In case you have any questions or need further information regarding your personal data, rights, and privacy, please contact Bellissimo using the contact details provided in Section I above.
Processing Principles. Legal Basis The protection of personal data is a fundamental human right under Article 8 of the Charter of Fundamental Rights. In turn, Bellissimo considers that the confidentiality, protection, and integrity of your personal information are a priority and commits to complying with legal provisions for the protection of personal data. Bellissimo does not sell personal data collected by Bellissimo to third parties, nor does it process or provide such data to third parties without a legal basis in accordance with the Regulation and PDPA. Bellissimo processes and provides personal data to third parties only when there is a legitimate legal basis for doing so, including explicit and freely given consent under the Regulation and/or another legal basis for processing provided for in the Regulation and PDPA.
The activities carried out by Bellissimo are entirely focused on medical services, expressed in outpatient care, diagnosis and treatment, examinations, patient monitoring, manipulation, and medical activities to the extent necessary for the treatment process, cosmetic procedures, preparation of expertise on temporary incapacity for work, activities related to health prevention, health prevention activities, including preventive check-ups and vaccinations, consultations, and referral to hospital care, as well as the sale of cosmetics. In connection with the above, Bellissimo processes and protects personal data collected in the course of its activities legally and reasonably, in accordance with the purposes for which the data is collected and/or has been collected.
Types of Personal Data Collected and Processed: With respect to the data collected and processed through the aforementioned Bellissimo website: (1) on the website; (2) by sending an email to the contact email address provided on the website and/or making contact through a social network/supported online platform of Bellissimo; and/or (3) by making a phone call to the contact phone number(s) provided on the website and/or in a social network,
Bellissimo collects and processes the following personal data of users/clients/patients: names, email addresses, phone numbers, information (inquiry, request for scheduling a consultation and/or other) that the user has provided in the text field for contacting Bellissimo at the email address indicated on the website through a phone call made.
Regarding the data collected and processed for clients/patients of Bellissimo: Bellissimo collects and processes the following personal data of clients/patients: names, permanent address, email address, phone number, date of birth / PIN, gender, photos, and medical history, including data on previous/current illnesses and/or allergies of the patient, as well as other information related to the provision of the respective medical and/or cosmetic service.
In case a client/patient has given their explicit written consent (to be understood also in the case of consent by electronic signing of a declaration) for the taking of photographic material of the result and/or before carrying out the procedure and after the result, as a result of medical interventions at Bellissimo’s clinic, the patient may be included in a publication by Bellissimo on social networks and/or another marketing platform for marketing purposes. Bellissimo complies with all requirements of the Regulation and PDPA regarding informing the subjects in this regard, and the subjects are informed in accordance with this Policy, including waiting to obtain voluntary and informed consent from its patients before taking actions for marketing purposes.
In the building in which Bellissimo carries out its activities, including the common areas in front of it, Bellissimo conducts video surveillance for security purposes. In compliance with the Regulation and PDPA, Bellissimo has explicitly indicated this information in visible places inside and in front of the building, and in turn, by accepting this Policy and/or visiting the clinic, the subjects accept this fact.
Regarding the Collection and Processing of Data of Minors and/or Unemancipated Persons by Bellissimo:
Bellissimo collects and processes the following personal data of minors and/or unemancipated data subjects: names, permanent address, email address, phone number, date of birth / Personal Identification Number (PIN), gender, photos, medical history, including data on previous/current illnesses and/or allergies of the patient, as well as other information related to the provision of the respective medical and/or cosmetic service, with the explicit consent of the parent/guardian. For the purposes of the same, the same scope of personal data of the parent/guardian of the minor/unemancipated person is collected.
Regarding the Collection and Processing of Data of Employees, Contractors, and Contractual Partners of Bellissimo:
Bellissimo collects and processes the following personal data of its employees, potential future employees, and/or contractors for the purposes and needs of its operations: names, gender, address, email address, date of birth / Personal Identification Number (PIN), passport number / Unique Civil Number (UCN) and/or other identification document (if the employee is not of Bulgarian origin), information about bank account/accounts, information about work and/or professional experience, education and acquired degree, certificates, as well as any and all other documents and/or certificates regarding knowledge and skills, including those provided and received recommendations/reviews from previous employers, partners, and/or patients of the contractor.
By accepting this Policy and/or the General Terms and Conditions of Bellissimo’s website, including all users of the electronic website, including all clients/patients, employees, and contractual partners of the latter (regardless of the method by which they have contacted Bellissimo and provided their personal data to Bellissimo), give their consent to provide data, which/which way constitutes a binding contractual clause between the users of the electronic website/all other persons and/or group/s of persons mentioned above and Bellissimo.
The processing of the above-mentioned personal data is carried out in fulfillment of the purposes of the corporate, economic, administrative, and other operational processes at Bellissimo, including but not limited to the services provided by Bellissimo, such as, but not limited to: providing consultations regarding health condition and/or cosmetic services, recommendations regarding treatment and its implementation, consultations regarding surgical interventions, as well as other medical services between Bellissimo and the users/clients/patients of the electronic website, clients, employees, and contractual partners.
When providing data to third parties, this is done again with consideration of the above-mentioned purposes, and the legal basis for the processing of personal data according to the purposes, subjects, and methods is based on Article 6, paragraph 1, letter “b” of the Regulation.
The provision of personal data is necessary for the conduct of Bellissimo’s activities, including the provision of medical services and/or consultations, performing procedures, and other activities individualized above, and it is a contractual requirement without which the services could not be provided to the client/patient of Bellissimo.
By law, in a judicial/arbitration/executive/seizure process and/or at the request of a competent authority, Bellissimo may be required to disclose personal data to third parties, as well as if such disclosure is necessary for the purposes of national security, law enforcement, or other cases provided for in the legislation.
It is also possible for Bellissimo to disclose personal data if such disclosure is reasonably necessary to protect the legitimate interests of Bellissimo.
Bellissimo processes personal data while strictly adhering to the principle of maintaining the minimum processed personal data necessary for specific, legitimate, and lawful purposes (the need-to-know principle).
Bellissimo processes personal data primarily for: (1) the needs of medical diagnosis and treatment and in general, all medical activities it performs; (2) consultations, diagnostics, intervention, patient monitoring, cosmetic and/or aesthetic procedure; (3) preparation of the necessary medical and reporting documentation in connection with the execution of concluded contracts; performance of assigned duties for the protection of vital interests of the data subject; (4) fulfillment of the purposes of the corporate, economic, administrative, and other operational processes at Bellissimo.
Bellissimo keeps personal data for the period necessary to fulfill the purposes for which they were collected, including to comply with regulatory requirements, tax law, labor law, social security law, accounting standards.
Objectives of Collecting and Processing Personal Data:
Bellissimo collects and processes personal data that are necessary for carrying out its activities and fulfilling its contractual obligations with partners, including but not limited to clients/patients. In view of this, Bellissimo processes personal data for the following purposes:
(1) Establishing contact with the user/client of Bellissimo’s website through the contact form on the electronic website, maintained and managed by Bellissimo, and/or directly through electronic messages to the email address, phone call, and/or electronic message on other electronic/social platforms of Bellissimo.
(2) Preparing responses and taking action on inquiries, complaints, grievances, applications, etc., from users of the electronic page/clients/patients and/or potential/current contractual partners/contractors. With the consent of the user/client/patient, or when permitted by law, Bellissimo may use the personal data of these individuals, namely email address, names, social media profile, for marketing purposes, including connecting with the user/client/patient to provide information, news, and offers related to Bellissimo’s activities. If they have agreed to receive such marketing information, users/clients/patients can withdraw their consent at any time through the provided marketing email functionality (link) for this purpose.
Categories of Processed Personal Data:
Bellissimo collects the following categories of personal data from the respective four groups of individuals, as detailed above in Section IV:
- Names, email address, phone number of users/clients/patients (including future ones) of Bellissimo’s website and/or directly through electronic messages to the email address of Bellissimo, when sending inquiries, complaints, reviews, and any kind of feedback related to Bellissimo’s activities through the contact form on the electronic website, via email message, and/or phone call. In case of a job application, the same amount of data is collected, including a personally prepared CV, review, and/or portfolio based on professional experience and other related to it.
- Names, gender, correspondence/permanent address, email address, phone number, date of birth / Personal Identification Number (PIN), photographic material, and medical history (including data on previous/current illnesses and/or allergies of the patient, as well as other information related to the provision of the respective medical and/or cosmetic service) of clients/patients.
- Names, date of birth / Personal Identification Number (PIN), address, gender, age, photographs, and medical history (including data on previous/current illnesses and/or allergies of the patient, as well as other information related to the provision of the respective medical and/or cosmetic service) of minors and/or unemancipated individuals, in case of performing the respective medical/cosmetic/aesthetic service/intervention and/or consultation, with the explicit consent of the parent or guardian of the individual, if Bellissimo is responsible for it.
- Names, address, email address, date of birth / Personal Identification Number (PIN), passport number / Unique Civil Number (UCN), and/or other identifying document (if the employee is not of Bulgarian origin), gender, information about bank account/accounts, information about work and/or professional experience, education and acquired degree, certificates, a personally prepared portfolio, prepared based on skills and previous work and/or professional experience, information about activities in the field of medical/cosmetic/aesthetic services/consultations, and interventions, as well as any and all other documents and/or certificates regarding knowledge and skills, including those provided and received recommendations/reviews from previous employers, partners, and/or clients/patients of the contractor/applicant/employee, and more.
When users/clients/patients of the electronic page send inquiries to Bellissimo through the contact form on the website or via email, it is presumed that the user/clients/patients have given their free, voluntary, explicit, and informed consent for the processing of personal data voluntarily included by them in their inquiries to Bellissimo.
Cookies Policy
Cookies are small information files sent from a web server and stored in the internet browser of the user(s) (e.g., data about language used, time of connection, visited web pages) or on the hard drive, which are then returned from the internet browser to the server every time access to that server is obtained when visiting the respective website.
Bellissimo’s website uses cookies to distinguish users from one another, provide users with better services, and improve its website. Acceptance of this Policy regarding cookies is achieved through the user’s click on the pop-up message on Bellissimo’s website, as well as when the user continues to use Bellissimo’s website. In case a user does not agree with this Policy, they are obliged to immediately stop using Bellissimo’s website.
Bellissimo’s website may use both Bellissimo’s cookies (First Party Cookies) and third-party cookies for advertising purposes (Third Party Cookies). At a given moment, Bellissimo’s website may use the following types of Bellissimo’s cookies (First Party Cookies) for the following purposes:
(1) Strictly Necessary Cookies: These cookies are considered necessary for the operation of the website, as they support functions such as login and/or order/requests submission, and more.
(2) Analytics and Targeting Cookies: For Bellissimo, it is essential to understand how its website is being used, such as the effectiveness of navigation and which of its features are being used. Analytics and targeting cookies allow Bellissimo to collect information that helps improve the website and user satisfaction.
(3) Functionality Cookies: Functionality cookies allow Bellissimo to provide additional features on its website, such as personalization and the ability to remember saved settings.
All the above-mentioned cookies can be either persistent (remaining on the computer or device for a specified period and activated each time the website is visited) or session-based (deleted immediately after closing the browser). Bellissimo’s website cookies expire and are automatically deleted after 2 days.
Upon entering Bellissimo’s website, and before using cookies on the user’s computer or device, a pop-up message appears in the user’s browser, through which the use of cookies can be allowed or declined. Allowing cookies enables Bellissimo to provide the best quality of services through its website and improve user satisfaction. If the use of cookies is declined, certain functionalities of Bellissimo’s website may become inaccessible or unavailable.
Every user can configure their internet browser not to store cookies, and they can also delete already stored cookies at any time. Users wishing to take advantage of these features should make the appropriate settings in their browser and/or seek assistance from the manufacturer of their internet browser.
Bellissimo is not responsible if the internet browser used by the user does not have features for controlling the use, refusing storage, or deleting already stored cookies. In case the user denies the storage of cookies or deletes already stored ones, it is possible that the normal functioning of the website may be technically disrupted for that user.
Security Measures
Bellissimo takes sufficient technical and organizational measures to protect the personal data it processes from theft, misuse, unauthorized access, unauthorized disclosure, unauthorized destruction, or any other illegal processing or disposal of such data.
All representatives and employees of Bellissimo, as well as all subcontractors of Bellissimo, are obliged to maintain confidentiality and strictly apply the legislation on personal data protection, in accordance with the Regulation and the Personal Data Protection Act.
In cases where Bellissimo provides personal data to third parties, Bellissimo applies mechanisms, including contractual ones, to ensure that these data are processed and protected in accordance with applicable law.
Retention Periods
Bellissimo adheres to the principle of retaining data only for the period for which retention is necessary and mandatory to achieve the purpose for which they were collected, unless the law provides for longer storage. After the statutory storage periods for documentation have expired, in accordance with applicable accounting, financial, and tax legislation in the Republic of Bulgaria, including statutory requirements for archiving documentation, Bellissimo deletes and erases personal data related to:
- Made inquiries, submitted questions, applications, complaints, and others through the contact form on the electronic website, by email and/or through another electronic platform.
- Administrative and operational activities.
Bellissimo does not store personal data longer than is necessary for the purposes for which they were collected.
Retention of Personal Data Related to Medical, Cosmetic, and Aesthetic Services
Bellissimo deletes and erases personal data related to inquiries made through the electronic website after a period of 2 days if the person has not scheduled an appointment/consultation at Bellissimo clinic and/or has not received the respective medical/cosmetic/aesthetic or other intervention at Bellissimo clinic. In case the user/client/patient has used any of Bellissimo’s services, Bellissimo deletes and erases personal data after a period determined by the state according to understandings for medical documents and storage, counted from the last contact made by the client/patient/user with Bellissimo.
Rights Regarding Personal Data
In accordance with the Regulation and the Personal Data Protection Act, data subjects have the following rights at any time:
- The right to access their personal data processed by Bellissimo.
- The right to request the correction of inaccurate data, deletion (if there is a legal basis for it), restriction, or blocking (if there is a legal basis for it) of the processing of their personal data processed by Bellissimo.
- The right to data portability, subject to the conditions set out in the Regulation.
- The right to object at any time to the processing of their personal data when there are legal grounds for it.
- The right to lodge a complaint with the Commission for Personal Data Protection (CPDP) if they believe that their rights related to the protection of their personal data have been violated.
Bellissimo may refuse to comply with requests to exercise rights when provided for in the Regulation and the Personal Data Protection Act, including when requests are repeatedly unsubstantiated, require excessive efforts and/or expenses for the administrator, are clearly unfounded, or when they jeopardize or violate the confidentiality and rights of other users.
Procedure for Exercising Personal Data Subject Rights
Data subjects can exercise their rights under this Policy by submitting a request to exercise the respective right.
Requests to exercise the rights of data subjects can be submitted in the following ways:
- Electronically to the following email address: [email protected].
- In person at the administrative department in Bellissimo clinic.
- By mail – at the address of Bellissimo – Sofia 1618, Krasno Selo district, Bulgaria Blvd. No. 102, Bellissimo business building.
A request to exercise rights related to the protection of personal data should contain the following information:
- Identification of the person – name and Personal Identification Number (EGN).
- Contact information for feedback – address, telephone, email.
- Request – description of the request.
Bellissimo provides information on the actions taken in response to a request to exercise the rights of data subjects within one month of receiving the request.
If necessary, this period may be extended by another two months, taking into account the complexity and the number of requests from a particular person. Bellissimo informs the person about any such extension within one month of receiving the request, indicating the reasons for the delay.
Bellissimo is not obliged to respond to a request in case it is unable to identify the data subject.
Bellissimo may request the provision of additional information necessary to confirm the identity of the data subject when there are reasonable doubts about the identity of the individual submitting the request.
When a request is made electronically, to the extent possible, the information is provided electronically unless the data subject has requested otherwise.
Effective Date and Updates
This Privacy Policy came into effect on January 1, 2020. Bellissimo may modify and update this Privacy Policy, with any changes/updates being published on the official website of Bellissimo as mentioned. At its discretion, Bellissimo may also take other actions to notify users/clients/patients/employees/contractors of the amended or updated Policy.