Data Subject Rights Request Procedure

1. Purpose

This procedure ensures a clear and consistent approach to handling personal data subject rights requests in accordance with Regulation (EU) 2016/679 (GDPR).

2. Scope

This procedure applies to all requests related to personal data addressed to Studio Kipo EOOD by individuals including clients, partners, employees, and third parties.

3. Submitting a Request

Data subjects may submit a request by sending an email to studio@kipo.bg. The request should include:

• full name and contact details
• a description of the right being exercised
• if needed – identifying information to verify the identity of the requester

4. Types of Rights

Data subjects may request the following:

• access to their personal data
• rectification of inaccurate or incomplete data
• erasure of data (right to be forgotten)
• restriction of processing
• objection to processing
• data portability to another controller

5. Handling of Requests

All requests are registered by the Data Protection Officer and processed within 30 calendar days of receipt. If necessary, the period may be extended by up to 30 additional days with proper notice to the data subject.

6. Identification and Security

To prevent unauthorized access to personal data, we may request additional information or documents to verify the identity of the requester.

7. Response and Actions

After reviewing the request, the data subject will receive a written response containing:

• details of actions taken, or
• a reasoned explanation in case of lawful refusal

8. Complaints

If the data subject is not satisfied with the response, they have the right to lodge a complaint with the relevant supervisory authority.

9. Review and Updates

This procedure is reviewed annually or as necessary, based on changes in legislation or data processing practices.

Approved by:
Nikolay Marinov
Managing Director and Data Protection Officer
Date: 01.01.2025