The adopted Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL from 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General regulation on data protection) (hereinafter referred to as the “Regulation”) aims to contribute to a better place of communication and use of services, to the strengthening and convergence of economies within the internal market, as well as to the well-being of people. This Regulation guarantees a consistent level of personal data protection throughout the EU, taking into account all fundamental freedoms and principles recognized by the Charter of Human Rights and those enshrined in the Treaties of the European Union – respect for private and family life, home and communications , protection of personal data, freedom of thought, etc. According to the Regulation, personal data is any information relating to a specific person or through which he can be identified.
2. MISSION AND VISION OF ISPOR BULGARIA FOR PROTECTION OF PERSONAL DATA
We, ISPOR BULGARIA, have a clear mission to facilitate collaboration between all stakeholders in the healthcare sector, providing our members with up-to-date, science-based information in the fields of health economics, pharmacoeconomics and therapeutic outcomes. In this regard, we understand that protecting the privacy of the personal data to which we provide the services through a web-based system is extremely important. We understand that this information is provided to us precisely because of the trust that our members and partners have in us, and we strive to take all possible measures, respecting the regulatory rules and ethical requirements for data privacy. This is how we would like to justify the high expectations and trust in us.
3. PRINCIPLES RELATED TO THE PROCESSING OF PERSONAL DATA.
The principles we follow in the processing, storage and use of your personal data are in accordance with Art. 5 of the Regulation, namely:
- legality, good faith and transparency;
- are collected for specific, specified and legitimate purposes and processed according to those purposes;
- taking measures to ensure the deletion or correction of inaccurate/wrong personal data;
- processed to ensure the highest level of security and protection;
- storing the personal data in a form that allows the identification of the subject for a certain period.
4. Consent by the user.
We always give you, the user, the opportunity to consent to the processing of your personal data by providing you with clear, accurate and unambiguous information about the type of data we collect, the purposes and terms of collection. You have the right to easily withdraw your consent at any time without affecting the lawfulness of data processing.
5. Which of your personal data do we collect and why?
5.1. Directly provided by the user
In connection with the provision of the services we offer, we collect the following personal data:
- name, adress, phone number, email adress and other contact data when registering for participation in events organized by ISPOR Bulgaria
- demographic data – gender, age, country etc.
- data related to user registration- type of services used, trasactions made and similar
- account access data- password, user IDs
5.2. Automatically collected in the course of using the services by the user
We use tools for automatic data collection (cookies and web bookmarks) to collect information about the visit and activity on the website. For more information, see item 11 of this policy.
6. FOR WHAT PURPOSES WILL WE USE YOUR PERSONAL DATA? WHAT IS THE LEGAL BASIS FOR THIS?
Your data will be collected, stored and analyzed only in connection with the services we offer and which are described on our site and related mostly to events organized by us for educational and scientific purposes. Some of the data related to your personal preferences (if any are created) will also be used for the purpose of improving the services we offer. The legal basis for the use of personal data is the applicable and current legislation in the country and the applicable European legislation.
7. IS your personal data protected?
ISPOR Bulgaria takes due care to protect the personal data of its members, which is collected during the use of the ispor-bulgaria.org platform, the registration in the system and the subsequent use of the services. This obligation lapses if you have provided incorrect data for any reason. We have implemented a number of technical and administrative measures to protect the personal data we process. This way, both we and you are sure that third parties do not have access to your data and that it will not be leaked. We guarantee its correct use according to the statutory terms and for a period in which this data is legitimately needed by us. We at Consento take all measures to protect information from loss, misuse, unauthorized access, disclosure, alteration or destruction.
8. Who are the recipients of your personal data?
We may share your personal data, in compliance with our legal relationship and legal regulations, with certain recipients to ensure quality and timely services. These recipients are committed to safeguarding the personal data we have sent them and are not allowed to use it for any purpose other than to perform the services as directed by us. We require them to use the same levels of personal data protection as we do. Such recipients may be:
- EU or third-party service providers that offer additional services (credit card payment processing, customer support, content customization, IT services, email service providers, data hosting, etc.).
- potential buyers or sellers with whom we establish relations in the event of a decision to restructure the activity.
- Competent state, municipal and judicial authorities, when this is necessary to fulfill our legal obligation or to protect the rights or legitimate interests of Consento or third parties. We do so to comply with national security and other law enforcement requirements if we are required to comply with a law, regulation, subpoena or court order, to assist in the prevention of security threats, fraud or other criminal or malicious activity, or to protect the rights or privacy of safety of our employees and third parties in accordance with applicable law.
9. TRANSFER OF YOUR PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION – WHEN AND WHY?
Your personal data may be provided to a third country or international organization only when we are required by law to assist in the prevention of security threats, fraud or other criminal or malicious activity or to protect the rights or personal safety of our employees and third parties according to the current legislation.
10. Is there a term for storing your personal data and are there criteria for determining this period?
Given the nature of the services we offer, it is necessary for the entire period of use of our services to use your personal data, complying with the statutory rules. In case of your unwillingness to handle your personal data or a certain set of them, you can always opt out of our services. You can always withdraw your consent at any time. Where your consent to the processing of your personal data is time-bound, we can process this data only within the period for which you have given us this consent. Personal data related to and/or contained in documents/data carriers for which there are legally established storage periods are stored for the periods provided for in the current legislation.
11. What are automatic data collection tools?
For marketing purposes, to understand how you use our services and to improve the services we offer, we use a number of automatic data collection tools (which pages are visited, which sections of the site, etc.), such as cookies, web bookmarks and others similar technologies. This is how we adapt our website to your preferences and make the site easier and more convenient to use. Cookies collect the website user’s domain, your internet provider, your operating system and date/time of access. If you do not want us to install cookies, you can set this in your browser. However, using them allows you to access the full functionality of the browser software.
12. WHAT RIGHTS DO YOU HAVE REGARDING YOUR PERSONAL DATA THAT WE COLLECT, PROCESS AND STORE?
Your rights are set out in the Regulation and you can exercise them by sending us a written request to the contact details specified in item 14.
Right of access to your personal data
You have the right to receive confirmation as to whether your personal data is being processed when using the website, to obtain access to this data, as well as information about its processing and your rights in relation to this processing.
Right to restrict the processing of your personal data
The Regulation provides for the possibility to limit the processing of your personal data, if the grounds for this provided for in the Regulation are present.
Right of erasure of your personal data
In the event that the grounds provided for this are present, you have the right to ask us to delete your personal data. We will do this for you as soon as possible. Please note that in such a case, we will not be able to offer you our services.
Right to object
You have the right to object to the processing of your personal data if we process it on the basis of our legitimate interest.
Right to data portability
You have the right to receive your personal data that you have provided to us in a structured, widely used and machine-readable format. You can provide this data to another administrator without objection from us. However, it is necessary that the processing is based on consent or a contractual obligation and is carried out in an automated manner.
Right to submit a complaint to a national data protection regulator
You have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data violates applicable data protection legislation. The supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data, with address: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2.
13. Request for the exercise of rights by the subjest of personal data
We have created a special form for you to express your desire to exercise the rights you have according to the Regulation and specified in item 12 of this Policy.
REQUEST FOR EXERCISING THE RIGHTS OF THE SUBJECT OF PERSONAL DATA ACCORDING TO REGULATION 2016/679
m14. Contact information
In order to be able to offer and provide you with the full range of services we have developed, we must collect and process your personal data. If for any reason (you would like to receive additional information, you have questions about information management or personal data protection), you can contact us at the addresses and telephone numbers below.
Bulgaria, Sofia; municipality Stolichna; province Sofia city, street Dunav 2
+359 2 9236 584
Official for personal data protection
Maria Stefanova Kamusheva