On May 25th 2018 The General Data Protection Regulation (GDPR) (EU) 2016/679 will get into force. In this statement we clarify what that means for the Aidos group and for our clients.
As an accounting and payroll company we deal with personal data on a daily basis. For many years we have been handling this data with care, discretion and a high level of security measures.
Where do we use personal data?
- Payroll department for the sake of preparing labor contracts.
- For initial company registrations, to appoint owner(s) and manager(s) of new companies.
Personal data may include;
- Full name
- Date of Birth
- Place of Birth
- ID number, ID card/passport number
- Social number
- Living address
With who do we share personal data?
In compliance with local legislation and regulations we share information on labor contracts with: The National Revenue Agency. Personal data included in company formation documents is shared with the Bulgarian trade register. For opening a company bank-account, personal data can be shared with the bank of choice of the person(s) involved.
How do we store and protect personal data?
Our office is divided in four security zones;
- Entrance/common parts: locked with security key, double entrance door. Video surveillance.
- Operations department: Only accessible for staff. Video surveillance in the main corridor.
- The operations rooms: Accessible only for authorized staff, lockable doors, Payroll runs on a dedicated server, with highest level of security measures.
- Lockable, metal cupboards in the operations rooms where the actual paper documents containing personal data are stored.
Storage of digital documents containing personal data are only stored on a dedicated secured server. Paper documents are only stored in security zone 4. Both digital and paper documents containing personal data are only accessible for authorized staff within the Aidos Group.
Computer, servers and required software are protected by security keys and passwords.
Email acces of authorized staff is equipped with 2-step authentication.
Personal data will never be be shared to others than authorized staff within the Aidos group without written consent of the person involved.
All staff within the Aidos group has committed to our internal non-disclosure protocol.
All authorized staff within the the Aidos group has passed GDPR training. All staff within the Aidos group has passed GDPR instructions.
We use Transport Layer Security (TLS) to encrypt and secure our email traffic. If your email provider does not support TLS, your email may be unsecured until it arrives at our servers.
On the premises of Aidos a 24 hour alarm system is in place. Contracted by a professional security company.
Third party services.
Third party services include: Google services; Social media platforms; software suppliers; lawyers, translation services, notaries. Third party services have been verified to have their own GDPR policy in place and are in compliance with GDPR. Although we trust the parties we work with we bear no responsibility for their compliance with GDPR.
What will change per May 25th 2018?
- Copies of personal documents; ID-card/passport, will not be accepted. The minimum requested data for preparation of labor contracts and company registration to be presented in written and send to dedicated email addresses of authorized staff. Occasional received copies containing personal data will be destroyed and removed from our systems. A shredder, with class P5 security level is in place.
- Any person may request at any moment the status of stored personal data. Any person may request at any moment to fully remove personal data from our systems and paper documents to be destroyed. In this case it may occur that we won’t be able to fulfill our services and are forced to terminate underlying agreements.
When anyone has doubts about his or her’s personal data in our company. With pleasure we will explain and clarify when requested. Written requests can be send to: gdpr@aidosbg.com