‹ Back

Privacy policy

Who we are

The service is operated by УАЙ ДИ ЕЙ ЕООД (YDA Ltd Bulgaria, reg. no 206471089, Drujba, bl. 170, ent. B, fl. 7, apt. 67, 1592 Sofia, Bulgaria). Two roles sit side by side: the practice shown on the booking page is the data controller for your patient data — it decides what to record about your care — and we are its processor, handling that data only on its instructions. For the elefan.app account itself (your sign-in, your language, your appointments across practices) we are the controller.

What we collect and why

Name, phone number, email address and, when provided by the practice, a national identification number and treatment history. Legal bases under the EU General Data Protection Regulation (GDPR): performance of the care contract (Art. 6(1)(b)), legal obligations of healthcare providers (Art. 6(1)(c)) and health-care provision (Art. 9(2)(h)).

Who processes it for us

We use a small number of providers, each bound to process data only on our instructions:

Your rights

You may request access, rectification, erasure, restriction of processing and a portable copy of your data, and lodge a complaint with your supervisory authority (in Bulgaria: the Commission for Personal Data Protection). A portable copy of your account and your appointments is available without asking: open your profile in the patient portal and choose Download my data. Notes a practice wrote about your care are not in that file — contact the practice using the phone number on the booking page for those, and to exercise your other rights. For anything concerning the platform itself — your elefan.app account, this website — write to contact@elefan.app.

Retention & security

Records are kept as long as required by applicable healthcare regulations, then deleted. Data is stored in the European Union and protected by access controls; staff access is limited by role.

See also our cookie policy and terms of service.