PERSONAL DATA PROTECTION POLICY

 

This Personal Data Protection Policy is an integral part of the General Terms and Conditions of Use of the site www.vali.bg (the Site) administered by VALI Computers LTD. (the Company).

 

We explain how we collect and process personal data of subjects of data – end-users. Contact information is also provided in case you need to contact us.

 

  1. What kind of information is collected by the Site?
    To use the services of the Site you need to provide some personal information, which can identify you directly or indirectly.

 

  1. Information provided voluntarily by the User:
    1. When it is necessary for a particular Site service we may require the following personal information:
      1. Your personal names or pseudonym;
      2. Valid e-mail address;
      3. Phone number;
      4. Physical address for delivery and/ or correspondence;
      5. Possible preferences;
      6. Additional data (user content and/ or invoice data) which the User fills in personally.
    2. These categories of personal data may also be requested in case we are contacted with reference to User’s choice to exercise his/ her rights described below.
    3. When payment is made by bank transfer, the Company can receive the bank account number (IBAN) from which the payment was ordered.
    4. Payment of a purchase with a bank card is made through a third party service provided to the Company. The third party is United Bulgarian Bank AD and the service is UBB e-commerce. In such cases the Bank is an independent data controller, and the Site is only a platform for end-users to use the service (online payment) in compliance with the data protection policy of UBB.
      VALI Computers LTD. cannot influence the way the Bank processes personal data as the service is provided in an information environment and a system fully controlled by the Bank.
    5. When the User applies for a consumer loan the relations between him and VALI Computers LTD. are limited only to execution of the purchase contract. Consumer credit relations are governed by the general terms and conditions of a third party -  Unicredit Consumer Finance. When a credit is granted, the end user receives a copy of the credit agreement he has to sign upon delivery of the goods. In this sense, as it is relevant in such relations, VALI Computers LTD. has access to the personal data of the end user only insofar as it should administer the process of sending the purchased goods to him/ her and returning a signed physical copy of the credit agreement to the credit institution.
  2. Information collected about the User
    For certain site functions we collect information from your PC automatically. In this way the following categories of personal data can be accumulated:
    1. IP address;
    2. The browser used by you;
    3. Preferable language settings;
    4. Type of device used to load the site;
    5. Information about the operation system of your device;
    6. In addition, the following data can be collected:
      1. The number of clicks you make while browsing the site;
      2. Which pages of our site you have viewed;
      3. The pages, which forwarded you to our site;
      4. In case of ad publications – number of views;
      5. The time you have spent browsing the site;

 

  1. How do we handle personal data of children?
    Site services do not target individuals under the age of 18. The Company does not want to collect personal data of children in relation to the site services.
    However, if the Company receives data of a minor, it will be erased and not be processed unless a legislative regulation obliges the Company to process such data.

 

  1. Whose data do we collect?
    The Site collects information about its visitors, including end users – data subjects for the purposes listed below.
    Personal data of site visitors and end users may also be provided by third parties – service providers. For example, a third party is UBB Bank with its virtual POS terminal service.

 

  1. How do we collect data?
    Personal data processed through the site can be collected in the following ways:
    1. Personally and voluntarily provided by the visitor;
    2. Collected automatically by the Site, as well as by IT systems described under item II
    3. By means of cookies to optimize site performance and analysis.

If you want to learn more about these technologies, how they work and how we use them please read our COOKIE POLICY.

 

  1. Why data is collected and processed and what are the legal grounds for it?
    The Company uses the information described above for different purposes based on the applicable legal norms, i.e.
Data Categories Purpose of Processing Legal Basis in Compliance with Regulation (GDRP)General Data Protection
  1. Name and surname
  2. Valid e-mail address
  3. Telephone number
To provide Site services and full Site functionality and for personal communication. Art 6,p.1 а) - the data subject has given consent to the processing of his or her personal data (at his/ her choice and creation of User profile in the site)
  1. Personal name and pseudonym
  2. Valid e-mail address
  3. Telephone number
  4. Physical address
  5. Personal preferences
  6. Data for accounting purposes
To fulfill contractual obligations. 1. Art. 6,p.1. b) - processing is necessary for the performance of a contract (purchase and sale of goods)
  1. IP address
  2. Browser used
  3. Language settings
  4. Type of terminal device
  5. Type of operation system
To provide full Site functionality. 1. Art.6.p..1 b) - processing is necessary for the performance of a contract (provision of a service- use of a website)
  1. Personal name
  2. Telephone and/ or e-mail
  3. Physical address for correspondence
Official, legal lawful and/ or system warnings, legal purposes 1. Art.6.p.1 c) - for compliance with a legal obligation to which the controller is subject
Analytical Data To improve the services offered by the Site and for statistics. 1. Art.. 6, p. 1 f) – legitimate interest
Marketing Data User profiling and ad targeting. 1. Art.. 6,p.. 1 а) - the data subject has given consent to the processing of his or her personal data

 

  1. Time of Personal Data Retention
    The collected user data is retained for the following period of time.
Data Categories How is it Collected How is it Used Period of Retention
  1. Name and surname
  2. Valid e-mail address
  3. Telephone number
From the section for creating a personal profile To provide Site services and full Site functionality and for personal communication. Until User profile is terminated
  1. Personal name and pseudonym
  2. Valid e-mail address
  3. Telephone number
  4. Physical address
  5. Personal preferences
  6. Data for accounting purposes
From personal profile, as data is provided personally by the User himself/ herself. To fulfill contractual obligations. According to the legal deadlines for storing accounting and personal information (up to 10 years)
Analytical Data Using cookies and similar technologies To provide full Site functionality. Up to 24 months (stored only by third parties)
Marketing Data Using cookies and similar technologies User profiling and ad targeting. Up to 24 months (stored only by third parties)

 

  1. Steps taken to ensure lawful and fair processing of personal data. What measures have we taken to protect your data?
    In compliance with the European legislation the Company implements technical and organizational measures to ensure the appropriate level of security, including prevention of unauthorized access and misuse of personal data.
    The Company uses business systems, mechanisms and information technologies to protect personal data adequately and ensure it safety.
    In our information systems only authorized personnel has access to personal data.

 

  1. How do we ensure the appropriate level of security?
    The collected data from the Users of the Site is systematized in registers subject to cryptographic protection. These registers are located on the hard disk of computer systems and only qualified and trained personnel has access to them.

 

  1. Who do we share your data with?
    The Company does not disclose personal information of Users.
    However it is possible to share personal data with third parties in the following cases:

 

Data can be Disclosed to Purpose Legal Basis in Compliance with Regulation (GDRP)General Data Protection
Accounting and Control To fulfill legitimate obligations in compliance with accounting laws or established international accounting standards.     Art.6  paragraph 1 - c
Official authority – administrative, judicial and/ or executive.
  1. When controller is obliged  to disclose business secrets;
  2. When necessary to resolve legal disputes before a competent court and/ or arbitration;
  3. Data can be disclosed to law enforcement authorities and financial institutions when this is an obligation by law or is essential for prevention, detection or prosecution of a criminal offense or fraud.
Art.6  paragraph 1 - c

 

  1. Rights of the Data Subject
    The rights of each end-user – data subject are outlined below in compliance with the European regulation for personal data protection:
User Rights Description Relevance to the Site
Right of information

When providing their personal data or before data are collected by the administrator for processing Users have the right to be informed about the following:

  1. Who is the collector?
  2. What is the purpose of processing?
  3. What is the legal basis and/ or legal interests?
  4. Who can receive the data?
  5. How long will data be stored?
  6. What are the right of the users?
  7. Existence of automatic decision-making, including profiling.  
Yes
Right of access The User has the right of access to his/ her personal data processed by the Site. This includes “Right of Information” data as well as the source of personal data and the data categories. When data are not obtained directly from the User, the latter should receive information how data were collected and processed and what is the legal basis for it.   Yes
Right to rectification The User has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her as a data subject. Yes
Right to erasure The User has the right to obtain from the controller erasure of personal data concerning him or her without undue delay. Yes
Right “to be forgotten”  Where the controller has made the personal data public and is obliged to erase the personal data, the controller shall take reasonable steps to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of these personal data.   No
Right to restriction of processing

The User has the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the User;
  2. the processing is unlawful and the User opposes the erasure of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the exercise or defense of legal claims;
  4. the User has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. Within the limitation period of processing, the data may continue to be stored by the controller.  
No
Right to data portability

The User has the right to receive the personal data concerning him or her, which he or she has provided to the controller, where:

  1. the processing is carried out by automated mean;
  2. The processing is based on consent or a contract obligation.   This right also involves the obligation of the controller to transmit personal data specified by the User to another controller.
Yes
Right to object to processing of personal data The User has the right to object to processing of his/ her personal data provided to the controller for the performance of a task carried out in the public interest  or processing is necessary for the  purposes of the legitimate interests pursued by the controller , profiling or direct marketing. When the User exercises his/ her right to object to processing of his/ her personal data these data may be erased from the system of the controller. No
Automated individual decision-making, including profiling  The user has the right not to be subject to a decision based solely on automated processing, including profiling. No
Right to lodge a complaint The User has the right to lodge a complaint to a supervising authority (The Commission for Personal Data Protection) if he/ she finds that the processing of data concerning him or her violates the provisions of   the General Data Protection Regulation. The data subject may exercise this right in the Member State of his habitual residence, place of work or place of suspected violation. Yes

 

If you want to learn more about your rights and the way they can be exercised you can visit the website of the European Data Protection Supervisor or the website of the supervisory authority of the Republic of Bulgaria – the Commission for Personal Data Protection.

 

  1. How can the User exercise his/her rights?
    The User can exercise his/ her rights at any time. To be as helpful as possible you need to send us your request by post or e-mail to the addresses below.

           

  1. Who is responsible for personal data processing?
    Regarding personal data processing The Company acts both as personal data controller and site administrator.

 

Contact Details of the Personal Data Controller
Name VALI Computers LTD.
Management Address 6 Samuil Street, Veliko Tarnovo
Unified Identification Code 104518906
Management jointly and severally – Dimitar Hinov, Snejana Hinova and Rossen Hinov
e-mail vali@vali.bg ; office@vali.bg
Telephone +359 62 610 909 ; +359 62 610 924; + 359 62 610 930
Contact Details of the Authority Supervising Personal data Protection
Name Commission for Personal Data Protection
Address 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592  
e-mail kzld@cpdp.bg
Telephone + 359 2 9153518

 

If you have questions or comments on this personal data policy you can send them by post or e-mail to vali@vali.bg ; office@vali.bg

 

This PERSONAL DATA PROTECTION POLICY was accepted and approved by Dimitar Hinov – Managing Director of VALI Computers LTD. on 30.06.2018.

 

This Policy is in compliance with the current legislation at the moment of validation, as well as with the European and national legislation related to personal data protection.

 

Date of publishing: 30.06.2018