1. General information
Your privacy is very important to us. We aim to process your personal data in a correct, legal and transparent manner. In this privacy statement, we explain the personal data we collect and process about you.
This privacy statement will from now on always refer to details about you as a customer, as a potential future customer or as another stakeholder, such as a beneficiary, contact person in a company, etc., as data.
We recommend that you carefully read through this information, so that you are well aware of how we use your data. This privacy statement will also provide you with more information about your privacy rights and how you can exercise them.
For the purpose of applicable EU Data Protection law, (including but not limited to Regulation (EU) 2016/679 or the General Data Protection Regulation, hereinafter referred to as “GDPR”), the employer responsible for your Personal data as a data controller is: Huvepharma EOOD, having its seat and registered address at 3a, Nikolay Haytov Str., 5th floor, 1113 Sofia, Bulgaria, represented by Galin Georgiev available via email email@example.com. (“Huvepharma”)
Where possible, we will inform you personally in the case of important changes and will ask for your consent where necessary.
4. What personal data does Huvepharma collect?
We collect only the personal data that is necessary to implement the agreement that exists between ourselves and our customers so that we can identify, contact and correctly advise you.
In this context, your name, address, e-mail address and telephone number are requested in order to identify you.
Furthermore, it is possible that Huvepharma may try to obtain additional information in order to act in the best interests of its clients, in accordance with the existing agreement.
At the time that such additional personal data is requested, we will always transparently inform you of the reason why this additional data is needed.
Huvepharma may obtain data from third parties if you have made this data available through publication on your website, blog, or through your publicly-accessible social media profile.
This may also include data that is in the public domain, for example, because it is generally known in your region, or because it was published in the press. This includes information, for example, on the Central Database for Enterprises, Graydon or Companyweb.
Finally, standard data is also compiled and processed via Google Analytics.
5. For what purposes do we use the compiled personal data?
- To be able to identify you
- To be able to contact you
- To be able to provide our services
- To be able to analyse and improve our services
- To keep you informed about our product range (direct marketing)
- To comply with laws, regulations, court or other administrative orders issued by the relevant competent state and/or governmental bodies
- To protect the rights and legally recognized interests of other users and/or third parties
- To achieve other lawful objectives.
Personal data is not deliberately transferred to third parties other than for the purposes of processing on our behalf.
6. How do we collect your personal data?
- Personal data you give to us – You can share your information with us in numerous ways including by phone, e-mail or during our personal meetings. You may also be sharing personal information on our website or other applications.
- Personal data we receive from other sources – We may seek more information about you or your colleagues from other publicly available sources generally by way of due diligence or other market intelligence.
- Personal data we collect automatically – When you visit our website or our applications, we may collect technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
7. Your privacy
7.1 You can review your data
Please let us know if you want to view the data that we process about you.
If you exercise your right of access, we will provide you with an overview of your data that is as complete as possible. It is possible that some personal details from traditional back-up files, logs, history or archive files are not included in this overview. This data is not a part of the currently processed personal data. As it is not immediately available, it can therefore not be included. It is, however, removed from these files according to standard clean-up processes.
7.2 You can have your data corrected
It may be the case that some data we have recorded about you is not (no longer) correct. You can request to have data corrected or completed at any time.
7.3 You can have your data deleted
If you suspect that we are unlawfully processing certain data, you can request to have it deleted.
7.4 You can object to a specific use of your data
If you do not agree with the way in which we process certain data, you can object to it. We will grant this right of objection, unless there are compelling grounds not to do so, which is the case when we process data to combat fraud, for example.
7.5 You can sometimes refuse to have your data processed fully automatically
Some data processing operations and processes are fully automated, without human intervention. The logic of this automated process is then interpreted by us at the time of the process.
If you do not agree with the result of a fully automated process of this kind, please contact us.
7.6 You can request that your data should be transferred to a third party
You have the right to request that the personal data you provided is transferred to you or directly to a third party.
Privacy legislation provides for a number of restrictions with regard to this right, meaning that it does not apply to all data.
7.7 You can exercise your rights
Always be as specific as possible if you wish to exercise your rights. This will enable us to handle your request correctly. We must be able to verify your identity as accurately as possible in order to avoid someone else exercising your rights. For this reason, we can ask for a copy of your identity card to be attached to such a request.
Do you have a question or a comment? Please contact us via e-mail, firstname.lastname@example.org. This is your first point of contact in connection with privacy.
8. Retention of your personal data
We use your personal data for a specific purpose and based on specific legal grounds such as:
- Legitimate interests: Huvepharma may process your data whenever it is necessary for the purposes of the legitimate interests pursued by Huvepharma or by a third party, except when such interests are overridden by the interests or fundamental rights or freedoms, which require protection of Personal data.
- Consent: In certain circumstances, we will seek to obtain your freely given, informed and consent to each processing information before we undertake certain processing activities with your Personal data.
- Performance of our contract: In some cases, we will need to process your Personal data in order to execute the obligations under our contract or in order to undertake the necessary steps to enter into a contract.
- Compliance with legal obligation: Processing of your personal date may also be necessary for compliance with a legal obligation to which Huvepharma Entity is subject.
If we no longer have a purpose, the data will be deleted.
The starting point for retention of your personal data is the legal retention period (this is often up to ten years after the end of a contract or after a transaction was carried out) but may be longer if we wish to exercise our rights. If the law does not prescribe a retention period, the retention period may be shorter.
A longer time period may be necessary for some applications, for example carrying out studies, and for producing risk and marketing models. Some insights only become clear when viewed over a broader time frame. The retention period can therefore be extended by ten years with respect to the standard retention periods. However, we will always break the link with individual persons as quickly as possible and will only work with aggregated or pseudonymised data.
9. The processing of your data
We use several processors for the processing of personal data. These are companies that process certain data on our behalf, such as:
- ICT (security) service providers, such as Microsoft, etc.
- social media companies that support us in determining and analysing user behaviour on our applications and our internet sites
- hosting companies
- public authorities when the law requires us to share this data
- any of Huvepharma entities, where necessary and compliant with laws on data transfers
Transferring Personal data to a third party outside the European Economic Area (“EEA”) (i.e. the EU Member States, together with Norway, Iceland and Liechtenstein) is possible only where the third country provides for an adequate level of protection or the Huvepharma entity ensures, in written agreement or otherwise, that the third party will provide adequate guarantees for the protection of Personal data.
10. The protection of personal data
We believe it is important that your data is handled in a secure manner. Various security technologies and measures are therefore used to adequately protect your data against unauthorised access, use, loss or disclosure. Unfortunately, the exchange of information through the internet is never 100% secure.
Although we make every effort to safeguard the security of your data, we cannot guarantee this in absolute terms ourselves.