PRIVACY POLICY

We care about the protection of your personal data. Please read this document carefully. It aims to inform you about how "Santis Medical Solutions" Ltd. (Santis) collects and processes your data in relation to your visits to the website www.santis.bg. After reading this document, as well as other notifications we may provide to you (such as the Cookie Policy), you will understand how we process and why we collect your personal data.


1. Who does this Privacy Policy apply to?

This Privacy Policy describes the ways in which "Santis Medical Solutions" Ltd., with registered office at: Sofia, postal code 1407, Lozenets district, "Nikola Vaptsarov" Blvd. No. 55, floor 1, VAT number 208048682, represented by Georgi Uzunov – Manager, ("Santis", "we", "us"), collects and processes information related to you, which directly or indirectly identifies you ("Personal Data"), either alone or in combination with other information provided through your interactions with us via our website (www.santis.bg) or any mobile page, applications, or other service (both offline and online) of "Santis Medical Solutions" Ltd., which contains a reference to this Privacy Policy, includes it, or provides you with a copy of it (collectively referred to as "Services").

Although this Privacy Policy is intended for individuals interacting with the Services, you may be asked to review additional privacy policies or separate data privacy notices on our websites in specific countries if you reside in a certain territory or when using certain applications or websites that are not included in the definition of Services. Where necessary, we will provide you with specific privacy notices for the purposes of activities not covered by this policy, including but not limited to recruitment, entering into an employment relationship, third-party management, or patient support.

Please note that if you access a third-party link or website from our Services, you may need to review the privacy policies of those third parties. Santis does not endorse and is not responsible for the information or privacy practices of third-party websites or services.

By continuing to use the Services, you agree to this Privacy Policy. We consider the protection of your Personal Data and privacy to be of utmost importance. Therefore, we encourage you to carefully read this Privacy Policy.

Santis is responsible for processing your Personal Data as it determines why and how it is processed, and therefore acts as the "data controller" of this Personal Data. It may have this responsibility alone or jointly with another company or companies, which act as "joint controllers." This Privacy Policy addresses how we respect your privacy rights in relation to the processing of your Personal Data in connection with the Services and/or for the purposes outlined in this Privacy Policy.

If during your visit to the Website, you contact us for any reason other than using the Service (e.g., for a different service), please refer to the "Contact Us" section for the relevant personal data processing notice applicable to this type of relationship.

We may periodically update this Privacy Policy by posting a new privacy policy on this website. Please check this Privacy Policy periodically to stay informed of any changes.


2. How do we handle information of individuals under the age of 14?

Our Services are not intended for children. We do not knowingly collect any personal information from children under the age of 14 through our website and for the purposes outlined in this Privacy Policy.

If personal information from children is inadvertently provided to us and you would like that information to be removed, please refer to the "Contact Us" section.


3. What Personal Data do we process and for what purposes?

For most of our Services, no registration or sign-in is required. However, depending on how you interact with us, we may collect and process Personal Data that directly identifies you, such as your name, contact details, and email address. We may also collect Personal Data that does not directly identify you but allows identification through combination with other information or identifiers such as the name of your company and your position or identification number. The Personal Data may also include information such as the serial number of your computer or device, IP addresses, or information related to a given company. If, in connection with the Services, you provide Personal Data related to other individuals to us or our service providers, you affirm that you are authorized to do so and allow us to use this information in accordance with this Privacy Policy.

3.1. Information you provide voluntarily

3.1.1. User Profile (Account) Registration
In order to use some of the Services (or parts of them), you may need to create a user profile by registering in advance. This applies, for example, when you visit websites whose content is only accessible to medical professionals or media representatives. When registering, you are required to provide your name, email address, registration details, security questions and answers, encrypted passwords, correspondence address, phone number, and, if applicable, data regarding your registration with the Bulgarian Medical Association/Bulgarian Dental Association.

We process and store the Personal Data provided during registration solely to allow you access to content specifically relevant to you. The legal basis for processing your Personal Data may be the performance of an obligation under a contract with you or your consent.

3.1.2. Requests for contact, user support, or feedback
To submit inquiries through our contact form, you need to provide your name, correspondence address, email address, phone number, the reason for us to contact you, and your message. You may also provide information from your social media profile, including your name, email address, contact details, comments, and reactions when interacting with us through social media or using your social media login details to identify yourself on our website.

We process and store the Personal Data in your contact request solely to process and respond to your inquiry related to our products and services and to get in touch with you. The legal basis for processing your Personal Data is the performance of our contractual obligations to address any applicable concerns you have contacted us about.

3.1.3. Requests and services
If Santis provides services through the website, such as informational materials, brochures, etc., you will need to provide your name, email address, correspondence address, and, if applicable, data related to potential payments.

We process and store the Personal Data provided when submitting a request to deliver the products and services you have requested, as well as for our commercial purposes, including improving our products and services and customizing functionalities based on your interaction with our Services. The legal basis for processing your Personal Data is the performance of contractual obligations and our legitimate interest.

3.1.4. Tracking and monitoring adverse events
Santis is required by law to be informed about adverse side effects, interactions, lack of drug efficacy, quality complaints, and/or other aspects related to the safety and quality of products supplied by Santis. If you provide us with information about products supplied by Santis (e.g., through our

website), we will evaluate and review your information (which may include details about your health status, side effects, and, if applicable, your name). For this purpose, we may also contact you if you have any questions.

Santis is also required by law to report significant side effects to the responsible health authorities, in which case we transmit your information only in pseudonymized form, so no information is transmitted that could directly identify you. The legal basis for processing your Personal Data is compliance with our legal obligations or the protection of our legitimate interests, which particularly concern ensuring high standards of safety and quality for the products or your consent.

3.2. Information collected automatically

3.2.1. Social Media Monitoring
We may also collect Personal Data that you have made publicly available on social media platforms (including blogs, forums, etc.) related to Santis and medicines and diseases in general. This activity, known as "social media monitoring," is based on our legitimate business interests, such as (i) understanding how certain key audiences, like medical professionals or patients, perceive certain diseases or react to the use of products supplied by Santis; (ii) gaining a better understanding of the reputation of Santis, as well as other market trends; (iii) identifying key stakeholders, particularly bloggers and influencers on social media, and engaging with them. This may include your personal data in the form of comments, messages, blog posts, photos, and videos, although we will take measures to limit this personal information to the minimum necessary and not store it for a period longer than required for social media monitoring activities. If you wish to further restrict the individuals who can view your information, we recommend using the privacy settings offered by the relevant platforms.

When sharing your personal data on public social media platforms, we recommend that you also familiarize yourself with the privacy policy of the specific platform, as these platforms are not owned or operated by Santis.

3.3. Website usage analysis tools

We may also collect and process information related to your visit to this website, such as the pages you visit, the website you were referred from, and the searches you make. We may use this information to help improve the content of the site and to create aggregated statistics about the people visiting our site for our internal purposes, related to consumption statistics and market research. In doing so, we may install "cookies" or similar technologies that collect the user’s domain name, your internet service provider, your operating system, and the date and time of access. "Cookies" are created and stored on the user’s computer, phone, or other devices when the browser loads a website. Whenever the user returns to the same website, the browser retrieves and sends the cookie file to the website. "Cookies" are useful because they serve essential purposes, such as helping a website remember your preferences and settings, performing analytical activities to improve services, providing relevant content or advertisements, and identifying you on websites. "Cookies" do not harm your computer. You can set your browser to notify you when a "cookie" is received so that you can decide whether to accept it or not. You can also completely decline "cookies." However, if you do not accept our "cookies," you may not be able to use all the functionalities of our website. When visiting our websites, you may be presented with a banner with cookie settings that allows you to manage your settings and accept or reject "cookies." The law permits your device to store "cookies" that are essential for the website to function, but we need your consent for storing all other cookies. On the Santis website, you have the option to give consent for the use of "cookies" when you first visit the website, when a cookie banner will appear, or to manage these settings at any time afterward by clicking on the "Cookie Settings" link. These cookie settings allow you to give or decline consent for each cookie category (except for necessary "cookies," which are always active). Please review our Cookie Settings to learn more about the types of cookies we use (their purpose, lifespan, and origin) and how you can manage your preferences.

Some of our Services, including websites, may use the Google Analytics web analytics service provided by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA ("Google"), for optimization purposes. Google uses the information obtained through the "cookie" to keep a profile of the pages you have visited during a session. The information generated by the "cookie" regarding your use of the Services is transmitted to Google’s servers and stored there. To enhance the security of your Personal Data, we use the "IP anonymization" feature or other features provided by Google to ensure your anonymity. More information on how IP anonymization works can be found by clicking: https://support.google.com/analytics/answer/2763052.

Google will use this information on our behalf to evaluate how you use the website, generate reports on website activity for us, and provide us with other services related to website activity and internet usage. Santis uses the data obtained from Google Analytics for business planning, for its own commercial activities, and for marketing measures to gain a better understanding of how to improve the content of our web services and related functionalities.

Our website may sometimes also use "OneTrust cookies" that allow you to easily manage "cookies" and help us obtain your consent for placing and using "cookies" on your device. These "cookies" are necessary for us to remember the preferences you have specified regarding "cookie" settings. The legal basis for processing your Personal Data when using website analytics tools is your consent or our legitimate business interests.

3.4. Other Tracking Technologies

It is possible for us to use "cookies" or other tracking technologies (also known as action tags, single- pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) provided by third parties – advertising companies, to show you relevant advertisements (interactive or non-interactive) based on your interests and the history of the websites you have visited. We typically use the services of companies that own social media platforms and other advertising companies – third parties, to collect information such as your browser data, your unique client identification number, and others, to be able to show you ads both on our websites and on other websites you may visit. Please refer to our "Cookie Settings" to learn more about our marketing and advertising cookies and manage your preferences. It is possible that our Services, including websites, use Google Tag Manager ("GTM") – a tag management system supported by Google to manage JavaScript and HTML tags used for tracking and analyzing websites. Tags are small code elements that, among other purposes, are used for measuring traffic and visitor behavior, gauging the effect of online ads and social channels, setting up remarketing campaigns and targeting audiences, and for testing and optimizing websites. GTM facilitates the integration and management of our tags.

3.5. Website Usage Preferences and Website Security

We may collect certain information about you, such as your IP address, unique device identifiers like MAC address (Media Access Control), computer type (Windows or Mac), browser type and version, screen resolution, operating system name and version. We may also extract information about your location from your IP address. We use this information to ensure the security of our websites and network systems and improve our services by recording your preferences, maintaining service levels, diagnosing, and resolving technical issues.

The legal basis for processing your personal data is our legitimate commercial interests. We may combine, aggregate, or anonymize your personal data with data we collect about you from other sources, such as public databases, suppliers, demographic information, joint marketing partners, publicly available social media data (data you have made public), and other third parties. We may use your data for our commercial purposes, including audits, monitoring, and preventing fraud, violations, and other potential abuses of our products and services, as well as modifying our services.

Additionally, we may use your personal data: We generally do not collect sensitive personal data for purposes other than tracking and managing unwanted events when we are legally required to do so. Please do not disclose sensitive personal data to us unless we explicitly request it (e.g., national ID numbers, data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, sexual life or sexual orientation, data about convictions, membership in trade unions, biometric or genetic data solely for identifying a physical person).


4. When and to whom do we disclose your personal data?

This Privacy Policy describes the circumstances under which we may disclose your personal data. We may also transfer personal data to third parties acting on our behalf for further processing in accordance with the purposes for which the data was originally collected or for which it may be lawfully processed, such as providing services, evaluating the usefulness of our Services, marketing, advertising, data management, or technical support.

We will not sell, provide, or otherwise transfer your personal data to third parties other than those specified in this Privacy Notice.

As part of our activities and for the same purposes described in this Privacy Policy, based on the "need to know" principle, the following categories of recipients may have access to your personal data or may be transferred the data in order to achieve the relevant purposes: These third parties have agreements with us under which they must use the personal data solely for the agreed purpose and not sell the personal data to third parties, nor disclose it to third parties, except where permitted by us, required by law, or stated in this Privacy Policy.

We may disclose your personal data to a third party if the business or part of it, along with associated user data, is sold, assigned, or transferred, in which case we will require the purchaser, successor, or acquirer to treat your personal data in accordance with this Privacy Policy.

We may also disclose your personal data to a third party if we are required to do so under applicable legislation, requests from public and governmental authorities (including court orders, subpoenas, or state regulations), even outside the country in which you reside; if necessary to enforce our terms; if we believe in good faith that the use of personal data is necessary to protect legal rights, security, and integrity of this website; to ensure your safety and that of others; as part of criminal or other legal investigations or proceedings in your country or other countries; or to third parties, consultants, and other entities to the extent reasonably necessary for the preparation or negotiation of a corporate or commercial transaction.

It is also possible that your personal data may be processed, accessed, or stored outside the Republic of Bulgaria. These countries may not offer the same level of protection for personal data. If we transfer your personal data to external companies in other jurisdictions, we will ensure the protection of your personal data by applying the level of protection required under applicable data protection legislation, taking appropriate technical and organizational measures. If your personal data is transferred to a service provider located in a third country (countries outside the European Union that do not provide a level of data protection comparable to that in the European Union, as assessed by a competent data protection authority) and processed there, Santis guarantees the protection of your personal data through Standard Contractual Clauses, EU Model Clauses, or another method in accordance with applicable law. If in the future the Standard Contractual Clauses are declared invalid or revised by the European Commission, we will adopt other and/or officially approved documents to ensure the appropriate guarantees required for transfers to third countries and will engage with these approved official documents in written and legally binding form.


5. How do we protect your personal data?

We have implemented appropriate technical and organizational measures designed to ensure an adequate level of security and confidentiality of your personal data. The aim of these measures is to protect personal data from accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access, or from other unlawful forms of processing.


6. What rights do you have and how can you exercise them?

Whenever we process personal data, we take reasonable steps to ensure that your personal data is accurate and up to date for the purposes for which it was collected. We will give you the opportunity to exercise the following rights under the conditions and limitations set forth in the law:
If you have any questions or wish to exercise the rights listed above, please email our Data Protection Officer at privacy@santis.bg or send a letter to Santis at the management address. If you are dissatisfied with how we process your personal data, you may send your request to our Data Protection Officer at privacy@santis.bg, who will review your concern. Additionally, you have the right to file a complaint with the competent data protection authority, which in the Republic of Bulgaria is the Commission for Personal Data Protection.


7. How often do we update this policy?

We regularly review our Privacy Policy and update it if and when necessary.


8. Contact Us

If you wish to contact us about how we use your personal data or wish to exercise your data protection rights, please contact us: Under the Personal Data Protection Act, your request must contain at least: We will make every effort to respond to requests for the exercise of rights within 14 days. In some cases, a longer period may be necessary depending on the complexity of your request. In certain legal circumstances (e.g., if you have objected to the processing of data based on legitimate interest), we may not be required to fulfill your request. In such a case, we will inform you of the reason for the refusal.


Contact us

1407 Sofia, 55 Nikola Vaptsarov blvd.,
Expo 2000 Office Park, building 1

Our Partners
Our Mission
Cookies
Privacy Policy
Terms of Service
Value in Every
Connection.

Copyright © 2025 Santis Medical Solutions EOOD