Privacy Notices

Information on the processing of personal data of persons using Haelan medical services

‍

We process your personal data in your capacity as our patient using the medical services provided by Haelan Medical Centers. The processing is carried out in compliance with the applicable national and European legislation in the field of personal data.

We hereby inform you about the processing of your personal data by the controllers listed below and about your rights related to them, as well as provide you with the information under Art. 13 and Art. 14 of the General Data Protection Regulation.

‍

PERSONAL DATA CONTROLLER DETAILS AND CONTACT DETAILS

‍

Administrator “Haylan - Home for Medical-Social Care” JSC, ID: 207648560

Headquarters and management address: Sofia, 1766, blvd. Ring road № 251 E, fl. 12

Tel.: +359898700007

Email: care@haelan.bg

Website: www.haelan.bg

‍

Administrator “Haylan Care - Medical Center” Ltd., ID: 207312638

Headquarters and management address: Gr. Sofia, ul. Ring Road No. 251 E, ground floor

Tel.: +359893020202

Email: haelan.care1@haelan.bg

Website: www.haelan.bg

Administrator “Haylan Care 2 — Medico-Dental Center” Ltd., ID: 201760855

Headquarters and management address: Gr. Sofia, ul. “Business Park Sofia” № 1, building № 2, floor. 1

Tel.: +359892202040

Email: haelan.care2@haelan.bg

Website: www.haelan.bg

Administrator “Haylan Care 3 — Medical Center” Ltd., ID: 206470233

Headquarters and management address: Gr. Sofia, Mihail Tenev № 6, building D, ground floor

Tel.: +359893020202

Email: haelan.care3@haelan.bg

Website: www.haelan.bg

‍

Administrator “Pia Mater” Ltd., ID: 201409799

Headquarters and management address: Gr. Sofia, ul. Racho Petkov Kazandjiyatta № 4-6, office № 2

Tel.: +359884588446

Email: office@piamater.org; classes@piamater.org

Website: www.haelan.bg

‍

Administrator SAT Health AD, EIC 204705650

Headquarters and management address: Sofia, 1766, blvd. Ring road № 251 E, fl. 12

Tel.: +359 898 700 007

Email: office@sathealth.com

Website: www.sathealth.com

‍

DATA PROTECTION OFFICER AND CONTACT DETAILS:

‍

Mariya Georgieva Nestorova

Bulgaria, Gr. Sofia, Ring Road 251E, floor 12, 1766

Phone: +359882727270

E-mail: dpo@sathealth.com

‍

LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA:

‍

The basis for the processing of your personal data may be legal, contractual, consent expressly provided by you or our legitimate interest:

The legal basis for processing may be the requirements of the Health Act, the Medical Institutions Act, other applicable laws and regulations;
Contractual grounds are:

A contract for medical services for you or your child, entered into personally by you, your legal representative or the applicant for the service;
A contract for integrated medical and social care for you or your child, concluded personally by you, your legal representative or the applicant for the service;
Requested by you, your legal representative or applicant, medical service and/or examination, and/or on-site consultation, and/or online consultation, and/or home visit for you or your child, by making an appointment by phone, e-mail or through a platform;
A contract concluded between us and your employer for preventive medical examinations for you;
Contractual relations between us and the supplementary health insurance fund chosen by your employer for the provision of health services for specialized outpatient medical care, including consultations, medical-diagnostic activities, conducting treatment and performing preventive medical examinations;
Contractual relations with other legal entities - our contractors for the provision of medical and telemedicine services, in which We work as a processor of personal data;

Consent to the processing of your data for marketing or other additional purposes, if you have provided it;
To protect vital interests of you, your child or a relative as data subjects;
In some cases and subject to applicable law, the basis may be our legitimate interest, for example to analyze, develop and improve services, improve systems and platforms, ensure the quality of services, protect the property and safety of employees, and others.

‍

PURPOSES OF PROCESSING YOUR PERSONAL DATA:

‍

Your personal data is processed for the purpose of providing the services that you have requested and/or used in fulfillment of our legal obligations for specific purposes defined in legal acts and/or in a contract, and/or in other documents, incl. but not limited to:

identify you as our client (patient) and provide you with the information you are looking for;
Provide you with the services requested by you/your employer/selected by your employer for supplementary health insurance/Employers for you, your child or a relative;
You can exercise your rights as a patient;
Fulfill our statutory and contractual requirements (e.g. tax, social security, statistical, reporting, etc. obligations);
We maintain your (and/or your child's) health record;
We serve you on the spot in a medical center, in an office, online, by phone or at the address specified by you;
We process and collect payments due for the services provided;
We examine your satisfaction with the services we provide;
We maintain our websites, online platforms and their security.

‍

With your consent, we process your personal data (and/or your child's data):

To participate in marketing, statistical and/or other studies, summary analyses and other information programs, projects and/or events concerning your illness and/or health condition;
To participate in clinical trials;
To prepare analyses and/or summaries of the data or of a relevant part of it with the aim, but not limited to, ensuring a better quality of services; to provide personalized and attractive offers tailored to your specific interests and needs; to conduct market and competitive analyses that help us better understand customer needs and preferences; improve the public health and the development of more effective methods of treatment and prevention; for the development of new services
to provide you with information about services at preferential prices and/or new services, current events and activities, sending marketing and advertising newsletters and/or other information bulletins.
to interact with us by participating in surveys, comments and feedback. This data is valuable for us to understand how to improve our services and better meet your expectations.

Subject to regulatory requirements, in some cases we may process your personal data to protect our legitimate interests, for example when you are subject to video surveillance when visiting our medical centres. In connection with the security requirements that we apply in Haelan medical centers, video surveillance is carried out in common areas - corridors and at the reception (more information can be found inPersonal Data Protection Policypublished on our website).

‍

CATEGORIES OF PERSONAL DATA THAT WE PROCESS:

‍

We only process personal data related to the exercise of your rights as a patient. In particular, we collect and process personal data such as: name, surname, family name, personal identification number, age, gender, contact details — telephone, residential address, e-mail address; health data (illness, diagnosis, data from medical epicrisis and/or other medical records, prescribed treatment, etc.), genetic data (insofar as it is possible to contain in the results of genetic studies assigned to Haelan); data on kinship with other persons; data of children patients; financial information — bank account; data from video surveillance (in the case of that you visit our center).

‍

TERM OF PROCESSING OF YOUR PERSONAL DATA:

We process your data during the relationship we have with you, such as:

we store your personal data for a period of 5 (five) years after you cease your relationship with us (last provided service, activity or withdrawal of consent) and you have no activity in your account on our platforms for more than 3 (three) years (if you are a registered user on a platform);
we store audio recordings of telephone conversations with you for 5 (five) years after the end of the year in which the calls were made, after which they are automatically deleted, unless we are required to keep them for a longer period in order to comply with a legal requirement or our legitimate interest;
we store your personal data related to and/or contained in tax insurance control documents (contracts, invoices, credit and debit notices) for a period of 10 (ten) years, starting from the beginning of the year of the reporting period following the reporting period to which they relate;
We store the data contained in CCTV recordings for a period of 30 (thirty) days.

We store documents and data for which no special storage period is provided for a period of five years from the cessation of their use.

We will not destroy your data after the expiry of the storage period if a competent government authority has requested it or the data is necessary for the establishment, exercise or defence of legal claims.

We do not store any credit or debit card information. This information is maintained and payments are processed by a third-party payment service provider in accordance with payment card and settlement industry security standards.

‍

SHARING YOUR PERSONAL DATA WITH THIRD PARTIES:

‍

We respect the confidentiality of your data and, as a rule, do not provide it to third parties. As an exception to this rule and subject to applicable legal requirements, we may share your data:

with state and regulatory authorities in the Republic of Bulgaria (such as: Executive Agency “Medical Supervision”, CPDP, Ministry of Interior, Prosecutor's Office, court, etc.) at their explicit request;
with your employer, your employer's chosen supplementary health insurance fund or our contractors (where we act as a processor of personal data) — where there is a contractual obligation to share your data with them;
with companies that provide our technical and operational support for the operation and provision of the services (e.g. laboratories, platform and/or website maintenance, data center, telemedicine service partners, payment services, etc.), carrying out consulting or other activities (e.g. auditing) where it is possible, exceptionally, to have access to your data. In such cases, the disclosure of data shall only take place in the presence of a valid reason and a written agreement with them in order to ensure the necessary level of protection;
when it is necessary to protect the vital interests of patients (in medical emergencies).

‍

AS SUBJECTS OF PERSONAL DATA, YOU HAVE THE RIGHT TO:

information on whether we process your personal data;
access to your personal data processed by us and the right to receive a copy of the personal data processed;
to know what categories of personal data we collect and the purposes for which we process them;
information about the recipients of your personal data, where applicable;
to know for what period your personal data is stored;
to correct your personal data processed by us where they are inaccurate, to be supplemented when they are incomplete and to be updated when there is a change;
to request the deletion of your personal data, if there are legal grounds for this and if there is no obligation for us, on the basis of a legal act or a contract concluded by you, for their processing or storage;
withdraw your consent for your personal data to be processed for direct marketing purposes or for other additional purposes to which you initially consented;
object to the processing of your personal data, if there are legal grounds for this and if there is no obligation for us, on the basis of a legal act or a concluded contract, for their processing;
restriction of the processing of your personal data for a certain period of time (for example, for the time necessary to establish the accuracy of your data or for the purposes of establishing or exercising legal claims by you);
the portability of your data, in a structured, widely used and machine-readable format, where the processing is based on consent or contractual obligation and is carried out in an automated manner;
a complaint to the Commission for Personal Data Protection (www.cpdp.bg), when you consider that we have violated your rights related to your personal data;
information about the source of your personal data that you have not provided to us (e.g. if provided to us by a relative).

In order to exercise any of the rights listed above or to receive further information about the processing of your personal data, it is necessary to visit our medical center or request it by e-mail. care@haelan.bg, with a free-text application attached, signed with a qualified electronic signature (QE).

In order to obtain information and exercise your rights, you must first identify yourself as our customer and our employees verify your identity. This requirement protects your rights and your personal data.

The information about your personal data that is being processed will be provided to you free of charge, at the latest within one month of receiving your request.

The present information and Personal Data Protection Policymay be updated from time to time, depending on changes in the regulatory framework and/or the activities of Haelan. Their current versions are published on the website www.haelan.bg.

Date of last update: 01\ 2024