1. Who we are
Riko Style LTD is a private Bulgarian company with registered office address: 18 Academic Angel Balevski Str, Troyan, Bulgaria, UIC: 110519069, tel: +359 670 606 33, email: firstname.lastname@example.org
Riko Style LTD carries out its activity - the manufacturing of chairs and tables, in accordance with the Law on personal data protection and Regulation (EU) 2016/679 of the Eurpean Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
This document is meant to provide the users of www.rikostyle.com with detailed information on the types of personal data we use, the ways we process it, your rights regarding your personal data and other relevant information.
At its core GDPR is a new set of rules designed to give EU citizens more control over their personal data.it aims to simplify the regulatory enviroment for business so both citizens and business in the EU can fully benefit from the digital economy. Following four years of preparation and debate, GDPR was aproved by the European Parliament in April 2016 and the legislationcame into force across the European Union on 25 May 2018.
Under the terms of GDPRq not only do organistions have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and explotations, as well as to respect the rights of the data owners – or face penalties if not doing so.
3. Purposes and scope
In the course of processing and storage of personal data, The Company is entitled to process and keep personal data for the purposes of protection of the following legitimate interests - to perform its obligations towards state and municipal bodies and perform its obligations under the applicable legislation and regulations
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. Core principles in the course of collection, processing and storage of personal data.
- lawfulness, fairness and transparency;
- purpose limitation of the processing personal data;
- data minimization;
- storage limitation;
- integrity and confidentiality.
6. For what purposes does Riko Style process your personal information?
Riko Style processes personal data so we can perform our main activity – the manufacturing of chairs and tables.
The data are processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’). They are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes. The company doesnt collect data for the purposes of marketing and advertisement. We collect data only if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The company is not carrying out automated decision making with data.
7. The company collect data only if:
- we have received clear and informed consent from the data subject;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8. What kind of data do we collect, process and keep?
Important notice: Riko Style does not collect and store on its website www.rikostyle.com sensitive personal data of its customers.
The Company collect the following data:
- name and last name of the user for identification purposes if we receive an inquiry;
- email address so we can correspond with the user in a swift and convenient manner;
- phone number as a another means for further contact;
- other purposes allowed by the regulation in order to perform our duties or provide a specific service.
The data subject has the right to not provide all personal data required. If these data are necessary so we can offer a specific service Riko Style will not be able to respond to your inquiry due to lack of information.
9. Data recipients to which we are allowed to disclose your data
The company provides your data to governmental institutions when it is required by law: for example National Revenue Agency, National Social Security Institute, Employment Agency, etc. We also provide your data to banks, HR agencies, and mobile operators in accordance with all the regulations.
The personal data of our website’s users are not provided to third parties outside the frame of low regulations or to parties outside the European Union.
10. Rights of data subjects
- You have the right to obtain access to the personal data related to you.
- You could at any time rectify or complete inaccurate or incomplete information concerning you.
- You have the right to request from the Data Controller to erase the personal data concerning you if article 17 of the EU Regulation (EU) 2016/679 is applicable.
- You have the right to obtain from the Data Controller restriction of processing.
- You could exercise your right to data portability if article 20 of the EU Regulation (EU) 2016/679 is applicable.
- You have the right to object at any time to processing of personal data concerning you.
- You have hte right of appeal to the Commission for Personal Data protection or District Court.
11. Duration of personal data storage
Riko Styles processes and stores your personal data for a period in accordance with the applicable law and the legal term for storage of such data.
The remaining data are stored for different terms based on their type and in accordance with the regulations for processing as well as data storage.
The Data Controller stores your personal data with regard to website inquires for a period of 6 months or until it is necessary for the purpose of responding to your questions in detail.
The personal data of Riko Style’s employees are stored for a longer period for accounting purposes.
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the Regulation. Those measures shall be reviewed and updated where necessary. For maximum security we take different technical measures that ensure personal data are protected.
We maintain physical, electronic and procedural safeguards in connection with the collection and storage of personal information. Our devices offer security features to protect them against unauthorised access and loss of data.
13. Policy Changes
Our business changes constantly and our Privacy Notice may change too when the circumstances require it. You should check our website to see recent changes.
14. Contact details
address: 18 Academic Angel Balevski Str, Troyan, Bulgaria;
phone number: +359 670 606 33;
15. Data Protection Supervisory Authority
The data protection supervisory authority is the Commission for Personal Data Protection. It monitors and ensures that Regulation (EU) 2016/679 is properly followed and applied. If you consider that your personal data protection rights are violated you can contact the Commission:
address: 2 Prof Tsvetan Lazarov Str, Sofia, Bulgaria;
phone number: 02/91-53-555;