From May 25th, 2018 new General Data Protection Regulation (GDPR adopted by the European Union enters into force. The regulation aims to ensure the protection of data of individuals from all EU Member States and to harmonize the regulations for their processing. As a personal data administrator for the provision of online services in the commerce sector, VIKIWAT Ltd (https://vikiwat.com) meets all the requirements of the new regulation by collecting only the personal data of the individuals that are necessary for the provision of the online orders service, and keeps them responsibly and legally.
VIKIWAT Ltd. operates in accordance with the Personal Data Protection Act and Regulation (EC) 2016/679 of the European Parliament and of the Council of April 27th , 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of persons such data.
1. "Personal data" means any information relating to an identifiable natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more signs specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that individual;
2. "Processing" means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing through transmission, dissemination or other means by which data becomes available, arranged or combined, limited, deleted or destroyed;
3. "Restriction of processing" means the marking of stored personal data in order to limit its processing in the future;
4. "Personal data record" means any structured set of personal data accessed in accordance with certain criteria, whether centralized, decentralized or distributed according to a functional or geographic basis;
5. "Administrator" means a natural or legal person, a public authority, an agency or other entity which, alone or jointly with others, defines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be established in Union law or in the law of a Member State;
6. "Personal data processor" means a natural or legal person, a public authority, an agency or other entity that processes personal data on behalf of the controller;
7. "Third party" means a natural or legal person, a public authority, an agency or other authority other than the data subject, the controller, the data processor and the persons under the direct authority of the controller or the processor of personal data are entitled to process personal data;
8. "Personal data breach" means a security breach that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;
Information about Privacy Data Administrator
1. Name: VIKIWAT Ltd.;
2. UIC / VAT: 160138003;
3. Address of registration: Bulgaria, Plovdiv, 4003, 17 Ticha Str.;
4. Address of the activity: Bulgaria, Plovdiv, 4002, 3, Mostova Str.;
5. Correspondence address: Bulgaria, Plovdiv, 4002, 3, Mostova Str.;
6. E-mail: email@example.com;
7. Phone: +359/ 0700 45 445, +359/032/643 219;
8. Website: https://vikiwat.com
Information about Supervisory Authority
1. Name: Commission for Personal Data Protection;
2. Seat and address of management: Sofia 1592, 2 Prof. Tsvetan Lazarov Str.;
3. Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Str.;
4. Phone: +359/02/ 915 3 518;
5. Email: firstname.lastname@example.org, email@example.com;
6. Website: www.cpdp.bg
Reasons for collecting, processing and storing your personal data
Art. 1. (1) VIKIWAT Ltd. is owner of a website: https://vikiwat.com and collects, processes and store your personal data in connection with online sales based on Art. 6, par. 1 Regulation (EC) No 2016/679 as to be able to deliver the goods/services, as well to issue the necessary documents accompanying the sale under the legislation in Bulgaria and European Union, in particular on the basis of the following:
- Your explicit consent as a customer;
- Processing for the fulfillment of the obligations of VIKIWAT Ltd. under contract with you;
- Compliance with a legal obligation that applies to VIKIWAT Ltd;
- For the purposes of the legitimate interest of VIKIWAT Ltd.
(2). VIKIWAT Ltd. is an administrator of personal data regarding your data as customers of our offline stores and online based store:https://vikiwat.com.
Goals and principles of collecting, processing and storing your personal data
Art. 2. (1) VIKIWAT Ltd. collects and processes personal data which you provide to us in connection with the use of our online store( https://vikiwat.com) for online based orders; for purchases from our physical stores; for using our after-sale service; for warranty and non-warranty repair services; for enrollment for participation in our events; also for for the following purposes:
- Creating a USER account with a username and password, and providing full functionality when purchasing from our e-shop (https://vikiwat.com) - tracking order history, checking status of your orders, checking what personal data we collect for you in the section: My GDPR, incorrect personal data editing or any change, deletion of data/profile;
- Online orders from the e-shop without registration - by phone, by e-mail/contact form - for the purpose of delivery of the goods/services;
- Processing online orders or services from our e-shop- by email/contact form or by phone. The legal basis for collection personal data here is the need to execute a sales contract and to fulfill legal obligations (e.g. accounting documents).
- STOCK notifications for goods. In case you want to be notified by phone or by email when we have a product back in stock or when we expect to receive a supply, we process your personal data for this purpose.
- Customer support. In order to provide customer service and eliminate possible problems with the execution of the sales contract we process your personal data on the basis of the necessary performance of these contracts. Providing technical support by phone, email or in house.
- Communication. We use the collected data to communicate with you and adapt it individually. We can contact you by phone, e-mail or other form to remind you that you have an online order pending; to assist you with completing your order; to inform you of current status of your inquiry, order or claim; to receive other information from you or to alert you that you must take action to maintain active status on your account.
- Improving services. We use personal data to continuously improve our services and system, including the creation of new features on our website, and at the same time to make informative decisions using aggregate analysis and business research - all on the basis of our legitimate interest arising from business freedom and the need to improve the services provided to succeed in economic competition. In order to provide sufficient protection of your rights and interests, we use your personal data in anonymous form.
- Protection, safety and dispute resolution. We can process personal data for legitimate interest which consists in providing protection and security to our systems and our customers, to detect and prevent fraud, to resolve disputes and to implement our agreements on legitimate grounds.
- Video recordings from CCTV. In our offline stores and spaces, VIKIWAT uses cameras to protect the legitimate interests of the company. All spaces where the cameras are located are always marked with a warning label and text that there is a video surveillance.
- Marketing proposals
- Newsletter by email (commercial message)
We send you commercial messages by email for similar products that you have purchased from us; promotional discount codes; new hot deals; up-to-date news for our company; our blog articles and advices; upcoming or ongoing supplies and other useful information.
- You can always unsubscribe from our newsletter by using the termination link that you will find in any email or directly from your account. In case you end the subscription to the newsletter, we will not use your electronic contacts for this purpose. We will start using them again if you register or explicitly request it.
- The marketing suggestions displayed to you can be selected based on other information we have gained for you over time - from your contact information, demographics, bookmarks, and data about our products and website (cookies, IP address, data provided by your browser, click data, depicted commercial messages, products visited). We do not perform automated processing that would have legal consequences for you.
- You have the right at any time to object to such processing free of charge. The contact details are listed at the beginning of this document.
(2) VIKIWAT Ltd. respects in the processing of your personal data are and the principles of such processing are:
- The principle of legality, integrity and transparency of the processing of personal data - the collection of personal data should be within the required limits.
- The principle of minimizing data as well as limitation of purposes and storage - personal data must not be used for purposes other than those for which they were collected, except with the consent of the individual or in the cases expressly provided for in the law. Personal data must be kept for no longer than is necessary for the purposes for which personal data are processed;
- The principle of accuracy and timeliness - personal data must be accurate, accurate, complete and up to date as necessary for the purposes for which they are being processed.
- The principle of integrity and confidentiality - personal data must be processed in a way that ensures an appropriate level of security of this information including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by applying appropriate technical or organizational measures.
(3) The personal data of VIKIWAT Ltd. (https://vikiwat.com) customers are processed and stored in register "Customers".
(4) When processing and storing personal data, VIKIWAT Ltd. may process and store personal data in order to protect its legitimate interests in fulfilling its obligations to the Bulgarian National Revenue Agency (NRA), Bulgarian Ministry of Interior (MI) and other state and municipal authorities.
Provision of personal data to third parties
Art.3. (1) Your personal data will be disclosed to third parties or intermediary parties only if it is necessary in the course of performance of the contract of sale on the basis of a legitimate interest or if you have given prior consent. These data can be given at the following parties:
- Suppliers and shipping companies in order to deliver the products or services you have purchased from us, and/or resolve complaints, including denial of the contract.
- Other service providers of third parties involved in data processing;
- Third parties, e.g. legal representatives, courts for the purpose of collecting claims or signing different contracts with you;
- On State Authorities (e.g. Police)
- Third-party surveys (If third parties use the data within their legitimate interest, the administrator is not responsible for this processing, which is governed by the privacy practices of the companies and individuals concerned).
What types of personal data collect process and store VIKIWAT Ltd?
Art. 4. (1) VIKIWAT Ltd. (https://vikiwat.com) performs the following personal data operations for the following purposes:
- User registration in our online shop (https://vikiwat.com) and performance of a contract for the purchase of a good/service. This operation is intended to open a client account that is password protected with password chosen by you. Within the customer profile you get a direct access to your personal data in section: My GDPR including options for editing, downloading, and deletions; tracking your orders/history, option for subscription to newsletter and more. MY GDPR section offers you a number of advantages to managing your personal information at any time.
- Purchase of goods from the e-shop without registration - by phone / email / contact form for execution of a contract for purchase of goods / service. For the purpose of this operation, it is necessary to require information about the product/s; SKU#; name and surname; contact phone; complete and accurate delivery address; special instructions and preferences to deliver the goods. In this case, we periodically delete your personal data every 2 years. If you wish to receive information about your personal data, you can always do so at the contacts listed at the beginning of this document.
- Sending information messages. For the purpose of this activity, we inform the customer of various changes regarding the order placed - change in the stock availability; different parameters; promotional discount codes; new promotions; how-to tips and useful articles; information on terms and prices of delivery of goods offered on request and other specifications.
- Sending a newsletter - the purpose of this operation is administration of our newsletter by sending to customers who have declared they wish to receive news, hot offers, promo codes;
(2) VIKIWAT Ltd. (https://vikiwat.com) processes the following categories of personal data and information for the following purposes and on the following grounds:
Your personal data:
- IP address - location;
- User's IBAN - to refund relevant amounts for claims and / or cancellation of the contract.
- PayPal, Epay - we keep track of transaction data like the number and date of a tax event that confirms a payment made to the online store. When payments are made through these payment systems, your data is administered and processed by them.
Purpose for which data is collected:
- Registration of a user, orders with / without registration on the website, orders by telephone, email / contact form;
- Contacting the customer by email or telephone to clarify details such as place and delivery time; product specifications; notification of order received in the system; buying advice and technical assistance; notification of product availability; approving or declining orders, declaring a claim status, repairing status and others.
- Sending information including express request - to send newsletters and advertising messages.
Reason for processing your personal data - By accepting our General Terms and Conditions on the website, as well as purchasing a good in any possible way, VIKIWAT Ltd. and you are creating a contractual relationship on which we process your personal data - art. 6, para. 1, b. (b) GDPR.
- Additional data provided by you - If you want to make or add a profile you can fill in more than one shipping address, additional phone number, additional email and etc.
Purpose for which data is collected:
- Adding user information to his / her user account.
- Other data that VIKIWAT Ltd. processes – When visiting our website or accessing your account, VIKIWAT Ltd. (https://vikiwat.com) collects data about the IP address used.
Purpose for which data is collected:
- Improving service security and interface localization, statistical and marketing research.
Grounds for data processing: Processing is necessary to fulfill a contract to which the data subject is a party - Art. 6, para. 1, b. (b) of the GDPR. Until the creation of a user profile, the IP address is collected on the basis of the legitimate interests of the controller - Art. 6, para. 1, b. (f) by GDPR;
- Your Personal Invoice Data - If you wish to receive an invoice as an individual, VIKIWAT Ltd does not require you to provide your personal ID card number. We only require a name and surname.
Purpose for which data is collected: Issuing an invoice to make payments for the purchased good or service
Reason for processing your personal data - By accepting the General Terms and Conditions or making a registration of the website, or upon the conclusion of a written contract, VIKIWAT Lthd and you create a contractual relationship, on which basis we process your personal data - art. 6, para. 1, b. (b) GDPR.
(3) VIKIWAT Ltd. (https://vikiwat.com) does not collect or process personal data that relate to the following sensitive information:
- racial or ethnic origin;
- political, religious or philosophical beliefs, or membership of trade unions;
- genetic and biometric data, health data;
- ID number;
- Credit/debit cards data.
(4) Personal data collected by VIKIWAT Ltd. (https://vikiwat.com) is only from the individuals to whom they refer.
Privacy, processing and storage of personal data
Art. 5 (1) VIKIWAT Ltd. (https://vikiwat.com) stores your personal data for a period no longer than the existence of your account on our website. Upon expiry of this period, VIKIWAT Ltd takes the necessary measures to erase and destroy all your data without undue delay.
- Access to your client account is only possible after you have set your personal password. In this context, we want to note that you should not share your password with third-parties and after completing your activity in the user account, you should always close the window of your web browser, especially when using/sharing your computer with other users. VIKIWAT Ltd. (https://vikiwat.com) is not responsible for misuse of the passwords used unless this situation is directly caused by VIKIWAT Ltd.
(2) VIKIWAT Ltd. informs you in case data storage period needs to be extended in order to meet the objectives, performance of the contract, in view of the legitimate interests of VIKIWAT Ltd. or otherwise.
(3) VIKIWAT Ltd. keeps all personal data that it is required to keep under the applicable legislation in the Republic of Bulgaria and the EU for the respective envisaged term, which may exceed the duration of your registration (i.e. for accounting documents).
(4) Your personal data is transmitted to us in a coded (encrypted) form. We use secure socket layer (SSL) encryption system. On our website and other systems we maintain technical and organizational measures against loss and destruction of your data, against unauthorized access to your data, modification or distribution.
Art. 6 (1) The processing and storage of personal data is for a time, unconditionally necessary for securing all rights and obligations arising from the sale contract, for the time of the order and the 2-year warranty period for individuals after the end of the warranty period in order to resolve potential disputes and / or complaints.
(2) For the duration of VIKIWAT Ltd. (https://vikiwat.com) as an administrator of personal data is obliged to store them according to the general obligatory legal regulations. Accounting documents, e. g. invoices issued by VIKIWAT are archived in accordance with the law of Bulgaria for a period of 10 years from their issuance.
(3) The agreement to the notification of stock availability remain in force until dispatch of the availability information but the longest for up to 1 year or until its cancellation.
(4) Consent for marketing proposals is valid until cancellation.
(5) Video surveillance recordings of the stores of VIKIWAT Ltd. and around the buildings of the company are processed for a maximum of 5 days from the date of the acquired video recording. In other cases, the processing time is determined by the processing goal or set by the legal requirements in the field of personal data protection.
Your rights in the collection, processing and storage of your personal data
Withdrawal of consent to process your personal data
Art. 7 (1) If we process your personal data, you can at any time request free information about this processing by email to: firstname.lastname@example.org (or other possible and convenient for you ways) or to check the section on your client’s profile: My GDPR.
(2) If you do not wish all or any of your personal data to continue to be processed by VIKIWAT Ltd. for any or all processing purposes, you may at any time withdraw your consent to processing by expressing this wish to us in any form. If you withdraw your consent to processing your personal data, your personal data will be deleted or replaced by anonymous (encrypted one); but this does not apply to the personal data that VIKIWAT Ltd is required to fulfill for legal obligations (e.g, processing an previously placed order) or to protect its own legitimate interests. Deletion of personal data will also occur if the personal data is not necessary for the intended purpose or the storage of your data is inadmissible on other grounds provided by law. You can do this in the following ways:
- If you are a registered user in section: My GDPR in your account;
- By email to: email@example.com
- Verbally in front of our employee, by phone and all other possible ways.
(3) VIKIWAT Ltd. (https://vikiwat.com) may ask you to prove your identity and the identity with the person to whom the data relate.
(4) With the withdrawal of consent to the processing of personal data that is required to create and maintain your user’ registration, your account will become inactive in our system. Returning an old account and information from it will not be possible.
(5) Claiming to withdraw your consent to processing your personal data may also be made by an authorized person by presenting a power of attorney certified by a notary.
(6) If you believe that we process the personal data contrary to the protection of your personal data and the legal terms and conditions of protection of your personal data, you may require an explanation, require the removal of the condition or you may require correction, supplementation, deletion of personal data or blocking of personal data. Also, you have the right at any time to address your application to the Data Protection Officer or the Personal Data Protection
Right of an access
Art. 8 (1) You have the right to request and obtain from VIKIWAT Ltd. a confirmation for personal data related to you and how is processed in the manner specified in this document.
(2) You have the right to access the data related to it, as well as information relating to the collection, processing and storage of your personal data.
(3) VIKIWAT Ltd. provides you with a copy of the processed personal data relating to you on request in electronic or other appropriate form. For registered users, you can refer to the section: My GDPR and check this information easily at any time. For unregistered users you can email us at: firstname.lastname@example.org or contact us in any convenient for you way.
(4) The provision of access to the data is free of charge, but VIKIWAT Ltd. reserves the right to impose an administrative fee in case of repeatability or excessive demand.
Right to correct or fill in personal data
Art. 9 (1) You may always correct or fill in the inaccurate or incomplete personal data relating to you directly via your account on our website or by sending a request to VIKIWAT by email to email@example.com.
Right to delete ("to be forgotten")
Art. 10 (1) You have the right to request from VIKIWAT Ltd. a deletion of the personal data related to you, and VIKIWAT Ltd. has the obligation to delete them without undue delay when there is any of the following reasons:
- Personal data is no longer needed for the purposes for which it was collected or otherwise processed;
- You withdraw your consent on which the processing of the data is based and no other legal basis for the processing;
- You object to the processing of related personal data, including for the purposes of direct marketing, and there are no legitimate grounds for the processing that have an advantage;
- Your personal data has been processed illegally;
- Personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State that applies to VIKIVAT LTD.
- Personal data have been gathered in connection with the provision of information society services.
(2) VIKIWAT Ltd is not obliged to delete personal data if it keeps and processes it for the following reasons:
- Exercising the right to freedom of expression and the right to information;
- To comply with a legal obligation that requires treatment provided for under EU law or the law of the Member State that applies to the Administrator or for the performance of a public interest task or the exercise of official authority;
- For reasons of public interest in the field of public health;
- For purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
- For the establishment, exercise or protection of legal claims.
3) To exercise your right to be "forgotten", you should do so in section: My GDPR in your account or via email to firstname.lastname@example.org or in another convenient way (verbally in front of an employee, by phone or e-mail) and you must certify your identity and identity with the person to whom the data relate to VIKIWAT Ltd. by submitting a document certifying this information in front of our employee (without an ID card). For identification purposes and if necessary, you will need to enter your login details in the account of the person to whom the data relate to in front of an employee of VIKIWAT Ltd.
(4) VIKIWAT Ltd. does not erase the data which it has a legal obligation to store, including for protection against claims against it or proof of its rights.
Right of limitation
Art. 11 (1) You have the right to require VIKIWAT Ltd. to restrict the processing of your related personal data when:
- Contest the accuracy of personal data for a period which allows VIKIWAT Ltd. to verify the accuracy of the personal data;
- The processing is illegal, but you do not want your personal data to be erased but only to be limited;
- VIKIWAT Ltd. no longer requires personal data for the purposes of processing, but you require them to establish, exercise or protect your legal claims;
- You have reproached the proceedings pending verification that the legal grounds of VIKIWAT Ltd. are advantageous to your interests.
Right of portability
Art. 12 (1) You may, at any time, download the data that is stored and processed for you by the section: My GDPR in your client profile or by requesting it by email to: email@example.com.
(2) You may request VIKIWAT Ltd. to directly transfer your personal data to an administrator you provide when it is technically feasible.
Right to receive information
Art. 13 You may request VIKIWAT Ltd. to inform you of all recipients to whom the personal data for which correction, deletion or limitation of processing has been requested have been disclosed. VIKIWAT Ltd. may refuse to provide this information if this is impossible or requires disproportionate effort.
Right of objection
Art. 14. You may at any time object to the processing of personal data by VIKIWAT Ltd, which apply to you, including if it is being processed for profiling or direct marketing purposes.
Your rights to violate the security of your personal information
Art. 15 (1) If VIKIWAT Ltd. establishes a breach of security of your personal data which may pose a high risk to your rights and freedoms, we shall notify you without undue delay of the violation as well as of the measures taken or to be taken .
(2) VIKIWAT Ltd. is not obliged to notify you if:
- has taken appropriate technical and organizational measures to protect the data affected by the breach of security;
- has subsequently taken measures to ensure that the violation will not lead to a high risk for your rights;
- A notification would require disproportionate efforts.
Art. 16 In case of violation of your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission whose contacts are listed at the beginning of the document.
Art. 17 You may exercise all of your rights to protect your personal data through the samples forms enclosed with this document. Of course, these forms are not mandatory and you can make your claims in any form that contains a statement about it and identifies you as the data holder.
What security measures have we taken in VIKIWAT regarding the security of personal data that you store on our infrastructure?
We at VIKIWAT Ltd. fully understand the importance of the confidentiality of your personal data. We take care of the security of our users and provide all the technical measures to protect the website and every customer. For example, your personal information is stored in encrypted form which makes an access to it impossible.
We would like you to know that we collect and use personal information to better understand your needs and interests and to serve you better.
VIKIWAT recommends you:
- Keep your password!
- Do not provide your password and username to anyone. A person who knows your password has access to your account;
- Avoid using the same password for different accounts
- It's a good and recommended practice to change your password often.
IMPORTANT! VIKIWAT Ltd. will not require you to disclose your password. If you receive a call or an email to verify your order and to provide us with personal bank account information, such as credit cards, please do not provide such information. Any such call or email or phone message should be ignored and may be fraud.
If you find yourself in a similar situation, please contact us immediately at the national telephone line: +359/0700 45 445 (at the price of a local call from a landline telephone) or via e-mails mentioned in this documents or our homepage.