Data Protection Policy
for the user of the Platform
I. INFORMATION FOR THE COMPANY IN THE CAPACITY OF ADMINISTRATOR
II. PURPOSES OF THE DATA PROTECTION POLICY
1. This Data Protection Policy provides information on how your personal data will be collected and processed by the Company, in connection with providing the Services, for the purposes of protecting your personal data and your rights as data subject.
2. By accepting the T&Cs of the Website you agree to the collection and use of your personal data according to the requirements, including, but not limited to Regulation (EU) 2016/679, the data protection legislation of the Republic of Bulgaria and the guidelines and instructions of the Bulgarian Commission for Personal Data Protection.
III. TYPES OF PERSONAL DATA
1. For the purposes of this Data Protection Policy the Company shall collect the following personal data:
- name and surname
- phone number
IV. MEANS OF COLLECTING PERSONAL DATA
1. The Company shall collect your personal data by the following means:
1.1. direct communication: during correspondence by phone, email, the “Quick contact” form on the Website etc.
1.2. indirect means: through “Cookies” (see the Cookies Policy for further information)
V. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
1. Your personal data will be processed on grounds of your consent which is explicit, unconditional and freely given by marking the respective field on the Website, titled My Health Diet.
2. With the consent of this Section V, par. 1 you declare the following:
2.1. you are aware that the Company is an administrator of personal data.
2.2. you have become familiar with this Data Protection Policy and therefore you have been provided with full, accurate and comprehensible information regarding the Company, the purposes and grounds for processing of your personal data, the term for keeping your personal data, the receivers of personal data and the cases when it is necessary to send personal data to third parties.
2.3. you give your consent for the Company to process your personal data for the following purposes, in accordance with Regulation (EU) 2016/679 and the applicable Bulgarian legislation:
2.3.1. fulfilling legally established obligations (e. g. issuing an invoice and others)
2.3.2. management and protection of the Company’s commercial activities
2.4. you are informed of your right to withdraw your consent at any time, as well as of your other rights under this Data Protection Policy and Regulation (EU) 2016/679
VI. PURPOSES FOR USING PERSONAL DATA
1. The Company shall use your personal data for the following purposes:
1.3. fulfilment of the Agreement
1.2. fulfilling obligations set in a law or another legal act
1.3. management and protection of the Company’s commercial activities (including book-keeping, analyzing the use of Services by Clients etc.)
2. The Company may use your personal data for other purposes, different from those under 1 above, when these purposes are compatible with the purposes under par. 1 and in accordance with Regulation (EU) 2016/679.
VII. PROVIDING PERSONAL DATA TO THIRD PARTIES
1. For the purposes of Section VI the Company has the right to provide your personal data to the following third parties:
1.1. the National Revenue Agency and other institutions, established in the Republic of Bulgaria, in fulfilment of legally established obligations.
1.2. service providers, such as technical support etc.
1.3. professional consultants, such as lawyers, accountants, auditors, insurance companies etc.
2. The Company shall provide your personal data to the parties under 1 above under the condition that the third parties process the personal data in accordance with the applicable legislation, including by applying all security measures, as well as under the condition not to use your personal data for their own purposes.
VIII. SECURITY MEASURES
1. In order to guarantee the security of your personal data, the Company has undertaken the necessary technical and organizational measures, in full compliance with Regulation (EU) 2016/679, including measures which ensure:
1.1. confidentiality, entirety, availability and stability of the processing systems.
1.2. timely recovery of personal data and of access to it in cases of physical or technical incidents.
1.3. managing security violations regarding personal data and notifying the competent authorities for such violations.
1.4. regular inspection and evaluation of the measures’ effectiveness for the purpose of guaranteeing the security of processing activities.
1.5. selection of operators to which the Company provides personal data for processing purposes.
IX. TERMS FOR KEEPING PERSONAL DATA
1. The Company keeps and processes your personal data for the terms determined in the applicable legislation, as well as for terms appropriate for the purposes of collecting the personal data:
1.1. the length of terms which are not legally determined depends on the purpose for collecting personal data, or on the specific legal grounds (e. g. when a consent has been given, it can be withdrawn at any time)
1.2. according to legal provisions applicable for the Company’s activities, contractual obligations and internal rules, the terms for keeping and processing personal data are:
1.2.1. for accounting documents: 10 years
1.2.2. for documents for which no accounting document has been drafted: 2 years as of the date the Service has been fully provided
X. YOUR RIGHTS
1. The applicable legislation grants you certain rights in connection with the protection of your personal data, including rights to:
- access personal data
- correct personal data
- delete personal data
- object to the processing of personal data
- limit the processing of personal data
- withdraw the consent for processing personal data
- transfer personal data to a third party (right to receive your personal data in a structured, commonly used and machine-readable format and the right to transfer these data to another administrator, under legally established conditions)
2. Along with the rights under par. 1 and in case you consider your data protection rights to have been violated by the Company, you can file an appeal to the supervising authority for protection of personal data:
Commission for Personal Data Protection
Address: Bulgaria, city of Sofia, p.c.1592, 2 Prof. Tsvetan Lazarov Blvd.
Phone number: 02/91-53-555 and 02/91-53-519
This Data Protection Policy has been adopted on 01.09.2021 and represents an inseparable part of the T&Cs, announced on the Company’s Website.