Policy of TERAZID EOOD for personal data protection

For TERAZID EOOD, your personal data protection and the provision of transparency about the way we process personal data are of paramount importance. We adhere strictly to the applicable data protection provisions in each personal data processing operation, and since 25 May 2018 we have been applying Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of Natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Please read this policy carefully. Please familiarize yourself with the privacy policy of the information processed through our website.
We may require changes to our policies, and we will keep up-to-date information on current policies on our website.

I. Data about Us

The controller of personal data TERAZID EOOD has UIC 121057660, registered office and address of management: city of Sofia 1528, Iskar District, Railway Station Iskar, 5 5004th str., contact telephone: 02/979 9971, e-mail: office@terazid.com.
TERAZID EOOD is a company engaged in the production and trade of goods, research, design, construction, retail and wholesale of building materials, internal and external trade, import and export, re-export, barter and other foreign trade transactions and other activities specified in the Commercial Register.

II. Purposes of the processing of personal data, categories of personal data processed and recipients of personal data

In connection with our business as a trader and in our capacity as an employer, we process different categories of data:
2.1. Data of our contractors (partners, suppliers, clients)
– identification data-names, PIN, addresses and other necessary data
We collect and process such personal data when we need to identify you as natural persons – our contractors and/or as natural persons – representatives of legal entities that are our contractors. The data shall be processed in accordance with the applicable legal requirements for accounting and taxation purposes. In this regard, such data may be provided to the competent State authorities, for example the National Revenue Agency. Identification data may also be provided to judicial authorities in disputes and/or enforcement agents in connection with the fulfilment of obligations arising out of a contract or other relationship, and in relation to the realisation of the legitimate interests of TERAZID EOOD in case of the need for forced collection of amounts due.
• contact details – telephone numbers, e-mail addresses
The data shall be used for contact in connection with the execution of contracts concluded and with a view to concluding contracts.
• bank account details
Such data shall be processed for the purpose of financial and accounting activities and the fulfilment of our payment obligations, including contracts, where the data relate to natural persons.
• CCTV data
In order to protect our legitimate interests related to assuring the security of the company’s premises and of our employees and visitors, clients, contractors, we collect CCTV data of certain places of the company’s offices. Records shall be kept for a period not exceeding 2 months after filming.
• Your photos
It is possible, with your consent, which you may withdraw at any time, to use (including by placing on our website and our company profiles on social networks) photos you are in and which are made at organized events of the Company, as well as your photos for the site or brochures of the company.
2.2. Children’s data
TERAZID EOOD may process personal data of children who are clients of the company in accordance with the established rules. Where there is a need for or there is no other legal basis, the processing of personal data of children requires the consent of a parent or guardian. When providing information society services to children, parental consent is required when the child has not reached the age of 14.

2.3. Data of employees and job applicants
– identification data-names, PIN, addresses and other necessary data
We use this data for the purpose of human resource management and on the basis of the fulfilment of employment contracts concluded between us and data subjects and for the fulfilment of our obligations under the legislation as employer, including for declaring of data on employment relationship before state bodies such as the National Revenue Agency, National Social Security Institute, Labour Inspectorate and Employment Agency. We store this data for the periods stipulated in the law.
• contact details – telephone numbers, e-mail addresses
This data is used only as an official contact until the employment relationship is terminated and then until the completion of ongoing tasks.
• Remuneration data
The remuneration data is processed in order to manage human resources and to fulfil legal obligations. The data is stored for the periods stipulated in the law.
• bank account details
These data are processed for the purpose of financial and accounting activities and remuneration payment. The data shall be kept until the employment relationship shall be terminated or to the payment of all obligations under it.
• health data
Such data shall be processed in order to manage the human resources and to fulfil the obligations laid down in the labour legislation and in the field of social security. The data is processed in the order and for the periods stipulated in the law.
• Data on qualification and work experience – data on education, qualification and length of service.
Such data shall be processed with a view to assessing the conformity of the employee’s qualifications and experience with the required ones for the occupation and for fulfilling our obligations as an employer.
• Video surveillance data and photos – as described in item 2.1
Personnel selection procedures shall comply with the requirements of the special laws governing this activity. TERAZID EOOD shall apply a period of 6 months for the storage of personal data of participants in personnel selection procedures, unless the person has agreed his or her data to be processed for a longer period.
The employees data processing information set out in this policy is prepared for the purposes of this policy for our website, as our employees shall be provided with more detailed information.
The specific data to be processed, their volume and the processing deadlines shall depend on each specific case, the necessity and the proportionality of such processing.
In certain cases, we may also, if necessary, use public registers information about you, such as the Commercial Register and the Non-Profit Legal Entities Register.
We at TERAZID EOOD do not use programs for automated processing of your personal data and decision making, including for profiling you.
Please note that certain data should necessarily be provided, for example in order to enter into a contract, and failure to provide them may lead to the impossibility of concluding one, to provide a service and other consequences. Any time you can ask us about specific data that you do not want to provide, and we are committed to inform you of the potential consequences of this.

In order to realize the applicable legal purposes for the processing of personal data, TERAZID EOOD may provide, in accordance with the provisions of the current legislation, your personal data to the following categories of recipients:
• to competent administrative and judicial authorities and institutions in the cases provided for by law;
• to companies – processing personal data and subcontractors (providing services necessary for the activities of the company), with which TERAZID EOOD has duly concluded contracts; the provision of data to such persons shall be subject to an assessment of the reliability of the processors and, after assessment, of the need to provide them.

III. Grounds for the processing of personal data

The grounds on which we process your personal data are the fulfilment of the contractual relations (service contracts and the provision of products, employment contracts), fulfilment of legal obligations (tax, labour and other applicable legislation), legitimate interest (marketing and advertising, in the implementation of which we shall comply with legal restrictions that aim to guarantee your privacy) and consent (if no other reason applies).

IV. Transfer of personal data to third countries or international organisations

TERAZID EOOD shall not provide personal data to countries or persons outside the European Economic Area. In the event that the need arises for the transfer of personal data processed by the company to third countries or international organisations, the provisions of the General Data Protection Regulation shall be respected, including in the case of possible onward transfers of personal data by the third country or international organisation of another third country or organisation.
V. Retention period for personal data
Personal data, for which there is no explicit legal obligation to be stored for a certain period, shall be deleted after achieving the purposes for which the data shall be collected and processed. The retention periods shall be determined in accordance with the Accounting Act, where there are obligations for the storage and processing of accounting data, the Obligations and Contracts Act, which contains limitation periods for making claims, other laws that provide for obligations to provide information to the Court, competent State authorities, the Labour Code and other laws in the field of labour and social legislation, etc.

VI. Exercising rights under the GDPR

As a data subject, you have the following rights:
• Right of Access – you have the right to request a copy of the information we hold about you.
• Right of rectification – you have the right to want to rectify data that we hold about you and which are inaccurate or incomplete.
• Right to erasure (“to be forgotten”) – in certain circumstances you can request that the data we hold about you be erased from our registers.
• Right to restriction of processing – you have the right to want restriction of processing within the meaning of the General Data Protection REGULATION.
• Right to portability – you have the right to have the data we hold about you transmitted to or transferred to another organisation in cases where they are processed in an automated manner and on the basis of your consent or contract.
• Right to withdraw consent – you have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent shall not affect the consent given prior to the withdrawal.
• Right to object – you have the right to object to certain types of processing, such as against any processing of your personal data, which is based on legitimate interests of TERAZID EOOD, for example for the purposes of direct marketing. In this case, we shall cease processing unless there are reasonable legitimate grounds for processing that override your personal interests, rights and freedoms. In cases of objections to the processing of personal data for the purposes of direct marketing, we shall in any event be obliged to suspend the processing of personal data.
• Right to object to automated processing, including profiling-you have also the right not to be subject to the legal consequences of a decision taken solely on the basis of automated processing or profiling.
• Right to a complaint – if you consider that we are processing your personal data unlawfully, you have the right to complain to the Commission for Personal Data Protection with address city of Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. and e-mail address kzld@cpdp.bg. Please contact us first to take measures to protect your rights immediately.