The service is operated by УАЙ ДИ ЕЙ ЕООД (YDA Ltd — Bulgaria, reg. no 206471089, Drujba, bl. 170, ent. B, fl. 7, apt. 67, 1592 Sofia, Bulgaria). Two roles sit side by side: the practice shown on the booking page is the data controller for your patient data — it decides what to record about your care — and we are its processor, handling that data only on its instructions. For the elefan.app account itself (your sign-in, your language, your appointments across practices) we are the controller.
Name, phone number, email address and, when provided by the practice, a national identification number and treatment history. Legal bases under the EU General Data Protection Regulation (GDPR): performance of the care contract (Art. 6(1)(b)), legal obligations of healthcare providers (Art. 6(1)(c)) and health-care provision (Art. 9(2)(h)).
We use a small number of providers, each bound to process data only on our instructions:
You may request access, rectification, erasure, restriction of processing and a portable copy of your data, and lodge a complaint with your supervisory authority (in Bulgaria: the Commission for Personal Data Protection). A portable copy of your account and your appointments is available without asking: open your profile in the patient portal and choose Download my data. Notes a practice wrote about your care are not in that file — contact the practice using the phone number on the booking page for those, and to exercise your other rights. For anything concerning the platform itself — your elefan.app account, this website — write to contact@elefan.app.
Records are kept as long as required by applicable healthcare regulations, then deleted. Data is stored in the European Union and protected by access controls; staff access is limited by role.
See also our cookie policy and terms of service.