top of page
Logo11.png
page_2.jpg

Terms & Conditions

These GENERAL TERMS AND CONDITIONS govern the relationship between "Center for European Health Policies" EOOD, with UIC 207108518, with registered office and management address: Sofia, postal code 1000, district Triaditsa, Manastirski livadi-iztok, Bulgaria blvd. 105A, office #11, operating via the website: "www.cehp.eu", hereinafter referred to as "the Site', on the one hand, and the Users of the Site (hereinafter referred to as Users), on the other.
Email address for contacting us: info@cehp.eu.
Please read the complete published General Terms and Conditions before using the Site. By accessing the Site, each User automatically undertakes to comply with the conditions described below.

SITE USAGE TERMS:

On the Site, you can obtain information about who we are, what our mission is, our projects, the services we offer, and our partners. The Site is built purely for informational purposes and there is no option for directly ordering a specific service.

If you are interested in our services and projects, as well as making a request for their use, you can do so via the contact forms.

The Site's services can be used without the need for registration of a user profile.

INTELLECTUAL PROPERTY

The intellectual property rights over all materials and resources located on the Site (including available databases) are protected by the Copyright and Related Rights Act, belong to the Site or the respective party that has granted the right to use the Site, and cannot be used in violation of the applicable legislation.
In case of copying or reproducing information beyond what is permitted, as well as any other violation of the intellectual property rights over the Site's resources, we reserve the right to claim compensation for the direct and indirect damages suffered in full.

Unless explicitly agreed otherwise, the User may not reproduce, modify, delete, publish, distribute, or otherwise disclose the informational resources published on the Site.
The Site undertakes to take due care to provide the User with normal access to the provided functionalities and informational resources.

The Site reserves the right to suspend access to the provided functionalities and informational resources. The Site has the right, but not the obligation, at its discretion, to delete informational resources and materials published on its site.

AMENDMENTS TO THE GENERAL TERMS

(1). The Site reserves the right to add, change, or remove services without prior notice.
(2). These General Terms and Conditions may be amended in connection with a change in the nature of the respective service(s).
When the User does not agree with the changes to the general terms, the User has the right not to use the Site’s service.

APPLICABLE LAW

For all issues not regulated by these General Terms and Conditions, the provisions of the current legislation of the Republic of Bulgaria apply.

The parties agree that if any provision of these General Terms and Conditions is found to be invalid, this shall not lead to the invalidity of other clauses or parts of the General Terms and Conditions. The invalid provision shall be replaced by the mandatory provisions of the law or the actual will of the parties.

All disputes between the parties shall be resolved in the spirit of understanding and goodwill. In the event that an agreement is not reached, all unresolved disputes in connection with the Site, including disputes arising or relating to interpretation, invalidity, performance or termination, as well as disputes regarding filling in the gaps in the General Terms and Conditions or adapting them to new circumstances, shall be resolved by the competent court according to the current Bulgarian legislation.

COOKIE POLICY

Use of "Cookies"

"Cookies" are short text files or small packets of information that are stored by your internet browser on your end device (computer, tablet, laptop, or mobile phone) when you visit various websites and pages on the Internet. The primary purpose of "cookies" is to make the user recognisable when they return to the Website. Some "cookies" have a more specific application, such as saving the user’s behavior on the site and facilitating the user’s navigation on the Website. More information on how "cookies" work can be found on the Internet.

How are "cookies" used on this Website?

We use "cookies" on this Website mainly to facilitate the usability of the site, improve its performance, and store information on user behaviour. In this process, no personal data is stored, i.e., through the site’s "cookies" we cannot identify you as an individual, and therefore, the Data Protection Act does not apply to the collection of this information. The information collected from "cookies" is usually used in aggregated form for analysing user behaviour on the Website, which allows us to improve the site's functionality, user pathways, and content.

What "cookies" are used on this Website?

Session "cookies"
This type of "cookie" facilitates your use of the site by temporarily storing information only for the duration of the browser session. Usually, the information stored through them includes the goods or services you have added to the cart, which pages of the site you have visited, and how you arrived at specific information. These "cookies" do not collect information from your device and are automatically deleted when you leave the Website or end your browser session.


Persistent "cookies"
They allow us to store specific browsing information, such as analysing site visits, how you arrived at the Website, which pages you viewed, which options you selected, and where you navigated within the Website. Tracking this information enables us to make improvements to the Website, including correcting errors and expanding content. The retention period for this type of "cookie" varies according to its specific purpose.

 

Third-party "cookies"
Our Website contains links to other sites or embedded content from other sites, for example from Facebook, YouTube, Twitter, Google+, LinkedIn, partner websites. It is possible that when visiting these sites or opening their content, "cookies" from these websites are stored on your device. These "cookies" are defined as "third-party cookies", over which we have no control regarding their generation and management. Therefore, we advise you to seek information about them and how they are managed on the respective third parties' websites.

How can I manage the use of "cookies" on this Website?

All browsers allow the management of "cookies" through a dedicated folder in your browser settings. You can block the receipt of "cookies", delete all or some of them, or set your preferences regarding the use of "cookies" before visiting our site. Please note that deleting or blocking "cookies" may adversely affect the functionality of our Website and consequently your user experience.

Disabling or Blocking "Cookies"

Controlling, disabling, or blocking "cookies" is managed through your browser settings. Please note that a complete ban on the use of all "cookies" may affect the performance, effectiveness, and accessibility of certain information on the site.

Rules regarding the mechanism of processing personal data and its protection against illegal processing

Article 1.
These internal rules for technical and organisational measures and the permissible form of personal data protection govern the organisation of the processing of personal data of the company's clients, as well as their protection.

Article 2.
The company is the data controller of personal data and, as such, maintains the following registers:
Register "Clients".

Article 3.
In the "Clients" register, the personal data of the company’s clients are collected and stored with the aim of:

  • Identifying the respective counterparties.

  • Providing the company’s services for which the counterparties’ personal data are necessary.

  • Complying with the regulatory requirements of the Accounting Act and other relevant regulatory instruments.

  • Using the collected data for the respective persons for official purposes only and solely after obtaining proper consent from the persons for the processing of their personal data for the following purposes:

    • For all activities related to the establishment, modification, and termination of contractual relationships, as well as for collecting receivables arising from the latter – for the preparation of any documents in this regard (contracts, additional agreements, any commercial, accounting, and other documents).

    • For establishing contact with persons by telephone, address, and/or email, for sending correspondence related to the fulfilment of their obligations under the contracts concluded with the Company.

    • For maintaining accounting records.

Article 4.
(1). In the "Clients" register, the following types of personal data regarding the "Personal Identity" category of persons are stored: names, contact phone numbers, email addresses, etc. They are provided on the basis of entering into and fulfilling the contract.
(2). The registers with personal data maintained by the company are protected with controlled access, which is provided to authorised employees through an identification procedure with a username and password. The registers are maintained on an electronic medium in cloud storage, managed by a personal data processor, which in turn applies the necessary measures to protect personal data.
(3). By exception, the company may also maintain paper registers with data. The data for employees and clients are stored in folders, arranged in binders, located in a storage room with restricted access at the company’s office.

Chapter Three
PROCESSING OF PERSONAL DATA

Article 5.
Collection of personal data:
(1). Personal data in the "Clients" register are collected by direct provision by users and clients or automatically.
(2). When collecting personal data, the data subject should be informed of the purposes for collecting and processing the data.
(3). When personal data are collected and processed on paper for the company’s clients, they are stored in a storage room with restricted access with a key and are used by authorised persons solely for the purpose of fulfilling legal or contractual obligations.

Article 6.
(1). The Company may delegate the processing of personal data to processors. Processing may be delegated to more than one processor according to the specifics of their functions and with the aim of distinguishing their specific obligations.

Article 7.
The Company may transfer personal data of its clients to third parties, for which the data subjects must be explicitly informed.

Chapter Four
PROTECTION OF PERSONAL DATA. OBLIGATIONS OF THE CONTROLLER.

Article 8.
Providing access to personal data:
(1). Every natural person has the right to access personal data relating to him/her. In cases where accessing the personal data may reveal data about a third party, the controller is obliged to provide the respective natural person access only to the portion of the data relating to him/her.
(2). To obtain access to personal data, data subjects may follow the procedure described in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.
(3). When the data do not exist or cannot be provided on a specific legal basis, access to them is denied to the applicant with a reasoned decision, which is communicated to the applicant in accordance with the previous sentence.
(4). When fulfilling its obligations to provide access to personal data, the company provides the data subject with the following information:

  • The data that identify the controller and the contact details for contacting him/her.

  • The purposes for which the personal data are processed, as well as the legal basis for their processing.

  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular the recipients in third countries within the meaning of the Regulation or international organisations, as well as their guarantees for protection.

  • When possible, the intended retention period for which the personal data will be stored, and if this is not possible, the criteria used to determine this period.

  • The existence of the right to request the controller to correct or delete personal data or restrict the processing of personal data relating to the applicant, as well as the right to object to such processing.

  • The right to lodge a complaint with the Data Protection Commission.

  • The existence of a profiling procedure, if applicable to the personal data of the subject.

(5). The controller is obliged to notify every recipient to whom the personal data have been disclosed of any correction, deletion, or restriction of processing, unless this is impossible or would require disproportionately large efforts. The controller informs the data subject regarding these recipients, if the data subject so requests.
 

Article 9.
(1). The provision of personal data in a Member State of the European Union, as well as in another Member State of the European Economic Area, is carried out in compliance with the requirements of the applicable European and national legislation.
(2). The transfer of personal data to a third country outside those mentioned in paragraph 1 is permitted only if it provides an adequate level of protection for personal data within its territory.

Article 10.
Retention period for personal data: 
"Clients" register: The various carriers of accounting and tax information containing personal data from the "Clients" register – of the company’s clients with whom a contract has been concluded – are stored for the periods stipulated in the Accounting Act and the Tax and Social Insurance Procedural Code.

Article 11.
Periodic archiving – the archiving of personal data is carried out by the company periodically, and access to the archived data is further restricted.

Article 12.
(1). The Company is obliged, in the event of receiving a request from a natural person whose personal data are processed by the Controller, to delete the personal data without undue delay when any of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected or processed in any other way.

  • The person withdraws his/her consent on which the processing is based and there is no other legal basis for processing.

  • The person objects to automated decision-making applied by the Controller concerning his/her personal data and there are no other legal grounds for processing that have precedence, or the person explicitly objects to processing.

  • The personal data have been processed unlawfully.

  • The personal data must be deleted in order to comply with an obligation under European or national law.

  • The personal data were collected in connection with offering information society services to children.

(2). The Company has the right to refuse to carry out the actions mentioned in paragraph 1 in the cases stipulated by law, in which event the controller shall inform the data subject of the refusal.
 

Article 13.
(1). Data portability: The data subject has the right to receive the personal data that he/she has provided to the Controller in a structured, commonly used, and machine-readable format, and has the right to transfer these data to another controller without hindrance from the Controller to whom the personal data were provided, when:
(a) The processing is based on the data subject's consent or on a contractual obligation. 
(b) The processing is carried out by automated means.

Article 14.
(1). In the event of a breach of personal data security, the Controller, without undue delay but no later than 72 hours after becoming aware of it, shall notify the breach of personal data security to the Data Protection Commission, unless there is no risk that the breach of personal data security may lead to a risk to the rights and freedoms of natural persons.
(2). In cases where there is a likelihood that the breach of personal data security may lead to a high risk to the rights and freedoms of natural persons, the company shall, without undue delay, notify the data subject of the breach of personal data security.

Article 15.
The Controller implements appropriate technical and organizational measures to ensure that by default only personal data that are necessary for each specific purpose of processing are processed, and this obligation relates to the volume of collected personal data, the degree of processing, the period of their retention, and their accessibility.

bottom of page