Privacy Policy

Introduction

The mobile app "еZdrave" is developed as a free application provided by the Ministry of Health of the Republic of Bulgaria (MoH), which is used to make available your health information exceptionally to you. This privacy policy is designed to inform users of the Application how the Ministry of Health, as a Controller of personal data, collects and processes personal data when the App is in use.

For the proper functioning of the "еZdrave" App, we collect and process certain personal data listed below in the "What kind of data we do collect" section, including data related to account registration (your names and e-mail), data from your requests for access, information from surveys of use in which you participate at your request, data for your identification and verification (authentication) and information about the use of our application and services by each user.

We collect and process your personal data only for the purposes set out below in the section "Purposes of the collection and processing of personal data" related to providing our services to you, ensuring the proper functioning of the App and information security in it, implementation of surveys and research related to users demand and restriction of access to information for individuals and entities who do not have the right to access it.

In connection with the personal data provided, you have rights that you may exercise as set out below in the "Your Rights" section.

Each section of this policy contains information about us and how we collect, process and store personal data.

If you use the App, then you agree to the collection and use of information with regard to this policy. The personal information we collect is used to provide and improve the service. We will not share your personal data with anyone except as described in this policy.

Controller

"eZdrave" is an application program, established as a functional subsystem of the National Health Information System (NHIS), hereinafter referred to as "The App".

The Application is property of the Ministry of Health of the Republic of Bulgaria and is managed by it in its capacity as the owner of the National Health Information System, the Application and the Controller of your personal data (hereinafter "Controller").

What kind of data we collect?

This Policy covers information we collect from you through the App, that is defined as personal data or personal information.

"Personal information" is information that can be used to identify you, also defined as "personal data". Specific information that may be identified as personal data may include your name, email address, IP address and identifier of the device from which you access the App, among other information. The accuracy and reliability of the personal information and personal data you provide to the App are your obligation and your responsibility. Incorrect information may affect your ability to use the App, the information you receive through the App, and our ability to contact you. As the main way to communicate with us, the email address you provided must be kept up to date.

MoH in its capacity of the Controller of the App collects the following types of information about you and personal data:

  • (1) Personal data relating to your physical identity, provided directly by you or through third parties - medical establishments: three names; PIN, sex/gender, permanent or current address; for foreign citizens - personal number of a foreigner (PNF), if available, or date and place of birth, citizenship, and sex/gender; as well as telephone and / or contact email for feedback purposes. We collect such data when they are provided to us by the NHIS on the basis of your informed consent, given explicitly and in writing to a medical establishment, or when you provide it to us in either of the following cases: registration of your account; update or change the data in your registered account; when you place orders for our services; when you fill in survey questionnaires; when you subscribe to email updates; when you participate in our public forums or send us emails. We may use the received personal data regarding your physical identity in order to provide you with the services you requested, to answer your questions, to inform you about events or updates, and to send messages on your registered e-mail in connection with App maintenance, problems with it or updates.
  • (2) Personal data representing health information. According to Art. 27, para. 1 of the Health Act, health information shall be all the personal data related to the health condition, physical and mental development of the individuals, as well as any other information contained in medical and pharmaceutical prescriptions, protocols, certificates, and other medical documentation. We use your health information only to the extent it is uploaded to the NHIS by medical establishments on the grounds provided by law.
  • (3) We do not collect personalized information about you as an App user. All information about how you use the application is immediately anonymized. Following the login of each user, we can obtain, collect, and explore information about the specific pages of the electronic health file that is the subject of the visit, the order in which this happens and the hyperlinks that have been clicked, but without link to any user-specific data. In the same anonymized way, we collect information about the URLs from which users connect to the Application. The collection of such information may include logging in to an IP address, the operating system and the browser software used by each user of our App. Depending on the IP address used, we may be able to determine the user's internet service provider and to geolocate the relevant connection point. We use or may use cookies and web-beacons when you enter the App. You can find more information about this in the Cookies Policy

All personal data that we process are visible to you in the App. All other data we use that is not displayed to you is anonymized.

General Provisions

Account registration. In order to provide a better service when using the App, we need you to provide us with some personal data. Registration can be done through electronic identification in the NHIS. This is done by logging in to your web-based electronic health file in the NHIS Portal www.his.bg, where a QR code is generated, which performs the identification procedure. Registration can also be provided through a special mobile application for electronic identification, when available. If you are unable to register account through the NHIS Portal, when registering an account, you may be required data related to your physical identity, such as your name and phone number and / or e-mail. Also, the App will need your permission to access the camera and flash of your device through which you access it. The information we request will only be used for the purposes of the App and as described in this privacy policy.

Updates. We can offer you the opportunity to receive updates through the Application itself (push notifications), only available to registered users. No personal data will be required to use these services.

Identification upon access. Your access identification will be performed with your biometric data (face ID), which is contained in your smartphone itself. All that data, including your ID-photo, will be deleted as soon as you successfully identify yourself to create or access your account.

Communications with the App. Your personal data may be sent by you and received by us by e-mail or in any other way you can contact us, but only when pairing the App with the NHIS Portal www.his.bg. Following this moment, our connection with the Portal is one-sided. Links to other applications will not be made or available.

Third parties’ sites. The App does not provide access to sites of third parties, such as Facebook or similar, so your personal data are not accessible to any third-party sites, nor do they give you access to such sites.

Affiliate sites. The App has no connection with other sites besides the NHIS Portal www.his.bg, from which only the health information of interest to you is extracted.

Purposes of the collection and processing of personal data

The purpose of this policy is to describe how the App collects, uses and shares information about you through our online interfaces (NHIS Portal www.his.bg and the App itself). Please read this privacy policy carefully to find out what we do. If you do not understand any aspects of our privacy policy, you can request clarification at support@his.bg. Your use of the NHIS Portal www.his.bg is regulated by the Health Act, the Ordinance on the structure and functioning of the NHIS issued by the Minister of Health and the conditions for the use of the NHIS, which you can find at www.his.bg. The purposes for the collection and processing of individual types of personal data are described separately in the section "What Kind of Data We Do Collect" above.

Grounds for using personal data

The grounds for using your personal data, as stated in this Policy, are set out in Art. 6, para. 1, items (a), (b), (c) and (d) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) or GDPR, and are one or more of the following:

  • (1) The processing is necessary in order to fulfill our obligations to provide you access to the NHIS and your electronic patient file, including the conditions for their use, which you accept by accessing them.
  • (2) The processing is necessary to take steps at your request before granting access to you, which requires the use of your personal data.
  • (3) The processing of your personal data is necessary to comply with our legal obligations to restrict access to health information for individuals and their identification when providing personal access to their electronic patient file.
  • (4) The processing is carried out on the basis of your explicit prior consent in the cases provided for in this Policy, or with your consent to send you certain messages or where you provide us with certain information.

Which legal basis applies to a particular processing activity depends on the type of personal data processed and the context in which they are processed.

Where the processing of your personal data is necessary to protect our legitimate interests or the legitimate interests of third parties to use them, we will perform a balancing test to ensure that we protect your personal data unconditionally when our legitimate interests (or that of the third parties) do not exceed your interests or fundamental rights and freedoms.

If you have consented to us using your personal information in a certain way, but later you change your mind, you can withdraw your consent by visiting your profile page and clicking on the withdrawal of consent box, or you can delete your account and we will stop processing your personal data immediately. Please note that if you withdraw your consent, this may affect our ability to provide you with our services or impede them completely. You can withdraw your consent through the settings of the App. In this case, your account will be deactivated, pairing will be terminated immediately, and upon termination, all your personal data collected so far will be deleted.

Age restrictions

Guided by the awareness of special protection of adolescents, we do not collect or process personal data of minors. For this reason, the App does not allow registration of an Account by persons under 18 years of age. If you are under this age, please do not access this App in any way. If you have done so, we will take appropriate measures to delete the personal data received without the validated consent of your parent, guardian, or custodian immediately after establishing the existence of such data. If you are a minor, your parents have the right to access your electronic health record as your legal representatives. They have the right to do so through NHIS Portal www.his.bg as well as the App.

How personal data is used?

Information related to the use of our App. We use information related to your use of the App to build better quality, more useful services by performing statistical analyses of the collective characteristics and behavior of our users, as well as measuring demographics and interests in specific areas of the App. We may also use this information to ensure the security of our services and the App as a whole. All the data in these cases are completely anonymized, and your personal data is not collected and therefore not available.

Technical support and security. We may use your personal data to provide technical support when considered necessary and to ensure the security of both NHIS and the App.

Updates. We may use some of your personal data collected within the registration process to send you messages regarding the App and its updates. We may also archive this information and / or to use it for future communication with you, but only when we have a legal right to do so.

Communications with, or from the App. When you send us a message or otherwise contact us, we may use the information you provide to respond to your message and / or for other purposes described in this Privacy Policy. We may also archive this information and / or use it for future communication with you when we have a legal right to do so. When we send you emails, we can track how you interact with those emails (for example, when you open an email or click on an email link). We use this information only for the purpose of securing our communications with you and adapting and optimizing them to your needs.

Communications with partners and suppliers. We do not and will not in any way share your personal data with content providers or our potential partners, so they may not and will not be able to share information about their products and services, whether or not they have a legal right to do that.

Research. We may only share aggregate data on access to the App, information on your activity on the NHIS Portal www.his.bg and demographic data from surveys conducted by us for the needs of the Ministry of Health, which may use research data related to with healthcare. In none of these cases we provide and will not provide your personal data in any way, and all data provided and processed will be anonymized.

Government bodies, law enforcement and litigation. The App may share your personal data with various government agencies in response to subpoenas, judicial orders or others issued in legal proceedings, in order to establish or exercise legal rights or to protect its property, including on objects of intellectual and industrial property and to defend against legal claims, as well as in other cases established by law. In these cases, we have the right to make or refuse any legal claim, objection or right/privilege given to us by statute. We may also share your personal data when we deem it appropriate to investigate, prevent or take action on illegal activities or reasonable doubts of such activities; to protect the rights, property or safety of the App, the NHIS, and you as our users. In all such cases, we will only provide your personal data to public authorities for which there is a legal obligation to provide certain categories of personal data.

Disclosure of information to acquirers. The App may disclose and / or transfer your personal data to an acquirer, general or private successor in a case of sale, transfer, merger, acquisition, conversion, liquidation, distribution of property, enforcement, or other form of reorganization of the whole equity, the business (commercial enterprise) or the assets of the Data Processor of the App, or of part of this capital, business (commercial enterprise) or assets.

Electronic readers. If we receive any personal information related to the extent to which you use certain e-readers to access the materials of the App, we may archive it by deleting the link to your personal data and use it for research, business, or other purposes. In this event, only anonymized data will be processed.

Cookies Policy

In order to ensure the proper functioning of the App as a whole, we sometimes place small data files on your device, called “cookies”.

What the cookies are? Cookies are small text files that are stored on your mobile device or computer when you visit a website. They allow the website to store your actions and preferences (such as username, language, font size and other display settings) for a certain period of time so that you do not have to enter them every time you visit the site or go from one page to another.

How do we use cookies? Some components of the App use cookies, which are not absolutely necessary for it to work, but make it more convenient to use. You can delete or block cookies, but if you do, some features of the Application may not work properly. Cookies are used to store:

  • (1) Your display settings, such as navigation language, contrast, font size, device used, search results preferences, and notifications.
  • (2) Your last visit to the App (for statistical purposes) and the last three pages you visited (to facilitate our help desk in case you submit a request).
  • (3) Information whether you have accepted or not accepted the use of cookies on this App.

In addition, videos embedded on our pages may also use cookies to collect anonymously statistics on how you reached that page and which videos you viewed.

Cookies and personal data. The information related to cookies is not used to identify you, and the data samples are completely under our control. Cookies are not used for purposes other than those listed here.

Third party cookies. We do not allow third party services to send cookies to our users.

How to control cookies? You can control and / or delete cookies as you wish. You can delete all cookies that are already stored on your device, and you can also set most browsers to block them. However, if you do this, you may need to manually adjust some settings each time you visit the App, and some services and features may not work.

Refusal to use cookies. You are free to accept or decline the use of cookies on this App with just one click on one of the following links:

I accept cookies

I refuse cookies

In this case, you reject all cookies, except the one that stores the current selection.

I refuse cookies completely

In this case, you will see our cookie banner every time you visit the App. You can refuse only the use of cookies, which are not definitely necessary. Some cookies are definitely necessary in order for you to use the App and the NHIS Portal www.his.bg, as without them we will not be able to provide you with certain functions, such as automatic login to the Application.

Storage period of personal data

We store your personal data for a period not longer than necessary for the purposes for which it is collected and processed. The period for which we store your personal data depends on the purposes of data collection and use and / or according to the requirements for compliance with applicable laws and for establishing, exercising, or protecting our legal rights. The maximum period of storage of your personal data is 10 years.

Security in the processing storage of personal data

We value your confidence by providing us with your personal data and we use all possible means to protect them. Please, bear in mind that no method of transferring information over the Internet is 100% secure and reliable.

Confidentiality and security of your personal data are extremely important for us. We will use standard physical, technical, and administrative security measures to keep your personal data confidential and secure and will not share it with third parties unless otherwise provided in this Privacy Policy or if such disclosure is necessary in special cases, such as a physical threat to you or others, as permitted by applicable law. As the Internet is not a 100% secure environment, we cannot guarantee the complete security of the personal data provided to us, however there is a risk that an unauthorized third party may find a way to circumvent our security systems or that your information may be intercepted in the process of its transmission over the Internet. Therefore, it is your responsibility to protect the security of your login information. Please note that emails are not usually encrypted and should not be considered secure.

Service providers

The personal data Processor does not use service providers for the App and does not hire other persons for this, except for its employees working under an employment contract, who are assigned to perform activities on its behalf. Employees are obliged not to disclose or use the information for any reason other than those described in this policy. These obligations are assumed by their employment contracts and the confidentiality documents signed by them.

Objections, questions, and suggestions

If you have any questions, suggestions, unresolved issues, or complaints related to the privacy and protection of your personal data, you can contact us through the functionality of the App, or at the e-mail addresses below. If you reside or temporarily stay in the European Economic Area, our Data Protection Officer and the Application Management Team can assist you with any questions you may have regarding the processing of your personal data. If you reside or temporarily stay in a country of the European Economic Area, you can also lodge a complaint with the Data Protection Commission, or file a claim with the competent Bulgarian court if you believe that your rights have been violated.

To contact the Data Protection Officer designated by the  Controller - the Ministry of Health, please use the following contact information:
Subject: Request for confidentiality
Mr. Vesselin Vitkov
Address: 5 Sveta Nedelia sq., Sofia 1000, Bulgaria
e-mail: dpo@mh.government.bg
phone: +359 2 9301 461

Your rights

You have the right to request from us access to your personal data, correction or deletion of your personal data, or restriction of the processing of your personal data, or the right to object to the processing, as well as the right to data portability.

  • You have the right to access your personal data and to confirm that it remains accurate and up to date, to choose whether you want to receive feedback from the Controller and the Processor of your personal data and also to request that we delete or provide you with a copy of your personal data by logging in to the App and visiting your account page. You have the right to update any of your personal data that is out of date or inaccurate.
  • You have the right to delete all personal data that we process, as well as the right to limit the way we process your personal data.
  • You have the right to annual information on the categories of user data provided to third parties - processors, the names and addresses of the processors to whom this data is provided or has been provided in the immediate previous calendar year. For this purpose, if the information is not published on the NHIS Portal his.bg, you may send us an e-mail to support@his.bg with text or only title (subject) "Request for Privacy Information". In response, we will send you the requested information to the same email address.
  • You have the right to appeal to the Commission for Personal Data Protection in connection with the processing of your personal data by us as Controller, or by the processors of your personal data to whom we have provided this data.

In case you need additional information regarding your rights or if you want to exercise any of them, you can also contact us in the order of submitting objections, questions and suggestions (see above "Objections, questions and suggestions”).

Personal data Processor

The Processor of your personal data is the company Information Services Jsc, UIC 831641791, which is designated to be the national system integrator of the government information systems by virtue of a cabinet resolution. The Processor receives them in his capacity as an established service operator in the area of information and communication technologies and the maintenance of the systems of the NHIS Portal www.his.bg and of this App.

Policy amendments

We periodically review our privacy policy for compliance with applicable legal requirements and safety standards, therefore which it is subject to change. We recommend that you check its contents regularly for amendments. Any subsequent alterations, updates or additions to the Privacy Policy will be effective immediately upon its publication. We will notify you of any substantial changes to this policy by posting on the NHIS Portal www.his.bg within a reasonable time before such update, or by sending an email to the address associated with your User Account. The entry into force of the publication for amendments is indicated at the beginning and end of this policy. We encourage you to periodically consult the Portal or the App to be informed in a timely manner with the current version of this Privacy Policy.

This Privacy Policy is in effect from 1/05/2022.

Управление на вашата поверителност

Тази интернет страница използва "бисквитки" (cookies) съгласно Политика за защита на личните данни. С натискането на бутона "Приемам", Вие потвърждавате, че сте я прочели и се съгласявате с нея.