Mandatory Information on the Privacy Rights of Individuals (Privacy notice)
Mandatory Information on the Privacy Rights of Individuals (Privacy notice)
Information about the company processing your data:
Name | VGN SLTD |
UIC/BULSTAT | 202200279 |
Legal address and headquarters | Sofia, Vitosha District, Manastirski Livadi Housing Estate, 60А, office 3 |
Correspondence address | Sofia, Vitosha District, Manastirski Livadi Housing Estate, 60А, office 3 |
Telephone | 0878 506 666 |
[email protected] | |
Website | https://www.silabg.com |
Information about the Personal Data Protection Officer
Name | Vladimirov Kiskinov Law Firm |
UIC/BULSTAT | 176645870 |
Legal address and headquarters | Sofia, 6, Nayden Gerov Str., fl. 4, office 7 |
Correspondence address | Sofia, 6, Nayden Gerov Str., fl. 4, office 7 |
Telephone | + 359 2 988 18 28 |
[email protected] |
Information on the competent personal data protection supervisory authority
Name | Personal Data Protection Commission |
Legal address and headquarters | Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd. |
Correspondence address | Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd. |
Telephone | 02 915 3 518 |
Website | www.cpdp.bg |
VGN SLTD (hereinafter referred to as “Administrator” or “The Company”)carries out its activity in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Commission of April 27,2016 on the protection of individuals in relation to personal data processing and the free movement of such data. This information is aimed at informing you about all aspects of your personal data processing by the Company and the rights you have in relation thereto.
Basis for your personal data collecting, processing and storing
Art. 1. The Administrator collects and processes your personal data in connection with the use of an online shopwww.silabg.comand contracting with the company on the basis of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:
- Your explicit consent as a customer;
- Execution of the Administrator obligations under a contract with you;
- Compliance with a statutory obligation applicable to the Administrator;
- For the purposes of the legitimate interests of the Administrator or a third party;
Goals and principles of your personal data collecting, processing and storing
Art. 2. (1)We collect and process the personal data you provide to us in connection with the use of the online store www.silabg.comand contracting with the Company, including for the following purposes:
- creating an account and providing full functionality for the online store use;
- individualisation of a party to the contract;
- execution of orders and deliveries under a contract;
- accounting purposes;
- statistical purposes;
- information security protection;
- ensuring the fulfilment of the contract for the provision of the respective service.
- sending a newsletters and e-mails at your request;
- creation of an account and provision of the possibility of sharing content on the social network of www.silabg.com.
- lawfulness, good faith and transparency;
- limitation of the purposes of processing;
- relevance to processing goals and minimization of data collection;
- data accuracy and timeliness;
- storage restriction to achieve the goals;
- integrity and confidentiality of processing, and ensuring an adequate level of personal data security.
- fulfilling its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.
What kind of personal data does our company collect, process and store?
Art. 3. (1) The Company carries out the following operations with the personal data provided by you as clients, for the following purposes:
- Registration of an e-shop client and execution of a remote purchase contract– the purpose of this operation is to create an account for the use of the e-shop for the purchase of goods and the provision of contact details for the delivery of purchased goods. The registration and creation of an online store account is not a mandatory step in the provision of the service and it is accessible to a significant extent without the creation of a profile by placing an order without registration - Conclusion of the impact assessment: Based on the impact assessment, the Data Protection Officer considers that the operation “Registration of an e-shop user and execution of a remote purchase contract” is permissible to be performed and provides guarantees for the protection of the rights and legitimate interests of the data subjects in line with GDPR requirements;
- Newsletter Sending– the purpose of this operation is to administer the process of sending newsletters, emails with special offers, promotions, promo codes, news and new functionalities to customers who have declared they wish to receive. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out the operation.
- Registration in the S’POWER social network – the purpose of this operation is to enable registered users to create and maintain a social network profile on www.silabg.com, to post comments, opinions, recommendations, photos and other content. The data processed during this operation is collected when a customer is registered, therefore the Data Protection Officer considers that an impact assessment is not required to conduct the operation.
- Exercise of the right of cancellation or the making of a claim– the purpose of this operation is to administer the process of exercising the right of cancellation or claim by the client for the goods in respect of which those rights may be exercised. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out the operation.
- Sending gifts, promotional packages, promo codes, etc. – the purpose of this operation is to send to our customers who have requested their data to be processed for this purpose, birthday gifts or campaigns organized by the company. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out the operation.
- revealing racial or ethnic origin;
- revealing political, religious or philosophical beliefs, or membership in trade unions;
- genetic and biometric data, health data, or data on sexual life or sexual orientation.
(4)The Administrator does not perform automated decision making with the data.
(5)The Company does not collect data for persons under the age of 16, except with the express consent of their parent or legal representative.
Art. 4. (1)The Administrator processes the following categories of personal data and information for the following purposes and on the following grounds:
- Your individualizing data when registering on our site (email, name, telephone, date of birth, etc.)
- The purpose for which data are collected: 1) Making a contact with the user and sending information to him, 2) For the purpose of registering a user in the online store, 3) For sending a newsletter and e-mail messages, 4) Creating an account in the S'Power social network, and 4) sending gifts at your request.
- Grounds for your personal data processing– By accepting the terms and conditions and registering in the e-shop or placing an order without registration, or upon entering into a written agreement between the Administrator and you, a contractual relationship is created under which we process your personal data – Art. 6, para. 1, b. (b) of GDPR. Your data for newsletters and emails sending, as well as gifts sending, are processed upon your explicit consent – Art. 6, para. 1, b. (a) of GDPR.
- Delivery details (names, e-mail, telephone, address)
- Purpose of the data collections: Fulfilment of Administrator’s obligations under a contract for the purchase and sale of the goods purchased.
- Grounds for your personal data processing– By accepting the terms and conditions and registering in the e-shop or placing an order without registration, or upon entering into a written agreement between the Administrator and you, a contractual relationship is created under which we process your personal data – Art. 6, para. 1, b. (b) of GDPR.
Term of your personal data storage
Art. 5. (1) The Administrator shall store your personal data for a period not longer than the existence of your account in the online store or the order without registration. After your account deletion or the order completion, the Administrator takes the necessary care to erase and destroy all your data without undue delay or to anonymize them (i.e. to bring them in a form that does not reveal your identity).
(2) The Administrator shall store your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Administrator in judicial or administrative disputes with online shop users, the accounting documents being kept for the relevant statutory term.
(3)The Administrator shall notify you in the event that the period for storing the data is required to be extended in order to comply with a statutory obligation or with respect to the legitimate interests of the Administrator or otherwise.
(4)The Administrator shall store the personal data that needed to be kept under the applicable legislation for the relevant term provided, which may exceed the existence of your e-shop account or the completion of the order.
Art. 6. (1)The Administrator shall store the personal data of the legal representatives of its trading partners for the term of the contract performance for observing the legitimate interests and legal obligations of the Administrator, which may exceed the term of the concluded contract.
Transmission of your personal data for processing
Art. 7. (1) The Administrator may, at its own discretion, transmit all or part of your personal data to processors for the fulfilment of the processing purposes you have agreed to, subject to the requirements of Regulation (EC) 2016/679 (GDPR).
(2) The Administrator shall notify you in case of intent to transfer some or all of your personal data to third countries or international organizations.
Your rights in the collection, processing and storage of your personal data
Withdrawal of consent on your personal data processing
Art. 8. (1) If you do not want all or part of your personal data to continue be processed by the Company for a particular or for all processing purposes, you may at any time withdraw your consent to processing by filling in the form in your account or by requesting it in a free text.
(2) The Administrator may ask you to certify your personality and identity with the person to whom the data relate.
(3)By withdrawing the consent to process personal data that is required to create and maintain an online store account, your account will become inactive. Of course, you will be able to browse the online store and products offered and make orders or re-register.
(4)If there is an order you made which is currently being processed, the earliest moment when you can withdraw your consent to processing is the successful completion of the order.
(5)Your data will not be processed in the future, but this will not affect the posts you have already made with your username, which will remain visible on the social network.
(6)You may at any time withdraw your consent to the processing of your personal data for direct marketing purposes.
(7)Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Administrator has performed so far.
Right of access
Art. 9. (1)You have the right to request and obtain the Administrator’s confirmation whether your personal data relating to you are being processed, and you may at any time see in your account, if you are a registered user, the data we process for you.
(2)You have the right to access the data relating to you, as well as information relating to your personal data collection, processing and storage.
(3)The Administrator shall provide you, upon request, with a copy of the processed personal data relating to you in electronic or other appropriate form.
(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeated or excessive requests.
Right of correction or completion
Art. 10. You may correct or fill in inaccurate or incomplete personal data relating to you directly through your website account or by requesting to the Administrator.
Right of deletion (“to be forgotten”)
Art. 11. (1)You have the right to ask the Administrator to delete part or all of your personal data relating to you, and the Administrator has the obligation to delete them without undue delay when any of the following reasons exists:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent on which the data processing has been based and there is no other legal basis for the processing;
- You object to the processing of the personal data related to you, including for the purposes of direct marketing, and there are no legitimate grounds for the processing that will take precedence;
- The personal data have been processed illegally;
- The personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State applying to the Administrator;
- The personal data have been collected in relation to the provision of services to the information society.
- to exercise the right to freedom of expression and the right to information;
- to comply with a legal obligation that requires treatment provided for under EU law or the law of the Member State applying to the Administrator or for the performance of a task of public interest, or the exercise of official authority conferred to it;
- for reasons of public interest in the field of public health;
- for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
- for the establishment, exercise or protection of legal claims.
- information necessary to verify that your right to be forgotten has been fulfilled;
- technical information about the functioning of the online store, which information cannot in any way be related to your personality;
- the email by which you have registered in the online store;
- the publications you have made on the social network.
- File a request through your online store account or via email;
- Identify yourself as the account holder;
(6)If there is an order you have placed which is currently being processed, the earliest moment when you can request to be “forgotten” is when your order is successfully completed.
(7)Upon the deletion of your personal data, your account will become inactive. Of course, you will be able to browse the online store and view the products offered and make orders as a guest or make a new registration.
(8)The Administrator shall not delete the data, which it has a legal obligation to store, including for protection against claims against it or proving its rights.
Right of limitation
Art. 12.You have the right to require the Administrator to restrict the processing of data related to you when:
- contest the accuracy of personal data for a period allowing the Administrator to verify the accuracy of the personal data;
- the processing is illegitimate, but you do not want personal data to be erased but only the processing thereof to be limited;
- The Administrator no longer requires the personal data for the purpose of processing, but you require them to establish, exercise or protect your legal claims;
- You have objected to the processing pending verification whether the legal grounds of the Administrator have an advantage over your interests.
Transferability right
Art. 13. (1) If you have consented to the processing of your personal data, or the processing is necessary for the execution of the agreement with the Administrator, or if your data is processed in an automated manner, you may, after you legitimize yourself to the Administrator:
- request the Administrator to provide you with your personal data in a readable format for you to transfer them to another Administrator;
- request the Administrator to directly transfer your personal data to an Administrator you provide when it is technically feasible.
Right to receive information
Art. 14.You may request the Administrator to inform you of any and all recipients to whom the personal data requested for correction, deletion, or processing limitation have been disclosed. The Administrator may refuse to provide this information if this would not be possible or would require excessive effort.
Right of objection
Art. 15.You may at any time object to the processing of personal data by the Administrator that relate to it, including if they are being processed for profiling or direct marketing purposes.
Your rights upon the violation of your personal data security
Art. 16. (1) If the Administrator detects a breach of your personal data security that may pose a high risk to your rights and freedoms, it shall notify you without undue delay of the violation and of the measures taken or to be taken.
(2)The Administrator shall not be obliged to notify you if:
- It has taken appropriate technical and organizational protection measures with respect to the data affected by the security violation;
- It has subsequently taken measures to ensure that the violation will not lead to a high risk for your rights;
- The notification would require disproportionate efforts.
Persons to whom your personal data are provided
Art. 17.For the purpose of your personal data processing and providing the service in its full functionality and in view of your interests, the Administrator may provide your data to the following personal data processors:
Personal data processor | Purpose of personal data processing |
Supplier | Delivery to an address |
These personal data processors comply with all legal and security requirements for your personal data processing and storage.
Art. 18.The Administrator does not transfer your data to third countries.
Art. 19.In case of violation on your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission, as follows:
Name | Personal Data Protection Commission |
Legal address and headquarters | Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd. |
Correspondence address | Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd. |
Telephone | 02 915 3 518 |
Website | www.cpdp.bg |
Art. 20.You may exercise all of your rights regarding your personal data protection through the forms enclosed with this information or through the functionality of your account. Of course, these forms are not mandatory and you can make your claims in any form that contains a statement about it and identifies you as the data holder.
Art. 21.If the consent relates to a transfer, the Administrator shall describe the possible risks for the transfer of data to third countries in the absence of a decision on adequate protection and appropriate remedies.
Art. 22.The Company may amend the Privacy Policy by publishing a notice on its site thereof.
Appendix 1
Appendix 2
Appendix 3
Appendix 4