PRIVACY POLICY
of
“Next Logistics” Ltd.
Plovdiv, 36 Rogoshko Shose St.

Version 1.2
Last updated: 11.11.2025

“Next Logistics” Ltd. is a commercial company registered in the Commercial Register at the Registry Agency with UIC 201476011, with its registered office and management address: Plovdiv, 36 Rogoshko Shose St. As a personal data controller, the company exercises its rights and obligations as an employer, in compliance with applicable legislation, processing, storing, and protecting personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the Personal Data Protection Act (PDPA).

Categories of data subjects:

“Next Logistics” Ltd. processes personal data relating to:

  • Employees under employment contracts;
  • Job applicants;

*Applicant data is processed only on the basis of voluntarily provided consent through application for a position according to a specific job advertisement and submission of the required documents.
*“Next Logistics” Ltd. does not process more data than necessary and does not use it for purposes outside the recruitment process unless required by law or with the consent of the applicant.

Categories of personal data:

  • Personal identification data: names, PIN/Personal Number, address, phone, email, identity document, passport data, and other documents required according to the position;
  •  Education and qualification data: education, professional experience, skills, and qualifications;
  •  Health data: health status, medical documents, sick leaves, disability certificates;
  •  Financial data: bank account certificate (upon hiring);
  •  Criminal record data: certificate of criminal record (upon hiring);

*Data of unsuccessful applicants is stored no longer than six months after the end of the recruitment process, after which it is destroyed.

Purposes of personal data processing:

  • Human resource management;
  • Payment of salaries;
  • Fulfillment of tax and social security obligations;
  • Submission of data to the National Social Security Institute (NSSI), National Revenue Agency (NRA), and other institutions;
  • Fulfillment of legal and contractual obligations;
  • Ensuring safety, control, and internal organization of work processes;
  • Ensuring sustainable, ethical, and transparent management of personal data processing in accordance with established principles of good governance.

Storage of personal data:

  • Data is stored in personal files (paper and electronic), accessible only to authorized personnel;
  • Storage is carried out through organizational and technical security measures – access control, archive protection, encryption, passwords;
  • Some data may also be stored on other technical media with appropriate security measures;
  • Access to personal data and personal files is granted to the responsible person.

*All processes are subject to periodic monitoring to prevent misuse and unauthorized access.

Rights of data subjects:

  • Every employee has the right to request access to their personal data, including confirmation whether the data concerning them is being processed, to be informed about the purposes of such processing, the categories of data, the recipients of the data, and the purposes of each processing of personal data relating to them;
  • Every employee has the right to request the deletion or correction of their personal data if the processing does not comply with legal requirements;
  • Every employee has the right to object to the provision of their personal data to third parties without the necessary legal basis;
  • Every employee has the right to be informed in case of a personal data security breach likely to result in a high risk to their rights and freedoms;
  • Every employee has the right to lodge a complaint with the competent supervisory authority – the Commission for Personal Data Protection (CPDP).

Security breaches:

In case of suspicion or detected breach:

  • The responsible person conducts an investigation and notifies management;
  • Measures are taken to mitigate the risk;
  • If there is a high risk to data subjects’ rights – notification of the CPDP and affected individuals;
  • A register of incidents and corrective actions is maintained.

Monitoring, control, and traceability:

  • Annual risk assessment and compliance check;
  • Internal control over data processing and storage;
  • Registers of processing activities;
  • Evidence of compliance with procedures;
  • Accountability during inspections by external or internal authorities.

Training and awareness:

  • Regular training for employees on personal data protection, ethical use of information, and security;
  • Induction briefing for newly hired employees;
  • Informational materials, internal procedures, and guidelines.

Supervisory authority:

Commission for Personal Data Protection (CPDP)
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Tel.: 02/91-53-518
Email: [email protected]
Website: www.cpdp.bg

Data controller:

“Next Logistics” Ltd.
UIC: 201476011
Address: Plovdiv, 36 Rogoshko Shose St.
Email: [email protected]; [email protected]
Tel.: +359 894 720 923

Share