Telemediker
HomeFor PatientsFor DoctorsHow It WorksPricingContact
HomePrivacy Policy

Privacy Policy

Last Updated: 20.09.2025

Table of Contents

  • Information About the Data Controller
  • Categories of Personal Data
  • Purposes of Data Processing
  • Legal Basis for Processing
  • Recipients of Personal Data
  • Technical and Organizational Security Measures
  • Data Retention Period
  • Your Rights as a Data Subject
  • Exercising Your Rights

Have Questions?

Contact our Data Protection Officer for any privacy-related inquiries.

contact@telemediker.com

01 Information About the Data Controller

"HAPPY EARS" Ltd. processes your personal data with maximum security in accordance with the contractual relationships between you and the company, and in accordance with the regulatory obligations arising from its activities.

Data Controller: "HAPPY EARS" Ltd.

UIC: 205650203

Address: Republic of Bulgaria, Targovishte municipality, village Golyamo Tsarkvishte, "Hristo Botev" Str. No. 5

Website: https://telemediker.com/

Email: contact@telemediker.com

Data Protection Officer

Name: Nikola Zlatev

Email: contact@telemediker.com

02 Categories of Personal Data

We collect and process the following categories of personal data:

Data Related to Physical Identity

  • Full name
  • Personal Identification Number / Date of Birth
  • Social insurance information
  • Contact details: email and phone number
  • Address: permanent or current
  • Health information data
  • Banking information
  • IP address

Data Related to Economic Identity

Payments are processed through the Stripe platform. We do not directly process banking data but receive information from Stripe regarding successful or unsuccessful payments.

Important: For patients under 18 years of age, identification data of a parent/guardian is also provided to the doctor.

03 Purposes of Data Processing

Your personal data will be used for the following purposes:

  • Creating a profile on the Controller's Platform
  • Payments for Telemedical consulting service – video calls with doctors
  • Establishing and maintaining registers for accountability
  • Financial and accounting reporting
  • Providing a secure connection between the patient and the doctor
  • Issuing invoices
  • Responding to data subject requests regarding their rights under GDPR
  • Marketing purposes (only with your consent)
  • Performing other functions as required by law or contractual obligations

04 Legal Basis for Processing

The processing of your personal data is carried out based on:

  • Article 6(1)(c) GDPR – Legal obligations applicable to the controller
  • Article 6(1)(b) GDPR – Performance of a contract to which you are a party
  • Article 6(1)(a) GDPR – Your consent for processing medical data through secure connections
  • Article 6(1)(f) GDPR – Protection of legitimate interests

Processing of your name and email address for direct marketing purposes will only be carried out based on your freely given, specific, informed, and unambiguous consent.

Note: The Controller does not apply automated individual decision-making, including profiling.

05 Recipients of Personal Data

Entities Requiring Information on a Legal Basis

  • State and municipal authorities, agencies, and regulatory bodies
  • Judicial authorities (courts, prosecution offices)
  • Regulatory bodies (Commission for Personal Data Protection, Health Commissions)
  • Auditors and accreditation bodies

Entities Requiring Information on a Contractual Basis

  • Service providers (consultants, accountants, lawyers)
  • Data Protection Officer
  • Companies providing cloud services – AWS
  • External videoconferencing service – Daily.co
  • Marketing agencies (only with your explicit consent)
  • Payment processors – Stripe

06 Technical and Organizational Security Measures

We implement appropriate technical and organizational measures to ensure data protection:

  • Licensed software and electronic security certificates
  • Encrypted email services with paid, private domains
  • Access controls – only authorized employees and doctors can access personal data
  • Cloud service access secured through HTTPS connection
  • Password policy and user rights management system
  • Regular employee training on GDPR compliance
  • 24/7 system maintenance to minimize security breaches
  • Full internal audit and system check every 12 months

File Transfer Security

  • Transport encryption: WebRTC SRTP/DTLS; TLS 1.2+ for all API and storage traffic
  • Fallback encryption: client-side AES-GCM with ephemeral ECDH keys
  • Access control: presigned URLs with ≤ 10 min expiry
  • Audit logging: metadata only, no file content, retention max 90 days
  • Automated deletion via webhooks and storage lifecycle rules
  • No persistence: no thumbnails, no previews, no patient files stored on the platform

07 Data Retention Period

Your personal data will be retained for the following periods:

Data Category Retention Period
Account information Up to 5 years
Data processed based on consent Until consent is withdrawn
Accounting data 10 years (under the Accounting Act)
System logs Up to 5 years
Metadata (audit/security) Up to 90 days

Your personal data will not be deleted if required for ongoing legal, administrative proceedings, or the resolution of a complaint.

08 Your Rights as a Data Subject

Under GDPR, you have the following rights:

  • Right to Information and Access: Request information about whether your data is being processed and obtain a copy
  • Right to Rectification: Request correction of incomplete or incorrect data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data when no longer necessary
  • Right to Object: Object to the processing of your personal data
  • Right to Restrict Processing: Request restriction of data processing in certain cases
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw your consent at any time
  • Right to Lodge a Complaint: File a complaint with the Commission for Personal Data Protection
  • Right to Compensation: Claim compensation for damages resulting from GDPR violations

09 Exercising Your Rights

To exercise your rights, submit requests to:

Email: contact@telemediker.com

Requests should be signed with a Qualified Electronic Signature (QES) or by another method verifying the identity of the person submitting the request.

We respond to your request within one month of its submission. When additional time is required, this period may be extended by up to 30 days.

The initial provision of a response is free of charge. In cases of excessive or unfounded requests (more than 2 requests of the same substance within 12 months), we may request a reasonable fee or refuse to take action.

Telemediker

Your health, our priority. Access quality healthcare from anywhere with Telemediker.

Services

For PatientsFor DoctorsHow It WorksPricing

Company

HomeAbout usFAQContact

Legal

Legal NoticePrivacy PolicyTerms of ServiceCookie Policy

Follow Us

© 2026 Telemediker. All rights reserved.