Privacy policy

Whether you are a current or future client of the vian.bg platform or a casual user of our site, we take account of and respect your privacy.

Protecting your personal information when processing your personal data is an important priority for us.

We process your personal data, respecting their confidentiality and in accordance with the legal provisions at national and European level.

In the following pages of our Privacy and Data Protection Policy (the Policy), we aim to introduce you to VIAN TV OOD, as your Personal Data Controller, to provide you with contact information for the company, as well as for a data protection officer.

With this Policy, we inform you of:

    the categories of personal data;

     for the purposes and legal basis for processing;

     for the storage period and with whom we share the data;

     information on whether the personal data will be transferred to a third country or to an international organization;

     recipients or categories of recipients of personal data;

     for the rights you have under the legislation on personal data protection and in the light of new situations, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "the Regulation" or "GDPR").

Information about the company that processes your data or who we are:

VIAN TV OOD, UIC 130947928, with registered address / address for correspondence

Sofia 1408,  18-20 Major Parvan Toshev str.

Information on the competent data protection supervisory authority

Personal Data Protection Commission,  Sofia 1592,  “Prof. 2, Tsvetan Lazarov blvd., Phone 02 915 3 518, website www.cpdp.bg

Vian TV OOD (hereinafter referred to as "the Controller" or "the Company") operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you of all aspects of the processing of your personal data by the Company and the rights you have in connection with such processing.

Grounds for collecting, processing and storing your personal data

Article  1. The Controller collects and processes your personal data in connection with the use of the online store www.vian.bg and the conclusion of contracts with the Company on the grounds of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

-        the explicit consent obtained from you as a client;

-        fulfilment of the obligations of the Controller under a contract with you;

-         compliance with a legal obligation that applies to the Controller;

-          for the purposes of the legitimate interests of the Controller or of a third party.

Purposes and principles for the collection, processing and storage of your personal data

Article 2.

We collect and process the personal information you provide to us in connection with the use of the online store www.vian.bg and contract with the company, including for the following purposes:

-          creating an account and providing full functionality when using the online store;

-          individualisation of a party to the contract;

-          accounting purposes;

-          statistical objectives;

-          protection of information security;

-          the right of refusal or complaint by the customer for the goods in respect of which such rights may be exercised;

-          ensuring the performance of the contract for the provision of the relevant service;

-          sending a newsletter and special offers emails if you wish so;

-          telephone calls in connection with the birthday or notification to the User of new collections or of receipt of products which have been exhausted in the previous period upon agreement on both parties;

 

-          We follow the following principles when processing your personal information:

-          legality, good faith and transparency;

-          limitation of processing objectives;

-          consistency with the purposes of processing and minimizing the data collected;

-          accuracy and timeliness of the data;

-          storage restriction in order to achieve the objectives;

-          integrity and confidentiality of the processing and ensuring an adequate level of personal data security.

-          In the processing and storage of personal data, the Controller may process and store personal data in order to protect his or her legitimate interests:

-          fulfilment of its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal bodies.

What types of personal data is collected, processed and stored by our Company

Article 3.

The Company performs the following operations with the personal data you provide as customers for the following purposes:

-          Registration of a customer in an e-shop and execution of a distance sale contract –the purpose of this operation is to create a profile for using the e-shop to buy goods and to provide contact information for the delivery of purchased goods. Signing up and creating an account to use the online store is not a necessary step in the provision of the service, and it is largely accessible without creating an account through the "Order as a Guest" option.

-          Newsletter Submission – The purpose of this operation is to administer the process of sending newsletters, special offers emails, promotions, promo codes, news and new features to customers who have stated that they wish to receive this information.

-          Exercise of the right of waiver or make a claim – the purpose of this operation is to administer the process of exercising the right of refusal or complaint by the client for the goods in respect of which such rights may be exercised.

-          The controller does not collect or process personal data relating to the following:

-          reveal racial or ethnic origin;

-          reveal political, religious or philosophical beliefs, or membership of trade unions;

-          genetic and biometric data, health data, or sexual life or sexual orientation data.

 

Personal data are collected by the Controller from the persons to whom they relate.

The Company does not collect data on persons under the age of 16 except with the express consent of their parent or legal representative.

Article 4. The controller processes the following categories of personal data and information for the following purposes and for the following reasons:

                 Your personally identifiable information (email, first name, last name, phone number, address, date of birth, etc.)

   Purpose for which the data is collected: 1) Contacting and sending information to the user. 2) for the purposes of registering a user in an online store. 3) to send newsletter, emails with special offers, promotions, promo codes, news and new features.

   Grounds for processing your personal data – By accepting the general terms and conditions and registering in the online store or placing an order without registration, or at the conclusion of a written contract, a contractual relationship is created between the Controller and you, on the basis of which we process your personal data – Art. 6, para. 1,  (b) GDPR. Your data for sending a newsletter and emails are processed after your explicit consent – Art. 6, para. 1,  (а) GDPR.

-          Delivery details (names, phone, address, etc.)

-          Purpose for which data is collected: Fulfilment of obligations of the Controller under a contract for sale and delivery of the purchased goods.

-          Grounds for processing your personal data – By accepting the General Terms and Conditions and registering in the online store or placing an order without registration, or at the conclusion of a written contract between the Controller and you, a contractual relationship is created, on the basis of which we process your personal data – Art. 6, para. 1,  (b) GDPR.

-          Data from your social media accounts (publicly available information from your Google Accounts , social networks (Facebook, Twitter, Instagram), YouTube, etc.

-          Purpose for which data is collected: (1) Contacting and sending information to the user and (2) for the purpose of registering a user in the online store.

-          Ground for processing of your personal data – By accepting the general terms and registration in the e-shop through a social network profile, a contractual relationship is created between the Controller and you, on the basis of which we process your personal data – Art. 6, para. 1,  (b) GDPR.

The period of retention of your personal data

Article 5.

The Controller shall retain your personal data for no longer than the existence of your online store account or the execution of a “guest” order. Upon deletion of your account or completion of the order, the Controller takes the necessary care to delete and destroy all your data without undue delay or anonymize (i.e., to make it in a form that does not reveal your identity).

The Controller shall keep your personal data provided in connection with online orders for a period of 10 years for the purpose of protecting the Controller's legal interests in legal or administrative disputes with users of the online store, keeping the accounting records for the relevant statutory period.

The Controller shall notify you, in the event of a need to extend the data retention period, with a view to fulfilling a regulatory obligation or with a view to the legitimate interests of the Controller or otherwise.

The Controller stores the personal data that he or she is required to keep under applicable law for the relevant timeframe, which may exceed the lifetime of your e-commerce account or until the order is completed.

Article 6. The Controller shall keep the personal data of the legal representatives of his trading partners, for the duration of the performance of the contract, for observing the legitimate interests and legal obligations of the Controller, which may exceed the term of the concluded contract.

Transmission of your personal data for processing

Article 7.

The Controller may, at its sole discretion, transmit some or all of your personal data to processing data for the purposes of processing purposes that you have agreed to, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

The Controller notifies you in case you intend to share some or all of your personal data with third countries or international organizations.

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent to the processing of your personal data

Article 8.

If you do not wish all or part of your personal data to be further processed by the Company for specific or all processing purposes, you may at any time withdraw your consent to the processing by requesting a free text at info@vian.bg.

The Controller may ask you to verify your identity and identity with the data subject.

With the withdrawal of consent to process personal data that is required to create and maintain an account in the online store, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or re-register.

If you have an order that is in the process of being processed, the earliest time you can withdraw your processing consent is when the order is successfully completed.

You may at any time withdraw your consent to the processing of your personal data for direct marketing purposes.

Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Controller has performed up to now.

Right of access

Article 9.

You have the right to request and receive confirmation from the Controller whether personal data relating to you is being processed, and you may at any time see in your account, if you are a registered user, the data we process for you.

You have the right to access data related to you, as well as information related to the collection, processing and storage of your personal data.

The Controller shall provide you, upon request, with a copy of the personal data processed relating to you in electronic or other appropriate form.

Providing access to the data is free of charge, but the Controller reserves the right to impose an administrative fee in case of repeated or excessive requests.

Right to rectification or supplement

Article 10. You may rectify or complete inaccurate or incomplete personal data relating to you directly by requesting the Controller, or individually by editing your registration.

Right to be deleted (right to be forgotten)

Article 11.

You have the right to request the Controller to delete some or all of your personal data, and the Controller has the obligation to delete them without undue delay when any of the following reasons exist:

-          personal data are no longer necessary for the purposes for which they were otherwise collected or processed;

-          you withdraw your consent on which the processing of the data is based and there is no other legal basis for the processing;

-          you object to the processing of personal data relating to you, including for the purposes of direct marketing and there are no legitimate grounds for processing to take precedence;

-          personal data were processed illegally;

-          personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Controller;

-          personal data have been collected in connection with the provision of information society services.

-          The Controller is not obliged to delete personal data if it stores and processes such:

-          for exercising the right of freedom of expression and information;

-          to comply with a legal obligation requiring processing as provided for in EU or Member State law applicable to the Controller, or for the performance of a public interest task or in the exercise of official powers conferred on him;

-          for reasons of public interest in the field of public health;

-          for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;

-          for the establishment, exercise or defence of legal claims.

-          In the event that you exercise your right to be forgotten, the Company will delete all your data, except for the following information:

-          information needed to certify that your right to be forgotten is fulfilled – email, IP address;

-          technical information about the functioning of the online store, which information cannot in any way be related to your personality;

-           the email you used to register with the online store.

In order to exercise your right to be forgotten, you need to take the following steps:

-         identify yourself as the account holder.

Once we verify the identity of the requester and the data subject in accordance with the steps above, we will delete all the data we process for you.

If you have an order that is in the process of being processed, the earliest moment you can ask to be "forgotten" is when the order is successfully completed.

By deleting your personal data, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or re-register.

The Controller does not delete the data that he or she has a legal obligation to keep, including for the protection of legal claims against him or for proving his rights.

Right of restriction

Article 12.

You have the right to request the Controller to restrict the processing of related data when:

-          you challenge the accuracy of personal data for a period allowing the Controller to verify the accuracy of personal data;

-          the processing is unlawful, but you do not want the personal data to be erased and only their use restricted;

-          the Controller no longer needs personal data for the purposes of processing, but you require it to establish, exercise or defend your legal claims;

-          you have objected to the processing, pending verification that the Administrator's legitimate grounds have priority over your interests.

-          In the event that your right of restriction is exercised, the Company will cease processing of your data, but will not remove the publications you have made in the online store.

Right to portability

Article 13.

If you have consented to the processing of your personal data or the processing is necessary to perform the contract with the Controller, or if your data is processed in an automated manner, you may, after legitimizing yourself to the Controller:

-          request the Controller to provide you with your personal data in a readable format and transfer it to another Controller;

-          request the Controller to directly transfer your personal data to the Controller designated by you when technically feasible.

You may download or receive machine-readable data at any time, which is stored and processed for you in connection with the use of the Controller's services, directly through your account via the data export option or by email request.

Right to information

Article 14. You may request the Controller to inform you of any recipients whose personal data that has been requested to correct, delete or restrict processing have been disclosed. The Controller may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to object

Article 15. You may object at any time to the processing of personal data by the Controller that relates to it, including if it is processed for profiling or direct marketing purposes.

Your rights in case of breach of your personal data security

Article 16.

If the Controller identifies a breach of your personal data security that may pose a high risk to your rights and freedoms, he will notify you without undue delay of the breach, as well as any measures taken or to be taken.

The Controller is not required to notify you if:

-          he has taken appropriate technical and organizational safeguards with regard to data affected by a security breach;

-          has subsequently taken measures to ensure that the infringement would not pose a high risk to your rights;

-          notification would require a disproportionate effort.

Persons to whom your personal data are provided

Article 17. For the purposes of processing your personal data and providing the service with its full functionality and for your interests, the Controller may provide your data to the following processors:

-          data processor – for the purpose of processing of personal data;

-          supplier for the purpose of delivering to an address.

The personal data processor in question complies with all legal and security requirements for the processing and storage of your personal data.

Article 18. The Controller shall not transfer your data to third countries.

Article 19. In the event of a violation of your rights under the above requirements or the applicable personal data protection legislation, you have the right to file a complaint with the Personal Data Protection Commission as follows:

Personal Data Protection Commission, Sofia, 1592,  2, Prof. Tsvetan Lazarov blvd., Phone 02 915 3 518, website www.cpdp.bg

Article  20. The Company may amend the Privacy Policy by posting a notice on this site.

On Top
Cart
Close
Back
Account
Close