DATA PROTECTION & COOKIE POLICY

Last uptdate: 25th of May, 2018 /with respect to the General Data Protection Regulation/

This Data Protection & Cookie Policy provides general information about us and our privacy policy and cookie use of droxic.com ("website"/"web page").

ABOUT DROXIC LTD.

We are Droxic Ltd. a Bulgarian company, with UIC (Bulgarian Business ID): BG202224741 and registered address at: Sofia, 62B Rodopski Izvor Str. fl.1 apt.4 ("Droxic"). We understand and appreciate the importance of your personal data and its protection as part of your privacy. We will duly protect the integrity of your personal data, whether concerning you independently or in relation to your company, services or products.

Please do not hesitate to contact us regarding your personal data at: privacy@droxic.com

DO WE COLLECT YOUR PERSONAL DATA VIA OUR WEBSITE?

We generally do not seek to collect any personal data while using our website. We do not have a contact form and we do not have any registration forms. The contact details about you constitute personal data and therefore we have only listed our contact details without asking you for specific personal data (like names, e-mail, phone number,etc.). Therefore, the information that you will share with us if you would like to get in touch depends solely on your decision and we will process it for the specific purpose of addressing your inquiry and being able to response.

We shall use your personal data only for our correspondence and it will be irrevocably erased after no further responses are expected from any side.

DO WE USE COOKIES?

A cookie is a small text file that a website saves on your computer or mobile device when you visit our website. Droxic may gather information through files such as cookies or log files on the browsing habits. Cookies are files by the website and stored on the user's browser through a web server for the maintenance of the browsing session by storing the IP address of the user (of his or her computer) and other possible browsing data.

Droxic uses only web analytics cookies. We use them in order to to measure and analyse user browsing on www.droxic.com . Analytics cookies allow us to monitor and analyse the behaviour of users on our website. Web analysis does not allow information like your names or email address to be obtained. The only information obtained relates to the number of users that access the website, the number of pages seen, the frequency and repetition of the visits, their duration, the browser used, the operator providing the service, the language, the device used or the city to which the IP is assigned.

Droxic uses the described cookies via Google Analytics (a service, provided by Google Inc.). Google Analytics collects first party cookies, as described above. The information collected using these cookies is sent to Google and is used to evaluate how our web page is being used (for statistics purposes). We will not associate any data gathered with any personally identifying information. We will not link or seek to link any cookie information with any IP address or with the identity of a computer user. Besides the analytics and statistics purpose, Droxic might use advertising cookies to deliver ads that we believe are more relevant to you and your interests. Droxic uses the services of Google and you can read more about their policies here:

You can control or delete cookies if you wish - through the options of your browser. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. Be informed that doing so may prevent you from taking full advantage of the website.

DO WE HAVE THE RIGHT TO PROCESS PERSONAL DATA?

Yes, we do and we strictly obey the rules of the General Data Protection Regulation when processing personal data. Most often we process personal data on the following legal grounds:

We may also process personal data on a different occasion but only when the processing is permitted by the specific legal grounds, as set out in the General Data Protection Regulation.

Sometimes we might have access to personal data which is collected by our clients (the personal data controllers). If Droxic is acting in the capacity of personal data processor, Droxic shall always follow the processing instructions given by the client and also the obligations under the General Data Protection Regulation.

HOW DO WE PROCESS PERSONAL DATA OF OUR JOB APPLICANTS ("CAREERS" SECTION)?

By submitting your personal data you are consenting to DROXIC holding and using it in accordance with this Data Protection & Cookie Policy. We collect and process information that you provide when you apply for a job. Such personal details usually contain: your name, your address, your e-mail, your date of birth, qualifications, employment history and basically everything else which you have decided to include.

We may also look for other publicly available information about you that you have published on the internet (e.g. via linkedin.com).

We rely on legal grounds for processing the personal data of job applicants - both our legitimate interest to conduct our recruitment process and we also process it in order to take steps at the request of data subject prior to entering into a contract (labour agreement).

We use your personal data in order to: consider your application for the role for which you have applied and also to consider it in respect of future open roles at Droxic. Therefore we may keep your personal data for up to 3 years after receiving it.

Please be informed that at any time you may request and demand that we erase your personal data (usually included in your CV/Cover letter) and we will always comply with your ask, unless you are already employed at Droxic.

HOW DO WE PROCESS PERSONAL DATA OBTAINED VIA LINKEDIN.COM

Our HR recruiters use the social platform linkedin.com for the purposes of building a talent pool within the recruitment process regarding a current open position and future positions at Droxic as well. We may processes only publicly available information which you have posted/uploaded: your name, your work experience, education, skills & certifications, accomplishment, contact information (e-mail or link to linkedin profile).

In case that we consider you eligible and appropriate to be a member of our team, Droxic might store the personal data which you have listed on your linkedin profile. We may store such information using Droxic's internal systems or via third-party software (namely: podio.com, a cloud based service owned and managed by Citrix Systems Inc.: https://www.citrix.com/about/legal/privacy/ ). Such personal data may be stored by Droxic for a period of up to 3 years after obtaining it.

Each "passive candidate" who we consider as appropriate is being contacted by Droxic and duly informed about the processing of his/her personal data. We respect everyone's privacy and if you prefer us to cease processing the personal data obtained via linkedin.com or want us to stop contacting you, please inform Droxic's recruiter who has contacted you or write us at: privacy@droxic.com If you request us to erase your personal data we will always comply with your ask, unless you are already employed at Droxic.

HAVE YOU RECEIVED A LETTER OR A PHONE CALL FROM US WHICH YOU CONSIDER AS "DIRECT MARKETING"?

We may in some occasions process personal data for the purposes of direct marketing. Such processing is either based on our legitimate interest to do so or it is based on the explicit consent of the data subject. If you do not want us to continue contacting you, please feel free to object to this type of processing by writing to: privacy@droxic.com or simply by clicking the "unsubscribe" link). We will always comply with such requests!

HOW DO WE PROTECT PERSONAL DATA WHICH IS PROVIDED BY OUR CLIENTS?

We are committed to ensuring that the personal data which our clients provide us with is safe and secured. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect - both personal data and business secrets.

With respect to art. 28 of the General Data Protection Regulation, we request that an explicit Controller-Processor agreement is signed. We are determined to provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the personal data, and include measures designed to keep personal data protected from unauthorized access.

HOW LONG DO WE KEEP THE PERSONAL DATA?

The data retention periods of the personal data depends on the type of information, the purposes for which it is used and other factors.

In general, we will retain your personal information for the length of time reasonably needed to fulfill the purposes for which it was processed and no longer than that (unless the law requires or permits a longer retention period). We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.

WHAT RIGHTS DO YOU HAVE?

The General Data Protection Regulation grants you numerous rights with respect to your personal data: right of access, correction, erasure, restriction of processing, objection and data portability, request a copy of your personal data, or if not satisfied - you may even lodge a complaint before the Data Protection Authority - https://www.cpc.bg/. We will not require you to pay any fee to accessing your personal information or to exercise any of the other rights and yet we may charge a reasonable fee if your request/requests is/are clearly unfounded or excessive.

Any questions or requests related to this Policy shall be addressed at: privacy@droxic.com

CHANGES TO THIS DATA PROTECTION & COOKIE POLICY

Droxic reserves its right to change and update this Policy at any time. We may also notify data subjects or our clients in case we make some substantial updates.