Section I - Who are we?

 

As a personal data controller, in accordance with Article 4(7) of Regulation (EU) 2016/679 , Fuudmedic Ltd has an obligation to inform you what constitutes the processing of personal data, when it is carried out and what the consequences of consenting to the processing of your personal data are in order to ensure transparency in the processing of personal data.

In order for processing to be lawful, the personal data should be processed on the basis of your consent or on another legitimate ground established by law in Regulation (EU) 2016/679 or in another EU or Member State legal act, as specified in the Regulation, including the need to comply with a legal obligation imposed on the controller or the need to perform a contract to which the data subject is a party or in order to take steps at the request of the data subject before entering into a contract.

We inform you that any processing of personal data must be lawful and in good faith. It should be transparent to individuals how personal data relating to them is collected, used, consulted or otherwise processed and the extent to which the processing is or will be carried out.

The principle of transparency requires that all information and communication relating to the processing of these personal data is easily accessible and understandable and uses clear and unambiguous wording. This principle applies in particular to the information that data subjects receive about the identity of the controller and the purposes of the processing, and to the additional information ensuring fair and transparent processing in relation to the individuals concerned and their right to obtain confirmation and notification of the content of personal data relating to them that are processed. Individuals should be informed of the risks, rules, safeguards and rights relating to the processing of personal data and of the means by which they may exercise their rights in relation to the processing. In particular, the specific purposes for which personal data are processed should be clear and legitimate and identified at the time of collection of the personal data. Personal data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed. This requires, in particular, ensuring that the period for which personal data are kept is kept to a strict minimum. Personal data should only be processed if the purpose of the processing cannot be sufficiently achieved by other means. In order to ensure that the storage period of personal data is no longer than necessary, the controller should establish time limits for their erasure or periodic review. All reasonable measures should be taken to ensure that

inaccurate personal data is corrected or deleted. Personal data shall be processed in a manner that ensures an adequate level of security and confidentiality of personal data, including to prevent unauthorised access to, or use of, personal data and data processing equipment.

Don't forget that processing is lawful where:

(a) the data subject has consented to the processing of his or her personal data for one or more specified purposes;

(b) the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract;

(c) the processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) the processing is necessary to protect the vital interests of the data subject or of another natural person;

(e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) the processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

If you have any questions, please do not hesitate to contact us at the following e-mail addresses and contact numbers:

About "Fuudmedik" Ltd.:
Address. Address. "Seliolu" №2
E-mail: hi@dietitianmed.com
Website: https://dietitianmed.com/

Each controller shall keep a register of the processing activities for which it is responsible. This register shall contain all the information listed below:

(a) the name and contact details of the controller and, where applicable, of any joint controllers, the controller's representative and the data protection officer, if any;

(b) the purposes of the processing;

(c) a description of the categories of data subjects and categories of personal data;

(d) the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;

(e) where applicable, the transfer of personal data to a third country or international organisation, including the identification of that third country or international organisation and, in the case of a transfer referred to in the second subparagraph of Article 49(1), documentation of the appropriate safeguards;

(f) where possible, the time limits provided for erasure of the different categories of data;

(g) where possible, a general description of the technical and organisational security measures referred to in Article 32(1).

Section II - What is the purpose of the processing?

Given the specific nature of the services and products we provide, we inform you that your personal data is collected for the purpose of:

• The conclusion of a distance contract, the performance of obligations and/or the exercise of rights under contracts of this kind already concluded
• The accounting of amounts received and the issue of all types of accounting documents required by law
• Providing adequate nutritional recommendations, advice, services, counseling, quality products and diets in order to reduce our clients' body mass or increase their quality of life through healthy eating;

Section III - What is the legal basis on which we process your personal data?

One of the legal grounds used in Article 6 of Regulation (EU) 2016/279 is consent. It should be given by means of a clear affirmative act which expresses a freely given, specific, informed and unambiguous statement of consent by the data subject to the processing of personal data relating to him or her, for example by means of a written declaration, including electronically, or an oral declaration. This may include ticking a box when visiting a website on the internet, opting in to technical settings for information society services, or any other statement or conduct that clearly indicates that the data subject consents to the proposed processing of his or her personal data. Therefore, silence, pre-ticked boxes or lack of action should not constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. Where processing pursues more than one purpose, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unduly disrupt the use of the service for which it is intended.

Section IV - For how long do we keep your personal data?

Considering the nature of our work and the need for the information provided by you in order to fulfill our commitments to you in a qualitative and correct manner, we inform you that your name, personal identification number and/or date of birth, email and telephone number, permanent address are stored for a period of 5 years after the termination of the legal relationship. Data obtained in consultations after which no contract has been concluded, respectively order placed - for a period of two years. In respect of invoices and accounting documents, for a period of 10 years from 1 January of the accounting period following the accounting period to which they relate, in accordance with Article 12 of the Accountancy Act;

 

Section V - Are you eligible for deletion?

In order to provide protection, we have also provided for the right to erasure in accordance with Article 17 of Regulation (EU) 2016/679, according to which the data subject has the right to request the controller to erase personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no legitimate grounds for the processing which override, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

(f) the personal data have been collected in connection with the provision of information society services referred to in Article 8(1).

Section VI - Can you correct your data?

The data subject shall have the right to have inaccurate personal data concerning him or her rectified by the controller. Having regard to the purpose of the processing, the data subject shall have the right to have incomplete personal data completed, including by providing a supplementary application. The controller shall erase the personal data and the data subject shall have the right to request the controller to erase personal data concerning him or her where the processing infringes the provisions of Articles 45, 49 or 51 of the DPA or where the personal data must be erased in order to comply with a legal obligation of the controller. The controller shall rectify or supplement the data or erase the data within 2 months of receipt of the request. He shall restrict the processing of personal data without erasing them where: the accuracy of the personal data is contested by the data subject and this cannot be verified, or the personal data must be retained for evidentiary purposes.

Rectification, completion, erasure or restriction of the processing of personal data may be refused, taking into account the fundamental rights and legitimate interests of the natural person concerned, in cases of inquiries, statutory procedures, legal proceedings or in other cases provided for by law.

Section VII - What are your rights in relation to the data we process?

You have the right to exercise your rights under Articles 15-22 of Regulation (EU) 2016/679 before Fuudmedik Ltd. for the personal data it processes about you. When submitting requests to exercise rights under Regulation (EU) 2016/679 to Fuudmedik Ltd, you will be asked to identify yourself - by providing proof of identity, by electronic signature or by other methods and means of identification. The personal data processed in connection with the processing of individual requests will only be used for the purposes of exercising the said rights. In this respect, personal data may only be disclosed to third parties if this is provided for by law.

 Section VIII - Do you have the right to appeal?

Of course! In order to guarantee your rights as much as possible, we provide you with the relevant contact details in case of suspected misuse of your personal data. In this regard, do not hesitate to contact us at the above-mentioned telephone numbers, as we guarantee our assistance to the maximum extent! In the event of a violation of your rights under Regulation (EU) 2016/679 and under the DPA, as a data subject, you have the right to refer the matter to the Commission (Data Protection Commission) within 6 months of becoming aware of the violation, but no later than two years after the violation. The Commission will inform you of the progress or outcome of your complaint within three months of referral. The Commission shall issue a decision and may apply the measures referred to in Article 58(2)(a) to (h) and (j) of Regulation (EU) 2016/679 or Article 80(2)(a) to (h) of Regulation (EU) 2016/679. 1(3), (4) and (5) of the PDPA and, in addition to or instead of these measures, impose an administrative penalty in accordance with Article 83 of Regulation (EU) 2016/679 as well as under Chapter Nine. The complaint to the Commission may be submitted by letter, fax or electronic means in accordance with the Electronic Document and Electronic Certification Services Act. The decision of the Commission under par. 3 and 4 shall be subject to appeal under the Administrative Procedure Code within 14 days of its receipt.

Data Protection Commission
Address. Sofia, ul. "Prof. 2, 
tel.: (02) 940 20 46
Fax: (02) 940 36 40
Email: kzld@government.bg , kzld@cpdp.bg
Website: www.cpdp.bg

Consumer Protection Commission 
Address: 1000 gr. Sofia, Slaveykov Square №4A, floors 3, 4 and 6, 
Tel: 02 / 980 25 24 
Fax: 02 / 988 42 18 
Hotline: 0700 111 22 
Website: http://kzp.bg/

Section IX - In what records is your data stored?      

"Fuudmedik" Ltd., as a personal data controller, processes only legally collected personal data necessary for specific, well-defined purposes - wholesale and retail of textile own production and other auxiliary activities. "Fuudmedik Ltd applies the principles set out in Article 5 Regulation (EU) 2016/679 - lawfulness, fairness, transparency, accuracy and data minimisation. The information that may contain your personal data is processed for the following records (activities):

• Human Resources - In the course of human resources management activities, data on identification of individuals, education and qualification data, health data, contact data, as well as other data required by special laws governing employment and service relationships, tax and insurance relationships, accounting of activities, safe and healthy working conditions, and social issues are processed.
• Contractors - In the performance of its activities, Fuudmedik Ltd. processes personal data of individuals for the execution of orders and customer requests. The collection of customers' personal data is in connection with the organisation of the delivery of the goods/services offered. For the purposes of implementing the current legislation, "Fuudmedik" Ltd. provides its customers with a "Declaration - Consent" attached as an attachment on the company's website, which must be completed and signed by the declarant in order to provide the offered service / goods to the customer.
• Internal register of breaches of Regulation (EU) 2016/679 and the GDPR;
• Data Breach Notifications;

 

These records are maintained in accordance with the requirements of Regulation (EU) 2016/679 and the Personal Data Protection Act. Insofar as these registers contain personal data, they are subject to the special procedure for maintaining the specific register, as well as the procedure for accessing it, in accordance with the Rules of Procedure of "Fuudmedik" Ltd.

 

 

Changes to the privacy policy

We reserve the right to change our privacy policy.

If you have any questions about the processing of your personal data by FOODMEDIC Ltd, please contact us at hi@dietitianmed.com or via the contact form on the website https://dietitianmed.com/home/

 

We assure you that Fuudmedic Ltd has taken all appropriate measures to ensure an adequate level of data protection. In its operations, our team has implemented adequate data protection policies, ensured protection through robust technical and organisational measures, and maintained the required processing records. When alerts are received, we ensure to assist all our clients when they exercise their rights under the DPA and GDPR.