This Communication aims in accordance with the information requirements under Art. 13 and Art. 14 of the ARRD to inform you about the processing of personal data, the purposes for which the data, the measures and the guarantees for the protection of the processed data, your rights and the way in which you can exercise them are processed by Cross Source Ltd., in accordance with the requirements of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ( hereinafter only “Regulation 2016/679” or “ARRD”) and the other applicable they acts of the European Union and the Republic of Bulgaria.

1. Data about the administrator and contacting him.
“Cross Source” Ltd., hereinafter referred to as the COMPANY, is a legal person, an administrator of the personal data, which is processed in the course of or in connection with the implementation of the powers assigned to it by law and in connection with the performance of its core business. The registered office and address of the COMPANY are: Sredets, 6, Lazar Zhelev Str. – at which address you may send to the Director of the company as data administrator Ivan Yanchev Presnkov. You can also send your e-mail to:
2. Contact details of the Data Protection Officer.
You can contact the Data Protection Officer of the COMPANY by e-mail: and in your message you should specify the necessary data for your individualization and contact for feedback.
3. Objectives and grounds for processing of personal data, categories of data processed.
The company processes personal data related to its activity and maintains the following registers:
– keeping a customer register;
– Keeping a staff register;
– Keeping a counterparty register.
In the exercise of its powers for the purposes of personnel administration (human resources management) and financial accounting, the Company processes personal data pursuant to Art. 6, par. 1, b. “C” and art. 9, par. 2, b. “B” of the Regulation on job applicants, employees and natural persons, contractors and representatives of legal entities – contractors. The categories of data processed are about physical and social, family and economic identity data about the court’s past and the health of individuals.
When the COMPANY processes data based on the consent of the subject, personal data are processed only if the persons have freely, specifically, informed and unambiguously expressed their consent to the processing.

The processing of data is done for the specific and precisely defined purposes of the law, the data being processed lawfully and in good faith and can not be further processed in a manner incompatible with these purposes.
4. Categories of data recipients. The COMPANY does not disclose personal data to third parties and recipients unless there is a legal basis for receiving the data or the data are not publicly available due to their inclusion in a public register.
Except in the case of public access to data included in a public register, data recipients, depending on the particular case, may be:
– State authorities and bodies entrusted with public functions within the framework of their powers (NRA, NSSI, MI and others);
– Banks for the purpose of payment of remuneration;
– Courier companies and postal operators – for the purpose of conducting correspondence with the individuals-data subjects.

5. Shelf life of the data.
As a Data Administrator, the COMPANY processes data for a minimum duration period according to the processing objectives and provided for in the applicable legislation in accordance with the Restriction of Storage principle.
For a period of 50 years, the data relating to labor and social security relations shall be kept and the remaining data shall be kept for a period of between 2 months and 5 years, depending on the type of data that determines the legal obligation for the processing, including the storage thereof.
6. Rights of data subjects.
The measures taken to protect personal data in accordance with the requirements of Regulation 2016/679 are aimed at ensuring the rights of the individuals whose personal data are processed, namely:
– Right of access;
– Right to correct inaccurate or incomplete data;
– Right of wiping (the right to be forgotten), if the conditions of Art. 17 of Regulation 2016/679;
– Right to restriction of processing;
– Right to data portability if the portability conditions under Art. 20 of Regulation 2016/679;
– Right of objection if the conditions of Art. 21 of Regulation 2016/679.
– Right for the data subject not to be the subject of a decision based solely on automated processing involving profiling.
The above rights may be exercised by a written request to the COMPANY (in writing or electronically), in which you must specify your request. The request must be signed and sent to the address of the COMPANY mentioned above.

7. Right to appeal to the Commission for the Protection of Personal Data or to the Court
If you believe that your rights under Regulation 2016/679 have been violated, you may file a complaint with the Personal Data Protection Commission or the Sofia Administrative Court.
8. Transmission of personal data to third countries or international organizations.
The JAN does not transmit the processed personal data to third countries or international organizations.

9. Personal Data Protection measures introduced by the COMPANY.
By Internal Rules of “Cross Source ” EOOD for the measures for protection of personal data, created by an order of the manager, measures have been put in place to effectively protect the personal data processed and the possibility of exercising the rights of the data subjects provided for in Regulation 2016/679.
9.1. Visitor identification. Cookies.
Visitors to this site may use it for information purposes without providing personal information and identifying themselves to the COMPANY. In case you want to use the services, you need to register. The COMPANY or its partners can place information on your computer that allows you to collect certain data. It’s about the so-called. Cookies that are commonly used. Cookies are stored on your computer’s hard drive. COMPANY will only use the information that is placed in cookies through the site: Our cookies will allow us to work better and more efficiently. If you choose “cookie denial,” you should keep in mind that it can to find yourself unable to take advantage of all the site’s integration capabilities, and to be unable to download certain content.
9.2.This site may also be used to enable the COMPANY to collect technical information: IP address, type of computer operating system, type of Internet browser, and addresses of linked sites.
9.3. Minors.
According to the legislation in force, minors can not send information through the COMPANY’s website. In this case, a parent or guardian’s consent is required prior to submitting the information. The consent of the parent / guardian is reassigned through the site.
Further information on personal data protection measures can be obtained from the Data Protection Officer of the COMPANY: email.

9. Change the privacy policy
The COMPANY reserves the right to modify or amend this Privacy Policy at any time, modify, modify or refuse access to the Site or its content without prior notice. It is recommended

this site is visited more frequently to review current terms that are considered binding to the customer.

By using this site, you explicitly accept and give your unambiguous consent that your personal data collected on the registration of this site or in connection with the use of the site may be transferred across the international boundaries of servers that support the site (including, but not limited to, transfers from these locations back to the country of your registration) for exploitation and development of the site, including subcontracting, agents or representatives of the COMPANY, which perform tasks and services related to with the site, or for storing the data in the relevant databases.