TRANSPARENCY POLICY
General Information
Regulation [EU] 2016/679 [General Data Protection Regulation - GDPR] of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) applies аs of 25 May 2018. The Regulation aims to ensure the protection of the data of individuals from all EU Member States and to unify the regulations for their processing.
Sofia (Stolichna) Municipality, in its capacity as a personal data controller within the meaning of Article 4, § 7 of Regulation (EU) 2016/679, processes personal data in accordance with Regulation (EU) 2016/679 and the Personal Data Protection Act.
Information about the Personal Data Controller
Name: Sofia (Stolichna) Municipality
Headquarters and Office: 33 Moskovska Street, city of Sofia -1000
Phone: 070017 310, 02 9377 303
Website: www.sofia.bg
Contact details for the Data Protection Officer
Use only for questions regarding the processing of your personal data by Sofia Municipality in its capacity as a Personal Data Controller, as well as for exercising your rights under the General Data Protection Regulation.
Name: Veselka Baeva
Correspondence details: 33 Moskovska Street, city of Sofia -1000
Phone: 02 9377 355
Website: www.sofia.bg
Email: dpo@sofia.bg
Purposes of processing for which personal data are intended
- Administrative services
The administrative services we offer require the processing and storage of personal data, which are minimized. These data are necessary for the relevant service to be processed and performed in accordance with the regulations of the Republic of Bulgaria and the European Union. Sofia Municipality processes personal data, in its capacity as Controller for specific, legitimate purposes and personal data are not further processed in a manner incompatible with these purposes, such as the provision of administrative services upon request, as well as the overall performance of the statutory administrative activity of the municipality, including the actual powers of local government bodies under the Local Self-Government and Local Administration Act (ZMSMA), execution of contracts, awarding public procurement contracts, etc.
- Complaints, reports, requests
When processing the information contained in complaints, reports and other requests, only personal data contained therein and relevant to the specific case are processed.
- Applications under the Access to Public Information Act (ZDOI)
In connection with the processing of applications under the ZDOI, information about individual data subjects is processed, which may contain data about the physical, economic, social or other identity of individual persons. Sofia Municipality provides such information only and to the extent that it meets the objectives of the Access to Public Information Act.
- Video surveillance
Sofia Municipality, as a Personal Data Controller within the meaning of Regulation (EU) 2016/679, carries out video surveillance for the purpose of performing tasks of public interest, preventing and detecting violations of public order, regulating road traffic and traffic safety, and protecting municipal property - see here. Only certain employees have access to the records within the scope of their official duties.
The records are provided to state bodies or local government bodies in cases provided for by a regulatory act in the exercise of their powers.
- Human resources
Personal data of job candidates are processed in accordance with the Civil Servant Act, the Regulation on the Conduct of Competitions and Selection for Mobility of Civil Servants, and the Regulation on the Conditions and Procedure for Evaluating the Performance of Employees in the State Administration. The data necessary to achieve the goals are: data concerning the physical, social, family and economic identity, such as names, contact details, etc. Data on the criminal record (if provided for by law), as well as on the health status of individuals (if provided for by law).
Personal data processed by the Sofia Municipality are provided by natural persons to whom they relate, as well as by other persons in the cases provided for by a regulatory act, and are contained in their requests, proposals, complaints, applications, etc. or in documents provided by public authorities. Given the nature of the request, this is data related to physical identity, economic identity, data related to convictions and/or data regarding health. The use of data about the relevant persons is for official purposes, such as establishing contact with the person by telephone, for sending correspondence relating to the relevant service, the request, the complaint, the application, etc. Data may be provided to third parties only if provided for by law.
- Initiatives
On the basis of Art. 6, paragraph 1, letter "a" and Art. 6, paragraph 1 letter "b" of the General Data Protection Regulation, regarding candidates (children and adults) in various initiatives organized by the Sofia Municipality. The processing covers personal data of individuals related to physical, cultural or social identity with which they express their free, specific, informed and unambiguous consent to the initiative for which they apply. The use of personal data is to achieve the goals of the initiative, to send correspondence, and to inform the public about its results.
- Counterparties
In the performance of activities in connection with contractual legal relationships under the procedure of the Law on Obligations and Contracts (ZZD), the Public Procurement Act (ZOP), the Trade Law (TZ), etc. In the presence of personal data of individuals, the information that is processed is in a minimal volume, sufficient for the fulfillment of the obligations under the relevant contract. Access to this information is provided only when provided for by law.
The Contact Center of Sofia Municipality
The Contact Center of Sofia Municipality processes personal data on the basis of the statutory obligations under Art. 111 of the Administrative Procedure Code in connection with Art. 6, paragraph 1, letter "c" of Regulation (EU) 2016/679.
The purposes of the processing are for the needs of the registration of persons in the portal of the Contact Center of Sofia Municipality, for the processing of signals, letters, complaints, applications for access to public information, etc., which data subjects have the right to submit through the application of the Contact Center of Sofia Municipality, including for registration and referral through the administrative information system of Sofia Municipality, providing feedback during the processing of documents, generating a notification document from here.
Through the telephone line of the Contact Center of Sofia Municipality, identification information is collected - names, telephone number, email address / through CallRecording - a system for recording calls. We use this information to improve the efficiency of handling incoming signals and for feedback when necessary.
The data are processed by competent structures in the administration, in accordance with the statutory powers of the authority, in compliance with the Organizational Regulations for the organization and activities of the Sofia Municipal Administration.
The registered data are stored, in accordance with Article 7 of the Regulation on the Exchange of Documents in the Administration, for a period of no less than 20 years.
Internal reporting channel under the Law for the Protection of Persons Filing Reports or Publicly Disclosing Information on Violations /ZZLPSPOIN/
The personal data of persons who report violations that have become known to them in a work context, as well as of persons who assist them in the reporting process, as well as of persons related to the reporting person, are processed for this purpose. When submitting a written report, it must contain - full names, address, signature, telephone number, email address, etc. data necessary for the purposes of the Law for the Protection of Persons Filing Reports or Publicly Disclosing Information on Violations (ZZLPSPOIN). You can find out about the terms and conditions for submitting reports here.
The reports and the materials attached to them, including the subsequent documentation related to their consideration, are stored by the obliged entity under Art. 12, Para. 1 of the Act for a period of 5 years after the completion of the consideration of the report by it, except in the event of criminal, civil, labor and/or administrative proceedings initiated in connection with the submitted report (arg. Art. 8 of Ordinance No. 1 of July 27, 2023 on the maintenance of the register of reports under Art. 18 of the Law for the Protection of Persons Filing Reports or Publicly Disclosing Information on Violations and on the Referral of Internal Reports to the Personal Data Protection Commission, promulgated in SG, issue 67 of August 4, 2023, in force from 04.08.2023).
Collection of personal data for the purpose of providing services requested by the user
When you submit applications, complaints, reports, requests or ask questions through the forms provided for this purpose, etc. (including applicants for administrative services, visitors to the electronic site, candidates in competitions, contractors, etc.), you provide your personal information that is necessary to perform the relevant service. This information is recorded in a database located on a secure server of the Sofia Municipality. The information you provide is used only to perform the service you requested (filing a complaint, etc. or receiving an answer to a question you have asked).
Given the nature of the request, this is data related to physical identity, economic identity, data related to convictions and/or data regarding health. The use of data about the relevant persons is for official purposes, such as establishing contact with the person by telephone, for sending correspondence relating to the relevant request, complaint, application, etc.
Personal data storage periods
Sofia Municipality stores personal data pursuant to applicable legislation according to the stipulated period.
The variety of services that Sofia Municipality provides also requires a different period of storage of personal data on paper/electronic media, the criteria for which are determined by the regulatory framework in the country. Pursuant to Article 46 of the Law on the National Archives Fund, regarding the main activities in state and municipal institutions, the storage period for documents reflecting the main activities in state and municipal institutions is 20 years. Documents related to employment relationships are subject to a storage period of 50 years. Documents that have significant operational and reference significance have storage periods of 1, 3, 5 or 10 years according to the Nomenclature of cases with storage periods.
Effective from 28.01.2025 Sofia Municipality has switched to using cloud services - Google Workspace. Service data is processed on servers located in the European Union, for more information here. General terms and conditions here.
Recipients or categories of recipients of personal data
The categories of recipients of personal data outside the organization:
Sofia Municipality discloses personal data to third parties and recipients only if they have a legal basis to receive it. The categories of recipients of personal data are determined in each specific case according to their legal basis for receiving the data, and may be:
- To public authorities (National Revenue Agency, National Social Security Institute, Ministry of Interior, judicial authorities, control authorities, local government authorities, etc.);
- To a personal data processor (a natural or legal person who processes personal data on behalf of the Sofia Municipality and on its order or assignment) - IT equipment suppliers, banks, postal operators, etc.
Sofia Municipality does not disclose or use personal data for direct marketing purposes.
Use of cookies
Cookies are small text files for temporarily storing information about user actions, preferences or activity that the website saves on your computer or mobile device. You can control and/or disable cookies whenever you wish - for more information see here.
If you use a link that redirects you to another site, it will have its own cookies and security policy, over which we have no control.
Others
Sofia Municipality does not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic and biometric data, data about the sex life or sexual orientation of individuals.
Data subject rights
"Data subject" within the meaning of Regulation (EU) 2016/679 is a natural person who is identified or can be identified. You can exercise your rights under Art. 15-22 of Regulation (EU) 2016/679 before Sofia Municipality, in its capacity as a Personal Data Controller, by means of a written application submitted to the registry office at the following address: City of Sofia 33 "Moskovska" Street, in person or by an explicitly authorized person with a power of attorney, unless a special law provides otherwise. You can also submit an application electronically as an electronic document signed with a qualified electronic signature. When submitting an application by an authorized person, the relevant power of attorney shall be attached to the application. When submitting an application to exercise rights under Regulation (EU) 2016/679 to Sofia Municipality, you will be asked to identify yourself by providing an identity document or by electronic signature. You have the right to exercise your rights under Art. 15-22 of Regulation (EU) 2016/679 before the controller regarding the processing of your personal data here, with the following rights:
- Information regarding the specific parameters of the personal data processed by the controller (Article 13 and Article 14 of the GDPR);
- Access to information - confirmation whether the Controller is processing his personal data and access to the data itself in case it is processed (Art. 15 of the GDPR);
- Correction of personal data relating to them (Art. 16 of the GDPR);
- Right to be forgotten (Article 17 of the GDPR);
- Restriction of the processing of personal data where the accuracy of the personal data is contested or the processing is unlawful but the data subject does not wish the personal data to be erased (Art. 18 GDPR);
- Right to portability - to receive personal data from the controller in a structured, commonly used and machine-readable format, as well as to have the data transferred to another controller by the data subject or directly by the controller (Article 20 of the GDPR);
- Objection to the processing of personal data (Art. 21 of the GDPR);
- The data subject has the right not to be subject to automated decision-making, including profiling (Art. 22 GDPR).
The personal data provided with the applications are used only for the purposes of exercising the rights requested. Sofia Municipality does not provide this information to third parties unless required by law.
Submitting a complaint
If you believe that the processing of personal data concerning you violates your rights, you have the right to file a complaint with the Personal Data Protection Commission.
Name: Personal Data Protection Commission
Headquarters and Office: Boul. "Prof. Tsvetan Lazarov* No. 2, city of Sofia 1592
Correspondence details: Boul. "Prof. Tsvetan Lazarov" No. 2, city of Sofia -1592
Website: www.cpdp.bg
We reserve the right to change the Transparency Policy in the event of changes in legislation and/or in the practices of its implementation.
Updated on 28.01.2025