Personal data policy

1. Who are we?

Teriko Ltd. - a company incorporated in the Republic of Bulgaria with registered office and headquarters: 49, Planina Street Str., town of Sevlievo, UIC: 107578680, Tel.: +359 898 576 611, Email: office@terikofishing.com

In connection with its activity - production and trade of fishing accessories and consumables - Teriko Ltd. (the Company) processes data, some of which is personal data under the General Data Protection Regulation (EU) 2016/679 therefore has the capacity of data controller.
The purpose of this policy is to inform the users of www.terikofishing.com about the way their personal data is processed, their rights, methods of personal data protection used by the data controller, whom the Company is entitled to provide the collected personal data, as well as methods for exercising the rights of data subjects.


2. Introduction:

GDPR is the General Data Protection Regulation (Regulation 2016/679 of the European Parliament and the Council). The Regulation significantly enhances the rights of European citizens and accordingly places more obligations on organizations collecting and processing personal data. It entered into force on May 25, 2018 and apply to all Member States of the European Union.
Personal data is collected for specific, explicitly stated and legitimate purposes and is not further processed in a manner incompatible with those purposes. The processing shall be lawful, bona fide and transparent in relation to the data subject.


3. Objectives and scope of Policy:

With this Privacy Policy, Teriko Ltd. recognizes the confidentiality and privacy of personal data. The Company applies the required technical and organizational measures to protect the personal data of individuals in accordance with the law and good practices.
With this Privacy Policy, the Company aims to inform individuals for the purposes of personal data processing, recipients or categories of recipients to whom the data may be disclosed, the mandatory or voluntary nature of the data disclosure and the consequences of refusing to provide it; information about the right of access and correction of the data collected.


4. Glossary of terms:

'Personal data' means any information relating to an identified or identifiable person (data subject); identifiable person is an individual who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location, online identifier, or by one or more traits specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;

'Genetic data' means personal data relating to the inherited or acquired genetic characteristics of an individual, which give unique information about the characteristics or health of that individual and which are obtained, in particular, from the analysis of a biological sample by the person concerned;

'Biometric data' means personal data obtained as a result of specific technical processing, which are related to the physical, physiological or behavioral characteristics of an individual and which permit or confirm the unique identification of that individual, such as facial images or fingerprints;

'Data subject's consent' means any freely expressed, specific, informed and unambiguous indication of the data subject's will, by means of a statement or clearly affirmative action, expressing his/her consent to processing of personal data related to him/her;

'Processing' means any operation or combination of operations carried out with personal data or a set of personal data by automatic or other means such as the collection, recording, organizing, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, distribution or otherwise as data become available, sorting or combining, limiting, deleting or destroying;

'Controller' means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the personal data processing; where the purposes and means of such processing are determined by the Union law or a Member State law, the controller or the specific criteria for its determination may be laid down in the Union law or in a Member State law;

'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Representative" means a natural or legal person established within the Union who is appointed by the controller or processor in writing in accordance with Art. 27, and represents the controller or the processor in connection with their respective obligations under Regulation (EU) 2016/679;

'Recipient' means a natural or legal person, public authority, agency or other entity to whom personal data is disclosed, whether third party or not. At the same time, public authorities, which may receive personal data in the context of a specific investigation in accordance with Union or Member State law, are not considered as 'recipients'; the processing of such data by the designated public authorities complies with the applicable data protection rules for the purposes of processing;

'Supervisory authority' means an independent public authority established by a Member State and responsible for monitoring the implementation of Regulation (EU) 2016/679;

'Personal data breach' means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or processed in any other way;

'Profiling' means any form of automated processing of personal data resulting in the use of personal data to evaluate certain personal attributes relating to an individual, and in particular to analyze or forecast aspects relating to the performance of professional duties of that individual, his or her economic status, health, personal preferences, interests, reliability, behavior, location or movement.


5. Basic principles regarding the processing of personal data that we observe:

- lawful, bona fide and transparent processing of personal data
- processing of personal data for specific purposes
- minimizing data
- up-to-date accuracy and maintenance
- storage limit
- integrity and confidentiality
- accountability


6. Purpose of processing:

Teriko Ltd. processes personal data for implementation of its activities - production and trade of fishing accessories and consumables.

Personal data is collected for specific, legitimate purposes and must be processed lawfully and in good faith. Data is not further processed in a manner incompatible with these purposes. Further processing of personal data for archiving in the public interest, for scientific and historical research, or for statistical purposes, is not considered incompatible with the original purposes.
The Company does not collect personal information for marketing and advertising purposes. Teriko Ltd. collects data solely and only with the express, free, clear and informed consent of the user, which he or she has noted when reading this privacy policy.
Beyond the above objectives and in connection with the principles set out in Art. 5 of Regulation (EU) 2016/679 Teriko does not collect or process other personal data of its employees, partners and clients. The Company does not process personal data for the purpose of automated decision-making, incl. profiling. The Company collects data from the data subject.


7. The Company only processes personal data when:

- has obtained clear, free, informed and unambiguous consent from data subjects who are notified in advance through this policy about the purpose of their personal data usage;
- there is a contractual obligation for the purpose of executing a contract, one party being the individual (when the Company processes data of its employees) and for the exercise, establishment and protection of rights and legitimate interests;
- processing is necessary for the fulfillment of a task of public interest (according to EU or national law);


8. What data is collected and processed:

Attention: Teriko does not collect or process sensitive personal information of its clients and users on its website www.terikofishing.com .
The collected and processed data is:
- User name and surname - to identify the subject upon request;
- Email - for quick and easy communication;
- Telephone - for contact if necessary;
- Other data admissible under the Regulation if needed to fulfill a Company’s obligation or related to a specific service.

The sender of personal data has the right not to share all the personal data required. In cases where this personal data is required for the performance of a specific service, a specific specialized function or an effective response to a specific request (excluding direct marketing) - Teriko Ltd. could not fulfill the request due to lack of data, for which the user is explicitly notified through this privacy policy.


9. Recipients of personal data to which the Company has the right to disclose data:

The Company provides personal data to competent state authorities and institutions when required by the national legislation and in accordance with the rules set out therein (for example: the National Revenue Agency, the National Social Security Institute, the Employment Agency, judicial and investigative authorities, health authorities, etc.). It also provides personal data of individuals to accounting firms, banks, HR agencies and mobile operators for statutory purposes or those specified in a contract concluded with the individuals.
 
The personal data of www.terikofishing.com users is not disclosed to third parties beyond the legal requirements. The Company does not provide personal data to countries outside the European Union.


10. Rights of individuals - data subjects:

Measures taken to protect personal data in accordance with Regulation (EU) 2016/679 are designed to ensure protection of data subjects' rights, namely:

- Right of access;
- Right to correct inaccurate or incomplete data;
- Right of erasure (right to be forgotten), if applicable the conditions of Art. 17 of Regulation (EU) 2016/679;
- Right to restrict processing;
- Right of data portability, if applicable the conditions for portability under Art. 20 of Regulation (EU) 2016/679;
- Right of objection, if applicable the conditions of Art. 21 of Regulation (EU) 2016/679;
- Right to complain to the Data Protection Commission or the District Court;
- Right not to be subject to a decision based solely on automated processing involving profiling.


11. Data storage period:

As a data controller, Teriko Ltd. processes data for a period as provided in applicable law and in accordance with the principle of storage limitation.
The remaining data is stored in different terms, depending on the data type defining the legal obligation for its processing, including storage.

Storage criteria are:
- When requested from the site format, the data is kept for 6 months or as necessary until clarifying all points of the request itself and giving a client-satisfying answer.
- Personal data of the Teriko Ltd. employees is stored and processed for a longer period pursuant to the requirement of the Accounting Act.


12. Responsibility of the Company for personal data protection:

In connection with the personal data controller responsibility introduced by Regulation (EU) 2016/679 and the Personal Data Protection Act, and to ensure adequate data protection, the Company applies all necessary organizational and technical measures to protect personal data of individuals. For maximum security in the processing, transmission and storage of personal data, the Company uses protection mechanisms for data stored both electronically and on paper.
Computer access via a local network to files containing personal data is carried out only by employees of Teriko Ltd. or by a data protection officer authorized with statutory rights, solely from their physical workplace, by a specially designated computer and after identification by login and password to the system. At the end of the working day, employees turn off their local computer.
In order to increase the security of access to information, employees must change their passwords for a period not exceeding 2 months, determined by Teriko Ltd. The Company uses a fully licensed operating system to perform its data protection functions. Any other software of unlicensed origin is prohibited to use.
Installation of software products on office computers is done only by a designated person - IT specialist.


13. Policy changes:

The Company has the right to update, amend and supplement the Privacy Policy at any time in the future when circumstances require it.


14. Contact details of the personal data controller:

Address: 49, Planina Street Str., Sevlievo, Bulgaria
Telephone: +359 898 576 611
Email: office@terikofishing.com


15. Data protection supervisor:

Data protection supervisor at national level is the Personal Data Protection Commission. It monitors the correct application of Regulation (EU) 2016/679, and any natural person who considers that his or her rights regarding the processing of his/her personal data have been infringed may submit a complaint to the Commission at the following address:

Address: 2, Prof. Tsvetan Lazarov Str., Sofia, Bulgaria
Telephone: +359 2 91-53-555
Email: kzld@cpdp.bg
Website: www.cpdp.bg