POLICY FOR PROCESSING AND PROTECTION OF PERSONAL DATA OF TEACS LTD

1. Why get acquainted with the policy for processing and protection of personal data applied by TEACS Ltd.?
TEACS Ltd. processes personal data as an administator of personal data of our partners, employees and users / clients, as well as as a processor of personal data in view of the data storage services of dental practices and dental laboratories and organizing the exchange of orders between them. This means that your personal data – such as name, address, telephone, e-mail, etc. may be stored with us because you are our customer or because our customer processes your personal data.
As a result of our commitment to ensuring the highest level of protection of your personal data, we have developed internal rules and adhere to strict procedures for control over the processing of personal data, which comply with the requirements of the General Data Protection Regulation (GDPR). and the Personal Data Protection Act. This policy aims to clarify all the main issues regarding our processing of personal data – for what purposes we do it, on what grounds and for what period. Here you can check what your rights are in relation to the personal data we process and how to contact us to exercise them.
If you are unable to find an answer to any of your questions regarding the processing of personal data within this policy, you can contact us in the following ways:
TEACS Ltd.
Shumen, p.c. 9700, Nancho Popovich 15
tel .: +359 883 336 060
e-mail: office@teacs.eu

2. Why and how TEACS Ltd. processes personal data of customers?
TEACS Ltd. provides its clients with services related to the organization and exchange of data on orders from dental practices to dental laboratories. When placing these orders, customers may store within the AMOSYS software provided by TEACS Ltd. information that contains personal data of third parties – data about the person who placed the order and data about the person for which is made the product. In these cases, each customer is an administrator with respect to this data, as TEACS Ltd. acts as a processor of personal data only for the purposes of the service provided and applies the highest standards to ensure the security of this data.
When performing the services for which we are trusted by our customers, we observe the highest standards of confidentiality, which meet and exceed the requirements for storage and protection. The purposes for storage of this personal data, as well as the terms of this processing are determined by the respective client. We may store personal data of third parties due to the nature of the information stored by our customers.
The purposes for processing this personal data, as well as the terms of this processing are determined by the respective client, who acts as the administrator of the collected data. If you have an inquiry in this regard, we will prepare for the relevant personal data administator to guarantee your right to recieve information and will do what is necessary to obtain a response.
In all cases, the provision of information will depend on our ability to identify our customer who provided us with your data – as each customer chooses how to enter his data, we might have access only to your customer data or other identifier. In these cases, we may need your assistance, including additional information about the dental practice in which you ordered a product, so that we can forward your inquiry.
On the other hand, we may need to provide access to your personal data to a limited extent to a third party – for example, the team that provides us with software support. In these cases, we ensure that the third parties we engage apply the same high standards for the protection of your personal data.
3. What does the term „personal data“ include?
TEACS Ltd. applies its standards of confidentiality to any information that becomes known to us in the course of our business. Nevertheless, this policy is specific to the protection of personal data – and guaranteeing the rights of the persons to whom they relate.
The personal data that are the subject of this policy include any information that relates to a specific individual and may include name, address, contact details. In some cases, the personal data we process may not be sufficient to determine to whom it relates – for example, e-mail data, photos, CCTV recordings, data on visits to our website. We apply the same security standards to this data as we do to all others, but in order to exercise your rights you will need to assist us so that we can identify you. As personal data, we also process information about visits to our website, as information is stored on the terminal devices only of registered users of the website. You can learn more about our cookie policy at the following link – www.teacs.eu/cookie-policy/
The information for contacts with legal entities are not personal data – trade company, contact address, office telephones and e-mail addresses, etc. – the rules under item V of this policy do not apply to these data.
4. For what purposes do we process personal data?
4.1 In connection with the provision of services
TEACS Ltd. provides services on a contractual basis to its customers. For the purposes of fulfilling the obligations undertaken by TEACS Ltd. to provide services related to the exchange of orders between dental practices and dental laboratories, we process the personal data of our customers.
In this case, the basis for data processing is the fulfillment of a contractual obligation, and also the processing of the provision of certain information and / or services before the conclusion of a contract. For this purpose, we will process the personal data of our client until the termination of the contract (i.e. until the withdrawal from the service), as well as for a certain period thereafter – within which additional rights and obligations may arise for the parties to the contract. This period is usually 6 years after discontinuation of the platform, but in some cases may be longer due to the following circumstances:
Warranty periods, deadlines for compliance with the obligation of confidentiality;
The basis for processing your personal data in this case is the contract for the use of cloud services.
4.2 For the purposes of fulfilling concluded employment or civil contracts
4.3 To fulfill legal obligations
The owner of the cloud platform, in his capacity as a commercial company, is obliged by law to keep accounts and maintain an archive of documentation (e.g. payrolls, etc.). Your personal data may be used in order to fulfill our obligations under the Accounting Act, as well as in accordance with all legal provisions in force in the territory of the Republic of Bulgaria at the time of processing.
4.4 To protect the legitimate interests of TEACS Ltd.
We may need your personal data to prove to the relevant control authorities or third parties that we are fulfilling our legal obligations, as well as in connection with the clarification of claims by or against the company. In this regard, we also process the data provided by our access control systems to the information carrier, including video surveillance systems, physical access control, etc.
4.5 Based on your explicit consent
In the rare cases where the processing of your personal data is carried out on the basis of consent, you can withdraw your consent at any time. In this case, we will immediately stop processing the data for the relevant purpose, which, however, will not affect the processing on any other grounds – for example, when we have a contractual or legal obligation to do so. You can always object to the processing of your personal data for the purpose of providing information by us, in which case we will immediately stop the relevant provision of information.

5. What are your rights in relation to the personal data we process?
In most cases, we process data in connection with the services provided to our customers. The larger volume of personal data is processed on the assignment of these clients – as they are responsible for complying with your rights and complying with the requirements of the GDPR and LPPD to guarantee these rights. However, upon request, we will assist in the exercise of your rights by forwarding your request to the administrator of your personal data. At any time while we are processing your personal data, you have the right to the following:

5.1 To receive information about what personal data we process and for what purposes
Normally, this information will be provided at the beginning of the provision of our services – ie. concluding a contract with consumers, or with our contractors and employees, but you can make inquiries in this regard at any time.

5.2 To want us to correct false or inaccurate personal data

5.3 To want us to delete your personal data
When there is no reason for us to continue processing your personal data, you may at any time wish to delete all information about you that we storeIf we have terminated our contractual relationship and have no legal obligation to retain this information, it will be deleted.

5.4 To want us to store your personal data without processing it in any other way
If there is no reason for us to continue processing your personal data, but you do not want it to be deleted – for example with a view to future use of our services – you may at any time request that we stop any other form of processing and only store your data. In this case we will be able to process them only with your consent or by the force of law.

5.5 To want us to provide you with your personal data
If you want to receive a copy of all the data we process for you, you can always request this. In this case, you must indicate whether to provide you with the data on paper or on electronic media in a standard file format (.pdf, .doc).

5.6 To object to the processing of your personal data
When we process your personal data in order to protect our interests, you may object to the processing at any time. If we protect our legitimate interest with the processing, we will assess whether we can stop the processing or not.

To exercise any of these rights, please send us on paper or by e-mail a form completed by you. You can find the form itself on the links under this policy.
Even if your request is not on the specified form, we will review it if we can identify you and find out which of these rights you exercise. Please provide contact details – e-mail and / or telephone number, if we need to specify something at your request.
Your request will be processed within 1 month. If we have difficulty in fulfilling your request, this period may be extended by up to 2 months, and we undertake to notify you of this extension within 1 month of receiving your request.
Your request may be denied in the following cases:
– If we cannot identify you;
– If you have sent a large number of requests in a short period of time.

Notwithstanding all the above, you may at any time request information on how we store your personal data. We, for our part, are committed to providing you with answers to your questions as soon as possible. If you believe that we are violating your rights, you can file a complaint with the Commission for Personal Data Protection, which supervises our processing of personal data.

Commission for Personal Data Protection

Address: Sofia 1592, bul. “Prof. Tsvetan Lazarov” № 2
Center for information and contacts – tel. 02 / 91-53-518
Reception – working hours 9:00 – 17:30
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg.