Privacy Policy

Last updated: 13 April 2026  ·  How we collect, use and protect your personal data.

1. Data Controller

The data controller under GDPR is:
KoronaDent — Dr. Sylvester Harlyov Dental Practice
Bul. Peshtersko Shose 133, Plovdiv, Bulgaria
Phone: 087 856 0490
Email: info@koronadent.bg

2. What Data We Collect and Why

2.1 Appointment Booking

When booking an appointment, we collect: first and last name, phone number, email address (optional), and any notes about the reason for the visit. This data is necessary for the performance of the treatment contract (Art. 6(1)(b) GDPR).

2.2 Patient Record

During treatment, we process health data (dental chart, treatment history). This is processed to comply with legal obligations in the healthcare sector (Art. 9(2)(h) GDPR).

2.3 Reminder Emails

With your explicit consent, we send appointment reminders and preventive care prompts by email (Art. 6(1)(a) GDPR). This consent can be withdrawn at any time.

2.4 Contact Form

Messages sent through the contact form are stored to respond to your enquiry (Art. 6(1)(b) GDPR).

3. Retention Period

Patient records are retained for 10 years in accordance with Bulgarian regulations for dental records (Наредба № 3). After this period, records are deleted. Email consent records are retained until withdrawn.

4. Sharing of Data

Your data is never sold to third parties. To send confirmation and reminder emails, we use an SMTP service provider. This provider processes only the email address and message content, and is bound by a data processing agreement.

5. Your Rights

You have the right to:

  • Access the data held about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure, where no legal retention obligation applies (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of any consent given, at any time

To exercise your rights, contact us by email or phone. You also have the right to lodge a complaint with the supervisory authority — in Bulgaria this is the Commission for Personal Data Protection (CPDP), www.cpdp.bg.

6. Cookies

We use only a technically necessary session cookie (kd_session) required for authentication in the patient portal. It is deleted when you close your browser. No tracking or analytics cookies are used.

7. Changes to This Policy

For material changes, we will notify you by email if we hold your address. The current version is always available on this page. Version: 1.0.