Personal data policy

Personal data policy




According to the General Data Protection Regulation (GDPR), in force since May 25th 2018, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As a personal data controller, Parole – M EOOD defines and maintains an adequate level of protection of the personal data processed in the company from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to.


Who we are


Parole – M EOOD is a company specializing in the implementation of complete financial and accounting management. Our mission is to help our clients in the long run to successfully develop and fulfill their business goals. Our services include accounting processing, preparation of financial statements and tax declarations, payroll services, accounting and tax consultations, consultations on the labor and social insurance legislation.


Contact details


Parole – M EOOD

5A Poduevo str., fl. 3, ap. 5, 1680 Sofia, Bulgaria

(T) +359 24218 032



Personal data we process, purpose and legal grounds of the processing

We process personal data of the persons employed by us under labor or non-labor relationships, of the applicants for employment with us, of our clients or of the persons from the registers of our clients in connection with the accounting and payroll services we provide. Depending in which of the listed categories a particular individual is, we process different categories of personal data, which may include:

  • physical identity – photo, names, EGN, years of age, date of birth, permanent address, telephone, signature, passport data
  • social identity – education and qualifications, work and professional experience
  • family identity – marital status, family relations, child data
  • economic identity – wages and social security income
  • health status data – general health status
  • electronic identity – email
  • others – bank account, distraints, conviction status

We process the personal data in order to fulfill the contracts we have signed and to fulfill our obligations under the contracts in relation to the requirements of the civil, commercial, labor, social security insurance and tax legislation of the Republic of Bulgaria.

In accordance with the current legislation, we minimize the processed data and provide it to third parties only in cases provided by law or under the concluded contract where we are a party, such as the National Revenue Agency, the National Social Security Institute, banks and others. We provide to each recipient only the minimum amount of personal data necessary to comply with the civil, commercial, labor, social security and / or tax legislation of the Republic of Bulgaria.

In general, the legal basis on which we process the personal data of individuals is Art. 6, para. 1 , letter (b) and (c) of GDPR – the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; the processing is necessary for compliance with a legal obligation to which we are subject.

Terms for which we store the personal data:

personal data of job applicants: up to 1 month after closing the job announcement, but no more than 3 months after opening the job announcement

personal data of individuals under labor relations: 50 years for documents containing labor and social security information which are subject to submission to the National Social Security Institute; for the other documents in the employment file or related to the performance of the employment relationship – 3 years after the termination of the employment relationship

personal data of individuals under non-labor relations (“civil” contracts): 6 years counted from January 1st of the year following the year of execution of the civil contract

personal data of our clients: 6 years counted from January 1st of the year following the year of termination of the contract with the client

personal data of individuals from the registries of our clients: 1 year after the termination of our contract with the client

In the processing of personal data, Parole-M EOOD does not intend to and will not:

  • transfer the personal data to another EU Member State, a third country or an international organization;
  • process the collected personal data further for purposes other than those for which the data is collected;
  • process the collected personal data for purposes of direct marketing or profiling, neither for the purposes of scientific and historical research or for statistical purposes.


When collecting personal data on our part, individuals are not subject of a decision based solely on automated processing, including profiling.


The rights of the individuals whose data we collect and process include:

  • the right to request from us a copy of their personal data and the right of access their personal data;
  • the right to ask us to correct and supplement without undue delay inaccurate or incomplete personal data relating to them;
  • the right to ask us to delete their personal data without undue delay when one of the following is applicable:

– their personal data is no longer necessary for the purposes for which it was collected;

– the processing is unlawful;

– their personal data must be deleted in order to comply with our legal obligations under the legislation of EU or the Republic of Bulgaria. We may refuse to delete personal data if the processing is necessary for our compliance with our legal obligations under the EU or Bulgarian legislation.

  • the right to restriction of the processing when one of the following applies:

– the accuracy of the personal data is contested by the data subject, for a period enabling us to verify the accuracy of the personal data;

– we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

  • the right to obtain the personal data in a structured, widely used and machine readable format, and the right to transfer this data to another controller. When individuals exercise their right to data portability, they are entitled to receive a direct transfer of personal data from us to another controller when this is technically possible;
  • the right to complain to the supervisory authority (the Commission for Personal Data Protection) if they consider that the processing of their personal data executed by us violates the provisions of the General Data Protection Regulation. The Commission’s address is at 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592 (

As far as the processing of the personal data is not based on Article 6, para. 1, letters (e) or (f) of GDPR, nor is for the purposes of direct marketing, for scientific or historical research, for statistical purposes, nor is in the context of the use of information society services, the individuals have no right to object to the processing of their personal data.