Your privacy is very important to us. We aim to process your personal data in a correct, legal and transparent manner. In this privacy statement, we explain the personal data we collect and process about you.
This privacy statement will from now on always refer to details about you as a customer, as a potential future customer or as another stakeholder, such as a beneficiary, contact person in a company, etc., as data.
We recommend that you carefully read through this information, so that you are well aware of how we use your data. This privacy statement will also provide you with more information about your privacy rights and how you can exercise them.
For the purpose of applicable data protection law, (including but not limited to Regulation (EU) 2016/679 or the General Data Protection Regulation (GDPR)”, and the California Consumer Privacy Act (CCPA), the employer responsible for your personal data as a data controller is: Huvepharma EOOD, having its seat and registered address at 3a, Nikolay Haytov Str., 5th floor, 1113 Sofia, Bulgaria, represented by Galin Georgiev available via email dpocorporate@huvepharma.com. (“Huvepharma”)
We can adapt the privacy policy at any time, for example in the context of changes to our services or to the applicable legislation. It is therefore important to regularly read through this privacy statement.
Where possible, we will inform you personally in the case of important changes and will ask for your consent where necessary.
We collect only the personal data that is necessary to implement the agreement that exists between ourselves and our customers so that we can identify, contact and correctly advise you.
It is possible that Huvepharma® may try to obtain additional information in order to act in the best interests of its clients, in accordance with the existing agreement.
At the time that such additional personal data is requested, we will always transparently inform you of the reason why this additional data is needed.
Huvepharma® may obtain data from third parties if you have made this data available through publication on your website, blog, or through your publicly-accessible social media profile.
This may also include data that is in the public domain, for example, because it is generally known in your region, or because it was published in the press. This includes information, for example, on the Central Database for Enterprises, Graydon or Companyweb.
Finally, standard data is also compiled and processed via Google Analytics.
Personal data is not deliberately transferred to third parties other than for the purposes of processing on our behalf.
Please let us know if you want to view the data that we process about you.
If you exercise your right of access, we will provide you with an overview of your data that is as complete as possible. It is possible that some personal details from traditional back-up files, logs, history or archive files are not included in this overview. This data is not a part of the currently processed personal data. As it is not immediately available, it can therefore not be included. It is, however, removed from these files according to standard clean-up processes.
It may be the case that some data we have recorded about you is not (no longer) correct. You can request to have data corrected or completed at any time.
If you suspect that we are unlawfully processing certain data, you can request to have it deleted.
If you do not agree with the way in which we process certain data, you can object to it. We will grant this right of objection, unless there are compelling grounds not to do so, which is the case when we process data to combat fraud, for example.
Some data processing operations and processes are fully automated, without human intervention. The logic of this automated process is then interpreted by us at the time of the process.
If you do not agree with the result of a fully automated process of this kind, please contact us.
You have the right to request that the personal data you provided is transferred to you or directly to a third party.
Privacy legislation provides for a number of restrictions with regard to this right, meaning that it does not apply to all data.
Always be as specific as possible if you wish to exercise your rights. This will enable us to handle your request correctly. We must be able to verify your identity as accurately as possible in order to avoid someone else exercising your rights. For this reason, we can ask for a copy of your identity card to be attached to such a request.
Do you have a question or a comment? Please contact us via e-mail, dpocorporate@huvepharma.com. This is your first point of contact in connection with privacy.
We use your personal data for a specific purpose and based on specific legal grounds such as:
If we no longer have a purpose, the data will be deleted.
The starting point for retention of your personal data is the legal retention period (this is often up to ten years after the end of a contract or after a transaction was carried out) but may be longer if we wish to exercise our rights. If the law does not prescribe a retention period, the retention period may be shorter.
A longer time period may be necessary for some applications, for example carrying out studies, and for producing risk and marketing models. Some insights only become clear when viewed over a broader time frame. The retention period can therefore be extended by ten years with respect to the standard retention periods. However, we will always break the link with individual persons as quickly as possible and will only work with aggregated or pseudonymised data.
We use several processors for the processing of personal data. These are companies that process certain data on our behalf, such as:
Transferring personal data to a third party outside the European Economic Area (“EEA”) (i.e. the EU Member States, together with Norway, Iceland and Liechtenstein) is possible only where the third country provides for an adequate level of protection or the Huvepharma® entity ensures, in written agreement or otherwise, that the third party will provide adequate guarantees for the protection of personal data.
We believe it is important that your data is handled in a secure manner. Various security technologies and measures are therefore used to adequately protect your data against unauthorized access, use, loss or disclosure. Unfortunately, the exchange of information through the internet is never 100% secure.
Although we make every effort to safeguard the security of your data, we cannot guarantee this in absolute terms ourselves.
