← Back to home

Privacy Policy

Last updated: May 2026

1. Who we are

European Implant Institute ("we", "our", "us") operates the website at europeaninstitute.bg and provides dental implant and related medical services in Sofia, Bulgaria. This policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Bulgarian data-protection law.

2. Data we collect

  • Contact & booking data – name, email address, phone number, preferred appointment date/time, and any message you include when submitting a booking request.
  • Booking request origin (website form only) – when you submit a booking through our website, we store your IP address and an approximate location (country, region, and city as inferred from the IP by our hosting provider) together with that request. This supports rate limiting, abuse prevention, and understanding where enquiries come from. The location is indicative only and may be wrong (for example when using a VPN). Bookings made solely via third-party scheduling (e.g. Calendly) are not enriched the same way.
  • Medical information – only when voluntarily provided in the message field or during your consultation; treated as special-category data under GDPR Art. 9.
  • Usage data – anonymised analytics (page views, referral source) collected only after you consent to optional cookies.
  • Other technical data – standard server and security logs may include IP address, browser type, and related metadata as needed to operate and protect the site.

3. Legal basis for processing

  • Contract performance (Art. 6(1)(b)) – processing your booking request.
  • Legitimate interests (Art. 6(1)(f)) – security logging, fraud prevention, and storing IP and approximate location with website booking requests as described above.
  • Consent (Art. 6(1)(a)) – optional analytics cookies.
  • Explicit consent (Art. 9(2)(a)) – any health information you voluntarily share.

4. How we use your data

  • To respond to and manage your appointment request.
  • To limit automated or abusive use of our booking form (for example by tracking submission volume per IP).
  • To send you a booking confirmation and follow-up communications related to your treatment.
  • To maintain patient records for clinical and legal purposes.
  • To improve our website and services (analytics, with your consent).

5. Data sharing

We do not sell your data. We may share it with:

  • Supabase (cloud database) – stores booking and patient records (including IP and approximate location fields attached to website booking requests) securely within the EU.
  • Vercel – website hosting; derives approximate location from the visitor IP for requests to our booking API (see their documentation and privacy policy for details on how they handle network data).
  • Resend – transactional email delivery of booking confirmations.
  • Google Workspace – calendar scheduling and internal communications.
  • Competent authorities, if required by law.

6. Cookies

We use essential cookies required for the site to function (session management, security). We only load optional, privacy-respecting analytics (Plausible) after you click "Accept all" on the cookie banner. We do not use advertising or social tracking cookies. To help fix technical issues, the site may send error reports to a third-party service (Sentry) without advertising cookies; we configure it to avoid sending unnecessary personal data. You can change your preference at any time by clearing your browser's local storage for this site.

7. Data retention

Booking requests are retained for 5 years to comply with Bulgarian medical and tax record-keeping requirements. Analytics data is anonymised immediately and retained for 12 months. You may request deletion of your personal data at any time (subject to legal retention obligations).

8. Your rights

Under GDPR you have the right to:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Request erasure ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP)

9. Contact us

To exercise any of the above rights or with any privacy questions, please contact us at: privacy@europeaninstitute.bg