General Data Protection Regulation

Sponsorship/ donation applicants

I.	Controller
	For the processing of your personal data, the controller isAurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in: Aurubis Bulgaria Industrial Zone 2070 Pirdop Bulgaria Aurubis Bulgaria is represented by Tim Kurth – Executive Director.
II.	Contact information for the Data Protection Officer
	Data Protection Officer, Legal department, Aurubis Bulgaria AD, Industrial zone, 2070Pirdop Tel.:+359 7286 2406 Fax:+359 7286 2636 Mail:p.gadzhev@aurubis.com
III.	Collection and processing of personal data for evaluation of sponsorship/ donation applications
1. 2. 3. 4.	Personal data,collected directly from the applicantin written or verbal when applying for sponsorship/ donation: Names; Address; telephone number (landline and/or mobile) Email address; Date of birth; Civil number; ID number. Personal data,collected directly from the applicantin written: Current bank account(after approval of the application). Additional personal data,which Aurubis Bulgaria AD may requests: Medical conclusions; Invoices for bought products or services. Video Surveillance– on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading. The processing of personal data in p. III (1- 4)is necessary for the following purposes: Social responsibility–including, but not limited toconsideration and evaluation of applications for sponsorship or donation, as well as conclusion of contracts with the approved, protection against serious cross – border threats to health; Operational management–including but not limited toestablishment, implementation and management of thesocialactivities of the company, audits and checks.处理个人数据用于这些目的is based on the legitimate interests of the company to manage its material resources and workforce, includingto maintain written or verbal communication with the applicant, as well as managing its budget effectively; 符合注册ulatory requirements andsettling of legal disputes- including, but not limited to, the processing of personal data in accordance withregulatoryrequirements (e.g tax, social, health,tradeand other applicable legislation). The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations. When approving and signing a donation/ sponsorship contract, personal data will be stored for up to 6 years from the date of the contract. If the donation/ sponsorship request is rejected, personal data will be stored for up to 1 year from the rejection decision. Video records and indicators of body temperature measurements are processed for up to 2 weeks. Sponsorship/ donation applicantsprovidetheirpersonaldatato theCompany on a voluntary basis. Iftheydo not providetheirpersonaldata, the company will not be able toconsider, evaluate and prepare a donation contract with them,because it will not be able to fulfill its legitimate interests and/ or legal obligations. The grounds for processing thepersonaldata under p.III(1-4)are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1)(c) of Regulation (EU) 2016/679 and/orArticle 6 (1) (f) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(i) of Regulation (EU) 2016/679.
IV.	Collection andprocessing ofPersonalData inothercases
	In other cases,different than the mention in p. III, personal data is collected and processed only ifprovided voluntarily,as follows: If Aurubis Group companies provide personal data of the type described above to us as allowed for the purposes mentioned above, especially for cases in which You have contacted an affiliated company of ours with an issue that relates to us and not that affiliated company.
V.	Provision of personal data to third parties
	Aurubis Bulgaria AD usesservice providers, whoprocess and store personal data ("Personal DataProcessors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to legal advisers, medical advisersand other services. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions. If you contact Aurubis Bulgaria regarding issues that concern a company affiliated with Aurubis Bulgaria, in individual cases we will provide this affiliated company with your personal data. If you have entered the premises of the company and subsequently informed us that you have been infected in order to prevent the spread of a pandemic / epidemic disease, this information shall be disclosed to employees of Aurubis Bulgaria AD and employees of contractors who have been in contactwith you and respectively may have been infected. Out of thesethreecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases where Yousubmittedconsent to provide your data.
VI.	Sponsorship/ donation applicants rights as Data Subject
	Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence,thecompany will not be able to continue processing this data if it was based on consent. Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion. Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679). Right to request erasure of the personal data, unless its processing is necessary: 1) For exercising the right of freedom of expression and information; 2) For compliance with a legal obligation; 3) For reasons of public interest; 4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679). Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679). Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679). When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier. In order to exercisehisrights under the abovepoints,the applicant/ data subject mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD: Address: 2070. Pirdop, Industrial zone, Tel : + 359 888 690 430 E-mail:p.gadzhev@aurubis.com The applicant/ data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are: Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2 Fax:02 9153525 E-mail:kzld@cpdp.bg Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority. The applicant/ data subjecthas the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.
VII.	Right to object
	Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the applicant/ data subjecthasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims. Ifthe applicant/ data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com

Job applicants

I.	Controller
	For the Processing of Your personal data, Controller is Aurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in: Aurubis Bulgaria AD Industrial zone 2070Pirdop Bulgaria Aurubis Bulgaria AD is represented by Tim Kurt, Executive Director.
II.	Contact details of the Data Protection Officer
	Data Protection Officer,Legal Department, Aurubis Bulgaria AD, Industrial zone, 2070 Pirdop Tel.: +359 7286 2406 Fax: + 359 7286 2636 E-mail:p.gadzhev@aurubis.com
III.	Collection and processing of personal data ofjob applicants/ apprenticeshipin Aurubis Bulgaria AD
1. 2. 3.	Personal data,collected directly from the data subjectin written or verbal prior to entering into employment or in civil contract: Identification data:names, personal address, personal phone number, personal email add., date of birth, Civil Number, ID number, photo, marital status; Other Data:In compliance with the Conflict of Interests policy in the Company, are collected names and position of family members, as family members we consider spouses or persons who are in a real spouses cohabitation, relatives in a straight line and a collateral line - up to the second grade inclusive, and kinship by marriage - to a second grade inclusive; CVs, summaries, applications, referrals, offers. Personal data,generated by the Company in written or verbal: Information for the interview performance, tests results,expected salary level, reference checkingand others. 当发出一个访问卡,securi的一部分ty and safety measures, review and transfer of the personal data from the identity documentis performed, via reader, into the access control system, or the personal data is entered manually into the system. We collect and process the following data: Name; Personal identification No; Photo; Video Surveillance – on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading.
	The processing ofpersonaldata in p. III (1-3) is necessary for the following purposes: Viewing ofjob application / internship at the company and assessing whetherthe job applicantmeetsthe relevant requirements. The processing ofthepersonal data for these purposes is based onjob applicantconsent, whichheexpress unambiguously throughhisvoluntary submission of application documents to the company. The processing ofthepersonal data is also carried out for the purpose of taking,perhisrequest, selection andrecruitmentsteps prior to the conclusion of a labor orcivilcontract. Personnel management – including but not limited to customary business practices related to planning and recruitmentinclusive apprenticeship and trainees.处理个人数据用于这些目的is based on the legitimate interests of the company related to the necessity to develop its business in a sustainable manner and to increase its efficiency as well as the necessity to ensure compliance with the applicable legal requirements; Security management – including but not limited to activities related to access control, video surveillance, ensuring security of the premises, assets and information held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls, protection against serious cross – border threats to health. The processing of personal data for these purposes is based on the legitimate interests of the company to ensure the safety and security of its assets as well as its employees against any possible risks; Personal data provided as mentioned in p. III (1 and 2) is processed for up to 6 months. Personal data entered into the access control system is processed and kept for up to 3 years. Video records are processed and stored for up to 2 months of creation in compliance with the Private Security Services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year. Video records and indicators of body temperature measurements are processed for up to 2 weeks. Job applicantsprovidetheirpersonal data to the Company on a voluntary basis. Iftheydo not providetheirpersonal data, the company will not be able toexecute the procedure for recruitment and to take steps for conclusion of a labor contract or to enter in civil contract with them. The grounds for processing the personal data under p. III(1-3)are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (a) of Regulation (EU) 2016/67 and Article 6 (1)(b) of Regulation (EU) 2016/679 and Article 6 (1) (e) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(i) of Regulation (EU) 2016/679.
IV.	Collection and processing of personal data in other cases
	In other cases,different than the mention in p. III, personal data is collected and processed only ifprovided voluntarily,as follows:
1.	Writtenconsentof the job applicantfor the storage and processing ofhispersonal data for up to1 year. The processing in this case is based on staying in touch with the job applicant for the above mentioned period of 1 year if in the company are opened new vacancies that matches his profile. Personal data processing for these purposes is based on the job applicant consent, which is expressed unambiguously, by voluntary provision of documents and information necessary for the purposes of the certain case. Job applicant may withdraw the consent at any time that will not affect the lawfulness of the processing prior to the withdrawal of the consent. Thegroundsfor processing thispersonaldata is based on Article 6 (1) (a) of Regulation (EU) 2016/679, Article 6 (1) (b) of Regulation (EC) 2016/679, Article 6(1)(c) of Regulation (EU) 2016/679 and Article 6 (1) (f) of Regulation (EC) 2016/679.
V.	Provision of personal data to third parties
	Aurubis Bulgaria AD uses supplier services to process and store personal data ("Personal Data Processors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security company, recruitment companies and other services. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions. The above mentioned data for the above purposes will be provided to other Aurubis Group companies only in the volume required for processing. If you have entered the premises of the company and subsequently informed us that you have been infected in order to prevent the spread of a pandemic / epidemic disease, this information shall be disclosed to employees of Aurubis Bulgaria AD and employees of contractors who have been in contact with you and respectively may have been infected. Out of these threecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases where Yousubmittedconsent to provide your data.
VI.	Job applicantsrights as Data Subject
	Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence, the company will not be able to continue processing this data if it was based on consent,and in particular the job applicant will prevent the possibility of the company to review and assess his job/ internship application,respectively, to consider his application if there are new vacancies that match his profile within 6 (six) months of his application. Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion. Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679). Right to request erasure of the personal data, unless its processing is necessary: 1) For exercising the right of freedom of expression and information; 2) For compliance with a legal obligation; 3) For reasons of public interest; 4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679). Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679). Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679). When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier. In order to exercisehisrights under the abovepoints,the job applicant/ data subject mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD: Address: 2070. Pirdop, Industrial zone, Tel : + 359 888 690 430 E-mail:p.gadzhev@aurubis.com The job applicant/ data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are: Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2 Fax:02 9153525 E-mail:kzld@cpdp.bg Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority. The job applicant/ Data subjecthas the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.
VII.	Right of objection
	Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the job applicant/ data subjecthasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims. Ifthe job/ applicant/ data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com

Employees

Controller

For the Processing of Your personal data, Controller is Aurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in:

Aurubis Bulgaria AD

Industrial zone

2070Pirdop

Bulgaria

Aurubis Bulgaria AD is represented by Tim Kurt, Executive Director.

Contact details of the Data Protection Officer

Data Protection Officer, Legal department, Aurubis Bulgaria AD, Industrial zone, 2070 Pirdop

Tel.: + 359 7286 2406

Fax: + 359 7286 2636

E-mail: p.gadzhev@aurubis.com

Collection and processing of personal data of Aurubis Bulgaria employees

Personal data,collected directly from the data subjectin written or verbal prior to entering into employment or in civil contract:

Identification data:names, personal address, personal phone number, personal email add., date of birth, Civil Number, ID number, photo, marital status;
Other Data:In compliance with the Conflict of Interests policy in the Company, are collected names and position of family members, as family members we consider spouses or persons who are in a real spouses cohabitation, relatives in a straight line and a collateral line - up to the second grade inclusive, and kinship by marriage - to a second grade inclusive;
CVs, summaries, applications, referrals, offers.

Personal data,collected directly from the employee in written at the beginning or at time of contractual relationship:

Identification data:names, personal address, date of birth, Civil number, ID number, photo, marital status;
Finance details:IBAN,tax information,payments information;
Copies of diplomas, driving license, documents forqualifications and trainings, according to the regulatory requirements and procedures of Aurubis Bulgaria AD.
Other Data:In compliance with the Conflict of Interests policy in the Company, are collected names and position of family members, as family members we consider spouses or persons who are in a real spouses cohabitation, relatives in a straight line and a collateral line – up to the second grade inclusive, and kinship by marriage - to a second grade inclusive;
Sensitive Personal data-health data and non-conviction certificate for certain positions.

Personal data,generated by the Company in written or verbal:

Details about the employment,e.g. salary,history of employment and compensations, professional growth,paid leaves,生病的leaves,level of payment,备用ion about the performance(including job evaluation, internal communication on performance and attendance),company email address, etc.

Personal data, collected directly fromthe employeein written or verbal,or received by third parties(medical tests,diagnostic procedures, consultations, documents on temporarydisabilitytowork)or are generated by the Health service department throughout the employment period:

Identification data:names, personal address, date of birth, Civil number, phone number;
Family burden - in terms of socially significant diseases;
工作活动–professional history; reduced working capacity;
Health status- past diseases; chronicdiseases; bad habits; results of medicaltests,diagnostic procedures, consultations; disability; accidents at work and data on temporary incapacity for work.

Video Surveillance:

on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes.
on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading.

照片:

on the territory of the company, employees are shot for proving violations.

直接从员工个人资料收集s in written or verbal, or received by third parties (medical tests, diagnostic procedures, consultations, documents on temporary disability to work) or are generated by the Health service department throughout pandemics period, in case the person has symptoms or direct contacts with infected people:

Identification data: names, personal address, position, phone number;
Travel data – travelling location (business and personal) during the last 14 days;
Contacts within the family: names;
Contacts within Aurubis Bulgaria: names, positions, companies;
Records for pandemic’s specific symptoms;
Results of pandemic’s specific tests;
Body temperature.

直接从员工个人资料收集s in written or verbalwith his consent, or received by third parties (medical tests, diagnostic procedures, consultations, documents on temporary disability to work) or are generated by the Health service department throughout pandemics period, in case the employer carries out an impact assessment and assessment on the need for anti-epidemic measures:

Copy of vaccination passport;

The processing of personal data in p. III (1-6) is necessary for the following purposes:

Managing employee relationships with the Company - including, but not limited to, activities related to the existence, modification and termination of labor relations and the preparation of documents of the persons in this respect (contracts, additional agreements, documents certifying length of service, references, statements, certificates, etc.); administration of salaries, bonuses, paid leaves, social benefits, mission orders, etc. The processing of personal data for these purposes is based on the fulfillment of the contractual obligations of Aurubis Bulgaria AD towards the employee.
Personnel management – including but not limited to customary business practices related to planning and recruitment; managing and improving the efficiency of the workforce, payments and compensation programs; performance management, training and development; progress and planning of successors; control over the compliance with statutory and contractual obligations and obligations arising from internal policies and procedures; internal reporting; conducting disciplinary proceedings; investigation of work accidents; protection of the rights and interests of the company in various administrative and judicial proceedings. The processing of personal data for these purposes is based on the legitimate interests of the company related to the necessity to develop its business in a sustainable manner and to increase its efficiency as well as the need to ensure that its employees comply with the applicable legal, contractual or intercompany requirements;
Operational management – including but not limited to establishment, implementation and management of the business activities of the company, for example: correspondence and work with business partners, maintenance, monitoring of the use and personal identification at internal networks and information systems, accounting of business travels and costs, health and safety management, protection against serious cross – border threats to health, preparation of powers of attorney, administration of insurance claims, use of company cars, preparation of business missions, trips and reservations, and others. The processing of personal data for these purposes is based on the legitimate interests of the company to manage its material resources and workforce, including providing network and information security in its organization, as well as managing its budget effectively;
Security management – including but not limited to activities related to access control, video surveillance; ensuring the health and safety of employees, ensuring security of the premises, assets and information held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls. The processing of personal data for these purposes is based on the legitimate interests of the company to ensure the safety and security of its assets as well as the health of its employees against any possible risks;
符合注册ulatory requirements and settling of legal disputes - including, but not limited to, the processing of personal data in accordance with regulatory requirements (e.g. tax, social, health, labor and other applicable legislation). The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations.

Personal data will be stored for a period of 11 (eleven) years after termination of employee legal relationship with the Company, same as the absolute limitation period for tax obligations, unless they have become necessary within that period to establish, exercise or protect of any legal claims or administrative proceedings against Aurubis Bulgaria AD. In this case, the personal data will be stored until the end of the relevant legal procedure.

Personal data entered into the access control system is processed and kept for up to 3 years from the termination of the employment or civil relationship.

Payment recordsand health dossiersare kept for up to 50 years.

Video records are processed and stored for up to 2 months of creation in compliance with the Private Security Services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year.

Photos of employees are processed for a period of 5 years from committing a violation, unless they have become necessary within that period to establish, exercise or protect of any legal claims or administrative proceedings against Aurubis Bulgaria AD. In this case they will be stored until the end of the relevant legal procedure.

Personal data which is processed in case of work accidents, is stored for up to 5 years after the event.

健康记录为目的,以防止大流行s are processed for up to 2 months after the announcement of the end of pandemics.

Video records and indicators of body temperature measurements are processed for up to 2 weeks.

Employeesprovidetheirpersonaldatato theCompany on a voluntary basis. Iftheydo not providetheirpersonaldata, the company will not be able to conclude a contract withthemor will not be able to fulfill its obligations under such contract,or will not be able to perform its obligations towards thepublic interest in the area of public health, such as protecting against serious cross-border threats to health,orthe employeewill not be able to take advantage of certain social benefits / participate in certain processes and projects in the Company.

The grounds for processing thepersonaldata under p.III are based on Regulation (EU) 2016/679 as follows:Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1)(c) of Regulation (EU) 2016/679 and/orArticle 6 (1) (f) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(h) of Regulation (EU) 2016/679.

Collection andprocessing ofPersonalData inothercases

In other cases,different than the mention in p. III, personal data is collected and processed only ifprovided voluntarily,as follows:

Additional personal data, collected and processed after a written requestfromthe employee:

Family status- marriage, divorce, number of family members, including children under 18 years of age;
Identity data for family members:names, personal address, date of birth, Civil number, phone number;
Labor union’s membershipoftheemployee.

The processing of the above mentioned personal data serves for the following purposes:

Social responsibility - including but not limited to donation, sponsorship, additional benefits for employees and their family members, addressing labor relations issues and health insurance claims;
Laborunions membershipdata isprocessonlyupon awrittenrequest by him/ her, to use the more favorable conditions for laborbenefitsagreed in the Collective Labor Agreement (CTA), withholdingunionsmembership feesand/or loaninstallmentsfrom the salary, etc.;

If employee provides to Aurubis Bulgaria AD, personal data of his family members (e.g. in order to use certain social benefits) or any other third parties,it is his responsibility to:

Provide these data subjects with all the relevant information for the lawful disclosure of their personal data to Aurubis Bulgaria AD, details about the data processing and the purposes for which the data is provided;and
Receive the consent of these data subjects for the mentioned disclosure of their personal data and its processing by Aurubis Bulgaria AD,if such consent is necessary.

Personal data processing for these purposes is based on employee consent, whichisexpressed unambiguously,by voluntary provision of documents and information, necessary for the purposes of the certain case.Employee maywithdrawtheconsent at any time that will not affect the lawfulness of the processing prior to the withdrawal of the consent.

Thegroundsfor processing thispersonaldata is based on Article 6 (1) (a) of Regulation (EU) 2016/679, Article 6 (1) (b) of Regulation (EC) 2016/679, Article 6(1)(c) of Regulation (EU) 2016/679 and Article 6 (1) (f) of Regulation (EC) 2016/679.

Provision of personal data to third parties

Aurubis Bulgaria AD usesservice providers, whoprocess and store personal data ("Personal DataProcessors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security company, insurance companies, mobile operators, travel agencies, transport companies, pensionandinsurance companies, legal advisers and other third parties with which Aurubis Bulgaria has concluded contracts forprovisionof training, medical, accounting and other services. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions.

Theabovementioned data for the above purposes will be provided to otherAurubisGroup companies only in the volume requiredby the particular purpose forprocessing. The reason for the processing of personal data by other Aurubis Group companies is based on a legitimate interest - unification and standardization of processes at the corporate group level.

The information for confirmed infected employees, in relation with p. III (6), shall be disclosed only in case it is necessary to assess whether other employees of Aurubis Bulgaria AD or employees of contractors had been in contact with the infected person, and respectively infected too.

Out of thesethreecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases whereemployee hassubmittedconsent to providethedata.

Employees rights as Data Subject

Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence,thecompany will not be able to continue processing this data if it was based on consent.

Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion.
Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679).
Right to request erasure of the personal data, unless its processing is necessary:

1) For exercising the right of freedom of expression and information;

2) For compliance with a legal obligation;

3) For reasons of public interest;

4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679).

Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679).
Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679).

When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier.

In order to exercisehisrights under the abovepoints,the employee mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD:

Address: 2070. Pirdop, Industrial zone,

Tel : + 359 888 690 430

E-mail:p.gadzhev@aurubis.com

Data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are:

Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2

Fax:02 9153525

E-mail:kzld@cpdp.bg

Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority.

Data subjecthas the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.

Right to object

Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the employeehasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims.Ifthe data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com

Contractors

I.	Controller
	For the Processing of Your personal data, Controller is Aurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in: Aurubis Bulgaria AD Industrial zone 2070Pirdop Bulgaria Aurubis Bulgaria AD is represented by Tim Kurt, Executive Director.
II.	Contact details of the Data Protection Officer
	Data Protection Officer, Legal department, Aurubis Bulgaria AD, Industrial zone, 2070Pirdop Tel.:+359 7286 2406 Fax:+ 359 7286 2636 E-mail:p.gadzhev@aurubis.com
III.	Collection and processing of personal data of Contractors employees, who work on the territory of Aurubis Bulgaria
1. 2. 3. 3. 5. 6.	当发出一个访问卡,securi的一部分ty and safety measures, review and transfer of the personal data from the identity documentis performed, via reader, into the access control system, or the personal data is entered manually into the system. We collect and process the following data: Name; Personal identification No or date of birth; Photo; Registration plate No of the vehicle (only in case access with vehicle in needed) Video Surveillance– on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading. Photos - on the territory of the company,contractorsemployees are shot for proving violations. Copies of qualification,driving license and training certificates, as required bythe OHS procedures and work instructions in Aurubis Bulgaria AD and form FM-HNSD-006-B/E. Communication details,namely: Names; 一个或多个有效的电子邮件地址 address phone number (landline and/or mobile) fax number 直接从员工个人资料收集s in written or verbal, generated by the Health service department throughout pandemics periods, in case the person has symptoms or direct contacts with infected people: Identification data: names, personal address, position, phone number; Contacts within Aurubis Bulgaria: names, positions, companies; Results of pandemic’s specific tests; Body temperature. The processing of personal data in p. III (1- 6) is necessary for the following purposes: Security management–including but not limited to activities related to access control, video surveillance,确保安全的前提,资产和信息rmation held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls. The processing of personal data for these purposes is based on the legitimate interests of the company to ensure the safety and security of its assets as well as its employees against any possible risks; Operational management–including but not limited toestablishment, implementation and management of the business activities of the company, for example: maintenance and monitoring of the use of internal networks and information systems,exchange of written correspondence or other communication, health and safety management, protection against serious cross – border threats to health. The processing of personal data for these purposes is based on the legitimate interests of the company to manage its material resources and workforce, including providing network and information security in its organization,issuing invoicesas well as managing its budget effectively; 符合注册ulatory requirements andsettling of legal disputes- including, but not limited to, the processing of personal data in accordance withregulatoryrequirements (e.g tax, social, health,trade,labor and other applicable legislation). The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations. Personal data entered into the access control system is processed andstoredfor up to 3 years from the termination of the contract with Aurubis Bulgaria AD or a notice fromtheEmployer thatthe personisno longer its employee. Video records are processed and stored for up to 2 months of creation in compliance with the Private Security Services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year. Photos of contractor’s employees are processed for a period of 5 years from committing a violation, unless they have become necessary within that period to establish, exercise or protect of any legal claims or administrative proceedings against Aurubis Bulgaria AD. In this case they will be stored until the end of the relevant legal procedure. Personal data which is processed in case of work accidents, is stored for up to 5 years after the event. Video records and indicators of body temperature measurements are processed for up to 2 weeks. Contractor’s employeesprovidetheirpersonaldatato theCompany on a voluntary basis. Iftheydo not providetheirpersonal data, the company will not be able to allowthemto work on the territory because it will not be able to fulfill its legitimate interests and/ or legal obligationsor will not be able to perform its obligations towards thepublic interest in the area of public health, such as protecting against serious cross-border threats to health. The grounds for processing thepersonaldata under p.III are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1)(c) of Regulation (EU) 2016/679 and/orArticle 6 (1) (f) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(h) of Regulation (EU) 2016/679andArticle9 (2)(i) of Regulation (EU) 2016/679.
IV.	Collection andprocessing ofPersonalData inothercases
	In other cases,different than the mention in p. III, personal data is collected and processed only ifprovided voluntarily,as follows:
1.	If the employee is communicating with us while acting in a professional capacity for one of our business partners, we store and process professionally used contact data, as follows: business partner for whom you are working 标题、名、姓 position in the organization of our business partner 一个或多个有效的电子邮件地址 address phone number (landline and/or mobile) fax number The processing of the above mentioned personal data serves for the following purposes: in order to be able to identify you as our contact with our business partner; for business correspondence with You; in order to inform you about the products, services, and Aurubis Group companies; in order to offer you Aurubis Bulgaria’s products and services; to initiate, execute, and terminate contracts in connection with the business relationship; to maintain the business relationship with Aurubis Bulgaria; for invoicing; to fulfill legal obligations, especially for the prevention of fraud and money laundering. The grounds for processing this personaldata are based on Regulation (EU) 2016/679as follows: 1) Article 6 Paragraph 1(b) GDPR (General Data Protection Regulation) and Article 6 Paragraph 1(f) GDPR (General Data Protection Regulation) in order to maintain and conduct the business relationship for the length of the business relationship or until the Aurubis Bulgaria business partner communicates that You are no longer employed by them; 2) In cases when we are obligated to store the data for a longer period of time pursuant to Article 6 Paragraph 1 Sentence 1(c) GDPR (General Data Protection Regulation) due to storage and documentation obligations according to legal tax, commercial regulations and other applicable regulations; 3) In cases when You have consent to a longer storage period pursuant to Article 6 Paragraph 1 Sentence 1(a) GDPR (General Data Protection Regulation).
2.	If Aurubis Group companies provide personal data of the type described above to us as allowed for the purposes mentioned above, especially for cases in which You have contacted an affiliated company of ours with an issue that relates to us and not that affiliated company.
V.	Provision of personal data to third parties
	Aurubis Bulgaria AD usesservice providers, whoprocess and store personal data ("Personal DataProcessors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security companyand its employees,legal advisers and other third parties. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions. If You contact Aurubis Bulgaria regarding issues that concern a company affiliated with Aurubis Bulgaria, in individual cases we will provide this affiliated company with your personal data. The information for confirmed infected employees, in relation with p. III (6), shall be disclosed only in case it is necessary to assess whether employees of Aurubis Bulgaria AD or employees of other contractors had been in contact with the infected person, and respectively are infected too. Out of thesethreecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases where Yousubmittedconsent to provide your data.
VI.	Your rights as Data Subject
	Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence,thecompany will not be able to continue processing this data if it was based on consent. Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion. Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679). Right to request erasure of the personal data, unless its processing is necessary: 1) For exercising the right of freedom of expression and information; 2) For compliance with a legal obligation; 3) For reasons of public interest; 4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679). Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679). Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679). When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier. In order to exercisehisrights under the abovepoints,the data subject mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD: Address: 2070. Pirdop, Industrial zone, Tel : + 359 888 690 430 E-mail:p.gadzhev@aurubis.com Contractors employee/ Data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are: Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2 Fax:02 9153525 E-mail:kzld@cpdp.bg Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority. Contractors employee/ Data subjectalso has the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.
VII.	Right to object
	Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the employee/ data subjecthasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims. Ifthe data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com

Truck drivers

I.	Controller
	For the Processing of Your personal data, Controller is Aurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in: Aurubis Bulgaria AD Industrial zone 2070Pirdop Bulgaria Aurubis Bulgaria AD is represented by Tim Kurt, Executive Director.
II.	Contact details of the Data Protection Officer
	Data Protection Officer, Legal department, Aurubis Bulgaria AD, Industrial zone, 2070Pirdop Tel.:+359 7286 2406 Fax:+ 359 7286 2636 E-mail:p.gadzhev@aurubis.com
III.	Collection and processing of personal data of truck drivers who enter in Aurubis Bulgaria
1. 2. 3.	For truck drivers,the company collects and process the following data: Names; Civil numbers; ID number; Date of birth; Photo; Cell phone number Registration No of truck and trailer; Copies of qualification,driving license and training certificates, as required by the international ADR Convention on the Transport of Dangerous Goods and others. Video Surveillance– on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading. Photos - on the territory of the company, truck drivers are shot for proving violations. The processing of personal data in p. III (1-3) is necessary for the following purposes: Security management – including but not limited to activities related to access control, video surveillance, ensuring security of the premises, assets and information held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls. The processing of personal data for these purposes is based on the legitimate interests of the company to ensure the safety and security of its assets as well as its employees against any possible risks; Operational management–including but not limited toestablishment, implementation and management of the business activities of the company, such as loading and unloadingactivities, communication, administration of insurance claims,health and safety managementand others, protection against serious cross – border threats to health. The processing of personal data for these purposes is based on the legitimate interests of the company to manage its materialand financialresources and workforce, to mantain businesscommunication with its partners as well as to manageits budget effectivelyand itsexpedition schedules; 符合注册ulatory requirements andsettling of legal disputes- including, but not limited to, the International ADR Convention on the Transport of Dangerous Goods,tax,customs,health,commercial and other applicable legislation. The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations. Personal data entered into the access control system is processed and kept for up to 3 years. Video records are processed and stored for up to 2 months of creation in compliance with the Private Security Services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year. Photos of truck drivers are processed for a period of 5 years from committing a violation, unless they have become necessary within that period to establish, exercise or protect of any legal claims or administrative proceedings against Aurubis Bulgaria AD. In this case they will be stored until the end of the relevant legal procedure. Personal data which is processed in case of work accidents, is stored for up to 5 years after the event. Video records and indicators of body temperature measurements are processed for up to 2 weeks. Truck driversprovidetheirpersonaldatato theCompany on a voluntary basis. Iftheydo not providetheirpersonaldata, the company will not be able to allowthemto carry out loading and unloading activities because it will not be able to fulfill its legitimate interests and/ or legal obligations.
	The grounds for processing thepersonaldata under p.III (1-3) are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1)(c) of Regulation (EU) 2016/679 and/orArticle 6 (1) (f) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(h) of Regulation (EU) 2016/679andArticle9 (2)(i) of Regulation (EU) 2016/679.
IV.	Collection andprocessing ofPersonalData inothercases
1.	In cases when other companies in the Aurubis Group provide us with the above mentioned data for the above mentioned purposes.
V.	Provision of personal data to third parties
	Aurubis Bulgaria AD usesservice providers, whoprocess and store personal data ("Personal DataProcessors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security companyand other services. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions. In case You contact Aurubis Bulgaria AD on a matter that concerns and/ or is of the competence of another Aurubis Groupcompany, we will provide your information to this company. If you have entered the premises of the company and subsequently informed us that you have been infected in order to prevent the spread of a pandemic / epidemic disease, this information shall be disclosed to employees of Aurubis Bulgaria AD and employees of contractors who have been in contact with you and respectively may have been infected. Out of these threecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases where Yousubmittedconsent to provide your data.
VI.	Truck drivers rights as Data Subject
	Right to withdraw consent at any time Article 7 (3) of Regulation (EC) 2016/679). As a consequence,thecompany will not be able to continue processing this data if it was based on consent. Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion. Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679). Right to request erasure of the personal data, unless its processing is necessary: 1) For exercising the right of freedom of expression and information; 2) For compliance with a legal obligation; 3) For reasons of public interest; 4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679). Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679). Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679). When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier. In order to exercisehisrights under the abovepoints,the truck driver/ data subject mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD: Address: 2070. Pirdop, Industrial zone, Tel : + 359 888 690 430 E-mail: p.gadzhev@aurubis.com The truck driver/ Data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are: Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2 Fax:02 9153525 E-mail:kzld@cpdp.bg Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority. The truck driver/ Data subjecthas the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.
VII.	Right to object
	Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the truck driver/ data subjecthasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims. Ifthe truck driver/ data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com

Shareholders

I.	Controller
	For the processing of your personal data, the controller isAurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in: Aurubis Bulgaria Industrial Zone 2070 Pirdop Bulgaria Aurubis Bulgaria is represented by Tim Kurth – Executive Director.
II.	Contact details of the Data Protection Officer
	Data Protection Officer, Legal Department, Aurubis Bulgaria AD, Industrial Zone, 2070 Pirdop Phone: +359 7286 2406 Fax: +359 7286 2636 E-mail:p.gadzhev@aurubis.com
III.	Collection and processing of personal data ofshareholders in Aurubis Bulgaria AD
1. 2. 3.	当发出一个访问卡,securi的一部分ty and safety measures, review and transfer of the personal data from the identity documentis performed, via reader, into the access control system, or the personal data is entered manually into the system. We collect and process the following data: Name; Personal identification No; Photo; Registration plate No of the vehicle (only in case access with vehicle in needed) Video Surveillance– on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading. Other personal data: ID number; Address; telephone number (landline and/or mobile) Information for current bank account. The processing of personal data in p. III (1-3) is necessary for the following purposes: Security management–including but not limited to activities related to access control, video surveillance,确保安全的前提,资产和信息rmation held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls; protection against serious cross – border threats to health.处理个人数据用于这些目的is based on the legitimate interests of the company to ensure the safety and security of its assets as well as its employees against any possible risks; Operational management–including but not limited toconvening a Shareholders Meeting, payment of dividends, checking the powers of attorneys of the representatives, reporting, establishing, implementing and managing the business activities of the company.处理个人数据用于这些目的is based on the legitimate interests of the company to manage its materialand financialresources; 符合注册ulatory requirements andsettling of legal disputes- including, but not limited to, the processing of personal data in accordance withregulatoryrequirements (e.g tax,tradeand other applicable legislation). The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations. Personal data entered into the KIOSK system for initial Health & Safety instruction, for visitors (e.g. Names, ID date of expiry, photo,№and date of instruction) – is stored for up to 5 years according to Art. 9, para. (2) of Ordinance No. RD-07-2 of December 16, 2009 on the conditions for conducting periodic briefing of employees and the rules for ensuring healthy and safe working conditions. Personal data entered into the access control system is processed and kept for up to 3 years. Video records are processed and stored for up to 2 months of creation in compliance with the Private Security Services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year. All other personal data will bestoredfor a period of10 years after payment of dividends. Video records and indicators of body temperature measurements are processed for up to 2 weeks. Shareholdersprovidetheirpersonaldatato theCompany on a voluntary basis. Iftheydo not providetheirpersonaldata, the company will not be able tofulfill its legitimate purposes and/ or legal obligations. The grounds for processing thepersonaldata under p.III are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1)(c) of Regulation (EU) 2016/679 and/orArticle 6 (1) (f) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(i) of Regulation (EU) 2016/679.
V.	Provision of personal data to third parties
	Aurubis Bulgaria AD usesservice providers, whoprocess and store personal data ("Personal DataProcessors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security company, legal advisers and other services. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions. If you contact Aurubis Bulgaria regarding issues that concern a company affiliated with Aurubis Bulgaria, in individual cases we will provide this affiliated company with your personal data. If you have entered the premises of the company and subsequently informed us that you have been infected in order to prevent the spread of a pandemic/ epidemic disease, this information shall be disclosed to employees of Aurubis Bulgaria AD and employees of contractors who have been in contact with you and respectively may have been infected. Out of thesethreecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases where Yousubmittedconsent to provide your data.
VI.	Shareholders rights as Data Subject
	Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence,thecompany will not be able to continue processing this data if it was based on consent. Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion. Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679). Right to request erasure of the personal data, unless its processing is necessary: 1) For exercising the right of freedom of expression and information; 2) For compliance with a legal obligation; 3) For reasons of public interest; 4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679). Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679). Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679). When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier. In order to exercisehisrights under the abovepoints,the shareholder/ data subject mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD: Address: 2070. Pirdop, Industrial zone, Tel : + 359 888 690 430 E-mail:p.gadzhev@aurubis.com The shareholder/ data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are: Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2 Fax:02 9153525 E-mail:kzld@cpdp.bg Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority. The shareholder/ data subjecthas the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.
VII.	Right to object
	Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the shareholder/ data subjecthasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims. Ifthe shareholder/ data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com

Visitors

I.	Controller
	For the processing of your personal data, the controller isAurubis Bulgaria AD, a joint stock company, registered in the Company Register with the Registry Agency under uniform ID code 832046871, having its registered seat and management address in: Aurubis Bulgaria Industrial Zone 2070 Pirdop Bulgaria Aurubis Bulgaria is represented by Tim Kurth – Executive Director.
II.	Contact information for the Data Protection Officer
	Data Protection Officer, Legal department, Aurubis Bulgaria AD, Industrial zone, 2070Pirdop Tel.:+359 7286 2406 Fax:+ 359 7286 2636 E-mail:p.gadzhev@aurubis.com
III.	Collection and processing of personal data for visitors in Aurubis Bulgaria
1. 2. 3.	当发出一个访问卡,securi的一部分ty and safety measures, review and transfer of the personal data from the identity documentis performed, via reader, into the access control system and into the KIOSK system for initial Health & Safety instruction. The personal data might be entered manually into the system. We collect and process the following data: Name; Personal identification No or date of birth; Photo; Registration plate No of the vehicle (only in case access with vehicle in needed); Expiration date of the identity document. When visiting Aurubis Bulgaria as a public official and identifying with an official card, as part of the security and safety measures, personal data is entered manually into the access control system. We collect and process the following data: • Name; • No of the pass; • Public institution, issuing the pass; • Registration plate No of the vehicle (only in case access with vehicle in needed). In the KIOSK system for initial Health & Safety induction is performed transfer of the following additional personal data from the identity document, via reader: • Photo; • Expiration date of the identity document. Video Surveillance– on the territory of the company are located cameras for 24-hour video surveillance designed for security and operational purposes; on the entrances of the company are located cameras for 24-hour body temperature measurement that aim is to prevent epidemic/ pandemic disease spreading. The processing of personal data in p. III (1-3) is necessary for the following purposes: Security management – including but not limited to activities related to access control, video surveillance, ensuring security of the premises, assets and information held by the company, and for the purposes of preventing and investigating theft, fraud, abuse, conflict of interest, audits and controls. The processing of personal data for these purposes is based on the legitimate interests of the company to ensure the safety and security of its assets as well as its employees against any possible risks; Operational management–including but not limited toestablishment, implementation and management of the business activities of the company, for example: maintenance and monitoring of the use of internal networks and information systems,exchange of written correspondence or other communication, health and safety management, protection against serious cross – border threats to health. The processing of personal data for these purposes is based on the legitimate interests of the company to manage its material resources and workforce, including providing network and information security in its organization, as well as managing its budget effectively; 符合注册ulatory requirements andsettling of legal disputes- including, but not limited to, the processing of personal data in accordance withregulatoryrequirements (e.g tax, social, health,tradeand other applicable legislation). The processing of personal data for these purposes is done on the basis of compliance by the company with applicable legal obligations. Personal data entered into the KIOSK system for initial Health & Safety instruction, (e.g. Names, ID date of expiry, photo,№and date of instruction) – is stored for up to 5 years according to Ordinance No. RD-07-2 of December 16, 2009 on the conditions for conducting periodic briefing of employees and the rules for ensuring healthy and safe working conditions. Personal data entered into the access control system is processed andstoredfor up to 3 years. Video records are processed and stored for up to 2 months of creation in compliance with the Private Security services Legislation. The video records of sites under the Waste Management Act are processed for up to 1 year. Video records and indicators of body temperature measurements are processed for up to 2 weeks. The grounds for processing thepersonaldata under p.III are based on Regulation (EU) 2016/679 as follows: Article 6 (1) (b) of Regulation (EU) 2016/67 and Article 6 (1)(c) of Regulation (EU) 2016/679 and/orArticle 6 (1) (f) of Regulation (EU) 2016/679and Article 6 (1) (d) of Regulation (EU) 2016/679, in relation withArticle9 (2)(h) of Regulation (EU) 2016/679andArticle9 (2)(i) of Regulation (EU) 2016/679.
IV.	Collection and processing of personal data in other cases
	In other cases,different than the mention in p. III, personal data is collected and processed only ifprovided voluntarily,as follows:
1.	If data subject contacts us directly, especially electronically, e.g., via e-mail, via our website or by telephone, to order a publication or place a request. In this case, we store and process the following data to the extent that has been provided: 标题、名、姓, 一个或多个有效的电子邮件地址, address, telephone number (landline and/or mobile) fax number The processing of the above mentioned personal data serves for the following purposes: in order to be able to identify You as our contact; for correspondence with You; in order to inform You about the products, services, and Aurubis Bulgaria/Aurubis Group companies; for initiating and establishing a contractual relationship with You, if applicable; for invoicing, if applicable. The basis for the storage and processing is Article 6 Paragraph 1(b) GDPR (General Data Protection Regulation) if You contact us in order to enter into a contractual and pre-contractual legal relationship; otherwise, Article 6 Paragraph 1(a) GDPR (General Data Protection Regulation).
2.	If data subject is communicating with us while acting in a professional capacity for one of our business partners, we store and process professionally used contact data, as follows: business partner for whom you are working 标题、名、姓 position in the organization of our business partner 一个或多个有效的电子邮件地址 address phone number (landline and/or mobile) fax number The processing of the above mentioned personal data serves for the following purposes: in order to be able to identify You as our contact with our business partner; for business correspondence with You; in order to inform You about the products, services, and Aurubis Group companies; in order to offer You Aurubis Bulgaria’s products and services; to initiate, execute, and terminate contracts in connection with the business relationship; to maintain the business relationship with Aurubis Bulgaria; for invoicing; to fulfill legal obligations, especially for the prevention of fraud and money laundering. The grounds for processing this personaldata are based on Regulation (EU) 2016/679as follows: 1) Article 6 Paragraph 1(b) GDPR (General Data Protection Regulation) and Article 6 Paragraph 1(f) GDPR (General Data Protection Regulation) in order to maintain and conduct the business relationship for the length of the business relationship or until the Aurubis Bulgaria business partner communicates that You are no longer employed by them; 2) In cases when we are obligated to store the data for a longer period of time pursuant to Article 6 Paragraph 1 Sentence 1(c) GDPR (General Data Protection Regulation) due to storage and documentation obligations according to legal tax, commercial regulations and other applicable regulations; 3) In cases when You have submitted consent to a longer storage period pursuant to Article 6 Paragraph 1 Sentence 1(a) GDPR (General Data Protection Regulation).
3.	If Aurubis Group companies provide personal data of the type described above to us as allowed for the purposes mentioned above, especially for cases in which You have contacted an affiliated company of ours with an issue that relates to us and not that affiliated company.
V.	Provision of personal data to third parties
	Aurubis Bulgaria AD usesservice providers, whoprocess and store personal data ("Personal DataProcessors" pursuant to Article 28 of Regulation (EC) 2016/679). In particular, this is applicable to the security companyand companies that provide and maintain hosting services and servers. These processors work onlyon contractual basiswith Aurubis Bulgaria AD and store and process personal data according to the company's instructions. If you contact Aurubis Bulgaria regarding issues that concern a company affiliated with Aurubis Bulgaria, in individual cases we will provide this affiliated company with your personal data. If you have entered the premises of the company and subsequently informed us that you have been infected in order to prevent the spread of a pandemic / epidemic disease, this information shall be disclosed to employees of Aurubis Bulgaria AD and employees of contractors who have been in contact with you and respectively may have been infected. Out of thesethreecircumstances, data will only be provided in individual cases and in a volume that is in accordance with a specific legal obligation of Aurubis Bulgaria AD, as well asin cases where Yousubmittedconsent to provide your data.
VI.	Your rights as Data Subject
	Right to withdraw consent at any time (Article 7 (3) of Regulation (EC) 2016/679). As a consequence,thecompany will not be able to continue processing this data if it was based on consent. Right to request confirmationwhetherthe company processespersonal data,andif so, information on the storage and processing (Article 15 of Regulation (EC) 2016/679). In particular,备用ion may be requestedabout the purposes of processing; categories of personal data; the categories of recipients to whompersonaldata will be or have been provided; storage period; the right to request correction, erasure and / or limitation of processing, to object to such processing and tolodge与监管部门投诉;备用ion about the source from which the company have received personal data when it was not collected bythe subject; information on the availability of automated decision making (including profiling) and, if applicable, relevant detailed备用ion. Right to request immediate rectification of the personal data (Art. 16 of Regulation (EU) 2016/ 679). Right to request erasure of the personal data, unless its processing is necessary: 1) For exercising the right of freedom of expression and information; 2) For compliance with a legal obligation; 3) For reasons of public interest; 4) For the establishment, exercise or defense of legal claims (Art. 17 of Regulation (EU) 2016/ 679). Right to request restriction of the processing of the personal data if:contest their accuracy; the processing is unlawful; the company does not need the personal data any more, but the data subject require them for establishment, exercise or defense ofаlegal claim; if the data subject has objected to processing pursuant to Article 21 (1) of Regulation (EU) 2016/ 679 (Art. 18 of Regulation (EU) 2016/ 679). Right to receivethepersonal data in a structured, widely used and machine readable format or request the transfer of this data to another Administrator (Article 20 of Regulation (EC) 2016/679). When exercising the right to receive personal data or to transfer it to another Controller, more than once within 24 months, Aurubis Bulgaria AD reserves the right, according to Ch. III, Art. 12 par. 5 (a) of Regulation (EU) 2016/679, to require payment of administrative costs of BGN 20 per set of paper copy and BGN 20 per electronic carrier. In order to exercisehisrights under the abovepoints,the visitor/ data subject mustcontact the Data Protection Officer designated by Aurubis Bulgaria AD: Address: 2070. Pirdop, Industrial zone, Tel : + 359 888 690 430 E-mail:p.gadzhev@aurubis.com The visitor/ data subject hasthe right, under Article 77 of Regulation (EC) 2016/679, tolodgea complainttothe Commission for Personal Data Protection (CPDP)bythe ways described in the Commission's website. The contact details of CPDP are: Address:1592 Sofia,Prof. Tsvetan Lazarov Blvd. 2 Fax:02 9153525 E-mail:kzld@cpdp.bg Aurubis Bulgaria AD will cooperatetoCPDP in the handling of such complaints and will comply with all recommendationsand/ or instructions issued by the supervisory authority. The visitor/ data subjecthas the right tolodgea complaint at Aurubis Group Headquarters by sending an email todataprotection@aurubis.com.
VII.	Right to object
	Ifthepersonal data is processed on the basis of a legitimate interest of the company pursuant to Article 6 (1) (f) of Regulation (EC) 2016/67,the visitor/ data subjecthasthe right to objectthe processing ofthese第二十一条(1)下数据监管(EC) 2016 /679. In this case, the company willnotcontinue the processing ofthepersonal data,unless there are convincing legal grounds for the processing that take precedence overtheinterestsof the data subject,hisrights and freedoms or are necessary for the establishmentand/or thedefenseof legalclaims. Ifthe visitor/ data subjectwantstousetherighttoobject, it is enough to send an email top.gadzhev@aurubis.com