Privacy Policy
The web page you are viewing –www.raynastoyanova.com – is managed by EP EC Medical Ltd. Sofia, Sredets district, p.k. 1142 g.k. -, bul. Vasil Levski № 42, et. 1, app. 1, BULSTAT 297999709, manager.
This privacy notice aims to provide, in a simple and accessible way, information relating to the processing of your personal data, the purposes for which the data is processed, the measures and safeguards to protect the data processed, your rights and how you can exercise them, to ensure your peace of mind that it is carried out lawfully, fairly and in a transparent manner.
1. CONTROLLER OF YOUR PERSONAL DATA
The administrator of your personal data is EP ES Medical Ltd., Sofia (capital), Municipality. Sofia, Sredets district, p.k. 1142 g.k. -, bul. Vasil Levski № 42, et. 1, app. 1, BULSTAT 297999709, manager.
If you have any questions about the privacy of the processing of your personal data, you can contact us by sending an e-mail request:
privacy@ raynastoyanova.com
In carrying out its activities as a commercial company, ER ES Medical Ltd. processes personal data of individuals (“data subjects”) in strict compliance with the requirements of Regulation (EU) 2016/679, the Personal Data Protection Act, the healthcare regulations and the company’s internal data protection policies.
Our team is aware of the importance and respects the privacy of the personal data of our patients and contractors, therefore, takes all necessary measures to protect and process them in full compliance with national and European legislation.
With regard to children’s data, we take special care and attention.
2. BASIC CONCEPTS YOU SHOULD KNOW:
- “Personal data” means any information relating to an identified natural person or an identifiable natural person (such as name, identification number, location data, online identifier) (“data subject”);
- ‘Processing’ means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘controller’ means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its determination may be laid down in Union or Member State law;
- ‘Health data’ means personal data relating to the physical or mental health of an individual, including the provision of healthcare services, which provides information about his or her state of health, as well as any other information contained in medical prescriptions, prescriptions, reports, certificates and other medical records.
- ‘Recipient’ means the natural or legal person, public authority, agency or other body to whom personal data are disclosed in the cases expressly provided for, whether or not a third party.
3. YOUR PERSONAL DATA IS PROCESSED BY WWW.RAYNASTOYANOVA.COM FOR ONE OR MORE OF THE FOLLOWING PURPOSES, IN ACCORDANCE WITH THE REGULATIONS
- Providing services and/or providing information you request about our products and/or services;
- Compliance with legal obligations as an outpatient care provider, in particular under the Health Act, the Medical Institutions Act and their implementing regulations;
- Compliance with our statutory obligations relating to accounting under the Accounting Act, the Income Tax Act, the Internal Revenue Code and other relevant regulations;
- Contract conclusion and execution, as well as for pre-contractual relations and correspondence needs;
- Other legitimate purposes such as accounting services, maintenance, improvement and security of the company’s website and software systems, protection of the company’s legitimate interests, including in court, etc.
- Protecting our legitimate interests such as: selling products and services through our website, providing marketing and/or advertising information, remarketing, registering customer profiles on our website, providing a quality administrative service, protecting our legitimate interests and/or other interests insofar as they override the interests and/or fundamental rights and freedoms of data subjects.
4. PERSONAL DATA IS PROCESSED ON ANY OF THE FOLLOWING GROUNDS:
-
- Your express, freely given, specific, informed and unambiguous voluntary consent;
- On the basis of the performance of a contract between us or under statutory provisions or in connection with our intention to enter into such a contract;
- The processing is necessary to comply with our legal obligation or to protect your interests or the interests of another person or to protect our legitimate interest.
The personal data on the health condition of patients is processed by ER ES Medical Ltd. on the following basic basis, in addition to the above:
- Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving his or her consent;
- The processing is necessary for the purposes of preventive medicine, medical diagnosis, the provision of health or social care or treatment, or pursuant to a contract with a health care professional;
- The processing is necessary for the protection of the public interest in the field of public health (e.g. protection against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and medicinal products or medical devices)
We ensure that this special category of personal data is collected and processed under the authority of medical professionals bound by the obligation of professional secrecy under applicable law.
ER S Medical Ltd. collects the personal data of customers/patients (online or offline) on the basis of a voluntary consent, on the basis of a contract or by virtue of legal provisions.
Consent already given may be withdrawn by the person at any time in the same way as it was given, in cases where consent is the sole basis for processing the data and there is no other legal basis for processing. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
6. GROUPS OF PERSONS WHOSE DATA ARE PROCESSED
In connection with the services provided, EP EC Medical Ltd. processes information about the following Data Subjects:
1. Natural persons using the Site with registration;
2. Individuals using the Site without registration when placing an order;
4. Individuals who have made enquiries (including calls), requests, signals, complaints or other correspondence to www.raynastoyanova.com;
5. Individuals whose information is contained in inquiries (including by call), requests, signals, complaints or other correspondence addressed to www.raynastoyanova.com.
7. WWW.RAYNASTOYANOVA.COM OPROCESSES THE FOLLOWING CATEGORIES OF PERSONAL DATA:
You decide whether and how to use the services provided through the Site.
The forms used to enter personal data shall clearly indicate the nature of the provision – mandatory or voluntary. Mandatory data are those without which it is impossible to provide the service and/or part of it.
- In order to provide you with the information you have requested, to perform a health service you have requested, a consultation, registration of an account on our website, a purchase from our e-shop and its delivery, the processing of a request for participation in a clinical trial, we collect the following basic information about the data subject – name, address, telephone number, email address; delivery address, billing address, bank account and/or other payment details;
- In order to prepare your personalized advertisements, to provide remarketing and performance measurement, to improve the usability of our website, we collect and process your IP address;
- When providing the health services requested by you, we also collect the following personal data – personal identification number, date of birth and/or age, data from an identity document, health-related data – about diseases and their treatment, results of various tests – blood count, X-rays, etc.
- In order for the treatment process to proceed properly and to facilitate more accurate diagnosis, as well as more effective and timely treatment tailored to individual needs, it is sometimes necessary to collect special categories of personal data – information revealing racial or ethnic origin, genetic data, gender data, data on sexual life, social and family identity.
The website www.raynastoyanova.com uses the following types of cookies:
Our own and third-party cookies to manage site content, produce personalised ads, measure results and analyse traffic. Learn more about our Cookie Policy.
You will also find information about the data collected through the log files on our website.
8. WWW.RAYNASTOYANOVA.COM HAS THE RIGHT TO PROVIDE YOUR PERSONAL DATA TO THE FOLLOWING POSSIBLE RECIPIENTS:
1.Competent public authorities in compliance with legal requirements, including the Ministry of Health, regional health inspectorates, the NRA, the NSSI, the NSI, or any other public authority that has a legal basis for obtaining relevant data for financial, insurance, control and other lawful purposes;
- Medical professionals working in other medical institutions.
- Subcontractors providing information maintenance and security of the company’s software systems;
- Courier service providers; payment/banking service providers; marketing/telemarketing service providers; market research service providers; insurance companies.
- Other persons, if required by applicable law.
Transfer of personal data to a non-EU country or international organisation
ER EC Medical Ltd. does not intend to transfer your personal data to third parties without first informing you and obtaining your consent to do so. Data transfers outside the EU are only permissible to companies that have signed standard data protection clauses adopted by the European Commission or a data protection supervisory authority, or contractual clauses authorised by such a supervisory authority.
Social networks
Your access to social networks such as Facebook, Instagram and TikTok, to Google, YouTube, Twitter and other such sites requires separate registration and acceptance of the terms and conditions of these sites. ER EU Medical is not responsible for the protection of your personal data upon acceptance of these terms and conditions. Please read the terms and conditions of these sites in detail.
9. EP EC Medical Ltd. will retain your personal data for the following periods:
As a data controller , ER ES Medical Ltd. processes data for a minimum period of time in accordance with the purposes of processing and as provided for in the applicable legislation in accordance with the principle of storage limitation.
- Users’ personal data will be stored for the period of the service itself and for 5 years from the date of the service, which is also applicable to your voluntary consent to communicate with us, for orders from our e-shop, for marketing purposes and/or advertising information.
You can always ask us to delete certain information or to close your account, and we will respond to that request by retaining certain information even after the account is closed where applicable law or legitimate interests require it.
- Information received from enquiries and messages via the contact forms on our website, via WhatsApp, Viber, e-mail or SMS including that received from the clinical trial referral form – up to 5 months.
- Personal data contained in accounting documents shall be kept for the statutory periods in accordance with Article 12 of the Accounting Act and other applicable acts.
- All documents and information related to the treatment of patients in the medical centre, with the follow-up of the health history, are kept in accordance with the time limits specified in the legislation.
- In cases where CCTV footage is available for the relevant site, it shall be retained for up to 30 days.
ER ES Medical Ltd stores personal data on electronic media, access to which is limited – only to employees directly or indirectly related to their processing, to the medical case, to the specific purchase of our service or product.
We have appropriate security measures in place to prevent the accidental loss, alteration, disclosure, use and/or unauthorised access to personal data. Our information infrastructure contains safeguards against unauthorized access, and we use state-of-the-art database and software application protections. We have also put in place procedures to deal with any suspected personal data breach and will notify you and the relevant authorities of a breach where we have a legal obligation to do so.
9. YOUR RIGHTS AS A DATA SUBJECT ARE AS FOLLOWS:
- Request access to and a copy of your personal data;
- Request that your personal data be transferred to another controller;
- To correct inaccurate personal data as well as data that is no longer relevant;
- Request that your personal data be deleted when:
- the personal data are no longer necessary for the purposes for which they were collected;
- when you have withdrawn your consent;
- where you have objected to the processing,
- where the processing is unlawful;
- where the personal data must be erased in order to comply with a legal obligation under EU or Member State law that applies to us as a data controller;
- where the personal data have been collected in connection with the provision of information society services.
- You have the right to request that the processing of your personal data be restricted, in which case the data will only be stored but not processed. Our refusal to restrict will only be expressly in writing, and we are obliged to justify it with the lawful reason;
- You have the right to withdraw your consent to the processing of your personal data at any time by making a request to ER ES Medical Ltd;
- You have the right to object to certain types of processing, such as direct marketing (unsolicited advertising messages);
- You have the right not to be subject to a decision based solely on automated processing, including profiling.
- You have the right to lodge a complaint directly with the supervisory authority, which for EP ES Medical Ltd. is the Commission for Personal Data Protection with address. Sofia 1592, Sofia 1592 Blvd. “1595 Prof. 2 and website: cpdp.bg
If you wish to make a request, exercise any of your rights mentioned above, or lodge a complaint regarding the processing of your personal data, you can do so by contacting us directly at privacy@raynastoyanova.com.
10. POLICY FOR VOLUNTARY SETTLEMENT OF DISPUTES:
-
It is our policy to voluntarily settle any disputes that arise in relation to the processing of your personal data and for this we would welcome it if you would first contact our Data Protection Officer before making a complaint directly to the supervisory authority.
This Privacy Notice was last updated on 10 December 2024 and complies with the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Act.
For the correct implementation of Regulation (EU) 2016/679, for compliance and for the fulfilment of the obligations of the personal data controller, all internal procedures and rules required by the legislation are applied in ER EU Medical Ltd.