Privacy Policy
Last updated: March 2025
Introduction
At HealthSuites, we are deeply committed to protecting the privacy and confidentiality of every patient and client who entrusts us with their personal and medical information. This Privacy Policy outlines how HealthSuites, operating as a medical care provider in Bulgaria, collects, uses, stores, and safeguards your information in connection with our General Practice Consultations, Specialist Medical Examinations, and Diagnostic Testing Services. By accessing our services or providing us with your information, you acknowledge and agree to the practices described in this policy. We comply fully with the General Data Protection Regulation (GDPR) as applicable in Bulgaria, as well as all relevant national legislation governing the processing of personal and health-related data.
Information We Collect
In order to provide you with the highest standard of medical care, HealthSuites may collect and process the following categories of information: Personal identification information, including your full name, date of birth, national identification number, gender, and contact details such as phone number, email address, and home address. Medical and health information, including your medical history, current symptoms, diagnoses, treatment records, prescribed medications, laboratory and diagnostic test results, and referral documents from other healthcare providers. Appointment and administrative data, including records of your scheduled and completed consultations, specialist examinations, and diagnostic procedures. Financial information necessary for billing and payment processing, such as health insurance details or payment card information where applicable. Technical data collected when you interact with our website or digital platforms, including IP address, browser type, and browsing activity, which is used solely for operational and security purposes. All health data is classified as special category data under GDPR and is handled with the utmost care and the strictest security measures.
How We Use Your Information
HealthSuites uses the information we collect exclusively for the purpose of delivering comprehensive, high-quality medical care and managing our clinical operations. Specifically, we use your information to: Provide, coordinate, and document your medical consultations, specialist examinations, and diagnostic testing services. Communicate with you regarding appointments, test results, follow-up care instructions, and health recommendations. Process billing, insurance claims, and payment transactions related to the services you receive. Maintain accurate and up-to-date medical records as required by Bulgarian healthcare regulations. Refer you to specialist physicians or external diagnostic facilities when medically necessary, ensuring continuity and quality of care. Conduct internal quality assurance reviews to continually improve our clinical standards and patient experience. Send you important health updates or administrative notices related to your care at HealthSuites. We will never use your personal or health data for marketing purposes without your explicit prior consent, and we will never sell your information to third parties under any circumstances.
Information Sharing
HealthSuites treats the confidentiality of your medical information as a fundamental principle of responsible healthcare. We do not sell, trade, or disclose your personal or medical data to unauthorized third parties. However, in order to provide you with complete and coordinated care, we may share your information in the following limited circumstances: With other healthcare professionals, including specialist physicians, nurses, and diagnostic technicians within or affiliated with HealthSuites, strictly on a need-to-know basis for the purpose of your treatment. With external laboratories, imaging centers, or specialist clinics to whom you have been referred, solely to facilitate the diagnostic or treatment process. With your health insurance provider, where necessary to process claims and verify coverage for services rendered. With public health authorities or regulatory bodies in Bulgaria where we are required by law to report specific medical conditions or comply with official health directives. With trusted third-party service providers who assist us in operating our facilities and digital systems, all of whom are contractually bound to maintain the confidentiality and security of your data. In all cases of data sharing, HealthSuites ensures that appropriate data protection agreements and safeguards are in place.
Data Security
The security of your personal and medical information is of paramount importance to HealthSuites. We implement a comprehensive range of technical, organizational, and physical security measures to protect your data against unauthorized access, accidental loss, alteration, or disclosure. Our security practices include: Encryption of sensitive data both during transmission and while stored on our secure servers. Strict access controls ensuring that only authorized medical and administrative personnel can access patient records, limited to what is necessary for their specific role. Regular staff training on data protection obligations, patient confidentiality, and information security best practices. Secure physical facilities with controlled access to medical record storage areas. Regular audits and assessments of our data processing systems and security infrastructure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, HealthSuites will notify the relevant supervisory authority and, where required, inform you directly in accordance with our obligations under GDPR and applicable Bulgarian law.
Your Rights
As a patient and data subject, you have clearly defined rights under the General Data Protection Regulation and Bulgarian data protection legislation. HealthSuites is fully committed to upholding these rights and making it straightforward for you to exercise them. Your rights include: The right to access the personal and medical data we hold about you, and to receive a copy of that information upon request. The right to rectification, allowing you to request correction of any inaccurate or incomplete information in your records. The right to erasure, sometimes known as the right to be forgotten, subject to our legal obligations to retain medical records for specified periods under Bulgarian healthcare law. The right to restrict processing of your data in certain circumstances while a complaint or query is being resolved. The right to data portability, enabling you to receive your data in a structured, commonly used format or to have it transferred to another healthcare provider where technically feasible. The right to object to the processing of your data for purposes other than direct medical care. The right to withdraw consent at any time where processing is based on your consent, without affecting the lawfulness of processing carried out prior to withdrawal. To exercise any of these rights, please contact us using the details provided below. We will respond to all verified requests within 30 days.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way HealthSuites handles your personal and medical information, we encourage you to reach out to us directly. Our dedicated team is available to assist you and ensure your privacy rights are fully respected. You may contact us at: HealthSuites, бул. Витоша 47, ет. 3, София 1000, България. Email: contact@healthsuites.com. We take all privacy-related inquiries seriously and are committed to addressing your concerns promptly, transparently, and with the highest level of professional care. If you believe your data protection rights have not been adequately upheld, you also have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), the supervisory authority for data protection matters in Bulgaria.