{"id":1859,"date":"2026-05-26T13:03:35","date_gmt":"2026-05-26T10:03:35","guid":{"rendered":"https:\/\/divaplus.org\/?page_id=1859"},"modified":"2026-05-26T13:03:37","modified_gmt":"2026-05-26T10:03:37","slug":"data-protection-policy","status":"publish","type":"page","link":"https:\/\/divaplus.org\/en\/data-protection-policy\/","title":{"rendered":"DATA PROTECTION POLICY"},"content":{"rendered":"\n

DIVA PLUS EOOD \u2013 UIC 175013870<\/strong> Sofia, Bakston District, Bl. 19, Entr. A, Apt. 6, Bulgaria | https:\/\/divaplus.org\/<\/a><\/p>\n\n\n\n

<\/div>\n\n\n\n

1. Purpose, Scope and Users<\/h3>\n\n\n\n

DIVA PLUS EOOD (the “Company”) strives to comply with all applicable laws and regulations relating to personal data protection in the countries where the Company operates.<\/p>\n\n\n\n

This Policy defines the core principles by which the Company processes personal data of consumers, clients, suppliers, business partners, employees and other individuals, and sets out the responsibilities of business departments and employees during personal data processing.<\/p>\n\n\n\n

The Policy applies to all employees, permanent or temporary, as well as all contractors working for or on behalf of the Company.<\/p>\n\n\n\n

<\/div>\n\n\n\n

2. Reference Documents<\/h3>\n\n\n\n

This Policy is based on Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the applicable national legislation implementing GDPR.<\/p>\n\n\n\n

It is related to: the Employee Data Protection Policy, Data Retention Policy, Data Protection Officer job description, data inventory and processing guidelines, individual access request procedures, data protection impact assessment, information security policies and breach notification procedures.<\/p>\n\n\n\n

<\/div>\n\n\n\n

3. Definitions<\/h3>\n\n\n\n

Personal Data<\/strong> \u2013 any information relating to an identified or identifiable natural person via an identifier such as: name, identification number, location data, online identifier or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.<\/p>\n\n\n\n

Sensitive Personal Data<\/strong> \u2013 data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic and biometric data, health data, sex life or sexual orientation.<\/p>\n\n\n\n

Data Controller<\/strong> \u2013 the natural or legal person which determines the purposes and means of the processing of personal data.<\/p>\n\n\n\n

Data Processor<\/strong> \u2013 a person or entity that processes personal data on behalf of the Controller.<\/p>\n\n\n\n

Processing<\/strong> \u2013 any operation or set of operations on personal data: collection, recording, storage, use, disclosure, erasure or destruction.<\/p>\n\n\n\n

Pseudonymisation<\/strong> \u2013 processing of personal data in such a manner that they can no longer be attributed to a specific data subject without the use of additional information stored separately and protected by technical and organisational measures.<\/p>\n\n\n\n

<\/div>\n\n\n\n

4. Core Principles for Processing Personal Data<\/h3>\n\n\n\n

DIVA PLUS EOOD is committed to processing personal data in accordance with the following principles:<\/p>\n\n\n\n