How does Hera Medical Center protect the personal data of its patients?



Personal Data

Personal Data For the purposes of its activities as a medical facility and commercial company, Medical Center Hera processes personal data of individuals (“data subjects”) in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR) and the Personal Data Protection Act.

According to the General Regulation, “personal data” is any information that relates to an individual and through which they can be directly or indirectly identified.

“Data regarding heath condition” means personal data related to the physical or mental health of an individual. Such data is under special protection due to their sensitive nature and are processed by medical professionals bound by a duty of professional confidentiality.

Processing of personal data is any operation or set of operations that can be performed on personal data by automated or other means.

Personal Data Administrator

MC Hera is Personal Data Administrator with address Second Floor, 23 DCC, 20 Klisura Street, Sofia
Tel: 02 404 8656
0882 441 433

Individuals whose personal data is processed by Medical Center Hera:

Patients, and if necessary, their relatives

Staff – current and former employees of the Medical Center, job applicants, as well as trainees;

Visitors to the medical facility

External Contractors or potential contractors of Medical Center Hera and their employees

Purpose of processing Personal Data:

(a) Provision of healthcare services – medical diagnosis, treatment, clinical research, etc.;

(b) Compliance with the legal obligations by Medical Center Hera, especially under the Health Act, the Health Insurance Act, the Medical Establishments Act, the implementing regulations thereof, the National Framework Agreement;

(c) Compliance with the requirements of labour and social legislation regarding employees;

(d) Ensuring the security of patients, employees, and property through video surveillance, registration, physical security, and access control;

(e) Other lawful purposes, such as accounting services, maintenance and security of the website and IT systems of Medical Center Hera, protection of the legitimate interests of Medical Center Hera, including through legal proceedings, etc

Protection of personal data of participants in clinical trials:

All participants in the study are not obligated to inform anyone about their participation. Their decision to participate in a particular clinical trial cannot be coerced. Participants have the right to timely and complete information about any changes in the process, the risks, benefits, or scope of the study.

Regulation (EU) 2016/679 (GDPR) is mandatory to be complied with for conducting any clinical trial. All personal data collected from participants is encrypted and treated as confidential information. Any concerns about the confidentiality of the process should be reported to the Commission for Personal Data Protection (CPDP).


To whom can be passed personal data

Hera Medical Center discloses personal data to:

Competent public authorities in compliance with legal provisions, including the National Health Insurance Fund, the Ministry of Health, the NRA, the NSSI, etc.;

External laboratories or other medical facilities;

Commercial companies that provide various services to Medical Center Hera, including information support and security of IT systems.

In all these cases, Medical Center Hera takes necessary measures to protect the rights and interests of data subjects, such as undertaking explicit contractual obligations from data processors to ensure data security and confidentiality.


Timeframe for keeping personal data

The personal data of patients are stored in accordance with the normatively defined periods for the respective medical documentation.

Rights of data subjects:
Every individual whose data is processed by Medical Center Hera has the following rights:

Right of access to their personal data, including the right to obtain a copy of them;

Right to correct or amend inaccurate or incomplete personal data;

Right to erase personal data processed without a legal basis;

Right to restrict processing – in the presence of a legal dispute between Medical Center Hera and the individual until its resolution or for the establishment, execution, or defense of legal claims;

Right to data transfer concerning personal data concerning them and provided to the Center in a structured, commonly used, and machine-readable format.

Right to object – at any time and based on reasons related to the individual’s specific situation, provided there are no compelling legal grounds for processing that override the interests, rights, and freedoms of the data subject, or for legal proceedings.

The right to access health information is exercised in accordance with Article 27 of the Health Act. Health information may be provided to third parties when:

the individual’s treatment continues at another healthcare facility;

there is a threat to the health or life of other individuals;

it is necessary for the identification of a human body or for determining the causes of death;

it is necessary for the needs of state health control to prevent epidemics and the spread of infectious diseases;

it is necessary for the needs of medical expertise and social insurance;

it is necessary for the needs of medical statistics or for medical scientific research after the data identifying the patient have been deleted;

it is necessary for the needs of the Ministry of Health, the National Center for Health Information, the NHIF, regional health inspectorates, and the National Statistical Institute.

it is necessary for the needs of an insurer licensed under Section I of Annex No. 1, or items 2 or 1 and 2 of Section II, letter “A” of Annex No. 1 to the Insurance Code.Начало на формуляра

In accordance with the Personal Data Protection Act and the General Data Protection Regulation, any individual who believes that their right to the protection of their personal data has been violated may file a complaint with the Commission for Personal Data Protection at the following address: 2 Prof. Tsvetan Lazarov Blvd. Sofia 1592., website:

Полезна ли беше тази статия за Вас?

Да Не

Благодарим за обратната връзка!

Подобни публикации



Advantages of modern diagnostic technology



All about endometriosis



Inflamed nerve - causes, symptoms, treatment

clinical-researches-d clinical-researches-m

Clinical reasearches

Medical Center "Hera" takes part in clinical trials in numerous of therapeutical areas. Our knowledgeable specialists are ready to deliver detailed information with regards to the steps taken during the process of given clinical trial.

Learn more