My cart

0 item(s) - € 0.00

  • Your shopping cart is empty!

PERSONAL DATA PROTECTION

I. INTRODUCTION

Welcome to www.Biosef.com  (the "Website" or "Internet Page"), which is created for the benefit and by order of "BIOSEF LTD" with UIC: 207461653, having its registered office and management address in Bulgaria, Burgas, Macedonia Street 44.

 

By using this website, you agree to the terms regarding the collection, use, and disclosure of your personal data in accordance with this Privacy Policy. Please read this Privacy Policy carefully before you start using this website. If you have any questions regarding the terms outlined in the Privacy Policy or if you wish to contact us for further information, please feel free to reach out to us at the email address: office@biosef.com .

 

If you do not agree with any of the terms in this Privacy Policy, it is important to note that you should not use this website. Your use of the site will be considered explicit consent to the terms of this policy. To ensure your full awareness and safety, we take all necessary measures to protect your personal information in accordance with the latest legal requirements for data protection.

 

SUPERVISORY BODY:

Personal Data Protection Commission: Address: Sofia, P.O. Box 1592, Prof. Tsvetan Lazarov Blvd. 2

Contact information: 02/915 35 18; 02/915 35 15; 02/915 35 19; kzld@cpdp.bg, www.cpdp.bg

 

II. PURPOSES AND SCOPE OF THE PRIVACY POLICY

2.1 Protection of Personal Data

The administrator of this website understands the importance that visitors place on the protection of their personal data and is committed to ensuring its protection by applying all necessary personal data protection standards, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council from April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data, as well as repealing Directive 95/46/EC. In accordance with this regulation, the administrator takes all necessary measures to ensure the safety and integrity of the personal data provided by visitors to the website.

 

With this Privacy Policy, the administrator confirms its commitment to protecting the right to privacy of individuals and makes every effort to prevent unlawful processing of personal data. This includes the implementation of appropriate technical and organizational measures that meet modern technological achievements. A level of protection is ensured that is adequate to the risks associated with data processing, as well as the nature of the data that needs to be protected.

 

These measures include, but are not limited to, protection of data against unauthorized access, misuse, disclosure, alteration, and destruction. The administrator regularly reviews and updates these measures in accordance with the development of technologies and data protection standards.

 

2.2 Information about the Privacy Policy

With this Privacy Policy and in accordance with the requirements of Regulation (EU) 2016/679, the Administrator provides detailed information regarding several important aspects related to the processing of personal data. This information covers:

 

• The purposes and scope of the privacy policy: This Privacy Policy aims to provide clear information on how the Administrator collects, uses, and protects the personal data of its users. It outlines the scope of personal data processing, in compliance with applicable legal requirements.

 

• The personal data collected and processed by the Administrator: The Administrator collects certain personal data, which may include identification information such as names, email addresses, phone numbers, and other information necessary for providing services or fulfilling contractual obligations.

 

• The purposes of personal data processing: Personal data is processed for various purposes, including providing services, fulfilling contracts, marketing communications, improving user experience, and compliance with legal requirements.

 

• Retention period for personal data: Personal data will be retained only for the period necessary to fulfill the purposes for which it was collected or until the expiration of legally established retention periods.

 

• Mandatory and voluntary nature of providing personal data: When providing personal data, the user will be informed whether the provision of certain data is mandatory or voluntary. In cases of mandatory data provision, this will be clearly indicated.

 

• Processing of personal data: The Administrator processes personal data in accordance with the principles of legality, fairness, and transparency, as well as in line with the right to personal data protection.

 

• Protection of personal data: The Administrator takes necessary technical and organizational measures to protect personal data from unauthorized access, misuse, alteration, or disclosure, in accordance with current data protection standards.

 

• Recipients or categories of recipients to whom data may be disclosed: Personal data may be disclosed to third parties only in cases of legal requirements or as part of services provided by processors acting on behalf of the Administrator.

 

• Rights of individuals: Users have a range of rights, including the right to access their personal data, correct inaccuracies, delete data, restrict processing, and others, which will be described in detail in the relevant sections.

 

• Procedure for exercising rights: Users can exercise their rights by contacting the Administrator using the provided contact details. The Administrator will take the necessary actions in accordance with the legislation to ensure the fulfillment of these rights.

 

• Right to object: Users have the right to object to the processing of their personal data when it is carried out based on legitimate interest or for direct marketing purposes.

 

• Buttons, tools, and content from other companies: The website may include buttons, tools, or content from other companies (such as social media networks), which may also collect and process personal data. The Administrator is not responsible for these actions.

 

• Changes to the privacy policy: The Administrator reserves the right to update and amend this Privacy Policy at any time, and will inform users about these changes. The updated version of the policy will be published on the website.

 

This information aims to ensure transparency and awareness regarding how the Administrator processes and protects the personal data of its users, in compliance with all applicable regulatory requirements.

 

III. DEFINITIONS

For the purposes of Regulation (EU) 2016/679 and this policy, the following terms have the meaning stated below:

 

• Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 

• Processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, whether by automated or other means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making data available, alignment or combination, restriction, erasure, or destruction.

 

• Restriction of processing means marking stored personal data with the aim of limiting its processing in the future. This may include actions preventing the processing of personal data for specific purposes, but keeping it for future use, such as for legal evidence or the fulfillment of legal obligations.

 

• Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, and specifically to analyze or predict aspects concerning the performance of the person's professional duties, their economic status, health, personal preferences, interests, reliability, behavior, location, or movement.

 

• Controller means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. When the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be laid down in Union or Member State law.

 

• Data processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, following their instructions and not using the personal data for its own purposes.

 

• Recipient means a natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the course of a specific investigation in accordance with Union or Member State law are not considered “recipients”; the processing of these data by the stated public authorities shall be subject to applicable data protection rules in accordance with the purposes of processing.

 

• Third party means a natural or legal person, public authority, agency, or another body, other than the data subject, the controller, the data processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

 

• Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, either by a statement or by a clear affirmative action, signifying agreement to the processing of personal data related to them. This consent must be given voluntarily and with a full understanding of the purposes and scope of the processing.

 

• Personal data breach means a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. Such a breach may affect an individual’s privacy and result in a risk of loss or misuse of personal data.

 

These definitions are essential for understanding how personal data is processed and protected in accordance with Regulation (EU) 2016/679 and the relevant national legislative framework.


IV. PRINCIPLES OF PERSONAL DATA PROCESSING

The Administrator follows the following principles when processing the personal data of individuals, namely:

• Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and in a transparent manner concerning the data subject. This means that the processing is carried out in accordance with applicable laws and regulations, ensuring that the data subject is informed about the purposes and manner of processing their personal data. The administrator is required to provide clear and transparent information about any data processing.

 

• Purpose limitation: Personal data is collected for specific, explicitly stated, and legitimate purposes, and not processed in a manner incompatible with those purposes. This ensures that data is used solely for the purposes for which it was collected, preventing any use for unclear or unauthorized purposes.

 

• Data minimization: Personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. This means that the administrator collects only the data that is absolutely necessary to achieve the specified goals and does not collect excessive or unnecessary information.

 

• Accuracy of data: Personal data must be accurate and, where necessary, kept up to date. The administrator is required to take the necessary measures to correct or delete inaccurate or outdated personal data to ensure their relevance and reliability.

 

• Storage limitation: Personal data is stored in a form that allows the identification of the data subject for no longer than necessary for the purposes for which the data is processed. This means that the administrator should not retain personal data for an indefinite or unreasonably long period and must delete or anonymize the data when they are no longer necessary for processing purposes.

 

• Integrity and confidentiality: Personal data is processed in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. The administrator must implement appropriate technical and organizational measures to protect personal data and ensure its security, including through encryption, anonymization, and other methods of data protection.

 

V. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR

5.1 The Administrator does not collect or process special categories of personal data, such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in trade unions, genetic data, biometric data for the sole purpose of identifying a natural person, health data, or data concerning the sexual life or sexual orientation of a natural person. Individuals should not provide such sensitive data to the Administrator. If an individual deliberately provides sensitive data to the Administrator, the Administrator is obligated to immediately delete them, taking all necessary actions to ensure their deletion and prevent similar future occurrences.

 

5.2 Individuals provide personal data to the Administrator when they contact the Administrator by phone. The contact phone number for the Administrator is listed in the identification data of the Administrator in this Privacy Policy, in the "Contacts" menu, available via the "Contacts" button located at the bottom of the website, as well as in the website's footer, where the Administrator's contact details are provided.

 

When an individual contacts the Administrator by phone, the Administrator collects and processes only the individual's name and phone number, and in some cases, the individual's email address. These data are processed for communication purposes with the individual. The processing of these personal data is necessary for actions prior to the conclusion of a contract and actions taken at the request of the individual, such as providing more information regarding the products offered by the Administrator in relation to the potential conclusion of a contract with the individual.

 

The Administrator uses the services of a telephone service provider located in the Republic of Bulgaria to process data related to phone calls. Personal data collected directly from individuals when they contact the Administrator through the contact form on the website for contacting the Administrator.

 

5.3 Individuals provide personal data to the Administrator when they contact the Administrator via the contact form on the website. This form is accessible in the "Contacts" menu located at the bottom of the website via the "Contacts" button. When an individual sends a message to the Administrator via the contact form, the Administrator collects and processes the individual’s name, email address, phone number, and other information that the individual provides in the message, such as their address. These data are processed for communication purposes with the individual and for keeping records. The processing of these personal data is necessary for actions prior to the conclusion of a contract and actions taken at the request of the individual, such as providing more information regarding the products offered by the Administrator in relation to the potential conclusion of a contract with the individual.

Personal data collected directly from individuals when they contact the Administrator by email.

 

5.4 Individuals provide personal data to the Administrator when they contact the Administrator by email. The email address of the Administrator is listed in the identification data of the Administrator in this Privacy Policy and in the "Contacts" menu, accessible via the "Contacts" button located at the bottom of the website, as well as in the footer of the site, where the Administrator's contact details are provided.

 

When an individual sends an email to the Administrator, the Administrator collects and processes the email address, as well as other information provided by the individual in the sent email, such as name, phone number, and address. These data are processed for the purpose of communication with the individual and maintaining records. The processing of these personal data is necessary for actions prior to the conclusion of a contract and actions taken at the request of the individual, such as providing more information regarding the products offered by the Administrator in relation to the potential conclusion of a contract with the individual.

 

Personal data collected directly from individuals when they contact the Administrator via sending a message using the Facebook platform:

 

When contacting the Administrator via messages on the Facebook social platform, the Administrator collects and processes personal data directly provided through the platform, including, but not limited to, the individual's name, profile data, email address (if provided), phone number, and other information that may be part of the message. These data are processed for the purposes of communication and contact with the individual, as well as providing additional information about the Administrator's services and products.

 

These personal data are used only for communication purposes and within the provided information, without storage or processing beyond this purpose, unless required for essential legal or contractual purposes.

 

5.5 Personal data collected directly from individuals when they contact the Administrator via sending a message using the Facebook platform.

 

5.6 Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the Facebook platform's messaging service, accessible through the Administrator’s Facebook page.

When an individual sends a message to the Administrator using the Facebook messaging service, the Administrator collects and processes the individual’s name, as well as other information provided in the sent message.

 

These data are processed for the purposes of communication with the individual and maintaining records. The processing of these personal data is necessary for actions prior to the conclusion of a contract and actions taken at the request of the individual, namely providing more information regarding the products offered by the Administrator in relation to the potential conclusion of a contract with the individual.

 

The Administrator uses the services of Facebook, an independent service provider located in the United States, to receive messages via the Facebook platform. This means that the provided personal data will be stored on Facebook’s servers in the United States. Appropriate safeguards must be provided for the transfer of these personal data outside the European Economic Area in accordance with Article 46 of Regulation (EU) 2016/679. Facebook has its own Privacy Policy, and it is recommended that individuals familiarize themselves with it to obtain more information about how their personal data is processed by Facebook. Facebook’s Privacy Policy is published at the following address: https://www.facebook.com/policy.php.

 

Personal data collected directly from individuals when they contact the Administrator via sending a message using the Instagram platform (This section will be supplemented with similar information related to the Instagram platform, if necessary).

 

5.7 Personal data collected directly from individuals when they contact the Administrator via sending a message using the Instagram platform.

 

5.8 Individuals provide personal data to the Administrator when they contact the Administrator via sending a message using the Instagram platform’s messaging service, available through the Administrator’s page on Instagram. When an individual sends a message to the Administrator via the Instagram platform’s messaging service, the Administrator collects and processes the individual’s name, as well as any other information the individual provides in the sent message.

 

These data are processed for communication with the individual. The processing of these personal data is necessary for actions prior to the conclusion of a contract and actions taken at the request of the individual, such as providing more information regarding the products offered by the Administrator in relation to the potential conclusion of a contract with the individual.

 

The Administrator uses the services of Instagram, an independent service provider located in the United States, to receive messages via the Instagram platform. This means that the provided personal data will be stored on Instagram’s servers in the United States. For the transfer of these personal data outside the European Economic Area, appropriate safeguards must be provided in accordance with Article 46 of Regulation (EU) 2016/679, which Instagram provides and details in its Privacy Policy.

 

5.9 Individuals provide personal data to the Administrator when they register a user profile on the Administrator’s website. When registering a user profile, the individual provides the following personal data, which the Administrator collects and processes: name and surname, country of current residence, email address, and phone number.

 

The collection and processing of these personal data is necessary:

• For the conclusion or performance of a contract for the purchase of goods, where the individual is a party;

• For the fulfillment of a legal obligation that applies to the administrator, for the purposes of issuing invoices and other documents related to the conclusion and performance of sales contracts.

 

These data are used to create and manage the user profile, as well as to ensure the proper functioning of the services provided by the Administrator to the users of the site.

 

5.10 Individuals provide personal data to the Administrator when they make a purchase on the Administrator’s website. When purchasing goods from the Administrator’s website, the individual provides the following personal data, which the Administrator collects and processes: name and surname, email address, phone number, address, payment details, as well as any information voluntarily provided by the individual when filling in notes or other fields related to the purchase.

 

The collection and processing of these personal data is necessary:

• For the conclusion or performance of a contract for the purchase of goods, where the individual is a party;

• For the fulfillment of a legal obligation that applies to the administrator, for the purposes of issuing invoices and other documents related to the conclusion and performance of the contract.

 

These data are used for processing orders, managing deliveries, issuing invoices, and ensuring full customer service during purchases on the Administrator’s website.

 

5.11 Individuals provide their email address when they wish to subscribe to receive the newsletter. When an individual subscribes to receive newsletters containing publications and useful information about the products offered by the Administrator, promotional offers, and similar content, the Administrator collects and processes the individual’s email address and name.

 

These data are processed for the purpose of sending newsletters to the individual. The basis for processing this personal data is the explicit consent provided by the individual when subscribing to the newsletter. This consent may be withdrawn at any time by the subscriber by opting out of receiving newsletters.

 

The Administrator uses the services of MailChimp, an independent service provider located in the USA, to send newsletters and manage the email list. This means that the provided email addresses will be stored on MailChimp’s servers in the USA. Appropriate safeguards must be provided for the transfer of these personal data outside the European Economic Area in accordance with Article 46 of Regulation (EU) 2016/679. MailChimp certifies that it adheres to the principles of the “EU-U.S. Privacy Shield.” MailChimp has its own Privacy Policy, and individuals are advised to familiarize themselves with it to obtain more information on how their personal data is processed. MailChimp's Privacy Policy can be found at the following address: https://mailchimp.com/legal/privacy/.

 

5.12 Individuals provide personal data to the Administrator when they submit complaints. When an individual submits a complaint, the individual provides the following personal data, which the Administrator collects and processes: name and surname, email address, phone number, address, as well as other data necessary to substantiate the complaint, including the extent of the damages suffered.

 

The collection and processing of these personal data is necessary to pursue the legitimate interests of the Administrator, which include:

• Establishing the validity of the complaint;

• Protection against claims in court proceedings and other state authorities, including proving the grounds for the complaint and ensuring the proper resolution of the dispute.

 

These data are used solely for the purposes of processing and resolving the complaint and are not used for other purposes unless required by law or in the case of subsequent legal actions.

 

Personal data of individuals provided by third parties

5.13 The Administrator does not typically receive personal data of individuals from third parties. However, in some cases, if the Administrator has legitimate reasons to suspect that an individual is infringing intellectual property rights or other rights, the Administrator has the right to obtain personal data of the suspected individual from public registers, such as:

• The Commercial Register;

• The Register of Registered Trademarks maintained by the European Union Intellectual Property Office;

• Other similar public registers.

 

These data may be collected and processed for the purpose of filing a claim against the infringer. The Administrator uses the data collected from public registers to file a claim for infringement and to protect the Administrator's rights and interests, based on the legitimate interests of the Administrator for protection against violations, as well as the legal basis for using this data.

 

5.14 When visiting the website, the Administrator may automatically collect the following data:

• The IP address of the device from which the individual accesses the platform (usually used to determine the country or city from which the individual accesses the platform);

• The type of device from which the individual accesses the platform (e.g., computer, mobile phone, tablet, etc.);

• The type of operating system of the device;

• The type of browser used to access the website;

• The specific actions taken by the individual, including visited pages, the frequency, and duration of visits to the website;

• The date and time of visits.

The collection and processing of this personal data is necessary for realizing the legitimate interests of the Administrator, which are:

• Facilitating the use of the website by individuals, optimizing their interaction with the platform;

• Improving the functionality of the website, including monitoring site performance, identifying technical problems, and optimizing the user interface.

 

These data are automatically collected and processed when visiting the site and are used to enhance the efficiency and convenience of using the platform.

 

VI. COOKIES

Individuals can obtain more information regarding how the Administrator uses cookies by reading the Cookie Policy published on the Administrator's website. The Cookie Policy provides details about the technologies used for collecting information and how this data is utilized to improve services and the user experience.

 

VII. PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED

7.1 The Administrator collects and processes the personal data of individuals that are directly provided by them solely for the following purposes:

• To provide the services offered by the Administrator, such as the sale of goods and identifying individuals (future and current customers);

• To establish contact with the individual via email, so that the Administrator can respond to the inquiry made by the individual;

• To fulfill obligations under a contract to which the individual, whose data is being processed, is a party, as well as for actions prior to the conclusion of a contract and actions taken at the individual’s request;

• To fulfill a legally established obligation of the Administrator, in accordance with applicable law;

• To ship the goods purchased by the individual;

• To send informational newsletters containing information about new products, discounts, and similar offers. Newsletters are sent only after the Administrator has obtained the explicit consent of the individual;

• To accept and process complaints;

• For accounting purposes;

• For statistical purposes.

 

7.2 The Administrator collects and processes personal data of individuals that are collected automatically for the following purposes:

• To improve the efficiency and functionality of the website;

• To create anonymous statistical data regarding how the website was used, in order to optimize services and analyze user traffic;

• To provide better service, adapting the website to the needs of the users;

• To administer the website, including monitoring technical issues, security, and maintenance;

• To adapt the website to the preferences of individuals to ensure a personalized and convenient user experience.

 

7.3 The Administrator is not permitted to use personal data of individuals for purposes other than those specified in this section of this Privacy Policy. Personal data will only be used for the stated purposes, unless the individual has provided further consent or if it is necessary to comply with legal requirements.

 

VIII. RETENTION PERIOD OF PERSONAL DATA

8.1 Inquiries and correspondence by email, Facebook, Instagram:

The Administrator retains personal data and received messages via email and Facebook for the period necessary to respond to the received message and to satisfy the request of the individual. After that, these data are stored for a period of one year after the Administrator has responded to the received message, unless there are other legal grounds for longer retention.

 

8.2 Personal data of individuals who have purchased goods:

The Administrator retains personal data of individuals who have purchased goods from the Administrator for as long as necessary to fulfill the contract. In addition, the data is stored for a period of ten years after the execution of the contract, in accordance with the legally established retention period for commercial documents and invoices.

 

8.3 Personal data of individuals who have subscribed to receive the newsletter:

The Administrator retains the personal data of individuals who have subscribed to receive the newsletter until the individual unsubscribes from receiving the newsletter or until the Administrator discontinues this service.

 

8.4 In other cases not specified above, the Administrator will retain personal data of the individual for no longer than necessary, taking into account the following criteria, namely:

• Whether the Administrator is obligated to continue processing the personal data of the individual to comply with a legal obligation;

• The purpose of retaining the personal data both at present and in the future, and whether these purposes require the data to be retained for a longer period;

• Whether there is a contract between the Administrator and the individual and the Administrator is required to continue processing personal data to fulfill the contractual obligations;

• The purposes of using personal data currently and in the future, including what actions are required to fulfill those purposes;

• Whether it is necessary to contact the individual in the future, for example, to send updates or other information;

• Whether the Administrator has a legal basis to continue processing the personal data of the individual, including due to specific legal requirements or business needs;

• Any other legitimate reasons, such as the nature of the relationship with the individual, that may justify longer retention of the data.

 

These criteria ensure that personal data is retained only for the necessary time and only for the purposes for which it was collected, ensuring compliance with legislation and the rights of individuals.

 

IX. MANDATORY AND VOLUNTARY NATURE OF PROVIDING PERSONAL DATA

The personal data required to be provided by individuals are in line with the services offered by the Administrator and are mandatory. The provision of personal data by individuals is voluntary. If the provision of personal data is refused, it may have consequences for the provision of services by the Administrator, namely:

• The Administrator will not be able to provide the service requested by the individual, such as delivering the goods ordered by the individual. Without the personal data necessary to fulfill the order (such as name, address, phone number), the delivery of the goods cannot be carried out.

• The Administrator will not be able to receive the email from the user if the necessary information is not filled in the contact form on the website. This may hinder or make communication between the parties impossible.

• The individual will not be able to create a user profile on the website if they do not provide the necessary personal data. The profile is required for personalizing services and for easier management of orders.

• The individual will not be able to receive the newsletter if they do not provide their email address and give explicit consent for subscription. Without this data, communication regarding new products, promotions, and other offers cannot take place.

 

Although providing personal data is voluntary, refusal to provide the necessary data may limit the ability to use certain services of the Administrator.

 

X. PROCESSING OF PERSONAL DATA

10.1 The Administrator processes the personal data of individuals through a set of actions that can be carried out by automated or non-automated means. The processing of personal data includes collection, recording, organizing, structuring, storing, adapting, retrieving, using, disclosing, and other operations necessary for the execution of contracts, legal obligations, and the provision of services to individuals. The Administrator ensures that all these operations are carried out in compliance with applicable data protection legislation and with the necessary technical and organizational measures for the protection of personal data.

 

10.2 The Administrator processes the personal data of individuals either independently or by assigning data processors on behalf of the Administrator. These data processors may be third parties providing specific services to the Administrator, including:

• Accounting service providers – who process data for carrying out accounting operations and issuing invoices;

• Hosting service providers – who provide the infrastructure for storing personal data in cloud services or on servers;

• Marketing service providers – who provide tools for managing marketing campaigns and sending newsletters;

• Website traffic analysis service providers – who process data for analyzing user behavior, improving website functionality, and optimizing user experience.

In the case of outsourcing data processing, the Administrator ensures that the data processors comply with all personal data protection requirements by entering into the appropriate contracts that regulate data processing and protection in accordance with Regulation (EU) 2016/679.

 

XI. PERSONAL DATA PROTECTION

11.1 The Administrator takes the necessary technical and organizational measures to protect personal data from accidental or unlawful destruction, accidental loss, unlawful access, alteration, or dissemination, as well as from other unlawful forms of processing. Specifically, these measures include:

• All personal information provided by the individual to the Administrator is stored on secure and reliable servers and folders that are protected by appropriate security measures to prevent unauthorized access.

• When exercising the right of access by the individual, the Administrator verifies the identity of the individual before providing the requested information, to ensure that the data does not fall into the hands of unauthorized persons.

• Web-based information systems use the "https:" prefix instead of "http:", indicating that communication between the user and the website is encrypted. An SSL certificate, issued by a leading company in the field of data security and encryption, is used to protect personal information transmitted over the internet, ensuring that it cannot be intercepted, altered, or read by third parties.

• The Administrator provides individuals with a secure connection when sending personal data through the platform and when logging into the user profile on the website.

• The Administrator never sends correspondence, including by email, requesting the username and password to access the individual's user profile. This is a measure against phishing and other scams aimed at extracting personal data.

 

11.2 If you wish to receive detailed information about the technical and organizational measures, please do not hesitate to contact us at Office@Biosef.com. We will provide you with all the necessary explanations regarding the protection of your personal data and the measures we apply to ensure their security.

 

XII. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED

12.1 The Administrator has the right to disclose the processed personal data to the following categories of recipients:

• To the individuals to whom the data relates when they exercise their right of access or for other legal reasons.

• To persons, if required by law, such as public authorities or other regulatory bodies that have the right to receive such data under the law.

• To data processors who provide services for the benefit of the Administrator’s business activities, such as:

• Providers of accounting services;

• Hosting service providers;

• Providers of telephone services;

• Providers of marketing services;

• Providers of website traffic analysis services.

These recipients are bound by confidentiality obligations and have provided sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that processing will comply with the requirements of the Regulation and will protect the rights of individuals.

• To courier companies for the purpose of delivering purchased goods, in order to ensure the completion of deliveries of goods ordered by individuals.

• To providers offering electronic and banking payment services, for the purpose of processing payments for purchased goods and services.

 

12.2 The Administrator does not sell personal data provided by the individual to third parties. Personal data is provided only in the listed cases and in accordance with applicable data protection legislation. The Administrator is committed to ensuring that personal data is disclosed only in strictly limited and justified cases.

 

XIII. RIGHTS OF INDIVIDUALS

13.1 Right of Access

The individual has the right to obtain confirmation from the Administrator as to whether personal data concerning them is being processed, and if so, to access the data – the relevant categories of personal data. This includes the right to learn what data is being collected, how it is being used, and for what purposes it is being processed.

 

13.2 Right to Rectification

The individual has the right to request the Administrator to rectify inaccurate personal data concerning them without undue delay. In light of the purposes of processing, the individual has the right to complete incomplete personal data, including by providing a declaration or additional information.

 

13.3 Right to Erasure (Right to be Forgotten)

The individual has the right to request the Administrator to erase personal data concerning them without undue delay, and the Administrator is obligated to erase the personal data without undue delay when one of the grounds specified in Article 17 of Regulation 2016/679 applies. This includes, for example, when the personal data is no longer necessary for the purposes for which it was collected.

 

13.4 Right to Restriction of Processing

The individual has the right to request the Administrator to restrict the processing when one of the conditions specified in Article 18 of Regulation 2016/679 applies. When processing is restricted, the data will only be processed with the consent of the individual or in specific cases, such as for the establishment, exercise, or defense of legal claims.

 

13.5 Right to Data Portability

The individual has the right to receive the personal data concerning them, which they have provided to the Administrator, in a structured, commonly used, and machine-readable format when the processing is based on consent or a contractual obligation and is carried out by automated means.

 

13.6 Right to Object

The individual has the right, at any time and on grounds related to their specific situation, to object to the processing of personal data concerning them. According to Article 21(4) of Regulation 2016/679, the individual is explicitly informed about the existence of the right to object, which must be presented clearly and separately from any other information.

 

13.7 Right to Withdraw Consent

The individual has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The individual may withdraw their consent as described in Section XIV of this Privacy Policy or by selecting the "unsubscribe" option when receiving the newsletter.

 

13.8 Rights in Relation to Profiling

The individual has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the individual or similarly significantly affects them.

 

13.9 Right to Notification of a Personal Data Security Breach

When a personal data security breach is likely to result in a high risk to the rights and freedoms of individuals, the individual must be notified without undue delay of the personal data security breach.

 

13.10 Right to Judicial and Administrative Protection

The individual has the right to file a complaint with a supervisory authority, particularly in the Member State of their usual residence, place of work, or the place of the alleged infringement, if the individual believes that the processing of personal data concerning them infringes the provisions of the Regulation.

 

13.11 Right to Effective Judicial Protection Against a Supervisory Authority

Every natural and legal person has the right to effective judicial protection against a decision of a supervisory authority that is binding upon them. Proceedings against a supervisory authority are initiated before the courts of the Member State in which the supervisory authority is established.

 

13.12 Right to Effective Judicial Protection Against the Administrator or Data Processor

Without prejudice to available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority, the individual has the right to effective judicial protection if they believe that their rights under the Regulation have been violated as a result of the processing of their personal data that is not in accordance with the Regulation.

 

13.13 Right to Compensation for Damages

Any individual who has suffered material or immaterial damage as a result of an infringement of the Regulation has the right to receive compensation from the Administrator or data processor for the damage caused. Legal proceedings related to the exercise of the right to compensation are initiated before the courts of the Member State in which the Administrator or data processor is established.

 

XIV. PROCEDURE FOR EXERCISING RIGHTS

14.1 Individuals exercise their right to withdraw consent, the right of access, the right to erasure, correction, the right to restrict processing, the right to data portability, the right to object, and rights in relation to profiling by submitting a written request to the Administrator (or by mail to the address provided in the Administrator's identification above in this privacy policy, or by sending an email). The request should contain the following information:
 

• Name, address, and other data to identify the relevant individual;

• A description of the request, indicating the specific right being exercised;

• Signature, date of submission, and email address.

 

14.2 The request is submitted personally by the individual. The Administrator logs the requests submitted by individuals in a separate register to ensure traceability and accountability in the processing of these requests.

 

14.3 After the individual exercises their right of access to personal data related to them, the Administrator verifies the identity of the individual before responding to the request. This is necessary to minimize the risk of unauthorized access to the data and identity theft. If the Administrator cannot identify the individual from the collected personal data, the Administrator has the right to request a copy of documents that identify the individual (such as an ID card, driver's license, or other documents containing personal data that can identify the individual).

 

14.4 The Administrator reviews the request and provides the individual with information regarding the actions taken in connection with the request within two months of receiving the request. If necessary, this period can be extended by one more month, considering the complexity and number of requests.

 

14.5 The Administrator informs the individual of any such extension within one month of receiving the request, providing the reasons for the delay. When the individual submits a request via electronic means, the information is provided electronically, unless the individual requests otherwise.

 

14.6 If the Administrator does not take action on the individual's request, the Administrator notifies the individual without delay and no later than one month from receiving the request, providing the reasons for not taking action and the possibility of filing a complaint with a supervisory authority and seeking judicial protection.

 

14.7 The Administrator is obligated to notify each recipient to whom personal data has been disclosed about any corrections, erasures, or restrictions on processing, unless this is impossible or would require disproportionate effort. The Administrator informs the individual about these recipients if the individual requests this.

 

XV. RIGHT TO OBJECT

15.1 The individual has the right, at any time and on grounds related to their specific situation, to object to the processing of personal data concerning them. According to Article 21(4) of Regulation 2016/679, the individual is explicitly informed about the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information regarding the right to object will be provided in this section of the current privacy policy.

 

15.2 The individual has the right, at any time and on grounds related to their specific situation, to object to the processing of personal data concerning them, in cases where processing is necessary:

• For the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;

• The processing is necessary for the legitimate interests of the Administrator or a third party, unless the interests or fundamental rights and freedoms of the individual that require the protection of personal data prevail, particularly when the individual is a child.

 

The Administrator is obligated to cease processing personal data unless it demonstrates compelling legal grounds for processing that override the interests, rights, and freedoms of the individual or for the establishment, exercise, or defense of legal claims.

 

Individuals exercise their right to object by submitting a written request to the Administrator by mail to the address provided in the Administrator’s identification above in this privacy policy or by sending an email.

 

15.3 When personal data is processed for direct marketing purposes, the individual has the right at any time to object to the processing of personal data concerning them for this type of marketing, which includes profiling, as far as it is related to direct marketing. When the individual objects to processing for direct marketing purposes, processing of personal data for these purposes will cease.

 

Individuals exercise their right to object by submitting a written request to the Administrator by mail to the address provided in the Administrator’s identification above in this privacy policy or by sending an email, indicating that they do not wish to receive promotional messages.

 

XVI. LINKS, TOOLS, AND CONTENT FROM OTHER COMPANIES

The Administrator’s website contains links to internet pages maintained by third parties (“Third Party Sites”), such as social media buttons for "Facebook", "YouTube", "Instagram", as well as a button to the website of the Administrator's site developer and others. These links lead to external sites that are not managed by the Administrator.

 

All third-party sites that may be accessed through this website are independent of the Administrator. The Administrator is not responsible for any damages or losses that may arise from the use of these sites, including but not limited to potential risks related to cybersecurity or misuse of personal data.

 

Individuals use these third-party sites at their own risk, and it is recommended that they review the relevant Privacy Policy of the respective company or site to obtain more information on how their personal data is collected, used, and protected by these companies.

 

XVII. CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be updated at any time in the future. When this happens, the amended policy will be published on this website with a new "Last Changed" date, which will be placed at the top of this Privacy Policy. The updated version of the policy will take effect from the date of publication.

 

Therefore, it is recommended to periodically check this Privacy Policy to ensure that you are informed of any changes and updates that may be made. If changes occur that affect the way your personal data is processed, you will be informed of these changes in accordance with the requirements of Regulation (EU) 2016/679.

 

Using the website after the updated Privacy Policy is published will be considered as your acceptance of the changes and updates. If you do not agree with the changes in the policy, please stop using the website.

 

XVIII. CONTACTS

If you have any additional questions regarding this Privacy Policy, please do not hesitate to contact us. We are available to provide you with further information or to respond to any inquiries related to the processing of your personal data and your rights in accordance with the data protection regulations.