Taking care of your personal data is fundamental to us. We respect the right to privacy.
This Privacy Policy is intended to summarise the key points in relation to the protection of your personal data and how Convex Ltd processes that personal data. If you need more information about specific processes, you can contact us via the contacts below.
Who are we?
Convex Ltd (hereinafter referred to as ‘Convex’) is a commercial company registered in the Commercial Register of the Registry Agency with UIC 130441400, with registered office and registered address: Sofia, postal code 1000 Triaditsa District, 6 Tri ushi St., floor 2, ap. 2, represented by Dimitar Zhelyazkov Mirchev, in his capacity as Manager, tel.: + 359 2 986 3109, e-mail: info@convex.bg.
Convex is a Contractual Research Organisation (CRO) and Data Controller and processes your personal data in full compliance with the requirements and provisions of European and national legislation, including — the General Data Protection Regulation (‘GDPR’), the Personal Data Protection Act (‘PDPA’) and other relevant European and national regulations and guidelines of competent authorities.
How to contact us?
Address: Sofia, postal code 1000 Triaditsa District, 6 Tri ushi St., tel.: + 359 2 986 3109, e-mail: info@convex.bg.
Convex is the owner and administrator of the following web pages representing its business:
Convex respects your personal data privacy.
The protection of your personal information throughout the entire data processing process, as well as the security of all business data is an important issue for us. We process the personal data collected during your visit to our web pages confidentially and in accordance with legal provisions at European and national level.
What is the Privacy Policy and what is the purpose of this document?
This Privacy Policy is designed to provide you with key points and information in easily accessible, understandable and clear language about what is done with the personal data you provide to Convex, including:
With this Privacy Policy, Convex declares that it applies all technical and organizational measures for the protection of the personal data of individuals that are prescribed by law or other regulatory act at national and European level.
What is personal data?
Any information by which an individual can be identified, directly or indirectly, constitutes personal data.
What personal data does Convex collect about you?
In order to provide you with effective access to its products and services, Convex collects the following information about you:
In all cases of processing special categories of personal data, Convex declares that it complies with all requirements of European and national legislation, including but not limited to Article 9 of the GDPR.
On what basis does Convex process your personal data ?
The processing of personal data includes the collection, storage, transmission, correction, updating, erasure, destruction and any other action that is carried out with your personal data.
Your consent will be required as a basis for processing, for example, for marketing purposes and to receive advertising newsletters.
For what purposes do we collect your personal data?
The personal data we receive from you will be used to enable us to fulfil our obligations to you and to help you exercise your rights, including but not limited to:
In addition to the above, the collection of your personal data is in some cases mandatory in order to comply with our legal requirements to provide relevant personal data to competent state, municipal, regulatory authorities and institutions, third party individuals and legal entities. Failure to provide personal data in these cases could result in our services being refused.
How do we process your personal data?
In order to provide its services, Convex processes (collects) the personal data you provide in the following ways:
How long do we store and process your data before we destroy it?
Depending on the basis on which we process your personal data, the retention period varies.
Your personal data will be stored by us for a period of 5 (five) years from the termination of the contractual basis if we process the personal data for the performance of contractual obligations to you. After the expiry of this period and in the event that there is no legal basis for the continued storage of your personal data, your information will be destroyed.
Medical records containing personal data and related to the conduct of clinical trials shall be retained for a period of 25 (twenty-five) years from the date of completion of the clinical trial.
Convex shall retain documentation related to the conduct of clinical trials and other research projects, if delegated by the project sponsor, for the period required by the applicable regulatory requirements set forth in applicable law, in which case the retention period and, accordingly, processing shall be based on a legal basis. In the event that the retention periods for personal data are not fixed by law, they shall be determined depending on the nature of the information, the scope and the purposes for which it is processed. The data is stored on tangible (paper) and electronic media, with access to it only by employees of Convex, directly or indirectly related to the diagnostic and treatment activities of the specific patient and their organization and reporting, under a statutory obligation of professional secrecy, including for non-medical professionals.
Your personal data is stored for a longer or shorter period in each case of a legal obligation — by virtue of a legal basis for processing personal data. For example, your personal data contained in documents created for accounting purposes (financial statements, accounting registers, etc.), according to the Accounting Act, is kept for up to 10 (ten) years, payroll records — 50 (fifty) years, and video recordings of visits of patients, other third parties to a Convex laboratory are kept for 2 (two) months from the date of creation of the recording under the Private Security Act.
The retention period in cases of processing of personal data pursuant to explicit consent is up to 2 (two) years from receipt of the same or until your consent is withdrawn.
In cases where your personal data is processed in order to respond to you on a review and comment sent via the platform of our web pages, the storage period is 6 (six) years.
To whom can we pass the personal data you provide?
Convex undertakes not to disclose your personal data to third parties without your explicit consent, except where this is necessary for the performance of contractual obligations to you.
For the performance of obligations under contractual and/or pre-contractual relations with you, it is possible Convex to disclose your personal data to the following persons:
– Companies providing courier services, including the individuals who are the legal representatives or authorised agents of these companies, the categories of personal data that may be disclosed in this respect are names and delivery address;
– Companies that provide hosting services related to our web pages and/or their support systems, in which case the data will be processed in encrypted form;
– Third parties performing services in connection with contractual obligations to you or under a lawful basis for processing.
Convex, in certain cases, in compliance with the legal requirements in the field of health services, may provide your processed personal data to public authorities, institutions and third parties, including the National Health Insurance Fund, regional health insurance funds, the Ministry of Health, regional health inspectorates, NRA, NSSI, NSI, National Health Information Centre, other regulatory authorities.
Are there other instances where we can share your personal data?
Your personal data may also be provided to third parties in the following cases:
In all of the above cases, the entities to which we provide your personal data have declared that they provide an adequate level of protection for your personal data, including foreign companies located within the EU and EEA. With regard to companies located outside the EU and EEA, on a case-by-case basis, the company concerned shall ensure that it provides an adequate level of protection of personal data in compliance with the requirements of European law.
What are your rights regarding the personal data provided?
Subject to Bulgarian and European law, including the General Data Protection Regulation, you may exercise the following rights:
You can exercise all your rights at any time during the processing of your personal data.
Do you have an obligation to provide us with your personal data?
In order to ensure our ability to provide our products and services and to enter into contractual relationships, we collect and process your personal data. We also process your personal data to comply with legal obligations.
In the event of refusal to voluntarily provide the requested personal data on your part, Convex will not be able to provide its products and services, respectively to conclude a contract or to continue the performance of an already concluded contract.
Amendments to the Privacy Policy
To reflect relevant changes in legislation, we may update and amend our Privacy Policy, so we recommend that all our visitors check for updates promptly and, where necessary, review the latest version of the document.
Here on our web pages is where you will find the most current and up-to-date Privacy Policy. In this way, we ensure that you are informed about your rights and methods of processing your personal data.
This will give you the opportunity to stop using some or all of the services and/or to exercise your rights, some of which are expressly set out above. In addition, we will take all possible measures to inform you in the event of any changes regarding the protection of personal data by placing notices in Convex’ offices and on its web pages. This Privacy Policy has been adopted by Convex and shall be effective as of Year 2018.