom certificates are issued, provision of evidence for legal proceedings and ensuring succession upon provision of certification services, Information Services JSC collects and further processes the following categories of personal data of its clients: full name, personal number, identity card number, issue date and issuing authority, email address, telephone.

Data about data controller and contact details of the data protection officer

Information Services JSC is a data controller /CONTROLLER/. The company is registered in the Commercial Register under company number (EIK) 831641791 and has its registered office and principal place of business in the city of Sofia, 2, Panayot Volov Str. For contact with THE CONTROLLER and the data protection officer, please write to email: dpo@is-bg.net.

Term for personal data retention

THE CONTROLLER will retain the personal data provided upon issuing qualified certificate for a period of 10 years including after suspension of its activities.

Persons to whom personal data may be provided

THE CONTROLLER may provide the personal data of clients, which it processes, to the judiciary authorities, the Ministry of the Interior and the State National Security Agency upon their request and based on valid legal grounds.

Right of access of the data subject

 The data subject shall have the right to obtain from THE CONTROLLER confirmation whether or not personal data concerning him or her are being processed, and, if applicable, the right of access to the personal data.

Right to rectification

The data subject may rectify any incorrect data concerning him or her in the cases when the data are not included in the content of the certificate (qualified certificate for electronic stamp and qualified website authenticity certificate).

Provided that the personal data are entered in the content of the qualified certificate (qualified certificate for electronic signature), they may be adjusted upon request of the data subject within 3 days after publication of the certificate in the register of issued certificates, and in such case a new certificate shall be issued on THE CONTROLLER'S account. Upon expiration of the 3-day period new certificate needs to be issued for rectification of the personal data, which shall be for the account of the person to whom is issued the certificate with the entered incorrect personal data.

Right to lodge a complaint

The data subject is entitled to lodge a complaint with a supervisory authority if the data subject considers that personal data processing, referring to him or her, violates the General Data Protection Regulation. 

Mandatory character of personal data provision

Pursuant to the Electronic Documents and Electronic Certification Services Act and Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC Information Services JSC, in its capacity of qualified certification services provider, is under obligation to verify by appropriate means and in accordance with the national law the identity and, if applicable, all specific data about the natural person or the legal entity to whom a qualified certificate is issued. The provision of personal data by the natural persons is a precondition for issuing a qualified certificate in order to establish their identity upon issuing the certificate; the personal data shall be stored for the purpose of discharge of qualified certification services provider's obligations to provide evidence for legal proceedings and ensuring succession upon provision of the certification services. Upon issuing a qualified electronic signature certificate, the personal data shall also be entered in such certificate in order to identify the natural person by the third relying parties for which the person will use the certificate to communicate to.

Automated decision making

THE CONTROLLER does not envisage automated decision making including profiling.

 * Services developed by Information Services Plc