Personal Data Protection Policy
This Personal Data Protection Policy (“Policy”) lays down the main rules and principles of processing and protecting individuals’ personal data followed by Tokuda Bank.
Tokuda Bank AD (the “Bank”), registered in the Commercial Register to the Registry Agency under UIC (entity ID code) 813155318, having its registered seat and management address : 21 George Washington St, Vazrazhdane District, Sofia, is a data controller; www.tokudabank.bg, contact phone numbers: +359 2 403 79 00; +359 2 403 79 85, e-mail: headoffice@tcebank.com, Data Protection Officer: dpo@tcebank.com.
Definitions
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (the Bank).
The definitions are in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The Bank processes the following personal data/categories of personal data:
- Names
- Gender
- Date and place of birth
- Formal personal identification number /e.g., Personal ID No., Foreigner’s ID No./ or other unique identification elements contained in a formal identity document
- Identity document
- Any nationality of the person
- Residence country and address
- Information about the person’s professional activities and the purpose and nature of his/her role in the business relations /*this data is collected when the business relations are established/
- Contact information /e.g., address, phone, e-mail/
- Client number and/or user name of the person in the Bank
- Bank account(s) number
- Education
- Tax and social security information
- Information about the economic, financial and social status /e.g., income, owned property, credit indebtedness, profession, length of service, place of work, position, marital status, related parties, etc./
- Physical identification data /e.g., facial and voice identification, handwriting, signature/
- Information about any concluded and valid personal insurance contract(s)
- Health and / or work capability data assessed by a competent medical practitioner or authority
- Work experience
The Bank may also collect additional information as per the procedure and requirements of the applicable Bulgarian and EU legislation.
Policy Aims
- Compliance of Tokuda Bank’s activities with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act and good personal data practices.
- Protection of data subjects’ personal data – customers, employees, members of the Bank’s management and supervisory bodies, suppliers, business partners and any other person with whom the Bank may have a relationship.
- Awareness, transparency and fairness of the process of collecting, processing and storing personal data by the Bank.
- Protection from risks associated with unlawful processing of personal data, violation of confidentiality or breach of data security.
- The Bank’s reputation as a trusted business partner and responsible data controller, guaranteeing the confidentiality, security and protection of the information provided.