PRIVACY POLICY

Last updated: 17 April 2026

1. Introduction

Format Vision (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website formatvision.net (the “Website”), engage our services, or use a reward-based platform we operate.

This Policy is issued in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Bulgarian Personal Data Protection Act.

2. Data Controller

The data controller responsible for your personal data is:

ФОРМАТ ВИЖЪН ЕООД (Format Vision EOOD)
Registered office: 15, Krasna Kitka str., Sofia, Bulgaria
UIC (EIK): 130466745
VAT: BG130466745
Email: mail@formatvision.net
Phone: +359 (2) 856 4941

For any questions about this Policy or to exercise your rights, please contact us using the details above.

Note: Where Format Vision operates a reward-based platform on behalf of a client, the client is the data controller for end-user personal data processed through that platform and Format Vision acts as a data processor. In such cases the client’s privacy policy applies to the loyalty programme.

3. Personal Data We Collect

Depending on your interaction with us, we may collect the following categories of personal data:

3.1 Website visitors:

  • Identification data: name, surname (if provided via contact form);
  • Contact data: email address, phone number, company name;
  • Technical data: IP address, browser type and version, device information, operating system, referral source, pages visited, time and date of visit;
  • Communication data: content of any messages you send via the contact form or by email.

3.2 Clients and prospective clients:

  • Business contact details (name, role, company, email, phone);
  • Billing and invoicing information (company registration details, VAT number, bank account);
  • Contract and communication records;
  • Project materials you share with us.

3.3 End users of reward-based platforms (processed on behalf of our clients):

  • Account data (name, email, phone, password in hashed form);
  • Receipt and invoice images;
  • Purchase and points history;
  • Reward redemption records;
  • Address details for reward delivery.

3.4 Candidates and job applicants:

  • CV, cover letter, contact details and any other information you choose to provide.

4. How We Collect Your Data

We collect personal data:

  • Directly from you (contact forms, email, phone, in meetings, in contracts);
  • Automatically when you browse the Website (via cookies and similar technologies — see Section 10);
  • From third parties where permitted by law (e.g. publicly available business directories).

5. Purposes and Legal Bases for Processing

We process personal data on the following legal bases under Article 6 GDPR:

PurposeLegal basis
Responding to your enquiries submitted via contact forms or emailYour request / pre-contractual steps (Art. 6(1)(b))
Providing our services and performing contracts with clientsPerformance of a contract (Art. 6(1)(b))
Issuing invoices and meeting accounting, tax and statutory obligationsLegal obligation (Art. 6(1)(c))
Operating and securing the WebsiteLegitimate interest in running and protecting our business (Art. 6(1)(f))
Direct marketing to existing clients about similar servicesLegitimate interest, subject to your right to object (Art. 6(1)(f))
Marketing communications to non-clientsYour consent (Art. 6(1)(a))
RecruitmentPre-contractual steps / your consent (Art. 6(1)(b) / (a))
Processing data for our clients’ loyalty programmesBased on instructions from the client (as data processor under Art. 28 GDPR)

6. How We Share Your Data

We do not sell personal data. We may share data with:

  • Clients, where you participate in a loyalty programme we operate for them;
  • Service providers acting as our data processors (hosting, IT support, email, CRM, analytics, payment processors, printing and logistics partners) under written data processing agreements;
  • Professional advisers (lawyers, accountants, auditors) under duties of confidentiality;
  • Public authorities, where required by law or in response to a lawful request;
  • Third parties in connection with a merger, acquisition or sale of business assets, with appropriate safeguards.

7. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). Where a service provider is located outside the EEA, we ensure the transfer is protected by appropriate safeguards under GDPR, such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Contact form enquiries: up to 12 months after the last interaction;
  • Client records and contracts: for the duration of the engagement and 5 years afterwards, or longer if required by Bulgarian accounting and tax law (up to 10 years for accounting records);
  • Marketing subscribers: until you withdraw consent;
  • Reward-platform end-user data: as instructed by the client data controller and in line with the applicable programme terms;
  • Job applications: up to 6 months after the recruitment process, unless you consent to longer retention;
  • Website logs and cookie data: as set out in our Cookie Policy.

9. Your Rights under GDPR

You have the following rights in relation to your personal data:

  • Right of access — to obtain confirmation of processing and a copy of your data;
  • Right to rectification — to have inaccurate or incomplete data corrected;
  • Right to erasure (“right to be forgotten”) — to have your data deleted, subject to legal retention obligations;
  • Right to restriction of processing — in specific circumstances;
  • Right to data portability — to receive your data in a structured, machine-readable format;
  • Right to object — to processing based on legitimate interests or for direct marketing;
  • Right to withdraw consent — at any time where processing is based on consent, without affecting the lawfulness of prior processing;
  • Right not to be subject to automated decision-making, including profiling, with legal or similarly significant effects.

To exercise any of these rights, please contact us at mail@formatvision.net. We will respond within one month of receiving your request, as required by GDPR.

Right to lodge a complaint. If you consider that our processing infringes data protection law, you have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни):

  • Address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
  • Website: www.cpdp.bg
  • Email: kzld@cpdp.bg

or with the supervisory authority of your country of residence.

10. Cookies and Similar Technologies

The Website uses cookies and similar technologies to ensure functionality, analyse traffic and improve user experience.

10.1 Types of cookies we use:

  • Strictly necessary cookies — required for the Website to function and cannot be switched off;
  • Performance/analytics cookies — help us understand how visitors use the Website (e.g. Google Analytics);
  • Functional cookies — remember your preferences;
  • Marketing cookies — used to deliver relevant content and measure campaign effectiveness (e.g. Meta Pixel).

10.2 Consent. Non-essential cookies are only set after you give consent via our cookie banner. You can withdraw or change your preferences at any time via the cookie settings link on the Website or via your browser settings.

10.3 Third-party services. The Website may use third-party services (Google Analytics, Meta/Facebook, LinkedIn) which set their own cookies; please refer to their privacy policies for details.

11. Data Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or disclosure, including:

  • Encrypted data transmission (HTTPS/TLS);
  • Access controls and authentication;
  • Regular backups;
  • Staff training on data protection;
  • Contracts with processors containing GDPR-compliant data protection clauses.

No system is 100% secure. In the event of a personal data breach likely to result in a high risk to your rights, we will notify you and the competent supervisory authority as required by GDPR.

12. Children’s Privacy

Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Third-Party Links

The Website may contain links to third-party websites. This Privacy Policy does not apply to those websites, and we encourage you to review their own privacy policies.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Website with a new “Last updated” date. Material changes will be communicated via a prominent notice on the Website or by email where appropriate.

15. Contact

For any questions, requests or concerns about this Privacy Policy or our data-processing practices, please contact us:

ФОРМАТ ВИЖЪН ЕООД (Format Vision EOOD)
Registered office: 15, Krasna Kitka str., Sofia, Bulgaria
UIC (EIK): 130466745
VAT: BG130466745
Email: mail@formatvision.net
Phone: +359 (2) 856 4941