Privacy, data protection and cookie policy
VIDEOMAX-AVS LTD, with its registered office and management address in Sofia, Lyulin District, 10th Microregion, Block 133, Entrance B, correspondence address - the same, phone: +359 2 9270022, UIC (Unified Identification Code) 040044467, email: sales@videomaxavs.com (referred to as "the company" below for brevity) conducts its activities in accordance with the Law on Personal Data Protection and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), known as GDPR.
This information aims to inform users about all aspects of the processing of their personal data by the company and their rights related to this processing.
This Policy regulates the procedures for collecting and processing personal and other confidential data of users of the online store using automated means via the Internet network.
Information regarding the company "VIDEOMAX-AVS LTD," which processes personal data:
Company name: VIDEOMAX-AVS LTD
Registered office and management address: Sofia, Lyulin District, 10th Microregion, Block 133, Entrance B
Correspondence address: Sofia, Lyulin District, 10th Microregion, Block 133, Entrance B, Phone: +359 2 9270022, email: sales@videomaxavs.com
Unified Identification Code (UIC/EIK): 040044467
General provisions:
Art. 1. In this Policy, the following terms are used:
- 1.1. Personal Data - any information relating to an identified or identifiable natural person (data subject).
- 1.2. Data Controller - a person who independently organizes and/or carries out the processing of personal data, as well as determines the purposes of the processing of personal data, the scope of the personal data subject to processing, and the actions (operations) performed with the personal data.
- 1.3. Electronic Platform - a combination of computer software and other information constituting an information system accessed through the Internet via domain names and/or network addresses, which allow the identification of websites on the Internet, in this case - the online store.
- 1.4. The Company - the entity that owns the right to use the website and is responsible for the processing of users' personal data.
- 1.5. User - Buyer, an individual who makes purchases from the online store.
- 1.6. Processing of Personal Data - any action (operation) or set of actions (operations) with personal data, performed with or without the use of automated means, including collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data.
- 1.7. Automated Processing of Personal Data - processing of personal data using computer technology.
- 1.8. Provision of Personal Data - actions aimed at disclosing personal data to a specific person or a specific group of persons.
- 1.9. Blocking (Restriction) of Personal Data - the temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data).
- 1.10. Destruction of Personal Data - an action that makes it impossible to restore the contents of personal data in the personal data information system and/or results in the physical destruction of the information carriers of personal data.
- 1.11. Information System for Personal Data - the totality of personal data contained in a personal data database and the information technologies and technical means ensuring their processing.
- 1.12. Cookie Files (cookies) - fragments of data sent by the website and stored on the computer, mobile phone, or other device from which the user visits the website, and used to store information about the user's actions on the website.
Basis for the collection, processing, and storage of personal data:
Art. 2.
- 2.1. The Company collects and processes personal data in connection with the use of the online store and the conclusion of contracts with users based on Article 6(1) of the General Data Protection Regulation (GDPR), and more specifically on one or more of the following legal bases:
- Explicit consent obtained from the user;
- Performance of the Company's obligations under a purchase contract with the user;
- Compliance with a legal obligation applicable to the Company;
- Pursuit of the legitimate interests of the Company or a third party.
- 2.2. The use of the online store in any way constitutes an expression of the user's consent to the terms of this Policy, including the user's consent to the processing of their personal data using automated means via the internet by the Data Controller when the provisions of the applicable legislation require such consent.
Purposes and Principles of collecting, processing, and storing personal data:
Art. 3.
- 3.1. The Company collects and processes the personal data provided by the user in connection with the use of the online store and the conclusion of contracts with the Company, including for the following purposes:
- Creating a user profile and providing full functionality when using the online store;
- Identifying the user as a party to the contract;
- Accounting purposes;
- Statistical purposes;
- Ensuring information security;
- Ensuring the fulfillment of the contract for the supply of the respective goods or services;
- Sending newsletters and emails with special offers with the explicit consent of the user.
- 3.2. The Company adheres to the following principles when processing personal data:
- Lawfulness, fairness, and transparency;
- Limitation of the purposes of processing;
- Relevance of the processing and data minimization;
- Accuracy and currency of the data;
- Limitation of storage in order to achieve the purposes;
- Integrity and confidentiality of the processing and ensuring an appropriate level of security for personal data.
- 3.3. The Company may process and store personal data for the purpose of protecting its legitimate interests, including:
- Fulfilling its obligations to the National Revenue Agency, the Ministry of Internal Affairs, and other state and municipal authorities.
Types of personal data collected, processed, and stored:
Art. 4.
- 4.1 The company performs the following operations with the personal data provided by the user, for the purposes described:
- User registration in the online store - the purpose of this operation is to create a profile for using the online store service.
- Sending emails to confirm purchases.
- 4.2 The company does not collect and process personal data related to the following:
- Revealing racial or ethnic origin;
- Revealing political, religious, or philosophical beliefs, or membership in trade unions;
- Genetic and biometric data, data concerning sexual life or sexual orientation.
- 4.3 The company does not make automated decisions based on personal data.
- 4.4 During the processing of personal data, the user has the right:
- to have access to his personal data, as well as information regarding the processing of his personal data, including:
- confirmation of the fact of processing personal data;
- the purposes and legal basis for the processing of personal data;
- the methods used for processing personal data;
- information about the categories of processed personal data related to the respective data subject, the source of their receipt, if another provision of such data is not provided for by the applicable legislation;
- the retention periods of the personal data, including the duration of their storage;
- the procedure for exercising the rights of the user provided for by the applicable legislation;
- other information provided by the applicable legislation;
- to request from the Administrator to change the user's personal data, including by submitting an additional request, in cases where the personal data is incomplete, outdated, or inaccurate.
- to request from the Administrator to delete the user's personal data.
- to request from the Administrator to block (limit) the processing of the user's personal data.
- to receive from the Administrator a copy of the personal data being processed.
- other rights provided by the legislation.
- 4.5 During the processing of personal data, the Data Administrator is obliged to:
- provide the User, upon his request, with access to his personal data, as well as information with the following content:
- confirmation of the fact of processing personal data;
- the legal basis and purposes of processing personal data;
- the methods used for processing personal data,
- other information provided by the applicable legislation.
- ensure the implementation of measures to prevent unauthorized access to the User's personal data.
- publish or otherwise provide unrestricted access to the document defining the policy for the processing of personal data, as well as information on the established and applied requirements for the protection of personal data.
- 4.6 The purpose of collecting and processing the User's personal data by the Data Administrator is to conclude a contract (Sub-License Agreement) between the User and the Company. The processing of personal data is carried out on the basis and in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Purposes and Legal Basis for the Processing of Personal Data:
Art. 5.
- 5.1 The company processes the following categories of personal data and information for the following purposes and on the following legal basis:
- Identifying data (names, email, etc.)
- Purpose for data collection: 1) Establishing communication with the user and sending information to them, 2) for the purpose of user registration in the online store.
- Legal basis for the processing of personal data: By accepting the general terms and conditions and registering in the online store or by entering into a written contract, a contractual relationship is established, on the basis of which the company processes the personal data of this user (Art. 6, para. 1, point "b" GDPR). Data required for sending newsletters are processed based on explicit consent provided by the user (Art. 6, para. 1, point "a" GDPR).
Storage Period of Personal Data:
Art. 6.
- 6.1 The company retains personal data for a period not exceeding the existence of the user profile in the online store.
- 6.2 After the deletion of the user profile, the company takes necessary measures to erase and destroy all user data without undue delay or to anonymize them (i.e., to render them in a form that does not disclose their identity).
- 6.3 The company stores personal data provided in connection with the services rendered for the duration of the user profile, with accounting documents related to a specific order being kept for the respective statutory period.
- 6.4 The company stores personal data for which there is a normative requirement for storage according to the applicable legislation, for the respective designated period, which may exceed the duration of the user profile in the online store.
- 6.5 User passwords protecting personal data of all users of the company's online store are encrypted.
- 6.6 The company may, at its own discretion, transfer some or all of the user's personal data to other entities that process personal data for the purpose of fulfilling the processing purposes to which the user has consented under this Policy, while complying with GDPR requirements.
Access to Personal Data and Data Portability:
Art. 7.
- 7.1 Every registered user has the option, through their user profile, to check and edit the data processed by the Company for them. This is done by logging in with the password set by the user themselves, which is encrypted and not accessible to the employees of the Company.
Correction or Completion of Personal Data:
Art 8. Every user can correct or complete their personal data directly through their user profile on the website or by submitting a request through the personal data editing form. The administrator of personal data collects and processes the following personal data of the user:
- 8.1. Name, surname;
- 8.2. Personal phone number; email address
- 8.3. The user may, at their discretion, provide the administrator of personal data with, and request the modification and/or deletion of, the following additional personal data:
Cashless payment via bank cards is carried out in accordance with the rules of international payment systems and in accordance with the principles of confidentiality and security of the transactions. The security of the data provided by the user is ensured by compliance with the applied procedures and the requirements of the Payment Card Industry Data Security Standard (PCI DSS), and no one, including the administrator of personal data, can access them. The input of bank card data is done on a secure payment page provided by the bank - the payment operator, ensuring the possibility of cashless payment for services.
The purpose of collecting information about the user's device is for internal reporting of users of the online store and to improve its functionality.
Withdrawal of Consent for Personal Data Processing:
Art. 9.
- 9.1. A user who does not wish for all or part of their personal data to continue to be processed by the Company for specific or all processing purposes may, at any time, withdraw their consent for processing by sending an email from the address with which their profile is registered. By doing so, they will confirm the ownership of the respective profile in the online store.
- 9.2. By withdrawing consent for the processing of personal data that is mandatory for creating and maintaining a profile in the online store, the user's profile will be deactivated. In such a case, the user may continue to browse the online store and access the offered services or create a new registration.
- 9.3. The user may, at any time, withdraw their consent for the processing of personal data for profiling or direct marketing purposes by notifying the Company in writing.
- 9.4. The withdrawal of consent does not affect the lawfulness of the processing of personal data that the Company has carried out up to this moment.
Art. 10. A user who does not wish for all or part of their personal data to continue to be stored by the Company may, at any time, express their desire for the deletion of such data through the personal data editing form, unless:
- 10.1. The Company is not obligated to delete personal data if it stores and processes them:
-To exercise the right to freedom of expression and the right to information;
- To comply with a legal obligation that requires processing, as provided for in EU legislation or national law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company;
- For reasons of public interest in the area of public health;
- For archiving purposes in the public interest, for scientific or historical research, or for statistical purposes;
- For the establishment, exercise, or defense of legal claims.
- 10.2. The Company does not delete data it is legally obliged to retain, including for defense against claims made against the publishing company.
- 10.3. The provision of services under Articles 7 to 9 is free of charge, but the Company reserves the right to impose a fee for service in case of repeated or excessive requests.
Rights of the User in the Event of a Security Breach of Personal Data:
Art. 11.
- 11.1. If the Company identifies a security breach of a user's personal data that is likely to result in a risk to their rights and freedoms, it will promptly notify the user via email about the breach and the measures that have been or will be taken.
- 11.2. The Company is not obligated to provide such notification when:
- Appropriate technical and organizational measures have been implemented to protect the data affected by the security breach;
- Subsequent measures have been taken to ensure that the breach will not result in a high risk to the rights of the affected user;
- The notification would require disproportionate efforts.
Recipients of Personal Data:
Art. 12. For the purposes of processing personal data and providing services in the interest of the user, the Company may disclose personal data to data processors with the following functions:
- Data processors: in accordance with the purposes and legal grounds stated in this policy. The mentioned data processors comply with all requirements for legality and security in the processing and storage of personal data.
Transfer of Personal Data to Third Countries:
Art. 13. The Company does not transfer personal data to third countries.
Competent Supervisory Authority:
Art. 14. In case of a violation of their rights according to the above or applicable legislation on personal data protection, each user has the right to lodge a complaint with the Commission for Personal Data Protection, as follows:
Personal Data Protection Commission
Headquarters and Management Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Mailing Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Phone: 02 9153518
Website: www.cpdp.bg
Cookie Files (Cookies):
Art. 15. The Administrator of personal data may use the following types of Cookie files (cookies):
- 15.1. Absolutely Necessary Cookie Files (Cookies):
These files (cookies) are necessary for navigation on the website and for accessing the requested information. Cookie files (cookies) of this type are used when the user registers and logs into the system. These cookie files (cookies) can be either permanent or temporary.
- 15.2. Performance Cookie Files (Cookies):
These cookie files (cookies) collect statistical data about the usage of the website. These files do not contain personal information about the user. All information collected by these cookie files (cookies) is of a statistical nature and is anonymous. The purposes of using these cookie files (cookies) are:
- 15.3. Obtaining statistical data about the usage of the website; 15.4. Evaluating the effectiveness of advertising campaigns.
These cookie files (cookies) can be both permanent and temporary, as well as either first-party cookie files (from the website) or third-party ones.
- 15.5. Functional Cookie Files (Cookies):
This type of cookie files (cookies) is used to store information provided by the user (such as the username, language settings, or location). These files use anonymous information and do not track the actions of users on other websites. The purposes of using these cookie files (cookies) are:
- 15.5. Storing data regarding whether the information has been provided to the user before; 15.6. Improving the quality of interaction with the website as a whole by remembering user preferences.
These cookie files (cookies) can be both permanent and temporary, as well as either first-party or third-party cookie files.
- 15.7. Advertising Cookie Files (Cookies):
This type of cookie files (cookies) is used to limit the number of ad displays and evaluate the effectiveness of advertising campaigns. Advertising cookie files (cookies) are used to manage the advertising materials on the website. They are placed by third parties, such as advertisers and their agents. They can be either permanent or temporary. These files are associated with advertisements on the website provided by other companies.
- 15.8. The cookie files (cookies) can be blocked or deleted, and their action can be restricted through the respective browser settings used by the user.
Changes to the Privacy Policy:
Art. 16. The Company may modify its Privacy Policy by posting a notice on its website.
For any questions, comments, or requests regarding the Privacy Policy, you can contact us:
Company: VIDEOMAX-AVS Ltd. Headquarters and Management Address: Sofia, Lyulin District, 10 Microregion, Block 133, Entrance B, Mailing Address: Same as above Phone: +359 2 9270022 Unified Identification Code (EIK): 040044467 Email: sales@videomaxavs.com
Contact Person: Alexander Cholakov