Überblick
Detailed personal data processing rules for the VPOS.am website, requests, accounts, payment scenarios, CRM/ERP integrations, API, webhooks and logs.
1. Data controller and applicable law
The data controller is Gulian Digital LLC, Tax ID 03030169, legal address: 2502, Kotayk region, Charentsavan, 8th district, 8/24.
Data is processed under the laws of the Republic of Armenia, including the Law on Protection of Personal Data, contracts with clients, requirements of banks, payment providers, fiscal services and information security rules.
2. Data that may be processed
We may process data of website visitors, company representatives, clients, partners, technical administrators, merchant console users, client employees and end customers of merchant projects when such data is required for an agreed workflow.
- name, role, company, website, region and communication language;
- email, phone, messenger, request content and communication history;
- IP address, user agent, referrer, UTM, source URL, event date and time;
- order id, invoice id, payment id, amount, currency, provider reference and payment status;
- CRM/ERP/CMS identifiers, webhook payload, idempotency key, audit logs and technical events.
3. Processing purposes
Data is used to answer requests, prepare offers, conclude and perform contracts, issue invoices, configure payment flows, verify payment status, process webhooks, perform fiscalization, reconciliation, support, security, duplicate prevention and legal compliance.
4. Legal grounds and consent
Processing may be based on voluntary data transfer, consent, contract conclusion or performance, legal obligation, instruction of a client acting as controller, technical necessity to protect the service and other grounds provided by Armenian law.
If a specific operation requires consent, it is requested in the applicable form. If data is transferred by a client within an integration, the client is responsible for lawful collection and transfer of such data to VPOS.am.
5. Data sharing
We do not sell personal data. Data may be shared only within the processing purposes: with banks, payment providers, fiscal services, client CRM/ERP/CMS, hosting, monitoring, support tools, contractors, state authorities or courts where required by law or contract.
6. International transfer and retention
Some technical systems, cloud services, support tools, client CRM/ERP systems, banks, payment providers or contractors may be located outside Armenia. Such transfer is allowed only for the stated purposes and with regard to applicable law, contract and safeguards.
Retention depends on purpose: requests and communication are stored for the communication period and a reasonable period after it; contract, payment, webhook, fiscal and reconciliation records are stored as needed for accounting, audit, refunds, disputes, security and legal compliance.
7. Security
We apply organizational and technical measures: server-side payment status verification, signed webhooks, role-based access, least privilege, sandbox/production separation, sensitive-data masking, critical action logging and limited access to raw payloads.
8. Data subject rights
The data subject may request information on processing, access, correction, update, blocking, deletion, withdrawal of consent or restriction of processing where applicable. Requests are sent to info@vpos.am with enough context to identify the record.
If VPOS.am processes data on behalf of a merchant client, the request may be processed jointly with that client or redirected to the client because the client determines purposes and data scope in its business workflow.
9. Incidents and complaints
In a security incident, we restrict access, preserve evidence, assess affected data, remediate the cause and notify affected parties and authorities where required by Armenian law.
Personal data complaints and requests are sent to info@vpos.am. Users may also use the protection mechanisms provided by the laws of the Republic of Armenia.
FAQ
Who is the VPOS.am personal data controller?
The data controller is Gulian Digital LLC, Tax ID 03030169, registered in the Republic of Armenia.
Where should access, correction or deletion requests be sent?
Requests should be sent to info@vpos.am. To identify the record, include company, e-mail, phone, project, request, account or payment/order id where available.