These rules (“Rules”) define the conditions and the procedure by which natural persons whose personal data is processed by ESTELLINE MEDICAL – IPSMPD can exercise their rights according to the legislation on the protection of personal data.

Part 1: General Principles

1.1. ESTELLINE MEDICAL – IPSMPD processes and protects the personal data collected during the performance of its activities, honestly, lawfully and in accordance with the purposes for which the data were collected.

1.2. Employees who process personal data for the purposes of distribution of products, conclusion of contracts for the provision of goods, fulfillment of obligations under such contracts as part of their work duties shall observe the following principles when processing personal data:

  1. Personal data is processed lawfully and in good faith.
  2. Personal data is collected for specific, well-defined and lawful purposes and is not further processed in a manner incompatible with these purposes.
  3. Personal data collected and processed in the course of human resources management are relevant, related to and not exceeding the purposes for which they are processed.
  4. Personal data is accurate and updated as necessary.
  5. Personal data is deleted or corrected when it is found to be inaccurate or disproportionate to the purposes for which it is processed.
  6. Personal data is maintained in a form that allows the identification of the relevant natural persons for a period no longer than is necessary for the purposes for which these data were collected.

1.3. Employees who process personal data undergo initial and periodic data privacy training and familiarize themselves with the applicable legislation.

Part 2: Definitions

The definitions listed below have the following meanings:

“Personal Data” means any information relating to an identified natural person or a natural person who can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or by one or more characteristics specific to that natural person’s physical, physiological, genetic, mental, economic, cultural or social identity;

“Applicable legislation” means the legislation of the European Union and the Republic of Bulgaria, which is relevant to the protection of personal data;

“Profiling” means any form of automated processing of personal data consisting in the use of personal data to assess certain personal aspects related to an individual, and in particular to analyze or predict aspects, relating to the performance of that natural person’s professional duties, economic status, health, personal preferences, interests, reliability, conduct, location or movement;

“Data subject” means a natural person who can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or by one or more characteristics specific about the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person;

“Regulation (EU) 2016/679” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and to repeal Directive 95/46/EC (General Data Protection Regulation), promulgated in the Official Journal of the European Union on May 4, 2016.

Part 3: Rights of Personal Data Subjects

Personal data subjects have the following rights regarding their personal data:

  1. Right of access;
  2. Right to rectification;
  3. Right to data portability;
  4. Right to erasure;
  5. Right to erasure (right to be forgotten);
  6. Right to request restriction of processing;
  7. Right to object to the processing of personal data;
  8. Right of the data subject not to be subject to a decision based solely on automated processing, regardless of whether that processing includes profiling.

Right of Access
2.1. Upon request, ESTELINE MEDICAL – IPSMPD provides a personal data subject with the following information:

  1. information whether ESTELLINE MEDICAL – IPSMPD processes or does not process the person’s personal data;
  2. a copy of the person’s personal data processed by ESTELLINE MEDICAL – IPSMPD and
  3. explanation about the data processed

2.2. The explanation under Art. 2.1.(iii) includes the following information regarding the personal data processed by ESTELLINE MEDICAL – IPSMPD:

  1. the purposes of processing;
  2. the relevant categories of personal data;
  3. semi collected in connection with the provision of information society services.
  4. We may refuse to delete your personal data for the following reasons:
    • when exercising the right to freedom of expression and the right to information;
    • for compliance with a legal obligation on our part or for the performance of a task of public interest,
    • for reasons of public interest in the field of public health;
    • for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, to the extent that deletion is likely to make impossible or seriously hinder the achievement of the purposes of this processing; or for the establishment, exercise or defense of legal claims.
  5. you have the right to ask ESTELLINE MEDICAL – IPSMPD to limit the processing of your personal data, in which case the data will only be stored, but not processed. Our refusal to limit will be expressly only in writing, and we are obliged to motivate it with the lawful reason;
  6. you have the right to withdraw your consent to the processing of your personal data at any time with a separate request addressed to the administrator;
  7. you have the right to object to certain types of processing, such as direct marketing (unsolicited advertising messages);
  8. you have the right to object to automated processing, including profiling;
  9. you have the right not to be subject to a decision based solely on automated processing involving profiling;
  10. if we need to use your personal data for a new purpose that is not covered by this data protection declaration, we will provide you with a new data protection notice and, when and where necessary, we will ask for your prior consent to the new processing.
  11. All of the above requests will be forwarded if there is a third party (recipients including non-EU and international organizations) processing your personal data.

    You have the right to appeal to the supervisory authority

    You have the right to file a complaint directly with the supervisory authority, the competent authority being the Commission for the Protection of Personal Data, address: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2 (www.cpdp.bg).

    In the event that you wish to file a complaint regarding the processing of your personal data by ESTELLINE MEDICAL – IPSMPD (recipients, including non-EU and international organizations), you can do so at the indicated contact details of ESTELLINE MEDICAL – IPSMPD or directly to the Protection Officer of the details (of the above contact details.)

    You can read more about how and why we use your data here: https://www.aestheline.com/rights