Privacy Policy

Information about the Personal Data Administrator:

VIA CLINICS EOOD is a company registered in the Commercial Register of the Registry Agency with UIC: 207581243, email: info@viawellbeing.com, and address Sofia, Oborishte district, Oborishte Street, 9, entrance 1, floor 2.

Bases and purposes for which we use your personal data

We process your personal data on the following grounds:

  • The general conditions for using the Website;
  • Explicit consent from you – the purpose is specified for each particular case;
  • When a legal obligation is provided;

In the following paragraphs, you will find detailed information about the processing of your personal data depending on the basis on which we process them.

For the fulfillment of a contract

We process your personal data for the needs of using the Website in accordance with the rules of the general conditions.

Purposes of processing (when applicable):

  1. Establishing your identity;
  2. Providing the functionalities of our website On this basis, we process only personal data in connection with the user profile you have created.

Data collected on this basis are deleted 2 years after the termination of the contractual relationship, regardless of whether it is due to the expiration of the contract, cancellation, or other reasons.

With your consent: We process your personal data on this basis only after explicit, unambiguous, and voluntary consent on your part. We will not foresee any adverse consequences for you if you refuse to process personal data.

Consent is a separate basis for processing your personal data, and the purpose of the processing is specified in it, and does not cover the purposes listed in this policy. If you give us the respective consent and until its withdrawal or termination of any contractual relations with you, we prepare suitable offers for products/services for you by performing detailed analyses of your basic personal data;

Data we process on this basis:

On this basis, we may process personal data for direct marketing purposes, including data on website consumption and social media profiles.

Disclosure of data to third parties

On this basis, we may provide your data to marketing agencies, Facebook, Google, or other similar entities.

Withdrawal of consent

Provided consents can be withdrawn at any time. The withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent to process personal data for one or all of the ways described above, we will not use your personal data and information for the purposes specified above. The withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

To withdraw the given consent, it is only necessary to use our website or simply our contact details.

When we delete data collected on this basis

Data collected on this basis are deleted upon your request or 12 months after their initial collection.

How we protect your personal data

To ensure adequate protection of the company’s data and its clients, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.

The company has established rules to prevent abuse and security breaches, which supports the processes of preserving and ensuring the security of your data.

For maximum security in processing, transferring, and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

User Rights

Every User of the site enjoys all rights for the protection of personal data according to Bulgarian legislation and the law of the European Union.

The user can exercise their rights by sending a message to our email.

Every User has the right to:

  • Information (regarding the processing of their personal data by the administrator);
  • Access to their personal data;
  • Correction (if the data are inaccurate);
  • Deletion of personal

data (“right to be forgotten”);

  • Restriction of processing by the administrator or the data processor;
  • Portability of personal data between different administrators;
  • Objection to the processing of their personal data;
  • The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly significantly affects them;
  • The right to judicial or administrative protection in case the rights of the data subject have been violated. The User may request deletion if one of the following conditions is present:
  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The User withdraws their consent on which the data processing is based and there is no other legal basis for the processing;
  • The User objects to the processing and there are no overriding legal grounds for the processing;
  • The personal data have been unlawfully processed;
  • The personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State that applies to the administrator;
  • The personal data have been collected in connection with the offer of information society services to children and consent has been given by the person holding parental responsibility for the child.

The User has the right to restrict the processing of their personal data by the administrator when:

  • They contest the accuracy of the personal data. In this case, the restriction of processing is for a period allowing the administrator to verify the accuracy of the personal data;
  • The processing is unlawful, but the User does not want the personal data to be deleted, instead requesting a restriction on their use;
  • The administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise, or defense of legal claims;
  • They have objected to processing pending the verification whether the legitimate grounds of the administrator override those of the User.

Right to Data Portability.

The data subject has the right to receive the personal data concerning them, which they have provided to the administrator, in a structured, widely used, and machine-readable format, and has the right to transmit those data to another administrator without hindrance from the administrator to whom the personal data have been provided, when the processing is based on consent or a contractual obligation and the processing is carried out by automated means.

When exercising their right to data portability, the data subject has the right to have personal data transmitted directly from one administrator to another, where technically feasible.

Right to Object.

Users have the right to object to the processing of their personal data by the administrator. The personal data administrator is obliged to cease processing unless it demonstrates compelling legal grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. If an objection is raised against the processing of personal data for direct marketing purposes, processing should be terminated immediately.

Complaint to the Supervisory Authority

Every User has the right to file a complaint against the unlawful processing of their personal data to the Personal Data Protection Commission or the competent court.

This personal data protection policy was prepared with the help of https://obshti-uslovia.com.