PRIVACY AND DATA PROTECTION POLICY

This Privacy and Personal Data Protection Policy notice, which is collected from users of the https://medicopharm-k.com website , is to inform you of how your personal data will be collected and used. 

If you disagree with any of the terms set out, it is advisable that you do not visit the website and do not use our services and products of any kind.

The PRIVACY POLICY IS LEGALLY APPLICABLE

 following the enactment and implementation of the General Data Protection Regulation (GDPR) in Bulgaria. This Regulation (EU) 2016/679 of the European Union was adopted to unify the policies of EU Member States relating to the collection and use of personal data.

In accordance with Regulation 2016/679, “personal data” means any information relating to an identified or identifiable natural person, directly or indirectly. This includes identifiers such as name, identification number, location data, online identifier and the like that can reveal your identity. Such information may include your real name, address, phone number, passwords to access our website, IP address, and more.

It is important to understand that data that cannot directly or indirectly identify you as an individual does not fall within the scope of personal data.

Our current Privacy and Data Protection Policy applies to your personal data when you visit https://medicopharm-k.com or use our services. It does not cover other websites or services that are not under our control.

PERSONAL DATA CONTROLLER

Those responsible for the collection, processing and storage of personal data of users of our website are:

Medicopharm-K EOOD, as the data controller.

The data controller collects and processes all personal data in accordance with the data protection laws in force in the European Union.

SUPERVISORY AUTHORITY. Data Protection Authority, Sofia, Sofia Blvd. “Proff. 2 Tsvetan Lazarov

GROUNDS FOR COLLECTION OF PERSONAL DATA

The collection and processing of your personal data by us, the e-shop https://medicopharm-k.com , is carried out in accordance with the legal grounds:

  • With your explicit consent;
  • In order to perform a contract with you;
  • In accordance with a legal obligation that affects us;
  • In order to protect the legitimate interests of us or third parties.

As a data controller and provider of the services you provide, https://medicopharm-k.com complies with and applies legally established rules and procedures, which include:

  • Informing you about the types of data we use;
  • We make clear the purposes for which we use it;
  • We state the need for your consent to their use, especially where additional services are provided based on this data;
  • We provide the option to change the consent given for different purposes through this website so that you have more control;
  • We provide the possibility to delete them and the right to “forget”;
  • We identify any third parties or other companies with whom we share your data.

PRINCIPLES FOR COLLECTING AND PROCESSING PERSONAL DATA

The Controller complies with the following regulated principles when processing your personal data:

  • Legality, fairness and transparency;
  • Limitation of the purposes of processing;
  • Relevance of the data collected to the purposes of the processing and data minimisation;
  • Data accuracy and timeliness;
  • Non-profiling of personal data;
  • Non-use of personal data for direct marketing;
  • Limitation of storage to the period necessary to achieve the objectives;
  • Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

WHAT DATA DOES THE ELECTRONIC SHOP medicopharm-k.com COLLECT :

BEFORE ACCESSING OUR WEBSITE AND SERVICES, PLEASE CONSENT TO THE USE OF YOUR PERSONAL DATA.

We, as the controller, do not collect or store “sensitive” categories of personal data such as political beliefs, ethnic origin, sexual orientation, etc. If we receive such data, we delete it immediately.

Personal data collected by us includes:

Data provided via a contact form on the website.

Data collected when contacting us directly by telephone or email.

Personal data collected automatically, such as IP address, browser identifier, etc.

Personal data collected when placing an order, such as first name, last name, e-mail, address and telephone number.

Personal data provided when registering on the website.

The controller respects the principles of lawfulness, transparency and purpose limitation of the processing of personal data. We provide the possibility to modify and delete data, as well as to manage consents.

The personal data collected is used to communicate, deliver services and maintain contact with our website users.

PERSONAL DATA OF THIRD PARTIES

The controller only uses data provided voluntarily and in accordance with legal requirements.

It is the responsibility of each user not to disclose to Medicopharm-K Ltd. data about third parties, violating their data protection rights.

Each person shall bear unlimited personal liability if they provide data to third parties without their consent, regardless of the type or purpose of the data.

MINORS

The Controller does not collect or necessarily erase personal data of persons under the age of 18 unless required by law.

VISIT

For more information about our use of cookies, please consult our medicopharm-k.com cookie policy .

PURPOSES FOR PROCESSING PERSONAL DATA

The controller collects and processes personal data for the following purposes:

  • To provide the services we offer;
  • To process orders;
  • For communication by e-mail or telephone;
  • For providing services on medicopharm-k.com ;
  • For the conclusion and performance of contracts;
  • For accounting and statistical purposes;
  • For marketing and analytical purposes.
  • For information security protection.

If we change the purposes for which we process your personal data, we will notify you and ask for your explicit consent to process according to the new purposes.

Access to personal data processed by us is granted to persons for whom this is a legal or contractual obligation, as well as supervisory or judicial authorities (Financial Supervisory Commission, judicial authorities, public prosecutor’s office, investigative authorities, etc.). Access to your personal data by these authorities is lawful.

HOW LONG WE WILL KEEP THE PERSONAL DATA RECEIVED

We keep your data for the period necessary to achieve the purposes for which we process it. The storage will continue until we have a reason for storing it.

If the basis for storing your personal data ceases to exist, we will delete or destroy it securely.

We store different types of personal data for certain periods of time according to their purpose:

Personal data of persons who make an enquiry via the contact form on the website is stored for up to 3 months after the enquiry is sent.

Personal data of persons who make an enquiry by telephone is stored for up to 1 month after the conversation.

Personal data collected when registering on the website is stored until the registration is deleted or the website is operational.

Personal data collected when placing an order is stored for a period of five years after the expiry of the limitation period for the repayment of the public debt, unless legal provisions require a longer period (e.g. documents pursuant to the Accountancy Act and/or the Tax and Social Security Procedure Code).

Traffic data shall be stored in accordance with the Electronic Communications Act for a period of 6 months and shall be transmitted to the competent authorities and institutions only in accordance with legal requirements.

WHERE PERSONAL DATA IS STORED

The personal data we collect is stored on servers located in the territory of the Republic of Bulgaria.

The storage of your personal data continues for a period no longer than necessary to achieve the stated purposes or until the suspension of the provision of services and/or the functioning of the website.

SECURITY MEASURES

To protect your personal data, the controller adopts various technical and organizational measures. All employees are aware of

security policy and access to personal information is restricted to certain qualified individuals. Sensitive information is protected by encrypting data sent over the Internet.

Despite the measures taken, we cannot guarantee absolute security of the website, electronic communications and databases as they may be subject to errors, tampering and intrusions.

DISCLOSURE OF PERSONAL DATA

Personal data will not be disclosed to third parties unless there is your express, informed and free consent, or if this is necessary for the performance of a contract or by law.

RIGHTS OF DATA SUBJECTS UNDER THE DATA PROTECTION ACT

Each data subject has the following rights:

The data subject has the following rights regarding the protection of his or her personal data:

Right of access: the data subject has the right to obtain confirmation from the Controller whether his or her personal data are being processed, as well as the right to access the relevant information.

Right to rectification.

Right to erasure (right to be forgotten): In certain circumstances, if the subject considers that the processing of his or her personal data is unlawful or if he or she has withdrawn his or her consent, he or she has the right to have his or her personal data erased.

Right to restriction of processing: subject to certain conditions, the subject has the right to request restriction of the processing of his or her personal data, for example if he or she doubts the accuracy of that data or if he or she objects to processing.

Right to object: In certain circumstances, if the subject considers that there are legitimate reasons relating to his or her particular situation, he or she has the right to object to processing of his or her personal data.

Right to data portability: If the personal data are processed pursuant to the subject’s consent or for the purposes of performance of a contract, the subject has the right to request the provision of his or her personal data in a machine-readable format for transfer to another data controller.

Right to lodge a complaint with a supervisory authority: The data subject has the right to lodge a complaint with the competent supervisory authority concerning the processing of his or her personal data.

The data subject may exercise these rights by means of a free text.