top of page

I. Subject

Art. 1. (1) These General Terms and Conditions for the use of this platform define and regulate the relations between each user and / or visitor (User), on the one hand and MY Synergy Ltd. and Centre for European Health Policies Ltd. (Providers) on the other hand, in connection with the services and resources available on and through this platform. The Services are offered only if the present general conditions, rules and clauses in this document are accepted. If you do not wish to comply with these Terms and Conditions, please do not use this platform. “Use” of healthdatabox.com means actions such as: clicking on links, sending an inquiry, or browsing content (so-called browsing). By using this platform, you agree to abide by these Terms and Conditions.

II. Providers

Art. 2. (1) Information according to the Consumer Protection Act regarding the Provider:

  1. Name of the Providers:

      1. MY Synergy Ltd.

      2. Centre for European Health Policies Ltd. (CEHP)

   2. Headquarters and address of management:

MY Synergy Ltd.: 251G Okolovrasten pat str., Sofia, Bulgaria

CEHP: 25, Konstantin Petkanov str, Sofia, Bulgaria

  1. Address for exercising the activity and address for submitting complaints from consumers: info@abrites.com

  2. 4. Entry in public registers:

MY Synergy Ltd.: UIC 205647698

CEHP: 207108518

(2) Supervisory authorities:

  1. Commission for Personal Data Protection

Address: Sofia, Prof. Tsvetan Lazarov ”№ 2,tel .: (02) 940 20 46, fax: (02) 940 36 40; e-mail: kzld@government.bg, kzld@cpdp.bg; Platform: www.cpdp.bg.

   2. Consumer Protection Commission

Address: 1000 Sofia, 4A Slaveykov Square, 3rd, 4th and 6th floors, tel .: 02/980 25 24, fax: 02/988 42 18; hotline: 0700 111 22; Platform: www.kzp.bg

III. Characteristics of the platform

Art. 3. The services available through healthdatabox.eu allow Users to use software solutions developed by the company to view content related to the main activity of healthdatabox.eu , namely presentation of MY Synergy Ltd. and CEHP brands, and also the following:

  1. 1. To be notified of the rights arising from the law, mainly through the interface of the platform on the Internet;

  2. 2. To exercise their right of withdrawal, where applicable, under the Consumer Protection Act.

 

Art. 4. The Providers in the platform organizes the delivery of the services and guarantees the rights of the Users, provided by law, within the framework of good faith, the criteria and conditions adopted in practice, consumer or commercial law.

IV. Rights and obligations of the user 

Art. 5. The User undertakes to exercise his rights to use the information and services provided by the platform in good faith, in compliance with the applicable regulations and these General Terms.

V. Prohibited for illegal purposes

Art. 6. (1) User assumes responsibility for his/her use of this platform and undertake to use it only for lawful purposes. Use of this platform in a manner that violates applicable local, national, European and / or international laws or regulations is prohibited. Unauthorized use of this platform through the deliberate introduction of computer viruses, Trojans, worms, logic bombs or other materials that are malicious or technologically harmful is prohibited. Any attempt to gain unauthorized access to this platform, the server on which this platform is stored, or any other server, computer or database associated with this platform is prohibited.
(2) Use of this platform does not entitle User to sell and / or resell the content of the platform.

VI. Rights and obligations of the providers

Art. 7. (1) The Providers take action and are responsible for repairing damage caused by their fault and bringing the platform into normal operation as soon as possible after the reasons for this disappear.

(2) The Providers undertake to protect the personal information provided by the User in accordance with the rules of the Personal Data Protection Act and other applicable European legislation.

(3) The Providers reserve the right to immediately and unconditionally terminate the access to the service of a User who makes an attempt to improperly influence or manipulate any part of the content of the platform. When such attempts are established, it is possible to refer to the competent authorities.

(4) The Providers are not responsible for the consequences arising from improper use of the platform, as well as for lack of skills on the part of the User to use the platform;

(5) The Providers shall not be liable if in case of violations of the operability of the software or hardware or of the telecommunication connections, the User cannot use partially or completely the possibilities of the platform.

VII. Protection of personal data 

Art. 7. (1) The Providers undertake measures for the protection of the User’s personal data according to Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and the free movement of such data and on the repeal of Directive 95/46 / EC (GDRP) and the Bulgarian Personal Data Protection Act. The Providers process the personal data of the Users on the basis of Art. 6, para. 1, p. “A” of the GDPR – on the basis of explicit consent given by the User.

(2) The providers have published the information regarding the personal data, which it processes and the purposes for which they are processed, as well as the entire information according to GDRP and the Bulgarian Personal Data Protection Act, in the Privacy Policy, which is an integral part of these General Terms.

(3) For security reasons for the personal data of the Users, the Providers of the platform will send the data only to the e-mail address, which was indicated by the Users at the time of registration (if any).

(4) The Providers have the right to store data in the final communication device of the User, unless the latter explicitly expresses his disagreement.

(5) The Providers process personal data of the User for the purposes of direct marketing only with its explicit agreement, as far as it is possible.

Art. 8. (1) At any time, the Providers have the right to require the User to identify himself and to certify the authenticity of each of the circumstances and personal data announced during the registration (if any).

VIII. Amendment and access to the general terms and conditions 

Art. 9. (1) These general terms and conditions may be amended by the Providers, for which the latter will notify in an appropriate manner all registered Users.

(2) The Providers and the User agree that any addition and amendment of these general conditions will have effect on the User in one of the following cases:

  1. after its explicit notification by the Providers and if the User does not state within the given 14-day term that he rejects them; or

  2. after their publication on the platform of the Providers and if the User does not state within 14 days from their publication that he rejects them; or

  3. with its explicit acceptance by the User through his account on the platform

(3) The User agrees that all statements of the Providers in connection with the amendment of these general conditions will be sent to the e-mail address specified by the User during registration. The user agrees that e-mails sent in accordance with this article do not need to be signed with an electronic signature in order to have effect on him.

Art. 10. The Providers publish these general terms and conditions at healthdatabox.com together with all additions and amendments thereto.

IX. Termination/Restriction of access 

Art.11. The Providers reserve the right to terminate or restrict access to it and the services provided at any time. The Providers reserve the right to modify or terminate (temporarily or permanently) an element of its services. User agrees that MY Synergy Ltd. and CEHP will not be liable to him/her or any third party for any modification (change, suspension or termination of service).

Art. 12. The present general conditions are terminated in the following cases:

  1. upon termination and declaration of liquidation or declaration of bankruptcy of one of the parties to the contract;

  2. 2. in case of seizure or sealing of the equipment by state bodies;

  3. 3. in case of deletion of the User’s registration in the platform.

 

X. Responsibility 

Art. 13. The User undertakes to identify and release from liability the Providers in case of lawsuits and other claims of third parties (whether justified or not), for all damages and costs, including attorney’s fees and court costs, arising out of or in connection with (1) non-performance of any of the obligations under these Terms and Conditions, (2) infringement of copyright, production, broadcasting rights or other intellectual or industrial property rights, (3) unlawful transfer to other persons of the rights granted to the User and (4) falsely declaring the presence or absence of the quality of a consumer within the meaning of the Consumer Protection Act.

Art. 14. The Providers shall not be liable in case of force majeure, accidental events, Internet problems, technical or other objective reasons, including orders of the competent state authorities.

Art. 15. (1) The Providers shall not be liable for damages caused by the User to third parties.

(2) The Providers are not responsible for property or non-property damages, expressed in lost profits or damages caused to the User in the process of using or not using the platform.

(3) The Providers shall not be liable for the time during which the platform has not been accessible due to force majeure or other objective circumstances over which the Providers have no control.

(4) The Providers are not responsible for damages from comments, opinions and publications under the products, news and articles in the platform.

Art. 16. (1) The Providers shall not bear responsibility in case of overcoming the security measures of the technical equipment and from this follows loss of information, dissemination of information, access to information, restriction of access to information and other similar consequences.

XI. Copyright and intellectual property 

Art.17. (1) The services and the entire content of this platform, including design, text, images, names and logos, trademarks, trade secrets, database, algorithm, software coding, patents, visual representation are subject to intellectual property rights and are protected by copyright of or are licensed to the Provider.

(2) Users of this platform are allowed to view the materials published on the platform, allowed to save the materials on their computer, as well as print in order to extract the most complete information about the Providers and the services the Providers offers, for personal and non-commercial use. Any right that is not explicitly granted to another person (s) remains the property of the Provider.

(3) The Providers are the exclusive owners of the idea and implementation of this platform. The authors of all publications and materials on the platform are the Providers. All content, including all texts or parts of text, as well as images on this platform are the property of the Providers and are protected by European and Bulgarian intellectual property law.

(4) The User or visitor may not copy and use information from the site for commercial and public purposes without the knowledge and written permission of the Providers. The User may not create a link to this platform from another website without the Providers’ express written consent.

XII. Miscellaneous 

Art. 18. (1) The User and the Providers are obliged to mutually protect their rights and legal interests, as well as to keep their trade secrets, which have become their property in the process of performance of these general conditions.

(2) The User and the Providers are obliged during and after the expiration of the period of the oral contract (if any) not to make public written or oral correspondence conducted between them. The publication of correspondence in print and electronic media, internet forums, personal or public websites, etc. can be considered public.

Art. 19. In case of conflict between these general terms and conditions in a special contract between the Providers and the User, the provisions of the special contract shall apply with priority.

Art. 20. By visiting the platform, the Providers assume that the User agrees with these General Terms and Conditions.

Art. 21. The possible invalidity of any of the provisions of these general terms and conditions will not lead to the invalidity of the entire contract.

Art. 22. (1) The laws of the Republic of Bulgaria shall apply to the issues not settled in this contract, related to the implementation and interpretation of this contract.

(2) The User has the right to refer all disputes with the Providers regarding the implementation of this contract to the platform for alternative dispute resolution (ADR) out of court, available at https://webgate.ec.europa.eu/odr/main/ ? event = main.home.show. In case of failure to reach an agreement for resolving the dispute out of court, the parties may refer the dispute for resolution by the competent Bulgarian courts and the Consumer Protection Commission.

Art. 23. These general terms and conditions enter into force for all Users on 01.04.2024

Privacy Policy

Information about the company that processes your data:

MY Synergy Ltd. , UIC 205647698, address: 251G Okolovrasten pat str., Sofia, Bulgaria

e-mail: office@mysynergy.bg; healthdatabox.eu

Information on the Data Protection Responsible Officer:

Yordan Iliev, CEO, e-mail: office@mysynergy.bg, address: 251G Okolovrasten pat str., Sofia, Bulgaria

Information on the competent data protection supervisory authorities:

Commission for Personal Data Protection, Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2, phone: +3592 915 3 518, www.cpdp.bg

MY Synergy Ltd. (hereinafter referred to as “Administrator” or “the Company”) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. On the protection of individuals with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with this processing.

Reason for collecting, processing and storing your personal data

Art. 1. The Controller collects and processes your personal data in connection with the implementation of the main activity of healthdatabox.com – pursuant to Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • Explicit consent received from you as a client;

  • Fulfillment of the obligations of the Administrator under an oral agreement with you;

  • Compliance with a legal obligation that applies to the Administrator;

  • For the purposes of the legitimate interests of the Administrator or a third party;

 

Purpose and principles in the collection, processing and storage of your personal data

Art. 2. (1) We collect and process the personal data that you provide us in connection with the implementation of the main activity of healthdatabox.com, including for the following purposes:

  • Presentation of brand and product Healthdata Box;

  • Resolution of court and out-of-court disputes;

  • In order to be able to respond comprehensively to your request, complaint, request or other inquiry;

  • For the purposes of Direct Marketing – only after providing your consent;

  • In order to be able to provide online services that aim to facilitate the service of our customers, such as providing information about product specifications;

  • Individualization of a party to the contract;

  • Accounting purposes;

  • Statistical objectives;

  • Protection of information security.

(2) We observe the following principles in the processing of your personal data:

  • legality, good faith and transparency;

  • restriction of processing purposes;

  • relevance to the purposes of processing and minimizing the data collected;

  • accuracy and timeliness of the data;

  • limitation of storage in order to achieve the objectives;

  • integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

 

What types of personal data our company collects, processes and stores

Art. 3. (1) The company performs the following operations with the personal data provided by you as clients, for the following purposes:

  • Sending a newsletter – the purpose of this operation is to administer the process of sending newsletters, emails with special offers, information, promotions, news and new features to customers who have stated that they wish to receive. Given the limited scope of the personal data collected, the Data Protection Officer considers that an impact assessment is not necessary to carry out an impact assessment of the operation.

  • Exercising the right of refusal or making a claim – the purpose of this operation is to administer the process of exercising the right of refusal or claim by the client for the services performed, in respect of which these rights can be exercised. Given the limited scope of the personal data collected, the Data Protection Officer considers that an impact assessment is not necessary to carry out an impact assessment of the operation.

  • Sending inquiries through the feedback form– the purpose of this operation is to send a response to a request. Given the limited scope of the personal data collected, the Data Protection Officer considers that an impact assessment is not necessary to carry out an impact assessment of the operation.

(2) The Controller shall not collect or process personal data, which refer to the following:

  • reveal racial or ethnic origin;

  • disclose political, religious or philosophical beliefs, or trade union membership;

  • genetic and biometric data, health data or data on sexual life or sexual orientation.

(3) The personal data are collected by the Administrator from the persons to whom they refer.

(4) The Controller shall not perform automated decision-making with data.

(5) The company does not collect data for persons under 16 years of age, except with the explicit consent of their parent or legal representative.

Art. 4. (1) The Controller shall process the following categories of personal data and information for the following purposes and on the following grounds:

  • Your personal data (e-mail, name, etc.)

Purpose for which the data is collected: 1) Making contact with the user and sending information to him, 2) for sending a newsletter, emails with special offers, promotions, information, news and new features and 3) sending a response to an inquiry through the form of our website.

Grounds for processing your personal data – By accepting the general conditions or registration on the website or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data – Art. 6, para. 1, p. (b) GDPR. Your data for sending a newsletter and emails, as well as for sending a response to an inquiry through the form of our website, are processed with your explicit consent – Art. 6, para. 1, p. (a) GDPR.

  • Data from your social media accounts (publicly available information from your Google+, Facebook accounts) (if applicable)

Purpose for which the data is collected: 1) Making contact with the user and sending information to him and 2) for the purposes of registering a user on the website.

o Grounds for processing your personal data – By accepting the general conditions and registration on the website, through a social network profile, a contractual relationship is created between the Administrator and you, on which basis we process your personal data – Art. 6, para. 1, p. (b) GDPR.

Term of storage of your personal data

Art. 5. (1) The Controller stores your personal data for a period not longer than the existence of your account on the website or the execution of the order for the services. After deleting your account or completing the order, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (i.e. to make it in a form that does not reveal your identity).

(2) The Administrator shall store your personal data provided in connection with orders for the services for a period of 5 years for the purposes of protecting the legal interests of the Administrator in court or administrative disputes with users of the company, and the accounting documents shall be stored for the respective statutory term.

(3) The Administrator shall notify you in case the term for data storage is necessary to be extended in view of fulfillment of a normative obligation or in view of legitimate interests of the Administrator or otherwise.

(4) The Controller stores the personal data, which it is necessary to keep by virtue of the applicable legislation for the respective envisaged term, which may exceed the term of existence of your profile on the website or until the completion of the order for the services.

Transfer of your personal data for processing

Art. 6. (1) The controller may, at its own discretion, transfer part or all of your personal data to personal data processors for the fulfillment of the processing purposes with which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Controller notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent for the processing of your personal data

Art. 7. In case that you do not wish all or part of your personal data to continue to be processed by the Company for specific or all purposes of processing, you may at any time withdraw your consent to processing by request in free text. 

The Controller may ask you to verify your identity and identity with the data subject.

By withdrawing your consent to the processing of personal data, which is mandatory for creating and maintaining an account in the online store, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.

If there is an order made by you that is in the process of processing, the earliest moment when you can withdraw your consent for processing is upon successful completion of the order.

You may at any time withdraw your consent to the processing of your personal data for the purposes of direct marketing.

The withdrawal of the consent does not affect the legality of the processing of personal data, which the Controller has performed so far.

Right of access

Art. 8. You have the right to request and receive confirmation from the Controller whether your personal data is processed, and you can at any time see in your account, if you are a registered user and the data we process for you.

You have the right to access data related to you, as well as information related to the collection, processing and storage of your personal data.

Upon request, the Controller provides you with a copy of the processed personal data related to you in electronic or other appropriate form.

Providing access to the data is free of charge, but the Controller reserves the right to impose an administrative fee in case of repetitive or excessive requests.

In order to exercise your right to be forgotten, you need to submit a request 

by e-mail in free text; 

Right of correction or completion

Art. 9. You may correct or complete inaccurate or incomplete personal data relating to you directly through your account on the Website or by making a request to the Controller.

Right to delete (“to be forgotten”)

Art. 10. You have the right to request from the Controller the deletion of part or all the personal data related to you, and the Controller has the obligation to delete them without undue delay when there is any of the following reasons:

  • personal data are no longer needed for the purposes for which they were collected or otherwise processed;

  • You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;

  • You object to the processing of personal data related to you, including for the purposes of direct marketing, and there are no legal grounds for processing to take precedence;

  • personal data have been processed illegally;

  • personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State applicable to the Controller;

  • personal data have been collected in connection with the provision of information society services.

 

The Controller is not obliged to delete personal data if he stores and processes them:

  • to exercise the right to freedom of expression and the right to information;

  • to comply with a legal obligation requiring processing provided for in EU or Member State law applicable to the Controller or for the performance of a task in the public interest or in the exercise of official powers conferred on him or her;

  • for reasons of public interest in the field of public health;

  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;

  • to establish, exercise or defend legal claims.

 

In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:

  • information needed to certify that your right to be forgotten has been exercised – email, IP address;

  • technical information about the operation of the online store, which information cannot be associated in any way with your personality;

  • e-mail with which you registered in the online store.

 

To exercise your right to be forgotten, you need to take the following steps:

  • Submit a request by email;

  • To identify yourself as an account holder;

 

Once we have verified the identity of the requester and the data subject in accordance with the above steps, we will delete all data we process for you.

If you have an order that is being processed, the earliest time you can ask to be “forgotten” is when the order is successfully completed.

By deleting your personal data, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.

The Controller does not delete the data that he has a legal obligation to store, including for protection in connection with court claims against him or proof of his rights.

Right of Restriction

Art. 11. You have the right to ask the Controller to restrict the processing of data related to you when:

  • challenge the accuracy of personal data for a period that allows the Controller to verify the accuracy of personal data;

  • the processing is illegal, but you do not want the personal data to be deleted, but only their use to be restricted;

  • The Controller no longer needs the personal data for the purposes of processing, but you require them to establish, exercise or defend your legal claims;

  • You have objected to the processing pending verification of whether the legal grounds of the Controller take precedence over your interests.

In case of exercising your right of restriction, the Company will suspend the processing of your data, but will not remove the publications you have made on the website.

Right of portability

Art. 12. If you have given your consent for the processing of your personal data or the processing is necessary for the performance of the contract with the Controller, or if your data is processed in an automated manner, you may, after identifying yourself with the Controller:

  • ask the Controller to provide you with your personal data in a readable format and transfer them to another Controller;

  • ask the Controller to directly transfer your personal data to a Controller designated by you, when this is technically feasible.

You may at any time request to exercise your right of transfer by requesting an email to the Controller.

Right to receive information

Art. 13. You may request the Controller to inform you of all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed. The Controller may refuse to provide this information if this would be impossible or would require a disproportionate effort.

 

Right to object

Art. 14. You may object at any time to the processing of personal data by the Controller relating to him, including if they are processed for profiling or direct marketing purposes.

Your rights in the event of a breach of the security of your personal data

Art. 15. (1) If the Administrator finds a violation of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the violation, as well as of the measures that have been taken or are to be taken.

(2) The Controller is not obliged to notify you if:

  • has taken appropriate technical and organizational protection measures with regard to data affected by the security breach;

  • has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;

  • notification would require a disproportionate effort.

 

Persons to whom your personal data is provided

Art. 17. In all cases, the list of recipients of personal data processed by the Controller derives mainly from the scope of services used by you.

The list of recipients of the data is also the result of your consent or derives from the law and is specified as a result of the actions taken by you in healthdatabox.com

In the processing of personal data, the partners, associates and employees of the Controller may participate to a certain extent, for activities as follows:

  • those who provide technical assistance for the effective operation of the website, including communication with customers (e.g. assistance in sending e-mails; in the case of advertising activities – assistance in marketing campaigns);

  • hosting services or telephone or IT service providers;

  • companies that service the software support the Controller in marketing companies;

  • providers of legal and consulting services;

  • others.

The specified processors of personal data comply with all requirements for legality and security in the processing and storage of your personal data.

Transfer of personal data to third countries (outside the European Economic Area)

Art.18. As part of the use of tools by the Controller that support its current activity, provided e.g. by Google, your personal data may be transferred to a country outside the European Economic Community, in particular to the United States of America (USA) or another country where a person cooperating with the Controller maintains personal data processing tools in cooperation with Controller.

Appropriate security measures for the provided personal data are provided by the Controller, through the use of standard clauses for personal data protection, adopted by a decision of the European Commission and contracts for outsourcing the processing of data that meet the GDPR requirements.

The User has the right to receive a copy of the security tools used by the Controller after contacting us.

Cross-border processing of personal data. Leading supervisory body

Art. 19. The company carries out cross-border processing of personal data, as, according to Art. 4, para. 23 of GDPR, the processing of personal data takes place in the context of the activities of the places of establishment in more than one Member State of a Controller or Processor in the Union, the Controller or Processor being established in more than one Member State (France and Italy).

The Commission for Personal Data Protection has been appointed as the leading supervisory body.


 In appointing a Leading supervisory body, the Controller complied with the “Guidelines for the designation of a supervisor of a Controller or Processor” adopted on 13 December 2016 by the working group on personal data protection set up in accordance with Article 29 of Directive 95/46 / EC and thus published on the website of the Commission for Personal Data Protection. 

Violation of consumer rights. Claim to the supervisory authority

Art. 20. In the event of a breach of your rights under the above or applicable data protection law, you have the right to lodge a complaint with the Commission for Personal Data Protection.

Privacy Policy

General Terms and Conditions

bottom of page