+359 894 559 900
24/7, around the clock
Sunny Beach, Burgas, Bulgaria 8240
Saint Nicholas Medical Center

Privacy and Cookie Policy

Saint Nicholas Medical Center respects the privacy of patients, website visitors and client account users. This policy explains what personal data we process on the website, why we need it, which cookies are used and how you can exercise your rights.

Last updated: 6 June 2026. This notice is prepared with reference to the GDPR, the ePrivacy Directive 2002/58/EC and the Bulgarian Personal Data Protection Act.

Data controller

Medical Center Saint Nicholas / Saint Nicholas Medical Center
Sunny Beach, Burgas, Bulgaria 8240
Email: info@stnicholas.com
Phone: +359 87 627 1234

Supervisory authority

The Bulgarian supervisory authority is the Commission for Personal Data Protection (CPDP). You may contact or complain to it through cpdp.bg.

Data we process

  • Contact data: name, phone, email and message text when you submit a form.
  • Clinic appointment data: preferred date, department, type of visit, city, hotel or address if you provide them.
  • Client account data: user account, linked patient profile, visits, payments and laboratory requests.
  • Health data is processed only where necessary to provide medical care, keep medical records and communicate with the patient, insurer or assistance company.
  • Technical data: hashed IP for internal analytics after consent, user-agent, referrer, landing URL and UTM parameters.

Purposes and legal bases

PurposeLegal basis
Responding to enquiries, appointment booking and patient communication.GDPR Art. 6(1)(b), Art. 6(1)(f).
Medical care, medical records, communication with insurers and assistance companies.GDPR Art. 6(1)(b), 6(1)(c), 9(2)(h), 9(3), applicable Bulgarian medical and accounting law.
Website security, sessions, CSRF form protection and spam protection.GDPR Art. 6(1)(f), Art. 32; strictly necessary cookies do not require consent.
Internal analytics for visits and enquiry sources.Your consent: GDPR Art. 6(1)(a), ePrivacy Art. 5(3).
Marketing cookies and advertising pixels.Not currently used on the public website. If connected later, they will run only after separate consent.

Cookies and similar technologies

NameCategoryPurposeDuration
laravel-sessionNecessaryWebsite and client account session.Until session end or inactivity expiry.
XSRF-TOKENNecessaryCSRF protection for forms.Session duration.
frontend_localeFunctionalStores selected website language.Up to 12 months.
site_cookie_consentNecessaryStores your cookie decision.180 days.
traffic_visitor_uuidAnalyticsRandom UUID for internal visit analytics after consent.Up to 12 months.
traffic_attr_source_idAnalyticsLinks an enquiry to its source after consent.Up to 90 days.

As of the last update, Google reCAPTCHA v3 is disabled in the site settings. If enabled later, the Google script will load only when a protected form is used, not immediately on every page.

Recipients

Access is limited to staff and service providers who need the data for website operation, enquiry handling, medical services, accounting, IT support and legal protection. Data may be disclosed to insurers or assistance companies, laboratories, payment/mail providers and public authorities where required by law or necessary for the service.

Retention

Cookies are kept for the periods listed above. Enquiries and correspondence are kept as long as necessary to handle the request and protect legitimate interests. Medical, financial and accounting records are kept for the periods required by Bulgarian law and healthcare practice.

Your rights

  • access to your personal data;
  • rectification of inaccurate data;
  • erasure where no legal ground requires further storage;
  • restriction of processing;
  • objection to processing based on legitimate interests;
  • data portability where applicable;
  • withdrawal of consent for optional cookies and marketing;
  • complaint to the CPDP.
Data protection contactEmail: info@stnicholas.comPhone: +359 87 627 1234