| PRIVACY POLICY |
| 1. PREAMBLE |
| 1.1. “MINDOMEDA” EOOD, registered in the Commercial Register of the Registry Agency with UIC 206452021, with registered office and address of management: Sofia, 1618, Vitosha District, Manastirski Livadi, Okolovrasten Pat Blvd. № 3, hereinafter referred to as the Company / We, is a personal data controller and is responsible for compliance with the provisions of the General Data Protection Regulation 2016/679 (hereinafter referred to as the Regulation). 1.2. This Privacy Policy aims to inform Users of the platform what personal data the Company processes and for what purposes, to whom it provides it, what rights individuals have in relation to their processed personal data and how they can exercise them. |
| 2. CATEGORIES OF PERSONS WHOSE PERSONAL DATA IS PROCESSED THROUGH THE PLATFORM AND THE COMPANY’S SOCIAL MEDIA PROFILES |
| 2.1. In connection with the management and maintenance of the platform and the commercial activity carried out through it, on the one hand, as well as with the provision of information resources in the corporate profiles/pages on social networks and with the communication with anyone who comes into contact with the Company, on the other hand, we may process personal data of the following categories of individuals: |
| Visitors to the platform/mobile application; |
| Customers of the Company;Representatives of corporate customers (employers/budget and voucher administrators); |
| Specialists; |
| Persons who send us inquiries, requests and signals or engage in other correspondence with us, regardless of the communication channel used; |
| Third parties whose information is contained in an inquiry, request, report or other correspondence sent to us, regardless of the communication channel used; |
| Persons interacting with our corporate profiles/pages on various social networks. |
| 3. PERSONAL DATA AND CATEGORIES OF PERSONAL DATA PROCESSED ON THE PLATFORM |
| Data automatically collected or generated in connection with the use of the platform |
| 3.1. Each time you visit the platform, we receive information in the form of an information protocol, which may contain the following: |
| The website that referred you to us; |
| IP address; |
| Date and duration of access; |
| Information about the browser and operating system you are using; |
| Geolocation; |
| Logs on the platform.Cookies and similar technologies (see section 3.6 and Cookie Policy).Notification preferences, language settings, login history and consents. |
| Data necessary for creating and maintaining a profile for using the platform’s functionalities |
| 3.2. Personal data of customers processed for the purposes of creating and using a profile, including employers, their representatives and employees: |
| First and last name; |
| Email addressDate of birth; |
| Company;Username; |
| Password (encrypted); |
| Scheduled appointments and history of appointments with specialists; |
| Financial and administrative information: vouchers used and/or corporate budget, payment/invoicing history (without full payment instrument details when processing is carried out by a payment institution); |
| 3.3. Any visitor who has a Google account can use that account to create an automatic registration on the platform by extracting the necessary data. |
| 3.4. Personal data of specialists processed for the purposes of creating and using a profile: |
| Names; |
| Email address; |
| Company; |
| Speciality/qualifications/professional fields; |
| Biography; |
| Video presentation; |
| Photo; |
| Work schedule; |
| Areas of activity; |
| Password (encrypted); |
| Clients; |
| History of meetings with clients (without conversation content).Payment/invoicing data to the specialist (in accordance with the contractual relationship) |
| Data of persons processed when sending inquiries, requests and signals or conducting other correspondence with us |
| 3.5. When you contact us, we may process the following types of personal data relating to you: |
| First and last name; |
| Email address; |
| Telephone number (optional); |
| Other information contained in the message that constitutes personal data, including that of third parties, when this information is necessary to fulfil the relevant purposes. |
| Data of individuals interacting with our corporate profiles on social networks |
| 3.6. In order to promote our activities and the services we provide, we may maintain corporate profiles/pages on various social networks (e.g. Facebook, Instagram, YouTube, etc.). |
| 3.7. Social networks are not supported by us and the processing of personal data by them is not under our control. The persons who maintain the respective social networks have their own general terms and conditions and policies for the protection of personal data, which we encourage you to familiarise yourself with. |
| Cookies and similar technologies |
| 3.8. In connection with the management and maintenance of the platform, we may use cookies and other similar technologies to ensure its proper functioning and to analyse its use. Detailed information on the use of different types of cookies can be found in the “Cookie Policy” published on the platform. |
| 3.9. Data collected through the Mindromeda mobile applicationØ Device/application identifiers (e.g. app instance ID), application version, device type and OS;Ø Diagnostic events/logs for stability and security (e.g. crashes, errors);Ø Notifications (option to enable/disable, log of delivered messages such as session reminders, administrative notifications about vouchers/budget, etc.);Ø Session data similar to the web version (see section 3.2), to the extent necessary to provide the service;Permissions granted by the user (e.g. access to camera/microphone for video meetings; calendar for adding meetings, if enabled). When a user (specialist or client) enables integration with Google Calendar and grants us the relevant permission:Specialists authorise our account to create and send invitations to events (sessions) in their calendar on their behalf.When a meeting is booked through the app, an event is created in the specialist’s and/or client’s Google Calendar, containing information about the date, time and participants in the meeting.When a meeting is changed or cancelled through the application, the relevant changes are automatically reflected in the calendars of all participants in the event.When a client accepts a meeting invitation, a “Mindromeda” calendar is added to their Google Calendar, in which events created through the application are recorded.We do not use the data from your calendar for any purpose other than organising and managing meetings within the Mindromeda services.The user can withdraw access to their Google Calendar at any time through their Google account settings and/or the settings in the application. |
| 4. FOR WHAT PURPOSES AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL INFORMATION |
| 4.1. The company processes personal data for purposes necessary to comply with legal obligations: |
| a) providing information to the competent administrative and judicial authorities, or providing assistance where applicable; |
| b) responding to and fulfilling customer enquiries and requests; |
| c) accounting for commercial transactions. |
| 4.2. The Company processes personal data for purposes related to the steps you have taken to enter into a contract under the general terms and conditions for using the platform’s services. |
| 4.3. The Company processes personal data for purposes related to its legitimate interest: |
| a) managing the platform and analysing how it is used; |
| b) ensuring the normal functioning of the platform and preventing cyber attacks and other malicious activities; |
| c) ensuring the possibility of communication through various channels (including email correspondence, etc.); |
| d) maintaining relationships with the Company’s corporate profiles on social networks, including communication through them; |
| e) exercising and protecting legal rights and interests before administrative and judicial authorities, where applicable; |
| f) sending information messages about new content, services and functionalities of the platform. |
| 5. DISCLOSURE OF PERSONAL DATA |
| Disclosure of personal data to personal data processors |
| 5.1. In certain cases, the Company may disclose certain personal data to strategic partners – subcontractors who work for it by providing services that are necessary for the performance of its commercial activities. The personal data that the Company provides to its partners is limited to the amount necessary to perform the assigned work. |
| Disclosure of personal data to other personal data controllers |
| 5.2. In certain cases, the Company may provide personal data to other personal data controllers. In such cases, the Company always requires other controllers to strictly comply with the provisions of Bulgarian and European legislation in the field of personal data protection. |
| Disclosure of personal data to competent administrative and judicial authorities |
| 5.3. Disclosure of personal data is also possible when it is necessary to fulfil a legal obligation of the Company or to protect its legitimate interests or the interests of third parties. Such disclosure of personal data is usually made to the competent administrative and judicial authorities. |
| 6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES |
| 6.1. Personal data collected through the platform is stored on servers within the European Union. |
| 6.2. In certain cases, the Company may provide access to some of the personal data stored on the platform to persons who are physically located outside the European Union (EU) and the European Economic Area (EEA). For example, if the Company uses the services of a specialist outside the EU/EEA, they will be able to access the necessary personal data of the platform’s customers from a country outside the EU/EEA that does not provide the same level of protection as that guaranteed by applicable European legislation. |
| 6.3. In the cases referred to in Article 6.2, access to data shall be provided in accordance with the applicable legislation on the basis of a decision of the European Commission (EC) on the adequate level of data protection in the third country or, in the absence of such a decision, on the basis of standard EU contractual clauses, in accordance with EC decisions. You can obtain a copy of these standard contractual clauses by sending a request to the Company using the contact details provided. |
| 7. PROTECTION OF PERSONAL DATA |
| 7.1. The Company takes precautions, including physical, personnel and documentary protection, to protect your personal data from loss, theft and misuse, as well as from unauthorised access, disclosure, alteration or destruction. |
| 7.2. All Company employees are required to maintain the confidentiality of your personal data and to comply with the applicable organisational and technical measures for its protection. Company employees’ access to your data is limited to the extent necessary to perform their duties. |
| 8. PERSONAL DATA RETENTION PERIOD |
| 8.1. The Company processes your personal data for the period necessary to fulfil the purposes set out in this Policy, unless it is required to process it for a longer period. Depending on the type, data and purposes for which it is collected, a storage period is determined, upon the expiry of which the information is permanently deleted. |
| Storage of personal data for compliance with legal obligations |
| 8.2. Personal data related to and/or contained in documents for which there are statutory storage periods will be stored for the periods provided for in the applicable legislation, unless a longer storage period is provided for in this Policy. |
| Storage of personal data necessary for the conclusion and performance of contracts |
| 8.3. Personal data necessary for the conclusion and performance of contracts shall be stored for the entire duration of the contract and for up to 5 years from its termination or performance, unless a longer storage period is provided for by law. |
| Storage of personal data contained in correspondence with the Company |
| 8.4. In cases where there is no statutory period for the storage of personal data contained in correspondence with the Company, the personal data shall be stored for a period of up to 5 years from the end of the relevant correspondence and the related relations. |
| Storage of cookies |
| 8.5. Detailed information on the storage periods of the various cookies used by the Company can be found in the Cookie Policy published on the Website. |
| Other periods for processing personal data |
| 8.6. In the event of a legal dispute or proceedings requiring data retention, and/or in the event of a request from a competent state authority, data may be retained for a period longer than the periods specified above, until the final conclusion of the dispute or proceedings before all instances and for a period of up to 5 years after its final conclusion. |
| 9. YOUR RIGHTS |
| 9.1. If you have provided your personal data to the Company, you have the following rights, which you can exercise at any time: |
| Right to information – You have the right to receive information about your personal data processed by the Company. This Policy is intended to provide you with detailed information about the processing of your personal data when you use the platform. |
| Right of access – if you are a registered user, you can check your user profile to see what personal data has been collected and stored on the platform. Regardless of whether you are a registered user or not, you have the right to request from the Company and receive information about what personal data is being processed, as well as to access this data. |
| Right to rectification – You have the right to request the rectification (change or addition) of your personal data. |
| Right to erasure – You have the right to request the erasure of your personal data when the conditions provided for in the Regulation are met. |
| Right to restriction of processing – You have the right to request restriction of the processing of your personal data if any of the conditions provided for in the Regulation are met. |
| Right to data portability in a structured, commonly used and machine-readable format – You have the right to receive your personal data processed by the Company in a structured, commonly used and machine-readable format. You also have the right to request the transfer of your personal data from the Company to another controller, if this is technically feasible. |
| Right not to be subject to a decision based solely on automated processing, including profiling. |
| Right to object – You have the right to object at any time to the processing of your personal data. If you make such an objection, the Company will review it and terminate the processing if the objection is justified. If the objection is unjustified, the Company will inform you of this circumstance. |
| Right to lodge a complaint with a supervisory authority – You have the right to lodge a complaint with a supervisory authority if you believe that your personal data protection rights have been violated. |
| 9.2. If you wish to exercise your rights in relation to the protection of your personal data, you can contact the Company by filling in the Request Form for Individuals here and/or by sending an email to the following email address:data@mindromeda.com |
| 9.3. You may exercise your rights listed above completely free of charge. If your requests are manifestly unfounded or excessive, the Company may impose a reasonable fee or refuse to take action on the request. |
| 10. SUPERVISORY AUTHORITY |
| 10.1. The Commission for Personal Data Protection (CPDP) is the independent state body that protects individuals in the processing of their personal data and in the exercise of access to such data, as well as monitoring compliance with the Personal Data Protection Act on the territory of the Republic of Bulgaria. |
| 10.2. If you suspect that your rights related to the protection of your personal data have been violated, you can file a complaint with the CPDP at:Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.Email: kzld@cpdp.bgWebsite: www.cpdp.bg |
| 11. CONTACT DETAILS OF THE COMPANY |
| 11.1. If you have any questions or concerns about the processing of your personal data or wish to exercise any of your rights, you can contact the Company at the following contact details:data@mindromeda.com |
| 12. VALIDITY AND UPDATING OF THE PRIVACY POLICY |
| 12.1. The Company reserves the right to change and update its Policy. In the event of a change to this Policy, a notice will be posted on the platform, along with the updated “Privacy Policy”. |
| This Policy is effective as of 1 November 2025. |
