PRIVACY AND PERSONAL DATA PROTECTION POLICY OF NATURAL PERSONS

Last Update: November 8, 2021

This document contains the Privacy and Personal Data Protection Policy of natural persons (“Policy”) and is related to the General Terms and Conditions, but is not an integral part of them, as it does not regulate rights and obligations, but aims to explain to users what personal data we process, in what way and for what purpose we process it, and what are the applicable security measures. It also provides information about the rights that you, our customers and users, have in connection with the processing of personal data by DIOGEN TRADE LTD. (https://diogentex.com). In the event of a change to the Policy, the updated version will be published here.

Your privacy is very important to us. This Privacy Policy discloses what personal data we collect from you through our joint relationships and how we use that data.

1. PERSONAL DATA ADMINISTRATOR

DIOGEN TRADE LTD., UIC 117634565, VAT No. BG 117634565, with headquarters and management address: 63 Borisova str., Ruse 7012, Bulgaria, mailing address: 63 Borisova str., Ruse 7012, Bulgaria, e-mail: info@diogentex.com (hereinafter referred to as “DIOGEN”, “The Company”, “we”, “us”, “our”, “Administrator”, “Personal Data Administrator”, “Controller”) is an administrator of data, including personal data, in relation to the information collected or provided when browsing the website https://diogentex.com and the pages on social networks (including our Facebook page) or when purchasing goods or services through them (collectively referred to as “Site(s)”, “Website(s)”, “Online Store”).

The Policy also applies in cases where as natural persons (for short “subject(s)”) you voluntarily provide us with personal data electronically (by e-mail), by telephone or by other means, including on site at our store or office. We also process personal data from inquiries sent by you to us, as well as for marketing and advertising purposes, profiling, participation in games, promotions and raffles organized by us and for any other purposes not prohibited by law.

When processing personal data, DIOGEN complies with all applicable data protection regulations, including but not limited to Regulation (EU) 2016/679 – General Data Protection Regulation (hereinafter referred to as “Regulation”, “General Regulation”) and the Personal Data Protection Act (“PDPA”), because for us the security of personal data of our customers is essential. Therefore, this Policy applies in this case as well.

2. APPLICABILITY OF THE POLICY

This Policy applies to all our customers – natural persons who purchase our goods/services by ordering from the Site or are interested in them by sending inquiries (hereinafter referred to as “data subject(s)”, “User(s)”).

Partners and third parties who work with or for DIOGEN, as well as who have or may have access to personal data, will be expected to read, understand and comply with this Policy. No third party may have access to personal data stored by DIOGEN without first having entered into a data confidentiality agreement, which imposes on the third party obligations no less burdensome than those assumed by The Company, and which entitles it to verify compliance with the obligations imposed by the agreement.

This Policy applies to all employees (and stakeholders) of DIOGEN, as well as to external suppliers of products and services with which The Company has concluded contracts. Any violation of the General Regulation will be considered as a violation of labor discipline, respectively as non-performance of contracts with partners, and in case there is a suspicion of a crime, the issue will be submitted for consideration as soon as possible to the relevant state authorities.

For the visitors of the Site, who do not place orders and do not send inquiries, but only browse our website, the Cookie Policy adopted and published on the Site applies.

3. DEFINITIONS

“Regulation” – is the General Data Protection Regulation 2016/679 of 27 April 2016, called GDPR. The purpose of this European legislation is to protect the “rights and freedoms” of natural persons and to ensure that personal data are not processed without their knowledge and, where possible, that they are processed with their consent.

“personal data” – means any information relating to a natural person who is or may be identified (“data subject”), directly or indirectly, by an identifier such as name, identification number, location data, online identifier or by one or more attributes specific to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that natural person.

“special categories of personal data” – means personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the unique identification of an individual, health data or data on a person’s sexual life or sexual orientation.

“processing of personal data” – means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmitting, distributing or otherwise making the data available, arranging or combining, restricting, deleting or destroying.

“Administrator”“Controller” – means any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means for the processing of personal data; where the purposes and means of such processing are determined by EU law or the law of a Member State, the Administrator or the specific criteria for its determination may be laid down in Union law or in the law of a Member State.

“data subject” – is any living natural person who is the subject of personal data stored by the Administrator.

“consent of the data subject” – is any freely expressed, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or clear confirmatory action expressing his consent to the processing of personal data relating to him.

“child” – the General Regulation defines a child as anyone under the age of 16. The processing of a child’s personal data is lawful only if a parent or guardian has given consent. The administrator shall make reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give his consent.

“profiling” – means any form of automated processing of personal data, expressed in the use of personal data for the assessment of certain personal aspects relating to an individual, and in particular for the analysis or forecasting of aspects relating to the performance of professional duties of that individual, his economic condition, health, personal preferences, interests, reliability, behavior, location or movement.

“violation of the security of personal data” – a security breach that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed.

“recipient” – means a natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing.

“third party” means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor, have the right to process personal data.

4. PRINCIPLES

When collecting and processing personal data, we are guided by the following principles: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability.

5. SUBJECTS WHOSE DATA WE PROCESS

In connection with its activity The Company:

  • concludes and executes distance sales contracts;
  • considers proposals and job applications, forms for exercising the rights of consumer buyers, as well as requests of data subjects;
  • responds to inquiries;
  • issues and receives invoices;
  • processes statistical data;
  • manages a user panel on the Site;
  • performs advertising activity through advertising campaigns (promotions, games, etc.).

In the course of these activities, DIOGEN processes information on the following data subjects:

(a) natural persons, users of the Site without registration:
– which do not leave any data (in this case we process data, but not personal);
– who have voluntarily provided a limited amount of personal data (example telephone number and/or e-mail address);

(b) natural persons, users of the Site with registration as registered users – in these cases we process data about the user, which he entered during registration – email address, delivery address, names, billing data, order details, other data entered by the user;

(c) natural persons who have sent inquiries, requests, initiatives, warnings, complaints or other correspondence to the Company by phone, e-mail, contact form on the Site, message on social networks or otherwise;

(d) natural persons, information about which is contained in inquiries (including by phone), requests, initiatives, warnings, complaints or other correspondence addressed to us;

(e) natural persons with whom we enter into contracts (civil, including commercial or employment, mostly distance sales contracts) electronically (through the Site or social networks, as well as through electronic correspondence) or on site at our office or commercial site;

(f) data of natural persons provided by third parties (for example, in the case of a gift order).

6. PERSONAL DATA WE PROCESS

Depending on the reason for the processing of personal data, the type of such data may differ. The functionalities provided on the Site are not intended for storage and processing of special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation. We only require such personal data that we need to provide the activity/service/product required by us. In the course of using the Site by natural persons, we may process other data that do not contain personal data, but relate to the subject, such as its IP address, data on its activity on the Site, etc.

(a) Data provided when placing an order

In order to fulfill a distance sales contract (order) concluded between You and DIOGEN, we require certain information from You. These are: names, email address, delivery address, contact phone number, your payment information (eg bank card), invoicing data, including Personal Identification Number (PIN)/Identity document number, if you want an invoice for an individual. If you provide data of third parties who will receive the order (for example, gift orders or other type of donation), you are responsible for providing their data.

(b) Data provided when registering on the Site

In case you have chosen to create an account on the Site through registration (account), then in addition to the above data, we also store a history of your orders. The required data match those required when placing an order. Along with them, we also process IP address, activity data (time and date of registration, acceptance of Privacy Policy and General Terms and Conditions, logins to your account, etc.).

(c) Data provided when entering into other contracts

In cases where DIOGEN enters into other contracts with natural persons other than distance sales contracts, we require three names, Personal Identification Number (PIN)/Identity document number, address, email address.

(d) Data provided by, through and on other websites and applications called third parties

In certain cases, you have the opportunity to share information with social networks or to link your account on our Website with your account on the relevant social network (social profile). In this case, the social network may provide us with automatic access to certain personal information of yours. By linking your social profile to your account on the Site, you voluntarily allow us to access your personal data processed by the respective social network, as well as to collect, use and store this information in accordance with this Privacy Policy.

The connection of your social profile with our Website is made through the opportunity provided on our Site to log in with your social profile. In case you have chosen this method of registration on our Site, we may process your data such as names, telephone, email, gender, marital status, age, photo, education, place of birth, place of residence and other data that you have provided in your social profile.

In the event that you provide your personal data to DIOGEN via Viber, Skype, Facebook or another platform/social network/application, we inform you that these platforms/social networks/applications have their own privacy policies and that we do not accept any responsibility or liability for these policies, as far as we cannot control the processing on their part. In this regard, we recommend that you check the privacy policies of these platforms/social networks/applications before sending us your personal data through them.

(e) Data provided when publishing a comment, review, publication

If you post a comment, review, publication on this Website, your IP address will be saved along with your names (if you have entered them). DIOGEN has an obligation to store this data (called “traffic”) for certain periods and for certain purposes. Due to the fact that sending comments, inquiries and other messages to the Site, Facebook page/group or their administrators represents sending an electronic statement, according to the Electronic Document and Electronic Certification Services Act the Administrator has an obligation to maintain logs of the fact of sending the statement for a period of 1 /One/ year. The log contains the date of the statement, name and email address of the sender.

(f) Employee data and data collected during the processing of job applications

We process data when concluding employment contracts and when evaluating/processing job applications.

When concluding employment contracts, we require: three names, Personal Identification Number (PIN)/Identity document number, address, age, gender, education data, work experience, bank data, and subsequently we process health data.

When processing CVs, we process: names, address, email address, age, gender, education, work experience, photo, voluntarily provided data by the candidate during an interview or in the CV.

(g) Data provided during correspondence, complaints and warnings

In order to resolve complaints, signals, disputes, inquiries, requests or other issues addressed in communication to the Company, received through electronic forms on the Site, through phone calls to us, by sending by mail or e-mail, DIOGEN stores and processes this information as well as the result of this processing. These can be names, email address, phone, address.

In addition, due to the fact that sending comments, inquiries and other messages to the Site, Facebook page or their administrators is sending an electronic statement, according to the Electronic Document and Electronic Certification Services Act we have the obligation to maintain a log of the fact of sending the statement (without its content) for a period of 1 /One/ year. The log contains the date of the statement, the name and email address of the sender, and the identification of the sender.

If you provide us with personal information about someone else, you should only do so with that person’s permission. You must inform him how we collect, use, disclose and store personal information in accordance with this Privacy Policy.

(h) Technical data collected during the use of the Site

In addition, we may collect information from your computer, phone, tablet, or other device that you use. This information may include the following:

  • type and unique identifier of the device you are using, including information that your browser automatically sends when you visit the Website;
  • location information transmitted by your device if you have set it to display this information;
  • computer and connection information, such as pageview statistics, IP address, Site browsing history, language settings, etc.;
  • logs related to security, technical support, development, etc.:

– to ensure the security and reliable operation of the Site, identify technical problems and detect malicious actions;
– for development and improvement of the goods/services on the Site;
– to measure the traffic and usability of the Site;
– logs in cases where this is required by law (such as logs of electronic declarations of intent);
– account login logs;
– server logs, logs of security devices (Web Application Firewalls) and other devices falling into this category;
– cookies – their use is necessary for the proper functioning of the Site. In connection with this the Cookie Policy has been adopted;

We may prefer to reduce the amount of data we store and process according to the processing purposes.

We do not require and will not collect or process personal data that discloses:

  • racial or ethnic origin;
  • political, religious or philosophical beliefs;
  • membership in trade unions;
  • genetic and biometric data;
  • health data;
  • data on sexual life or sexual orientation.

If the subject itself, on its own initiative and desire, provides such categories of data, DIOGEN is not responsible for the provision, but only undertakes to provide them with the same protection measures as those provided for the requested personal data. We do not transfer data to third countries. Also, we do not make automated decisions regarding personal data and do not process data of persons under 16 years of age. If you are under the age of 16, you should not provide us with personal information about yourself.

7. GROUNDS AND OBJECTIVES FOR DATA PROCESSING

The main purpose for which we process your personal data is related to the provision of services through the Site and social networks, namely the conclusion of distance sales contracts and delivery of goods and services ordered by you, as well as the accounting of income.

We also use your personal information to:

  • provide and improve our goods/services;
  • to contact you about your account and/or our goods/services;
  • to provide you with a customer service;
  • to provide you with personalized advertising and marketing according to your interests;
  • to perform raffles and games organized by us;
  • in certain cases also for the detection and investigation of fraudulent or illegal activities.

The Company collects, uses and processes the information described above for the purposes set forth in this Policy, which may be related to:

  • the conclusion of a distance purchase and sale contract for goods/services between you and DIOGEN through the Site or social networks – we require your identification, contact and payment details to enter into a contract with you, respectively to send you the order;
  • concluding a consumer loan agreement when you have requested the purchase of goods or services from the Site by credit;
  • processing payments and preventing fraudulent transactions (we may transfer your data to a third party to perform these functions);
  • concluding employment contracts; processing and evaluation of submitted CVs;
  • your registration on the Website – in this case we will use your personal information to keep your account up to date;
  • administration of all competitions/raffles/games on a lottery basis, conducted by DIOGEN;
  • the fulfillment of legal obligations of The Company, which includes:

– fulfillment of legal obligations to retain or provide information in view of our tax obligations to the state (for example, on the basis of the Accounting Act and other tax laws);
– fulfillment of legal obligations on the basis of the Labor Code, the Commercial Register Act and other normative acts;
– execution of an order received by us from competent state or judicial authorities;
– fulfillment of obligations provided for in the Personal Data Protection Regulation, related to the notification of various circumstances related to your rights, the protection of your data, the goods/services provided by us and other similar;
– fulfillment of obligations provided for in the Consumer Protection Act such as ensuring the right of withdrawal;
– the protection of DIOGEN in court;

  • protection and implementation of the legitimate interests of other users of the services, third parties and the Site – the legitimate interest pursues goals related to the legitimate interests of DIOGEN and/or third parties. These goals include:

– detecting and resolving technical or functionality problems, development and improvement of the purpose of the Site;
– communication with you, including electronically, on important issues related to the services we provide and performance of concluded contracts;
– targeting our marketing, updating goods/services and offering promotional offers based on your preferences;
– reception and processing of received signals, complaints, requests and other correspondence;
– exercising and protecting the rights and legitimate interests of the Site, including in court, and providing assistance in exercising and protecting the rights and legitimate interests of other users of the Site and/or affected third parties;
– administering the Website and maintaining its security and safety;
– analyzing and improving the use of our Website and retail (including information about how you navigate our Site);
– measuring and analyzing our advertising and sending you suggestions and recommendations based on the information you share with us;
– communication with you about your account; troubleshooting your account. To be more efficient when we contact you by phone, we can use automatic or pre-recorded calls and text messages;
– informing you about goods and services for which you wish to send you information by e-mail, mail, mobile phone and/or other digital means (depending on your stated preferences), including social media platforms – only when we have received your explicit consent for that;

Your data may be processed on the basis of your explicit consent, and the processing in this case is specific and to the extent and scope provided for in the respective consent. We usually require such consent from you when we wish to process your personal data without any legal obligation or legitimate interest for DIOGEN. Most often we require such consent when we want to offer you information about new promotions, products, etc.

8. RETENTION PERIOD OF YOUR PERSONAL DATA

When storing data, The Company applies the general principle of data storage in a minimum volume and for a period not longer than necessary to achieve the objectives of the Company, provision of services and performance of contracts, ensuring their security and reliability and the requirements of the law.

We will keep your personal data for a period of time, it is necessary for the objectives set out in the current Privacy Policy to be fulfilled, except by law or on the basis of our legitimate interest, it does not require us to keep it for a longer period. Once the purposes of processing your personal data have been achieved, we destroy them.

Exceptions to the retention period rules

Please note that we will not delete or anonymize your personal data if it is necessary for pending court, administrative, arbitration, enforcement proceedings or proceedings to review your complaint before us. Deletion will be performed after the need for data is no longer present.

You can always ask us to delete certain information or close your account, and we will respond to this request by retaining certain information, even after closing the account when applicable law or legitimate interests require it. If we are legally required to do so, or if it is reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce our terms, we may retain some of your personal information for a limited period of time, even after you have deleted your profile.

In order to ensure the reliability of the services and prevent data loss for technical reasons, the Site applies a data backup policy. The maximum period for updating (deleting data) from all backups is 30 days.

9. DO WE SHARE YOUR PERSONAL DATA TO THIRD PARTIES

Diogen does not provide your personal data to third parties, unless there is a legal basis for this – an obligation under law or contract, a legitimate or vital interest, your consent. We try to minimize the personal data we disclose, as this is always directly related and necessary to achieve the set goal. We do not sell, rent or otherwise disclose your personal data to third parties for their marketing and advertising purposes without your explicit consent.

In certain cases, The Company is obliged to disclose your data to public authorities such as the police, prosecutor’s office, court, in connection with the prevention or detection of crimes. This includes the exchange of information with other companies and organizations in order to protect against fraud.

When we receive money from you or have paid money to you, we may be required by the revenue authorities to provide transaction data containing certain data, including personal data. In this regard, DIOGEN may provide your data to the accounting companies it works with or to the revenue authorities.

The legal obligation of DIOGEN as a Personal Data Administrator, managing websites (Sites) is to protect the security of the networks and the data processed by The Company. In this regard, we apply a number of measures, the implementation of which may require the processing of your data by IT companies that take care of the security of computers and computer networks maintained by The Company.

We could have a contractual obligation to provide your data in case of a distance sales contract concluded with you, by virtue of which we are obliged to provide by courier the goods or services requested by you. The same is true if you have chosen to purchase and pay for a product or service from our Site through payment, credit or banking services, to whose providers you personally share your data or assign it to us.

Our legitimate interest justifies in certain cases the provision of personal data to third parties. Such would be the situation with initiated proceedings before the Commission for Personal Data Protection, the Commission for Consumer Protection or other persons and public authorities. There is also a legitimate interest for us when we engage other companies and individuals to perform certain tasks on our behalf, complementing our services and activities, within the framework of data processing contracts.

10. TO WHICH COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA

Currently DIOGEN stores and processes your personal data in Bulgaria.

11. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Under the General Data Protection Regulation you have the following rights:

Right to be informed
This Policy is intended to inform you in detail about the processing of your personal data. When there is a risk of violation of the security of your personal data, the Administrator is obliged to inform you about the nature of the violation and what measures have been taken to eliminate it, as well as whether the supervisory authority has been notified of the violation. The data subject may also request information on all recipients to whom the personal data for which the correction, deletion or restriction of processing has been requested have been disclosed.

Right of access
As a data subject, you have the right to request confirmation of whether your personal data is being processed and, if so, to have access to your data and the following information: for what purpose data are processed, what personal data are processed, data recipients, data processing time. Access requests must be made in writing/electronically and addressed to the Administrator. In this case, we provide a copy of the processed personal data in electronic or other appropriate form.

Right of rectification
As a data subject, you have the right to request the correction or addition of your personal data that is inaccurate/out of date or incomplete. For registered users, this option is available in the user panel on the Site. Unregistered users can submit a request to the Administrator, and he will respond to the email address provided by them.

Right to erasure (Right to be forgotten) and Close an Account
As a data subject, you have the right to request your personal data deletion from all systems and records where they are stored, including the Administrator to notify all third parties/processors to whom he has provided the data.

To close your account, notify the Administrator via the contact form on the Site. After closing the account, all or part of the data will be deleted. In connection with our obligations, responsibilities and requirements of the law, it is possible to store certain data for a certain period of time.

A request for deletion may be submitted on the grounds covered by the Regulation, including in the presence of any of the following grounds:

– personal data are no longer needed for the purposes for which they were collected;
– when you have withdrawn your consent;
– when you have objected to the processing of personal data and there are no legal grounds for processing to take precedence;
– when the processing is illegal;
– where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the Controller;
– when personal data have been collected in connection with the provision of information society services.

DIOGEN may refuse to delete part or all of the personal data in cases where there is a substantial basis and/or legal obligation for their processing. You will be informed about this in a timely manner.
The Administrator may refuse to delete personal data on the grounds specified in the Regulation – when the processing of the specific data is for the following purpose:

– Exercising the right to freedom of expression and the right to information;
– Compliance with a legal obligation requiring processing provided for in EU or Member State law, which applies to the Administrator either for the performance of a task in the public interest or in the exercise of official powers conferred on him;
– for reasons of public interest in the area of public health;
– for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
– for the establishment, exercise or defense of legal claims.

Right to restrict data processing
The General Data Protection Regulation provides the possibility to restrict the processing of your personal data if there are grounds for doing so. Restriction is allowed in the following cases:

– when you believe that your personal data is not accurate, in which case the restriction is for the period necessary for the Administrator to verify their accuracy;
– when the processing of your personal data is illegal, but you do not want it to be deleted, but you only want to restrict its use;
– when the Administrator no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or protection of legal claims;
– when you have objected to the processing pending verification that the legal grounds of the Administrator take precedence over your interests.

Right to notify third parties
If applicable, you have the right to ask the Administrator of your personal data to notify third parties (when he has provided your data), regarding the correction, deletion or restriction of their processing.

Right to data portability
When exercising its right to data portability, the data subject shall also have the right to receive a direct transfer of personal data from one controller to another where this is technically feasible and in the event that the processing is based on consent or a contractual obligation or the processing is carried out in an automated manner.

Important: The responsibility for the storage of data exported from the Site, as well as for all consequences of their provision to other administrators is entirely yours.

Right not to be subject to a decision based solely on automated processing
You have the right not to be subject to such automated processing, including profiling, which has legal consequences for you or in a similar way significantly affects you, unless the grounds for the protection of personal data provided for in the applicable data protection legislation are met and appropriate guarantees are provided for the protection of your rights, freedoms and legitimate interests.

Right of withdrawal of consent
You have the right at any time to withdraw your consent to the processing of personal data on the basis of your previous consent. Such withdrawal shall not affect the lawfulness of the processing on the basis of the consent given until the moment of its withdrawal. For services such as e-mail ads subscription based on your wish (consent), there is a possibility to unsubscribe at any time (withdrawal of consent). In the event of withdrawal of consent, we have the right to request that the identity of the applicant be verified in order to establish the identity of the data subject.

Right to object
You have the right to object to data processed on the basis of a legitimate interest. In the event of such an objection, we will consider your request and, if it is justified, we will comply with it. If we believe that there are compelling legal grounds for processing or that it is necessary to establish, exercise or defend legal claims, we will inform you. DIOGEN will motivate itself whether it accepts the objection, respectively why it continues to process personal data if it rejects the objection.

Right to appeal to a supervisory authority
You have the right to file a complaint against DIOGEN (Data Administrator) to the supervisory authority if you believe that the processing of personal data concerning you violates the applicable personal data protection legislation.

The supervisory body in the Republic of Bulgaria is the Commission for Personal Data Protection with address: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov” No. 2, e-mail kzld@cpdp.bg, website: www.cpdp.bg, phone: +359 2 915 3 518.

12. HOW CAN YOU EXERCISE YOUR RIGHTS. DEADLINES FOR PRONOUNCEMENT

You can exercise your rights free of charge at any time by email or by request sent to the addresses listed in the Contact section of the Site or at the end of this Privacy Policy, and you can address your requests both to DIOGEN and directly to the Data Protection Officer. Requests shall be made in a way that allows the identity of the applicant to be identified. With regard to the exercise of certain rights, technical possibilities may be applicable, such as the Unsubscribe button. In any case, the Administrator should respond to the request or rule in relation to an exercised right to the address provided in the request (including electronic one) within one month of receipt.

In the event that you exercise these rights manifestly unreasonably or excessively, in particular because of its recurrence, we reserve the right to charge a reasonable fee, taking into account the administrative costs of providing the information or communication, or taking the requested action, or refuse to take action on your request. We will inform you of our fees, if applicable, before ruling on your request.

13. ACCURACY OF INFORMATION

We are not responsible for the accuracy of the data provided by you, we do not perform checks in this sense (such are performed only in certain cases) and we do not guarantee the actual identity of the individuals who provided the data. In all cases of suspicion on your part, of established fraud and/or abuse, please notify us immediately. You undertake not to violate the rights of others in connection with the protection of their personal data or other rights when providing any information on the Site.

14. GENERAL INFORMATION ON THE POLICY

This Privacy Policy may be amended or supplemented due to changes in applicable Bulgarian or European legislation or at the initiative of a competent authority. DIOGEN will inform the subjects about the changes or additions to this Privacy Policy by publishing the changes on its Website. You may periodically check the most current version of this Privacy Policy on The Company’s Website.

15. PERSONAL DATA SECURITY

DIOGEN maintains appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. The protection measures put in place ensure a level of security of personal data corresponding to the risks arising from the processing, taking into account the achievements of technical progress, the costs of implementation and the nature, scope, context and objectives of the processing and the risk to data subjects. These measures are aimed at ensuring the continued availability, integrity and confidentiality of personal data.

We do not share data with third parties except as required by our legal obligation or right. It is possible to use the services of third parties who are processors of personal data for the above-mentioned processing purposes. These persons will process the personal data on our assignment and are obliged to comply with the applicable provisions for personal data protection.

When you post to forums, chat rooms or social networking services, the personal information you share is visible to other users and may be read, collected or used by them. In these cases, you are responsible for the personal information you provide.

Despite the measures we take to protect your personal data, we are aware that, in principle, the transmission of information over the Internet or other public networks is not completely secure, and there is a risk that the data may be viewed and used by unauthorized third parties. We cannot be held responsible for vulnerabilities in systems that are not under our control. In the event of a data leak containing personal data, we guarantee that we will comply with all applicable notification rules in such cases.

16. COOKIE POLICY

As an integral part of this Privacy Policy, the Company has adopted a Cookie Policy, which is published and available on the Site.

17. HOW TO CONTACT US

Questions and requests related to the exercise of your rights regarding the protection of your personal data, you can send to DIOGEN through the Contact form on the Site or by any of the following means of contact:

DIOGEN TRADE LTD., UIC 117634565, VAT No. BG 117634565
headquarters and management address: 63 Borisova str., Ruse 7012, Bulgaria
mailing address: 63 Borisova str., Ruse 7012, Bulgaria
e-mail: info@diogentex.com

DATA PROTECTION OFFICER

to: DPO DIOGEN
e-mail: privacy@diogentex.com