GPPDP DIAMED OOD, UIC 107552835, with headquarters and management in Gabrovo, 22 Yuri Venelin Str., Operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

We hereby aim to inform you about how we, as a data controller, process your personal data in the course of our relationship when using our website.

In the course of our relationship, we collect and process your personal data (such as information provided by you when filling out various forms and forms on our website, by telephone contact, email correspondence or otherwise). This includes the information provided by you when registering on the website, when using a service / functionality of the website, filling in a form, etc. The information you provide to us may include name, address, email address, telephone number.

We collect and process your personal data on the basis of art. 6, para. 1 of Regulation 2016/679 and on the basis of:

– Your explicit consent as a customer;

– to fulfill the obligations under a contract with you;

– a legal obligation that applies to us; / In order to provide services and use the website, we may process your personal data, such as. Identification data, contact data, etc. This data processing is based on the performance of a contract to which you, as a user of the website, are a party or on the basis of the performance of our legal obligations.

 GPPDP “DIAMED” Ltd. collects and processes personal data that you provide us for the purposes of fulfilling obligations under the contract, including the following purposes – accounting and commercial purposes, ensuring the implementation of the contract, protection of information security.

We follow the following principles when processing your data:

– Legality, good faith and transparency;

– Correlation with the purposes of processing and minimizing the collected data;

– Accuracy and timeliness of data;

– Integrity and confidentiality of the processing of your personal data;

– Ensuring an appropriate level of security of personal data.

We process personal data of all visitors – registered users and visitors without registration, namely: name, address, telephone number, e-mail, IP address, etc., which are collected for identification purposes. We also process information related to payment and selected payment methods for the purpose of conducting business and accounting, as well as other data necessary to fulfill the obligations under the contract.

We store your personal data as long as we have a reason for their storage. After that we take the necessary care to delete and destroy all your data without undue delay.

We inform you in case the term for data storage needs to be extended in order to fulfill the goals, fulfill the contract, in view of the legitimate interests of the Administrator or another person.

Your rights in the collection, processing and storage of your personal data

Right of access

You have the right to request and receive from GPPDP “DIAMED” Ltd. confirmation whether personal data related to you are processed.

You have the right to access your data, as well as information related to the collection, processing and storage of your personal data.

GPPDP “DIAMED” Ltd. provides you upon request, a copy of your processed personal data in electronic or other appropriate form.

Right of correction or completion

You have the right to ask GPPDP “DIAMED” Ltd. to correct your inaccurate personal data and to fill in your incomplete personal data.

Right to delete (right to be forgotten)

You have the right to request from GPPDP “DIAMED” Ltd. deletion of personal data related to you, and we have the obligation to delete them without undue delay, when there is any of the following reasons:

– personal data are no longer necessary for the purposes for which they were collected or processed;

– You withdraw your consent if the processing of personal data is based on consent and there is no other legal basis for the processing;

– your personal data has been processed illegally;

– personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State applicable to the controller;

GPPDP “DIAMED” Ltd. is not obliged to delete your personal data if it stores and processes:

– to comply with a legal obligation that requires processing provided for in EU law or the law of a Member State that applies to us;

– for reasons of public interest in the field of public health;

– for the establishment, exercise or defense of legal claims.

Right to protection

You have the right to lodge a complaint regarding the processing of your personal data with the relevant control authority or to appeal in court.

For the purposes of processing your personal data and providing the services. we can provide the data to trusted partners who work on assignment by GPPDP “DIAMED” Ltd. on the basis of contractual relations and by virtue of confidential agreements. These companies are not allowed to share this information on their own.

If you do not want GPPDP “DIAMED” Ltd. to send information to any of its trusted partners, you can withdraw your consent.

Security and protection measures

GPPDP DIAMED Ltd. takes technical and organizational security measures to protect the data administered by us from manipulation, loss, destruction and access by unauthorized persons. Our security measures are constantly improved in line with technological developments. We use technical means to protect personal data from acquisition or modification by unauthorized persons, including:

  1. A) SSL security certificate, which encrypts the connection between the site and the end device.
  2. B) Protection of the database from unauthorized access.
  3. C) Anti-virus programs and programs for protection against unauthorized access.

 Data transmission over the Internet is not completely secure. Although we will do our utmost to protect your data, we cannot guarantee the security of your data transmitted through the website. Each data transmission is at your own risk. Once we receive your data, we will apply strict security procedures and functionalities in order to prevent unauthorized access.