Privacy Policy of “Overdrive” AD

“Overdrive” AD (We, the Company) attaches great importance to the protection of personal data and undertakes to comply with the legal regulations for data protection. The purpose of this policy is to inform you what personal data we collect about you, for what purpose, for what period we process it and what your rights are.

The company processes and protects personal data collected in the process of buying and selling motor vehicles – cars, motorcycles, yachts, motor boats and aircraft, as well as spare parts for them; chartering of aircraft and leasing of the above-mentioned means; transport services, repair and maintenance of motor vehicles, forwarding and transport activities, commission services, representation, mediation, etc.

The Company’s employees who process personal data undergo regular training and are committed to confidentiality and non-disclosure of information containing personal data. They comply with the following principles when processing personal data:

Lawfulness and good faith;

Processing according to precisely defined and lawful purposes;

Strict compliance with the objectives and volume of data stored and processed in connection with the management of human resources;

Correction and deletion of personal data when found to be inaccurate or disproportionate to the purposes for which they are processed.

Personal data is stored for a period no longer than is necessary for the purposes for which it is processed.

I. Data for the administrator, contact details:

“Overdrive” AD with EIK 131413539 and headquarters and management address in the city of Sofia, 5 “Filip Kutev” Street, is the administrator of personal data.

To contact us: phone: 02/428 25 00

Email: office@overdrive.bg

II. Contact details of the Data Protection Authority:

Pursuant to Regulation (EU) 2016/679, our Company has appointed a Personal Data Protection Officer. To contact him, you can use phone number 02 42 83 337 and email: gdpr@overgas.bg

III. Categories of personal data In the course of its activity, the company collects and processes the following categories of personal data:

Three names, social security number and address;

Contact details: email; phone

Bank account information;

IV. The processing purposes for which the personal data are intended:

We process your personal data for the purpose of identification of persons, to contact you, fulfillment of our obligations under the concluded contracts, in compliance with the law.

V. The basis for processing personal data:

Our company processes your personal data on a contractual basis, in compliance with the law and to protect the legitimate interests of the company. In certain cases, the company may process your personal data also on the basis of your freely given consent, which is clear and specific.

VI. Recipients of data:

We take our obligations to protect information containing personal data very seriously and in this regard we do not share the personal data we process with other persons, except in the cases:

Contractual partners assisting us in the performance of our main and ancillary activities, after concluding an agreement for the protection of personal data;

Private bailiffs – in case of compulsory collection of amounts owed /unpaid debts/ to the company;

The competent authorities when exercising the powers granted to them by law and an express request made by them.

VII. Data storage period:

The processed personal data are stored by the company for a period with a view to realizing the purposes for which they were collected and based on the reason for their collection. Personal data collected in connection with the conclusion and execution of various contracts are stored for a period of five years after termination of the contract, and in the case of unsettled relations until their settlement or the expiration of the statute of limitations, according to the Law on Obligations and Contracts. The personal data contained in various accounting documents are stored within the terms according to the Accounting Act.

VIII. Rights of the Subject of personal data:

In view of the fact that We process your personal data, You have the following rights:

right to information and access to your processed personal data;

right to correct or supplement inaccurate or incomplete personal data;

right to erasure (“right to be forgotten”) of personal data that is processed illegally or with a lost legal basis (expired storage period, withdrawn consent, fulfilled original purpose for which they were collected, etc.);

right to limit processing – in the event of a legal dispute between the company and the individual until its resolution and/or for the establishment, exercise or defense of legal claims;

right to data portability – if processed in an automated manner on the basis of consent or contract. For this purpose, the data is transmitted in a structured, widely used and machine-readable format. If it is technically feasible, the transfer of the data can take place directly from one administrator to another. The right to portability only covers data provided personally by the data subject, as well as personal data generated and collected by his activity.

right to object – at any time and on grounds related to the individual’s specific situation, provided that there are no compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or legal proceedings.

right to withdraw the consent you have given to the processing of personal data;

right not to be the subject of a fully automated decision involving profiling that gives rise to legal consequences for the data subject or significantly affects him;

right of complaint – in case you decide that your rights and freedoms have been violated, you can file a complaint with the Commission for the Protection of Personal Data at the address: Sofia, 1592, “Prof. Tsvetan Lazarov” No. 2.

right to judicial protection in the event that the data subject’s rights have been violated.

IX. Source of data – We collect your personal data directly from you

H. Performing Automated Decision-Making Including Profiling – We do not perform automated decision-making except for direct marketing purposes.

XI. Measures for the security of personal data:

In order to ensure adequate protection of the data of the company and our customers, we implement all the necessary organizational and technical measures provided for in Regulation (EU) 2016/679 of April 27, 2016 and the Personal Data Protection Act, adhering to the most good practices from international standards (ISO27001:2013 for information security, ISO31000:2018 for risk management and ISO9001:2008 for quality management systems and requirements, etc.).

The company has established mechanisms to prevent abuses and security breaches, and has appointed a Data Protection Officer.

In fulfillment of the minimum requirements for the protection of personal data, we also apply technical methods such as encryption, pseudonymization, anonymization, etc.

XII. Changes to the Personal Data Policy:

Our Privacy Policy may be changed from time to time and you will be notified of any change to it by email or a message on our website.