Privacy Policy

Commitment to the General Data Privacy Regulation (GDPR)

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

This is a privacy and data protection regulation that will be in force throughout the European Union (EU) and will be enforceable from May 25 2018. All EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed of. This rule clarifies how EU resident's personal data laws are applied, internally within the EU and worldwide.

Any organization that works with EU residents personal data in any manner, irrespective of location, has obligations to protect the data. DEVA Electronics Ltd. is aware of its role in providing the right procedures and security to support its employees, customers and suppliers and help meet our GDPR obligations.

This new legislation supports and enhances the existing Data protection legislation and privacy as outlined in our Privacy Statement. The present statement, policies and procedures are compliant with the 1995 EU Data Protection Directive (European Directive 95/46/EC)

To make DEVA Electronics Ltd. compliant with our obligations under the General Data Protection Regulation we have taken the following steps:

1. Awareness

   We have made sure that decision makers and key people within the company are aware that the law has changed to the GDPR and they all appreciate the impact that this is having on the way we obtain, record, store and distribute individual's data throughout the company. We have undertaken training throughout the company and will continue to advise our staff on the GDPR and its impact on the policies, procedures, and responsibilities of staff & stakeholders.



2. Information that we hold

   We document what personal data we hold, where it comes from and who we may share it with. We have implemented and acted upon our information audit to improve our data storage systems and security.



3. Communicating privacy information

   We have updated our Privacy Policy to reflect the changes required due to the implementation of GDPR.



4. Individuals' rights

   We have checked our policies to ensure they cover all the rights individuals have, including how we would delete personal data or provide data electronically and in a commonly used format and have addressed the issues raised.



5. Subject access requests

   We have updated our policies and have planned how to handle requests for access within the timescales laid out in the regulations and have procedures to provide any additional information.



6. Lawful basis for processing personal data

   We have identified the lawful basis for our processing activity as outlined in the GDPR; we have produced a Legitimate Interests Assessment and have acted upon it to restrict the contact with individuals on our database. We have also used this information to delete out of date information



7. Consent

   We have reviewed how we seek, record and manage consent and have taken steps to implement the changes necessary. We have contacted individuals and where there has been no response or where individuals have requested that their details be removed, and it does not conflict with the legitimate interests, we have removed their data.



8. Children

   We have analyzed our systems and company practices and do not store or collect any data related to any persons below 16 years of age.



9. Data breaches

   We have put in place procedures to report and investigate a suspected personal data breach and will notify the data subject and any applicable regulator of a suspected breach where we are legally required to do so.



10. Data Protection by Design and Data Protection Impact Assessments

    We are implementing best practice through the creation and continued use of Privacy Impact Assessments, using the latest guidance from the ICO.



11. Data Protection Managers

    We have designated a DP Managers to take responsibility for data protection compliance throughout the company. The team have worked on the changes that have taken place and have implemented these changes to update our systems to make them compliant with the new regulations. We are continuing to assess the implications of this change and will review, and if required, enhance our policies and practices to keep up to date with any future changes.



12. International

    Our company does not operate in more than one EU member state and as such our lead data protection supervisory authority is the Information Commissioner's Office (ICO) in Bulgaria.

Further Information

Under the GDPR you have the right to:

Request copies of your data, rectification of your data, erasure of your data, object to us or restrict the processing of your data and where our systems allow give electronic access to copies of your data in a digital format.

You have the right to rectify any errors in information we hold about you and to change or correct any details you have already given us.

Please inform us about changes to your details so that we can keep our records up to date.

You have a right to see a copy of the information we hold about you. Before we agree to this, you must provide us with sufficient irrefutable evidence of your identity and sufficient details of the information you wish to see to enable us to locate it.

You have the right to be removed from any mailing list we hold at any time by contacting us by email: DPO@devaelectronics.com or by post to the Data Protection Officer, DEVA Electronics, 65 Alexander Stamboliyski Street, 8000 Burgas, Bulgaria.

We have taken, and will continue to take, steps to ensure that the businesses we work with have suitable security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely. The security of your data is paramount.

Internet Links

This site contains links to other sites. DEVA Electronics is not responsible for the privacy practices or the content of such Web sites. No judgment or warranty is made with respect to the accuracy, timeliness, or suitability of the content of other services or sites to which this Site links, and DEVA Electronics takes no responsibility therefor. A link from this Site to another service or site outside of DEVA Electronics is not an endorsement of the service or site, its content, or its sponsoring organization. By using this Site, you accept at your own risk that the Internet and online communications medium may not perform as intended despite the efforts of DEVA Electronics, your Internet service provider, and you.

We use this information ("Personal Data Register") to gather aggregate demographic information about our visitors, and we use it to personalize the information you see on our website and the emails you receive from us (should you grant us permission to send to you).

We keep this information for our internal use; we do not share it with others.

Whenever you send an e-mail to us

We provide e-mail links and other contact information on our Home page, in our Contacts section that allow you to contact us directly with any questions or comments you may have.

We cannot guarantee that we will read every message sent in but we will try to reply promptly to every one.

We may keep your email correspondence on file so that we may better serve you should you have additional questions in the future.

Children's Privacy

We do not knowingly collect or store personal data from individuals under 16 years of age.

Changes to these Policies

We may update this Privacy Policy from time to time. Any significant changes will be posted on this page with an updated effective date.