Privacy policy

Privacy Policy

Introduction

This Privacy Policy aims to explain all the basic principles that the provider of the website getvanga.com ("the Website") follows and all the necessary measures taken for the data privacy of its users. The security and proper use of personal data is of utmost importance to us.

Terms below shall have the following meanings:

  1. "Eri Digital" means Eri Digital Ltd., having its registered seat and address of management in 11 Mila Rodina str., Sofia 1408, Bulgaria, registered in the Trade Register by the Registry Agency with UIC 204956791 and represented by Ruslan Leteyski.
  2. "Users" mean online store owners who are authorized to use the Product of Eri Digital. Users may be only fully empowered natural persons of age or legal entities, represented by their legal or duly authorized proxies. For the purposes of this Privacy Policy Users will also mean natural persons that visit the website and have not concluded a contract for providing the product of Eri Digital.
  3. "License" means the Product license granted to the User by Eri Digital.
  4. "Website" means getvanga.com
  5. "Third parties" means any other persons, organizations and authorities, besides Eri Digital and the User.

This Privacy Policy also provides information about the rights the users have in relation to the processing of personal data by Eri Digital Ltd. (the provider of this website)

For the convenience of the users, in many places this Privacy Policy outlines examples that illustrate why and/ or how Eri Digital Ltd. processes personal data. These examples are not part of this Privacy Policy and are not exhaustive.

Basic principles for the processing of personal data

We process personal data lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");

We process personal data collected for specific, explicit and legitimate purposes and do not further process them in an incompatible with those purposes manner ("purpose limitation");

The processed personal data are appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("minimization of data");

The processed personal data may be kept up to date at any time by taking all reasonable measures to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are being processed ("accuracy");

The personal data processed by us are stored in a form that allows the data subject to be identified for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");

The personal data processed by us are stored in a manner that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures ("integrity and confidentiality");

Data controller

Data controller is "Eri Digital" Ltd., registered in the Republic of Bulgaria in the Trade Register by the Registry Agency with UIC 204956791, with seat and registered address in the city of Sofia 1408, Triaditsa District, 11 Mila Rodina Str., entr. D, apt. 80 (referred to in this Privacy Policy as "Eri Digital").

In the event you have questions about the privacy in Eri Digital or you want to contact us about a privacy issue, you may contact us at the following e-mail: support@getvanga.com.

This Privacy Policy may be changed in accordance with national and European laws. Any changes will take effect as of the publication on this page. We encourage you to check our website often to see the latest changes. Our privacy policy will not be altered in such a way as to allow less privacy to our customers and users without their consent.

What personal data we process

Merchant information:

  • Data from Shopify's Shop resource (merchant name, email, phone, etc.)
  • Analytics data from using the dashboard of our app via FB pixel and GA

Customer information:

  • orders history information excluding customer name, email, address or phone.

Cookies:

  • Essential cookies for the proper functioning of our website

How do we use personal information?

  • We use merchants personal information to communicate with them, bill them and operate the app
  • We use customers offer history to train our recommendation engine and provide our upsells service

Categories of persons to whom we disclose user personal information

Information about the User is an important part of our business and we do not sell it to third parties. Eri Digital may share personal information of its Users (or part of it) only as described below and with third parties who observe practices that are at least as protective as those described in this Privacy Policy.

Eri Digital can share personal information of its Users with third parties who are Data processors. Data processors are persons who process personal data on behalf of Eri Digital on the basis of a written agreement. They are not allowed to process the personal data they have been provided with for purposes other than the performance of the work assigned to them by Eri Digital. Data Processors are required to follow all of the Eri Digital's instructions.

Eri Digital takes the necessary steps to ensure that the engaged processors strictly adhere to Eri Digital's personal data protection policies and instructions and that they have taken appropriate technical and organizational measures to protect personal data.

Examples of Data processors are

  • Providers of web based data storage services;
  • Service providers for deploying and / or maintaining information systems that are sometimes required to access personal data processed in the respective systems for the purpose of providing the services;
  • Payment Service Providers may be Data processors in some events;

Eri Digital may share personal information of Users with attorneys, account houses, or other consultant service providers in case of dispute or for optimization purposes;

Eri Digital can share personal information of its Users with banks and payment institutions. In connection with the servicing of consumer payments made by bank transfer or through a payment institution, it is necessary to exchange data between Eri Digital and the respective bank or payment institution.

Third persons in connection with the transformation (e.g. merger or acquisition) or transfer of an enterprise. In the event of an Eri Digital transformation, as well as in the event of transfer of assets in accordance with the applicable law, it is possible that the personal data of the Users administered by Eri Digital may be provided to a third person who is the legal successor.

Authorities. The legislation of the Republic of Bulgaria requires Eri Digital to store certain User personal data for a certain period of time. Where legally established preconditions exist, such personal data processed by Eri Digital should be provided to the competent authorities.

What methods we use to protect your personal information

We work hard to protect the security of your information during the transmission by using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, technical and procedural guarantees regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we can sometimes ask for proof of identity before disclosing personal information to you. Devices that store your personal data offer security features to protect against unauthorized access and data loss. It is important to protect yourself against unauthorized access to your computers and devices.

How long do we store your personal data?

Eri Digital stores personal information of Users for as long as necessary to meet the purposes set out in this Privacy Policy or to comply with legal requirements.

Upon the expiration of the deadlines for the processing of personal data, they are anonymized or deleted/ destroyed unless:

  • are required for pending court, arbitration, administrative or enforcement proceedings, or upon appeal by the consumer concerned, to be dealt with by Eri Digital; or
  • a User has exercised his/ her right to request a limitation of the processing of his/her personal data;

Eri Digital makes efforts to ensure that processed user data is updated (and corrected if necessary) and that unnecessary data is not being stored.

As a general rule, we delete all merchant information after 1 year of inactivity.

General Information on the Rights of Individuals

Eri Digital takes actions at the request of an individual to exercise the rights under this section only if it is able to identify the person concerned.

Only persons who can be identified by Eri Digital have the ability to exercise their rights under this section. If the purposes for which Eri Digital processes personal data do not require or no longer require the identification of an individual, Eri Digital is under no obligation to maintain, obtain or process additional information to identify the person for the sole purpose of taking action at the request of that person.

Eri Digital notifies individuals of the action taken within one month of receiving a request under this section, and in certain cases this period may be extended by up to two months.

Eri Digital provides individuals with information on the actions taken in connection with their requests for exercising rights under this Section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by a further two months, taking into account the complexity and the number of requests. Eri Digital informs the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay.

In the event of a rejection, Eri Digital notifies the individuals concerned of their rights.

If Eri Digital does not take action at the request of an individual, Eri Digital shall notify him/ her without delay within one month of receipt of the request for the reasons not to act and of the possibility of filing a complaint to the Commission for Personal Data Protection and seeking legal protection.

In certain cases, Eri Digital may request additional information to verify the identity of the individuals

If Eri Digital has reasonable concerns about the identity of the individual submitting a claim under this section, Eri Digital may request the provision of additional information necessary to verify the identity of the individual.

The actions taken by Eri Digital regarding claims for exercising rights under this section are completely free to individuals unless their claims are manifestly unfounded or excessive. When a person's claim is manifestly unfounded or excessive (for example because of its repeatability), Eri Digital is entitled, in its sole discretion: (a) to refuse to execute the request; or (b) require the payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.

Users of the website shall have the following rights:

Right of access by the data subject

Users have the right to obtain from Eri Digital information on whether personal data relating to them is being processed. If so, users have the right to access the relevant data.

Right to rectification

In the event that personal data processed by Eri Digital is inaccurate or out of date, users are entitled to require Eri Digital to correct them.

Right to erasure ("right to be forgotten")

Users have the right to request from Eri Digital the deletion of personal data related to them in the following cases:

  • Personal data are no longer needed for the purposes for which they were collected or processed;
  • The user has withdrawn his/ her consent on which the processing of personal data is based and no other legal basis for the processing of the data;
  • The user has objected to the processing of personal data based on the legitimate interest of Eri Digital, unless there are other legitimate grounds for the processing that take precedence over the interests, rights and freedoms of the user or the processing of data is necessary for the establishment, the exercise or protection of legal claims;
  • The user has objected to the processing of personal data for direct marketing purposes and there are no other legitimate grounds for processing this data;
  • Personal data relating to the user concerned have been tampered with;
  • Personal data must be deleted by Eri Digital in order to comply with a legal obligation under the law of the Republic of Bulgaria or the law of the European Union.

Right to restriction of processing

As of 25.05.2018, users have the right to request Eri Digital to restrict the processing of personal data related to them in the following cases:

  • The accuracy of personal data is contested by the user for a period that allows Eri Digital to verify the accuracy of personal data;
  • The processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;
  • Eri Digital no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claim;
  • The user has objected to the processing of personal data based on the legitimate interest of Eri Digital, pending verification that Eri Digital's legitimate grounds have an advantage over Eri Digital's interests.

Right to data portability

As of 25.05.2018, users have the right to obtain from Eri Digital the personal data provided by them in a structured, widely used and machine readable format, as well as to transfer this data to another Controller without hindering Eri Digital, insofar as:

  • Eri Digital processes these data for the purpose of concluding or executing a contract with the consumer or on the basis of an agreement of the latter; and
  • The processing of relevant data is done in an automated manner.

Users have the right to request Eri Digital to transfer their personal data directly to another Controller when this is technically feasible.

Right to object

Consumers are entitled, at any time and on grounds relating to their particular situation, to object to the processing of personal data relating to them when Eri Digital processes their data to protect their legitimate interests.

In certain cases, this right is unconditional and Eri Digital will always discontinue the processing of data upon consumer objection.

For example, these are the cases where Eri Digital processes personal data for direct marketing purposes.

In other cases, depending on the nature of the objection and the circumstances exposed by the user, Eri Digital will conduct an internal review of the objection and will rule thereon in accordance with this section by: (a) informing the consumer that it will cease processing of his/ her personal data; or (b) reasonably refuses to discontinue the processing of his/ her personal data, provided there is a legitimate reason for doing so.

You have the right to access, correct, delete, restrict, and limit your access to your personal information, and your portability through our built-in GDPR module.

Right of appeal to a supervisory authority

Users have the right to file complaints or alerts with the Commission for Personal Data Protection (CPDP) if they believe Eri Digital violates privacy laws. Instructions for submitting complaints are posted on the CPDP website: https://www.cpdp.bg

After 25.05.2018, consumers may also submit complaints to other supervisory authorities within the European Union as provided for in Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) or also called "GDPR".