Personal Data Privacy Policy
This Privacy Policy reveals to you the basic information you need to know about how MEDICAL CENTER VARIX CLINIC EOOD, UIC 204273500, with seat and registered address in the city of Sofia, 1614, Ovcha Kupel area, residential area of Gorna Banya, 7 Orehovski Dol Str. (“VARIX CLINIC MC”, “we”, “the Controller”), protects the personal data it processes and controls in relation to you (“your personal data”) and what rights you have in relation to the processing of your personal data. Personal data protection is of utmost importance for VARIX CLINIC MC EOOD. We want the processing your data to be completely open and transparent to you. It is possible for you to visit the website without processing your personal data, but in some cases, for example when you use special functionalities of the website, we carry out specific processing of your data in order to facilitate and perform the desired services. If we consider that we do not have a legal basis for processing certain categories of data, we will seek your explicit consent for their processing.
As a personal data administrator, MEDICAL CENTER VARIX CLINIC EOOD has implemented a number of technical and organizational measures to ensure high protection of personal data processed through the website. However, obtaining information over the Internet generally carries higher risks, so we cannot guarantee absolute protection. For this reason, each data subject is free to provide us with information through alternative means, e.g. by telephone.
The regulation on personal data and their processing is governed, fundamentally, by Regulation (EU) 2016/679 and the Personal Data Protection Act.
General Data Protection Regulation
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) has direct effect, but at the same time constitutes a framework law (the so-called omnibus), which to some extent implies an amendment to the legislation of the Member States in the field of personal data protection, as well as the possibility of introducing specific provisions in order to adapt the application of rules contained in the GDPR. Its purpose is to protect the rights and freedoms of natural persons and to ensure that personal data are not processed without their knowledge and, where necessary, that they are processed with their consent.
Scope of the General Data Protection Regulation
Material scope (Article 2 GDPR) – this Regulation applies to the processing of personal data in whole or in part by automatic means, as well as to the processing by other means of personal data (e.g. manually and on paper) which are part of a register of personal data or which are intended to form part of register with personal data.
Territorial scope (Article 3 GDPR) – the GDPR rules will apply to all data controllers established in the EU who process personal data of individuals in the context of their activity. It will also apply to non-EU controllers who process personal data for the purpose of offering goods and services or if they monitor the behaviour of data subjects residing in the EU.
FUNDAMENTAL CONCEPTS
Personal Data – any information relating to an identified natural person or an identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person.
Special categories of personal data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership of trade unions and the processing of genetic data, biometric data for the unique identification of an individual, data relating to health, or data concerning the sexual life of an individual or sexual orientation.
Processing – any operation or set of operations which is performed on personal data or on sets of personal data by automated or other means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing – marking of stored personal data in order to restrict their processing in the future.
Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, and in particular to analyse or predict aspects relating to the performance of that natural person’s professional duties, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
Pseudonymisation – the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without using additional information, provided that it is stored separately and is subject to technical and organizational measures to ensure that the personal data are not associated with an identified or identifiable natural person;
Controller – any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes, conditions and means of the processing of personal data; where the purposes and means of processing are determined by EU law or Member State law, the controller or the specific criteria for their nomination may be designated by EU law or by Member State law;
Processor – means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Data subject – any living natural person who is the subject of the personal data held by the controller.
Consent of the data subject – any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or clear affirmative action, which expresses his consent to the personal data relating to him being processed.
Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed;
Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be regarded as “recipients”; the processing of such data by those public authorities complies with the applicable data protection rules according to the purposes of the processing.
Third party – any natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data.
Article 4 of the GDPR contains the definitions of each of the above concepts.
Principles we follow when processing your data
MEDICAL CENTER VARIX CLINIC EOOD in its capacity of administrator of your data, as well as all its employees and third parties to whom MEDICAL CENTER VARIX CLINIC EOOD has assigned work on business processes related to Personal Data, process Personal Data following the following principles:
lawfulness, good faith and transparency referred to in Article 5 GDPR. The policies and procedures of MEDICAL CENTER VARIX CLINIC EOOD aim to ensure compliance with these principles.
We process your personal data lawfully, in good faith and providing you with clarity about the processing processes carried out.
PURPOSE LIMITATION
Any processing of Personal Data has specific lawful purposes and these purposes are indicated in advance to the Data Subjects when collecting their Personal Data. Personal data is not collected for undefined purposes.
We do not allow any further use of Personal Data for other purposes that are not compatible with the original purpose for which it was collected. Below you can get acquainted with the purposes for which we collect, process and use personal data.
DATA MINIMISATION
We collect and process only the personal data that is necessary to fulfil the relevant purpose.
DATA ACCURACY
We make efforts to keep your personal data accurate and up to date, and if not – we provide the opportunity to have it corrected within a short time.
DURATION OF DATA RETENTION
Regarding the retention period, we delete all personal data as soon as we no longer need it for the fulfilment of their original purpose and all statutory retention periods are no longer applicable. The statutory retention periods are the leading criterion for the specific duration of the storage of personal data. Upon the expiry of this period, the relevant data are routinely deleted. If the retention period is still applicable, the processing is restricted by blocking the data.
INTEGRITY AND CONFIDENTIALITY
Personal data is processed in a manner that ensures an appropriate level of security, including but not limited to providing protection against unauthorized or unlawful processing and against accidental loss, destruction or damage;
ACCOUNTABILITY
We have procedures in place to enable us to demonstrate compliance with the principles listed above, any policies under this privacy policy, and any mandatory provisions of applicable law.
Who is responsible for your personal data?
The administrator of personal data is MEDICAL CENTER VARIX CLINIC EOOD, a sole proprietorship with limited liability, entered in the Commercial Register at the Registry Agency under UIC 204273500, with headquarters and an address of management: city of Sofia, 1614, Ovcha Kupel area, residential area of Gorna Banya, 7, Orehovski Dol Str., managed by Angel Radev.
Who is the authority you can lodge a complaint with?
If you believe that we are processing your personal data in an incorrect way, you can contact us. You also have the right to lodge a complaint with the Data Protection Commission. Address: city of Sofia, postal code 1592, 23 2 Professor Tsvetan Lazarov Blvd.; tel.: 02/915 35 18; 02/915 35 15: Email: kzld@cpdp.bg; web: www.cpdp.bg
Cookies
You can read the Cookie Policy at https://www.varixclinic.bg/ here /active link/.
Purpose and legal basis for the processing of personal data
We process personal data necessary for the legitimation, processing and performance of the services we offer, using Article 6, Section 1b of the GDPR as the legal basis. If we need to use external service providers for authorized data processing, the legal basis for this processing will be Article 28 of the GDPR.
We collect, process and use your personal data for the following purposes only:
Purpose of data processing Legal basis for the processing of personal data (“why is personal data processing necessary”)
– When contact is made and for the related correspondence Based on your consent
– Sending mailing list Based on your consent
– When responding to your inquiry Based on your consent
– For the technical implementation of our services Based on legitimate interests
Collecting and processing of personal data
We collect and process your personal data only when it is voluntarily provided by you with your knowledge, for example, when you fill in a contact form or send us an email.
Personal data that we collect through contact form of the website
Like many websites, we also use a contact form located on the website.
Each time you send us a message via the contact form, you share the following personal data: names, email, phone. In certain cases, the message may also contain other data constituting personal information. These data are processed by MEDICAL CENTER VARIX CLINIC EOOD for the purposes of communicating with the contact person; sending an offer. The data you send to us is stored by the provider of the e-mail service on their server, which is located in the Republic of Bulgaria.
Personal data that we collect through our mailing list.
MEDICAL CENTER VARIX CLINIC EOOD provides visitors to the website with the opportunity to subscribe to receive news, events and special business offers through a mailing list that is sent irregularly to the email address provided by the user.
When you sign up for our mailing list, you share the following personal data: names, phone and email. The personal data collected as part of the registration for the mailing list will only be used to send our mailing list. During registration, we also store the IP address of the operating system assigned by the Internet Service Provider (ISP) and used by the data subject during registration, as well as the date and time of registration. The collection of this data is necessary to understand the (possible) misuse of the data subject’s email address at a later time and therefore serves as a legal remedy for the Controller.
If you do not wish to receive our mailing list in the future, a link is found in each email providing you with the opportunity to object to the processing in question and not to receive messages in the future. You can also unsubscribe from receiving email messages at any time by sending a message to info@varixclinic.bg.
Use of content and services by third parties
Use of Google Map
On this page, we use Google Maps (API), a service provided by Google LLC, 1600 Parkway Amphitheater, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service that provides interactive maps to visually display geographic information. This service is used to display our locations and make it easier for you to reach us.
When you visit our sub-pages with an integrated Google Maps service, information about your use of the site (such as IP address) is sent to Google’s servers in the US and stored there. This happens regardless of whether you are logged in to your Google account and even have one. If you are logged in to your Google Account, the information is directly attributed to it. If you do not want this information to be attributed to your Google Account, you must sign out before activating the button. Google stores the data (even for users who are not logged in) as user profiles and analyses them as such. Any such evaluation occurs in accordance with Article 6, Section 1f of the GDPR, based on Google’s legitimate interest in providing personalized advertising, market research, and/or user-based design of its website. You have the right to object to the creation of such user profiles. To exercise this right, you need to contact Google.
Google LLC, having its headquarters in the United States, is certified under the European Union and United States Privacy Shield Framework, which ensures compliance with the privacy levels required by the European Union.
If you do not agree with the provision of your data to Google in the future together with the use of Google Maps, you can completely disable the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and the maps presented on this website will no longer be able to be used after deactivation.
You can read Google’s terms of use at www.google.de/intl/en/policies/terms/regional. Further terms of use for Google Maps can be found at www.google.com/intl/en_US/help/terms_maps.html Detailed information on the protection of personal data together with the use of Google Maps can be found on Google’s website (“Google Privacy Policy”): www.google.de/intl/en/policies/privacy
Use of Facebook
On the website we use integrated plugins of the company Facebook. Facebook is a social network. Social network is a place for social meetings on the Internet, an online community that allows users to communicate with each other and interact in a virtual space. The social network can serve as a platform for exchanging views and experiences, as well as enabling users to provide personal or business-related information. Facebook allows users of the social network to create their own profiles, upload photos, and make friends.
The address of the company Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a Facebook user is located outside of the United States or Canada, the administrator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland.
Upon each visit to one of the pages of the website, which is managed by MEDICAL CENTER VARIX CLINIC EOOD and in which Facebook plugins are integrated, the web browser of the data subject’s information system is automatically prompted to download the respective Facebook plugins from Facebook. An overview of all the plugins Facebook provides can be found at: https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook receives information about the pages of the website that have been visited by the data subject.
If the data subject is logged in to their Facebook account at the same time, Facebook identifies each user’s visit to the website, the time spent, the pages they visited. This information is collected through the Facebook plugins and associated with the respective Facebook profile of the data subject.
If such transmission of information between the website and Facebook is undesirable for the data subject, then he or she may prevent this by logging out of his or her Facebook account before visiting the website.
The Data Protection Guide published by Facebook, available at https://facebook.com/about/privacy/, provides information about Facebook’s collection, processing, and use of personal data. In addition, you can find information in it about the privacy setting options that Facebook provides to protect your personal data. Moreover, various configuration options are available that make it possible to remove data transfer to Facebook.
Use of YouTube
There are integrated YouTube components on our website. YouTube is an internet video portal that allows video publishers to upload videos for free, while also providing free viewing, reviewing, and commenting on them by other users. YouTube allows you to post all types of videos so you can access full movies and TV shows, as well as music videos, trailers, and videos created by users through the Internet portal.
YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Pkwy Amphitheater, Mountain View, CA 94043-1351, USA.
Each time a call is made to a separate page on our website on which a YouTube component is integrated (YouTube video), the data subject’s information technology internet browser is automatically prompted to download a screen on the respective YouTube component. Further information about YouTube can be obtained at https://www.youtube.com/yt/about/. During this technical procedure, YouTube and Google gain knowledge about which specific sub-page of our website was visited by the data subject.
If the data subject is logged in to YouTube, it recognizes with each call-up to a sub-page containing a YouTube video which specific sub-page of our website was visited by the data subject. This information is collected by YouTube and Google and is reported in the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website if the data subject is logged in to their YouTube account during the visit to our website; this is regardless of whether the user clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not desirable for the data subject, it may be prevented if the data subject logs out of their own YouTube account before visiting our website.
YouTube’s data protection regulations are available at https://www.youtube.com/yt/about/policies/ and provide information about YouTube’s collection, processing, and use of personal data.
Use of Retargeting Tools
On our website, https://www.veintreatment.eu/ , we use so-called retargeting technology. We use retargeting to categorize different site users into user groups. Depending on the user group, we then reach out to page visitors on other web pages or apps with personalized ads for our products or services.
For this purpose, we use the following products provided to us by service providers: Facebook Custom Audience/Facebook Pixel/Google AdWords User Lists/Google Dynamic Remarketing
Facebook Customer Audience and Facebook Pixel
Facebook Custom Audience and Facebook Pixel are products of Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Facebook”). Our web page uses Facebook Pixel from Facebook, which creates a direct connection to Facebook’s servers. That is why the fact that you have visited our page is transmitted to the Facebook server. Facebook attributes this information to your personal Facebook account if you have such and if you are logged in. If you also visit other pages that use Facebook Custom Audience/Facebook Pixel, this information is also associated with your personal profile. However, we cannot see which other pages you are visiting. If you are not a Facebook user or are not logged in when you visit our page, your visit will not be attributed to your Facebook profile.
For more information on protecting your privacy on Facebook, please visit Facebook’s privacy information at www.facebook.com/about/privacy. Specifically, you can manage the content and information you share during your use of Facebook through the Log tool or download from Facebook through the Download your data tool.
Google AdWords User Lists and Google Dynamic Remarketing
Google AdWords User Lists and Google Dynamic Remarketing are products of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Our page uses a pixel provided by Google that creates a direct connection to Google’s servers. That is why the fact that you have visited our page is transmitted to Google’s server. Google associates this information with an individual ID that is stored on your terminal in the form of a cookie or provided by your terminal (“advertising ID” on smartphones). If you also visit other pages that use Google AdWords User Lists/Google Dynamic Remarketing, this information is also associated with your personal identification number. However, we cannot see which other pages you are visiting.
Withdrawal
You may renounce the use of retargeting tools on our page at any time, for one or more tools. Please use the cookie settings or the following links to do so:
withdrawal/active link/ from Facebook Custom Audience/Facebook Pixel
withdrawal/active link/ from Google AdWords User Lists/Google Dynamic Remarketing
For each instrument, we store an opt-out cookie on your terminal device, which is valid for an indefinite period of time. If you are accessing our page from different end devices, you should opt out of the use of retargeting tools on each device, as we cannot connect multiple devices to individual visitors. By opting out, you will stop the integration of the described pixels and prevent data exchange with Facebook and Google.
You can also disable personalized advertising directly through ad networks. For more information, please go directly to Google and Facebook pages/active link to https://support.google.com/ads/answer/2662922?hl=bg and https://www.facebook.com/ds/preferences/?entry_product=ad_settings_screen
What are your rights?
Right to Information and Access
At any time, you have the right to request information about your personal data that we store. You can contact us, after which your personal data will be provided to you by e-mail.
Right to Rectification
Subject to the principles of data accuracy, you have the right to request the rectification of your personal data if it is not correct, including the completion of incomplete personal data.
Right to Erasure (“right to be forgotten”)
You have the right to ask MEDICAL CENTER VARIX CLINIC EOOD to erase all personal data without undue delay when:
• the data is no longer needed for the original purpose of the processing – (and there is no new legitimate purpose);
• the processing of the data does not meet the criteria for legality;
• when we receive a reasoned objection or withdrawal of consent against the processing in question.
Right to Data Portability
When MEDICAL CENTER VARIX CLINIC EOOD processes your personal data in an automated manner on the basis of your consent or on the basis of an agreement, you have the right to receive a copy of your data in a structured, commonly used and machine-readable format transferred to you or to another party. This includes only the personal data you have provided to us.
Right to object to processing based on a Legitimate Interest
You have the right to object to the processing of your personal data carried out on the basis of the legitimate interest of the Administrator. The latter will not continue to process your personal data unless it is proved that there are compelling legal grounds for doing so, which override your interests and rights, or are necessary for the establishment, exercise or defence of legal claims.
Right to Withdraw the Given Consent
You have the right to withdraw your consent at any time and as easily as you have easily provided it when the processing is based on consent and MEDICAL CENTER VARIX CLINIC EOOD has no other legal basis for the processing in question. If you withdraw your consent, all data processing operations that are based on the consent given and were carried out before its withdrawal – and in accordance with the data protection principles – remain lawful.
Right to Restrict Processing
You have the right to request that MEDICAL CENTER VARIX CLINIC EOOD restrict the processing of your personal data in the following circumstances:
• if you claim that your data are inaccurate, MEDICAL CENTER VARIX CLINIC EOOD must restrict the processing pending the outcome of the verification of the accuracy of the personal data;
• if you object to processing based on a legitimate interest of the Administrator, the latter will restrict the processing of the data pending the outcome of the verification of legitimate grounds;
• if the processing is unlawful, you can object to the deletion of your personal data and request the restriction of their use instead;
• if MEDICAL CENTER VARIX CLINIC EOOD no longer needs the personal data, but they are necessary for the exercise or defence of legal claims.
How can you exercise your rights?
For us, the protection of personal data is of paramount importance, which is why we are ready at any time to process your requests in relation to the above rights. You can exercise the above rights to info@veintreatment.eu by sending us a scanned copy of your request containing the following information:
• names, email and phone that will help us identify you;
• description of the request;
• signature, date of submission of the request and e-mail address.
We will review the request submitted and return a response to the email you provided within one month of submitting the request.
Updating Privacy Policy
This privacy policy has been duly approved by Medical Center VARIX CLINIC EOOD. The Privacy Policy will be regularly updated to reflect changes in the way we process your personal data and any changes to applicable laws. The new policy will be posted on this website and indicate the date we updated it. It will be effective from the date of publication on the website.