This Personal Data Protection Policy is an integral part of the General Terms and Conditions of Use of the site www.vali.bg (the Site) administered by VALI Computers LTD. (the Company).
We explain how we collect and process personal data of subjects of data – end-users. Contact information is also provided in case you need to contact us.
- What kind of information is collected by the Site?
To use the services of the Site you need to provide some personal information, which can identify you directly or indirectly.
- Information provided voluntarily by the User:
- When it is necessary for a particular Site service we may require the following personal information:
- Your personal names or pseudonym;
- Valid e-mail address;
- Phone number;
- Physical address for delivery and/ or correspondence;
- Possible preferences;
- Additional data (user content and/ or invoice data) which the User fills in personally.
- These categories of personal data may also be requested in case we are contacted with reference to User’s choice to exercise his/ her rights described below.
- When payment is made by bank transfer, the Company can receive the bank account number (IBAN) from which the payment was ordered.
- Payment of a purchase with a bank card is made through a third party service provided to the Company. The third party is United Bulgarian Bank AD and the service is UBB e-commerce. In such cases the Bank is an independent data controller, and the Site is only a platform for end-users to use the service (online payment) in compliance with the data protection policy of UBB.
VALI Computers LTD. cannot influence the way the Bank processes personal data as the service is provided in an information environment and a system fully controlled by the Bank.
- When the User applies for a consumer loan the relations between him and VALI Computers LTD. are limited only to execution of the purchase contract. Consumer credit relations are governed by the general terms and conditions of a third party - Unicredit Consumer Finance. When a credit is granted, the end user receives a copy of the credit agreement he has to sign upon delivery of the goods. In this sense, as it is relevant in such relations, VALI Computers LTD. has access to the personal data of the end user only insofar as it should administer the process of sending the purchased goods to him/ her and returning a signed physical copy of the credit agreement to the credit institution.
- When it is necessary for a particular Site service we may require the following personal information:
- Information collected about the User
For certain site functions we collect information from your PC automatically. In this way the following categories of personal data can be accumulated:
- IP address;
- The browser used by you;
- Preferable language settings;
- Type of device used to load the site;
- Information about the operation system of your device;
- In addition, the following data can be collected:
- The number of clicks you make while browsing the site;
- Which pages of our site you have viewed;
- The pages, which forwarded you to our site;
- In case of ad publications – number of views;
- The time you have spent browsing the site;
- How do we handle personal data of children?
Site services do not target individuals under the age of 18. The Company does not want to collect personal data of children in relation to the site services.
However, if the Company receives data of a minor, it will be erased and not be processed unless a legislative regulation obliges the Company to process such data.
- Whose data do we collect?
The Site collects information about its visitors, including end users – data subjects for the purposes listed below.
Personal data of site visitors and end users may also be provided by third parties – service providers. For example, a third party is UBB Bank with its virtual POS terminal service.
- How do we collect data?
Personal data processed through the site can be collected in the following ways:
- Personally and voluntarily provided by the visitor;
- Collected automatically by the Site, as well as by IT systems described under item II
- By means of cookies to optimize site performance and analysis.
- Why data is collected and processed and what are the legal grounds for it?
The Company uses the information described above for different purposes based on the applicable legal norms, i.e.
|Data Categories||Purpose of Processing||Legal Basis in Compliance with Regulation (GDRP)General Data Protection|
||To provide Site services and full Site functionality and for personal communication.||Art 6,p.1 а) - the data subject has given consent to the processing of his or her personal data (at his/ her choice and creation of User profile in the site)|
||To fulfill contractual obligations.||1. Art. 6,p.1. b) - processing is necessary for the performance of a contract (purchase and sale of goods)|
||To provide full Site functionality.||1. Art.6.p..1 b) - processing is necessary for the performance of a contract (provision of a service- use of a website)|
||Official, legal lawful and/ or system warnings, legal purposes||1. Art.6.p.1 c) - for compliance with a legal obligation to which the controller is subject|
|Analytical Data||To improve the services offered by the Site and for statistics.||1. Art.. 6, p. 1 f) – legitimate interest|
|Marketing Data||User profiling and ad targeting.||1. Art.. 6,p.. 1 а) - the data subject has given consent to the processing of his or her personal data|
- Time of Personal Data Retention
The collected user data is retained for the following period of time.
|Data Categories||How is it Collected||How is it Used||Period of Retention|
||From the section for creating a personal profile||To provide Site services and full Site functionality and for personal communication.||Until User profile is terminated|
||From personal profile, as data is provided personally by the User himself/ herself.||To fulfill contractual obligations.||According to the legal deadlines for storing accounting and personal information (up to 10 years)|
|Analytical Data||Using cookies and similar technologies||To provide full Site functionality.||Up to 24 months (stored only by third parties)|
|Marketing Data||Using cookies and similar technologies||User profiling and ad targeting.||Up to 24 months (stored only by third parties)|
- Steps taken to ensure lawful and fair processing of personal data. What measures have we taken to protect your data?
In compliance with the European legislation the Company implements technical and organizational measures to ensure the appropriate level of security, including prevention of unauthorized access and misuse of personal data.
The Company uses business systems, mechanisms and information technologies to protect personal data adequately and ensure it safety.
In our information systems only authorized personnel has access to personal data.
- How do we ensure the appropriate level of security?
The collected data from the Users of the Site is systematized in registers subject to cryptographic protection. These registers are located on the hard disk of computer systems and only qualified and trained personnel has access to them.
- Who do we share your data with?
The Company does not disclose personal information of Users.
However it is possible to share personal data with third parties in the following cases:
|Data can be Disclosed to||Purpose||Legal Basis in Compliance with Regulation (GDRP)General Data Protection|
|Accounting and Control||To fulfill legitimate obligations in compliance with accounting laws or established international accounting standards.||Art.6 paragraph 1 - c|
|Official authority – administrative, judicial and/ or executive.||
||Art.6 paragraph 1 - c|
- Rights of the Data Subject
The rights of each end-user – data subject are outlined below in compliance with the European regulation for personal data protection:
|User Rights||Description||Relevance to the Site|
|Right of information||
When providing their personal data or before data are collected by the administrator for processing Users have the right to be informed about the following:
|Right of access||The User has the right of access to his/ her personal data processed by the Site. This includes “Right of Information” data as well as the source of personal data and the data categories. When data are not obtained directly from the User, the latter should receive information how data were collected and processed and what is the legal basis for it.||Yes|
|Right to rectification||The User has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her as a data subject.||Yes|
|Right to erasure||The User has the right to obtain from the controller erasure of personal data concerning him or her without undue delay.||Yes|
|Right “to be forgotten”||Where the controller has made the personal data public and is obliged to erase the personal data, the controller shall take reasonable steps to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of these personal data.||No|
|Right to restriction of processing||
The User has the right to obtain from the controller restriction of processing where one of the following applies:
|Right to data portability||
The User has the right to receive the personal data concerning him or her, which he or she has provided to the controller, where:
|Right to object to processing of personal data||The User has the right to object to processing of his/ her personal data provided to the controller for the performance of a task carried out in the public interest or processing is necessary for the purposes of the legitimate interests pursued by the controller , profiling or direct marketing. When the User exercises his/ her right to object to processing of his/ her personal data these data may be erased from the system of the controller.||No|
|Automated individual decision-making, including profiling||The user has the right not to be subject to a decision based solely on automated processing, including profiling.||No|
|Right to lodge a complaint||The User has the right to lodge a complaint to a supervising authority (The Commission for Personal Data Protection) if he/ she finds that the processing of data concerning him or her violates the provisions of the General Data Protection Regulation. The data subject may exercise this right in the Member State of his habitual residence, place of work or place of suspected violation.||Yes|
If you want to learn more about your rights and the way they can be exercised you can visit the website of the European Data Protection Supervisor or the website of the supervisory authority of the Republic of Bulgaria – the Commission for Personal Data Protection.
- How can the User exercise his/her rights?
The User can exercise his/ her rights at any time. To be as helpful as possible you need to send us your request by post or e-mail to the addresses below.
- Who is responsible for personal data processing?
Regarding personal data processing The Company acts both as personal data controller and site administrator.
|Contact Details of the Personal Data Controller|
|Name||VALI Computers LTD.|
|Management Address||6 Samuil Street, Veliko Tarnovo|
|Unified Identification Code||104518906|
|Management||jointly and severally – Dimitar Hinov, Snejana Hinova and Rossen Hinov|
|firstname.lastname@example.org ; email@example.com|
|Telephone||+359 62 610 909 ; +359 62 610 924; + 359 62 610 930|
|Contact Details of the Authority Supervising Personal data Protection|
|Name||Commission for Personal Data Protection|
|Address||2 Prof. Tsvetan Lazarov Blvd., Sofia 1592|
|Telephone||+ 359 2 9153518|
This PERSONAL DATA PROTECTION POLICY was accepted and approved by Dimitar Hinov – Managing Director of VALI Computers LTD. on 30.06.2018.
This Policy is in compliance with the current legislation at the moment of validation, as well as with the European and national legislation related to personal data protection.
Date of publishing: 30.06.2018