Privacy Policy

GENERAL

This personal data protection policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter referred to as “Regulation (EU) 2016/679” or “GDPR”).

We understand that your privacy and the protection of the information you share with us is extremely important. That is why our Privacy Policy describes how we process your data and what measures we take to protect it.

This policy applies to you if you provide us with personal data over the phone (by call or SMS), in an online registration form, by post or courier, through social networks, on a corporate or promotional website, through a mobile application or otherwise way. Our privacy policy is an expression of our commitment to protecting your personal information.

Information about the Personal Data Administrator

Article 1. (1) Lactology Foundation (the Organization)is a personal data controller, registered in the Commercial Register and Register of Non-Profit Legal Entities at the Registration Agency with EIC: 207496533 , with headquarters and management address: Burgas, gh. Lazur, bl. 77, entrance 11, fl. 9, p. k. 8001 .

(2) This policy aims to clarify and present information and the conditions for the exercise of the rights of natural persons in connection with the protection of their personal data, which are processed by the “Lactology” Foundation in connection with the activities of the organization.

(3) The policy aims to inform you about the activities of processing your personal data, the purposes for which they are processed, the measures and guarantees for data protection, your rights and the way in which you can exercise them in accordance with the requirements of the GDPR and the relevant applicable legislation of the European Union and the Republic of Bulgaria.

(4) In accordance with the Policy for the Protection of Personal Data at the Lactology Foundation and the objectives of the General Data Protection Regulation and the Personal Data Protection Act, the Organization processes your personal data in compliance with the following principles:

1. legality, good faith and transparency

2. limitation of objectives

3. data minimization

4. accuracy

5. storage limitation

6. integrity and confidentiality

Information about the competent supervisory authority

Art. 2. In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection as follows:

  1. Name: Personal Data Protection Commission
  2. Headquarters and management address: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2
  3. Address for correspondence: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2
  4. Phone: 02 915 3 518
  5. Email: kzld@government.bg kzld@cpdp.bg
  6. Website: www.cpdp.bg

Art. 3. In terms of this policy:

  1. “Personal data” – is any information relating to the clients (natural persons and natural persons representing legal entities) of the Lactologia Foundation, as well as that related to its employees who are identified, or through which the same can be identified directly or indirectly through an identification number or through one or more specific features.
  2. “Data subject” – a natural person who can be identified as a result of the processing of his personal data;
  3. “Processing of personal data” – is any action or set of actions that the Lactologia Foundation performs with regard to personal data by automatic or non-automatic means (collection, recording, organization, storage, adaptation or modification, restoration, consultation, use, disclosure by transmission, distribution, provision, updating or combining, blocking, deletion or destruction, etc.).
  4. “Processor of personal data” – is a natural or legal person, public body, agency or other structure that processes personal data on behalf of the Lactology Foundation;
  5. “Recipient” – means a natural or legal person, public body, agency or other structure to which the Lactology Foundation discloses personal data, regardless of whether it is a third party or not. Public authorities that may receive personal data in the context of a specific investigation in accordance with Union law or the law of a Member State are not considered “recipients”; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;
  6. “Consent of the data subject” – is any freely expressed, specific and informed statement of will by which the natural person to whom the personal data refers unequivocally agrees to their processing.
  7. “Personal Data Security Breach” – means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed.

PERSONAL DATA

Art. 4. In connection with our activities, the Lactology Foundation processes personal data of the following categories of persons:

  1. Consumers of goods and services.
  2. Visitors to our website.
  3. Recipients of advertising messages.

Art. 5. In order to establish and exercise your rights, the Lactology Foundation processes the following personal data:

1. Data regarding your identity – your names;

2. Your personal contact details – telephone and electronic address (e-mail), permanent address and other address indicated by you;

3. Other information: company, position, business sector, as well as any feedback you provide to us by post, phone, email or through messages on social networks;

4. Information about the device or devices you use or have used to access our site (eg your device make and model, operating system, browser or IP address).

5. Details of the emails and other electronic communications you receive from us, including whether these communications have been opened and whether you have clicked on any of the links in them. We want to make sure our messages are useful and important to you, so if you don’t open them and click on a link in them, we know we need to improve the information we send you.

6. Information from other sources , such as our partners, specialized companies that provide information about their customers with their consent, in an explicit or anonymized form (e.g. marketing or clinical research companies, financial institutions, social networks, etc.), incl. and information about you that is publicly available.

7. “Cookies” and other tracking devices

So-called session (temporary) “cookies” are used as far as this is necessary to ensure secure and efficient functioning of our website and its use. The storage of session cookies on end devices or user application software designed for viewing information resources (Web browsers) is fully under the user’s control. Cookie-related information is stored by the server after HTTP sessions in the service logs for no longer than the time necessary to complete the specific purpose being processed or to the extent required by law.

8. We use Google Analytics as a monitoring tool (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses “cookies” that allow us to track the number of visitors to the website, their source and to analyze how often and how the content of the website is used. You can install an opt-out tool preventing the collection of such information from your visit ( https://tools.google.com/dlpage/gaoptout?hl=en )

9. Social Media Plug-ins

We use social media to promote the activities of the organization. Each social media platform has its own privacy policy and processes your personal data.

10. Facebook

When you visit our website, Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA) recognizes your profile and establishes a direct connection between your browser and your Facebook profile. In this way, the Facebook platform receives information about your IP address from your visit to our website. For more information, you can find Facebook’s privacy policy here: https://www.facebook.com/policy.php Other information that is processed by us and Facebook jointly is that provided to us in connection with our Facebook page. We have access to anonymous statistics about the activities that take place on our Facebook page, and we absolutely cannot link or identify a specific profile through this data.

Art. 6. (1) “Lactologia” Foundation does not collect or process personal data related to the following:

  1. reveal racial or ethnic origin
  2. reveal political, religious or philosophical beliefs, or membership in trade unions
  3. genetic and biometric data, health data or data about sex life or sexual orientation.

(2) The personal data were collected by the Lactology Foundation by the persons to whom they relate.

(3) The organization does not perform automated decision-making with data.

(4) The organization does not process data for persons under the age of 16, except with the express consent of their parents or representatives.

Art. 7. Grounds for collecting, processing and storing your personal data

(1) Lactology Foundation collects and processes your personal data based on the following:

  1. You have consented to the processing of your personal data for one or more specific purposes
  2. The processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to the conclusion of a contract between us and you.
  3. The processing is necessary to comply with a legal obligation that applies to us as the controller of personal data
  4. The processing is necessary to protect your vital interests or that of another natural person
  5. The processing is necessary for the performance of a task of public interest or in the exercise of official powers granted to us in our capacity as a personal data administrator;
  6. The processing is necessary for the purposes of our legitimate/legal interest or that of a third party , except when your interests or fundamental rights and freedoms that require special protection of your personal data take precedence over such interests.

(2) Lactologia Foundation is the administrator of personal data regarding your data as users of our goods and services. With respect to the personal data that you process using our goods and services, the Lactology Foundation acts as a personal data processor.

Art. 8. Purposes for which we use the personal data you provide us:

  1. To send you a response to an inquiry you have made about any of our products or services
  2. To send you emails with company news and offers
  3. To send you invitations to events that we organize – independently or with our partners
  4. For statistical needs and analyses
  5. To help us understand more about you as our customer, the products and/or services you use, how you use them, and to provide you with better service from our employees;
  6. To send you invitations to participate in surveys – online or on paper.
  7. To find ways to improve our products, services, applications or websites.
  8. To create a profile on the site and ensure full functionality in the provision of our goods and services
  9. For an individual, identification of a party to the contract
  10. For accounting purposes
  11. For statistical purposes
  12. To protect information security
  13. To ensure the performance of the contract for the provision of the relevant product or service
  14. To improve and personalize the service by offering you suitable promotional offers for products and services that may be of interest to you
  15. To subscribe to our articles published on the blog of our site
  16. To leave comments under products and our articles published on our blog

RIGHTS OF NATURAL PERSONS

Art. 9. (1) As an individual whose data is processed by the Lactology Foundation , you have the following rights:

1. To receive information about your personal data being processed. You have the right to access your personal data that we process for the purposes stated above. If we process this data and receive a request from you (or a third party authorized by you), we will provide this access free of charge. You also have the right to request a copy of your personal data that we process. Before we provide access to the personal data of you or a person authorized by you, we may ask for proof of identity, as well as details of your relationship with us or our partners, so that we can find the data that relates to you.

2. To request correction of the data collected for you, if the same is incorrect or has undergone a change

3. To request deletion (“to be forgotten”) of the personal data collected for you, with the exception of cases in which the Lactology Foundation processes your personal data in compliance with obligations arising from the law. You have the right to request that we delete your personal data without undue delay if:

  1. the personal data are no longer necessary for the purposes for which they were collected
    1. when you have withdrawn your consent
    2. when you have objected to the processing if it is unlawful
    3. where the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to us as a personal data controller
    4. when personal data were collected in connection with the provision of information society services

Under certain conditions, we may refuse to delete your personal data, in the cases provided by law.

4. To request restriction of the processing of your personal data only for the purposes for which they were collected – in accordance with the requirements of the General Regulation on the Protection of Personal Data, the Law on the Protection of Personal Data and the acts on their implementation (only in the cases provided for in the applicable regulatory regulations and to the extent that this does not conflict with our legal obligations to process your personal data) ;

5. Right to portability of your personal data (only in the cases provided for in the applicable regulations and insofar as this does not conflict with our legal obligations to process your personal data) ;

6. To receive copies of the documents with your personal data, after submitting a request on a form in an office of the Organization

7 . At any time, you can object to the processing of your personal data for the purposes of direct marketing carried out by the Lactology Foundation by withdrawing your consent.

Art. 10. (1) In the event of a violation of your rights under the General Data Protection Regulation, GDPR, you have the right at any time to file a complaint with the relevant supervisory authority, namely the Commission for the Protection of Personal Data;

(2) You may appeal the actions and acts of the Lactologia Foundation and the processors on behalf of the Organization and by judicial procedure before the relevant administrative court and before the Supreme Administrative Court.

Art. 11. (1) The rights under Art. 9 you can do by filling out in writing ” Application for the exercise of rights in relation to the protection of personal data” (the Application) which we will provide to you upon request.

(2) You can send the application in person or through your expressly authorized person with a notarized power of attorney on paper in any of our offices, as well as electronically, according to the order of ZEDEUU. When the application is drawn up as an electronic document, it should be signed with a qualified electronic signature.

(3) When submitting the application by an authorized person, you should attach the corresponding express power of attorney to it.

(4) In cases where, when exercising your rights under this chapter, there is a possibility that personal data will also be disclosed to a third party, our relevant employee will grant you access only to the part of them that pertains to you.

Art. 12. Within 30 (thirty days) of the receipt of your valid application for exercising rights in connection with the protection of personal data” The Lactology Foundation will provide you with written information regarding the actions taken by us, such as:

1. If you exercise your right of access to personal data – will provide you with information about: the purposes for which the Organization processes your personal data; the categories of personal data it processes; the recipients or categories of recipients to whom your personal data has been or will be disclosed, in particular the recipients in third countries or international recipient organizations to whom you provide them; where possible, the intended period for which your personal data will be stored, and if this is impossible, the criteria used to determine this period; the existence of a right to request from us the correction or deletion of personal data or to limit the processing of personal data relating to you, or to object to such processing, your right to appeal to the competent supervisory authorities; where your personal data has not been collected by you – any available information about its source, the existence of automated decision-making, including profiling, according to the General Data Protection Regulation;

2. If you exercise the right to delete your personal data, it will delete your personal data without undue delay, provided that the prerequisites for exercising this right are met, provided for in the General Regulation on Data Protection, the GDPR and the acts on their application and insofar as this does not conflict with our legal obligations to process your personal data;

3. If you exercise your right to limiting the processing of your personal data – will limit the processing of your personal data, in the cases provided for in the applicable regulations and insofar as this does not contradict our legal obligations to process your personal data, without deleting them, as well as we will inform you before lifting the restriction of processing.

If you exercise your right to portability of your personal data – Lactology Foundation will present your personal data in a structured, widely used and machine-readable format and will transfer your data to another administrator, in the cases provided for in the applicable regulations, and insofar as this does not conflict with our legal obligations to process your personal data.

(2) The “Lactologia” Foundation will also inform you in writing of any refusal toaccess, deletion, right to limit the processing of your personal data or request to exercise the right to portability, as well as the reasons for the refusal within the period under paragraph 1.

(3) When your personal data are deleted or their processing is restricted, the Lactology Foundation will notify their recipients, who are responsible for their respective deletion or restriction.

(4) Our obligation to provide the information under this Article may be limited in whole or in part, taking into account your fundamental rights and legitimate interests and in the cases provided for by the applicable legal acts.

(5) The Lactology Foundation has the right toextended the period under paragraph 1 to 60 days, depending on the complexity and number of applications received in each individual case. The Organization will notify you of any extension of the deadline, as well as the reasons for the extension of the deadline for our response within 30 days of the receipt of your valid application for the exercise of rights in connection with the protection of personal data.

Art. 13. (1) You can exercise the right to request correction of your personal data by completinga written application for correction of personal data (the application) which we will provide to you upon request.

(2) You can send the application in person or through your expressly authorized person with a notarized power of attorney in paper form in our office, as well as electronically, in accordance with the Law on Electronic Documents and Electronic Authentication Services (ZEDEUU). When the application is drawn up as an electronic document, it should be signed with a qualified electronic signature.

(3) When submitting the application by an authorized person, you should attach the corresponding express power of attorney to it.

Art. 14. (1) Within 30 (thirty days) of the receipt of your valid application for correction of personal data the Lactology Foundation will, without undue delay, correct the inaccurate personal data related to you or supplement your incomplete personal data.

(2) The Lactology Foundation will inform you in writing of any refusal tocorrecting or supplementing your personal data, as well as the reasons for the refusal within the period under paragraph 1.

(3) When your personal data are corrected or supplemented, the Lactology Foundation will notify their recipients, who are responsible for their respective correction or supplementation.

(4) Our obligation to provide the information under this article may be limited in whole or in part, taking into account your fundamental rights and legitimate interests and in the cases provided by the applicable legal acts.

Art. 15. (1) You can exercise the right to object to the processing of your personal data for direct marketing purposes by completinga written Application for Withdrawal of Consent to the Processing of Personal Data for Direct Marketing Purposes (the Application) which we will provide to you upon request.

(2) You can send the application in person or through your expressly authorized person with a notarized power of attorney on paper in any of our offices, as well as electronically, in accordance with the Law on Electronic Documents and Electronic Authentication Services (EIDS) When the application is drawn up as an electronic document, it should be signed with a qualified electronic signature.

(3) When submitting the application by an authorized person, you should attach the corresponding express power of attorney to it.

Art. 16. Within 30 (thirty days) of the receipt of your valid application for withdrawal of consent to the processing of personal data for the purposes of direct marketing  The Lactology Foundation will stop processing the personal data provided by you for direct marketing purposes and will provide you with written information regarding these actions.

(2) The Lactology Foundation will also inform you in writing of any refusal to honor the application under paragraph 1, as well as the reasons for the refusal within the period under paragraph 1.

(3) After the Lactologia Foundation terminates the processing of the personal data provided by you, the Organization will notify their recipients, who are responsible for the termination of their processing.

(4) Our obligation to provide the information under this article may be limited in whole or in part, taking into account your fundamental rights and legitimate interests and in the cases provided by the applicable legal acts.

(5) “Lactologia” Foundation has the right to extend the period under paragraph 1 up to 60 days, depending on the complexity and number of applications received in each individual case. The organization will notify you of any extension of the deadline, as well as of the reasons for the extension of the deadline for our response within 30 days of the receipt of your valid application for consent to the processing of personal data for the purposes of direct marketing .

Duration of storage of your personal data

Art. 17. (1) “Lactologia” Foundation stores your personal data for a period not longer than the existence of your profile on the website. After the expiration of this period, the “Lactologia” Foundation takes the necessary care to delete and destroy all your data, without unnecessary delay. In the general case, if we have not specified otherwise, your data is stored for a period of 2 (two) calendar years from the date of receipt.

(2) The Lactology Foundation notifies you in the event that the data storage period needs to be extended in order to fulfill the objectives, the fulfillment of the contract, in view of the legitimate interests of the Lactology Foundation or otherwise.

(3) “Lactologia” Foundation stores your data, given on the basis of consent, until its explicit withdrawal, and this does not affect publications and comments made in order to preserve the semantic integrity of the comments.

(4) The “Lactology” Foundation stores the personal data that it is required to keep under the applicable legislation for the relevant stipulated period, which may exceed the period of existence of your registration.

In the event of a breach of the security of your personal data

Art. 18. (1) If the “Lactologia” Foundation detects a breach of the security of your personal data, which may create a high risk for your rights and freedoms, we will notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken to be undertaken.

(2) “Lactologia” Foundation is not obliged to notify you if:

  1. has taken appropriate technical and organizational measures to protect the data affected by the security breach;
  2. has subsequently taken measures to ensure that the breach will not result in a high risk to your rights;
  3. notification would require a disproportionate effort.

Persons to whom your personal data is provided

Art. 19. In connection with the conclusion of contracts for purchase and sale and delivery of the services offered by the Lactology Foundation the Lactology Foundation transmits the necessary information to:

  1. Courier or postal companies that need to deliver documentary or other items to you on our behalf
    1. Printers who need to prepare personalized materials for you
    2. Bulk emailing companies when you need to receive an email message from us.

Art. 20. The administrator does not transfer your data to third countries.

Data protection

Art. 21 The Lactology Foundation treats your personal data as strictly confidential. A number of measures have been taken to protect them, including:

  1. We limit access to the premises where we work to only the people who should be there (for this purpose we use access codes and cards, passwords and other technologies related to limiting access to certain premises);
    1. We also implement access control to our information technology systems using firewalls, ID validation, logical segmentation and/or physical separation of our systems and information;
    2. We use methods such as encryption and pseudonymization of information;
    3. We never ask you to send us your password;
    4. We advise you never to enter an account number, password or other sensitive information in an email to us.

Additional provisions

§1. This policy has been approved by order of the representative of the Lactology Foundation

§2. The General Data Protection Regulation, the Personal Data Protection Act and other legal acts relevant to the activities of the Lactology Foundation shall apply to matters not covered by this Policy.

§3. Taking into account modern trends, this privacy policy may be changed. The date of update is indicated at the end of the document. Any changes to this privacy policy will be effective after they are announced in the future.

Last update: 01 September 2023

This policy has been prepared by the Advocatus team bg

X
×