Privacy policy

healthy-story.com (“The Administrator” or “Healthy Story”) with email address: office@healthy-story.com

Information on the competent data protection supervisory authority:

Title: Commission for Personal Data Protection
Headquarters and address of management: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
Phone: 02 915 3 518
Website: www.cpdp.bg.

The controller operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 1 October 2015 on the protection of individuals with regard to the processing of personal data and on the free movement of personal data. data. This information is intended to inform you about all aspects of the processing of your personal data and the rights you have in connection with this processing.

Reason for collecting, processing and storing your personal data

Art. 1. The administrator collects and processes your personal data in connection with the use of the website https://healthy-story.com/, concluding contracts with the company on the grounds of art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • Explicit consent received from you as a client;
  • Fulfillment of the obligations of the Administrator under a contract with you;
  • Compliance with a legal obligation that applies to the Administrator;
  • For the purposes of the legitimate interests of the Administrator or a third party.

Goals and principles in the collection, processing and storage of your personal data

Art. 2. (1) We collect and process personal data that you provide to us in connection with the use of the website https://healthy-story.com/ and the conclusion of a contract with the company, including for the following purposes:

  • Arranging consultations;
  • Individualization of a party to the contract;
  • Accounting purposes;
  • Information security protection;
  • Ensuring the implementation of the contract for the provision of the respective service.

(2) We observe the following principles in the processing of your personal data:

  • legality, good faith and transparency;
  • restriction of processing purposes;
  • relevance to the purposes of processing and minimizing the data collected;
  • accuracy and timeliness of data;
  • limitation of storage in order to achieve the objectives;
  • integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

(3) In the processing and storage of personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:

  • fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal bodies.

What types of personal data is collected, processed and stored Healthy history

Art. 3. The controller performs the following operations with the personal data provided by you for the following purposes:

  • Concluding and executing a trade deal with a client or partner – the purpose of this operation is to conclude and execute a contract with a trade partner or client and its administration. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, an impact assessment is not required to carry out an impact assessment of the operation.
  • Organizing the consultation – the purpose of this operation is to provide contact information in order to arrange the desired consultation. Given the limited scope of the personal data collected, an impact assessment is not required to carry out an impact assessment of the operation.
  • Sending information messages – the purpose of this activity is to administer the process of sending messages to customers that relate to improvements or changes in services. Given the limited scope of the collected personal data, conducting an impact assessment is not necessary to perform an impact assessment of the operation. Art. 4. (1) The controller shall process the following categories of personal data and information for the following purposes and on the following grounds:

Details for requesting a consultation (name, surname, e-mail)
Purpose for which the data are collected:
Receiving contacts of the user in order to provide feedback to arrange a consultation.
Grounds for processing your personal data – Your data for sending a newsletter are processed on the basis of your explicit consent – Art. 6, para. 1, p. (a) GDPR.

Other data processed by the Administrator – When registering for the newsletter, the Administrator collects data on the IP address used.
Purpose for which the data are collected:
Interface localization.
Grounds for data processing – the IP address is collected on the basis of the legitimate interests of the administrator – Art. 6, para. 1, p. (f) the GDPR;

Your details for issuing an invoice to a natural person (PIN)
Purpose for which the data are collected:
Issuance of an invoice for provided services.
Grounds for processing your personal data – Art. 6, para. 1, p. (b) GDPR.

(2) The administrator shall not collect or process personal data, which refer to the following:

reveal racial or ethnic origin;
disclose political, religious or philosophical beliefs, or trade union membership;
genetic and biometric data, health data or data on sexual life or sexual orientation.
(3) The personal data are collected by the Administrator from the persons to whom they refer.
(4) The administrator shall not perform automated decision-making with data.

Term of storage of your personal data

Art. 5. (1) The administrator shall store your personal data for a period not longer than the withdrawal of the consent for processing. The administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (ie to make it in a form that does not reveal your identity).
(2) The Administrator shall store your personal data provided in connection with a request for consultation for a period of 5 years for the purposes of protecting the legal interests of the Administrator in court or administrative disputes, and accounting documents shall be stored for the relevant statutory period.
(3) The Administrator shall notify you in case the term for data storage is necessary to be extended in view of fulfillment of a normative obligation or in view of legitimate interests of the Administrator or otherwise.
Art. 6. The Administrator shall keep the personal data of the legal representatives of its business partners for the term of the contract, for observance of the legitimate interests and legal obligations of the Administrator, and this term may exceed the term of the contract.

Transfer of your personal data for processing

Art. 7. (1) The controller may, at its discretion, transfer part or all of your personal data to personal data processors for the purposes of processing with which you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR) .
(2) The administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent for the processing of your personal data
Art. 8. (1) If you do not wish all or part of your personal data to continue to be processed by the Company for specific or all purposes of processing, you may at any time withdraw your consent to processing by request in free text, which send to email: office@healthy-story.com
(2) The administrator may request that you verify your identity and identity with the person to whom the data relates.

Right of access

Art. 9. (1) You have the right to request and receive from the Administrator confirmation whether personal data related to you are processed.
(2) You have the right to access the data related to you, as well as the information related to the collection, processing and storage of your personal data.
(3) The administrator shall provide you, upon request, with a copy of the processed personal data related to you in electronic or other appropriate form.
(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repetitive or excessive requests.

Right to correct or complete

Art. 10. You may correct or complete inaccurate or incomplete personal data by requesting the Administrator.

Right to delete (“to be forgotten”)
Art. 11. (1) You have the right to request from the Administrator the deletion of part or all of the personal data related to you, and the Administrator has the obligation to delete them without undue delay, when there is any of the following grounds:

  • personal data are no longer needed for the purposes for which they were collected or otherwise processed;
    You have withdrawn your consent on which the data processing is based and there is no other legal basis for the processing;
    You object to the processing of personal data related to you, including for the purposes of direct marketing, and there are no legitimate grounds for processing to take precedence;
    personal data have been processed illegally;
  • personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State applicable to the controller;
    personal data have been collected in connection with the provision of information society services. (2) The controller shall not be obliged to delete personal data if it stores and processes them:

to exercise the right to freedom of expression and the right to information;
to comply with a legal obligation requiring processing provided for in EU or Member State law applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him or her;
for reasons of public interest in the field of public health;
for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
for the establishment, exercise or defense of legal claims.

(3) In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:

information needed to verify that your right to be forgotten has been exercised.

(4) In order to exercise your right to be forgotten, it is necessary to submit an application to the e-mail address: office@healthy-story.com

(5) The administrator may ask you to verify your identity and identity with the person to whom the data relates.
(6) The administrator shall not delete the data, which he has a legal obligation to keep, including for protection on the occasion of court claims against him or proving of his rights.

Right of restriction

Art. 12. You have the right to ask the Administrator to restrict the processing of data related to you when:

challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
the processing is illegal, but you do not want the personal data to be deleted, only the use to be restricted;
The controller no longer needs personal data for the purposes of processing, but you require them to establish, exercise or defend your legal claims;
You have objected to the processing pending verification of whether the legal grounds of the Administrator take precedence over your interests.

Right of portability

Art. 13. (1) You can at any time download the data stored and processed for you in connection with the use of the services of Healthy History, with a request by email.

(2) You may request the Administrator to directly transfer your personal data to an administrator designated by you, when this is technically feasible.

Right to receive information

Art. 14. You can ask the Administrator to inform you about all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed. The administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to object

Art. 15. You may object at any time to the processing of personal data by the Administrator relating to him, including if processed for profiling or direct marketing purposes.

Your rights in the event of a breach of the security of your personal data
Art. 16. (1) If the Administrator finds a breach of security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach and the measures taken or to be taken. .

(2) The administrator is not obliged to notify you if:

has taken appropriate technical and organizational protection measures with regard to data affected by the security breach;
has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;
notification would require a disproportionate effort.
Art. 19. In case of violation of your rights under the above or applicable legislation on personal data protection, you have the right to file a complaint to the Commission for Personal Data Protection as follows:

Title: Commission for Personal Data Protection
Headquarters and address of management: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
Phone: 02 915 3 518
Website: www.cpdp.bg.

Art. 20. You can exercise all your rights regarding the protection of your personal data by submitting your requests in any form that contains a statement to that effect and identifies you as the owner of the data.

Art. 21. If the consent relates to a transfer, the controller shall describe the possible risks of data transfer to third countries in the absence of a decision on adequate protection and appropriate remedies.