Latest update: 02 December 2025

I. SUBJECT

This Privacy Policy is intended to provide visitors and users of the pharnetix.com website with clarity regarding the manner in which PHARNETIX LTD processes personal data in its capacity as Controller. The Company ensures data protection in full compliance with EU Regulation 2016/679 GDPR, the Data Protection Act and applicable national and European security standards. The processing of personal data is carried out lawfully, in good faith and in a transparent manner, for specific and explicitly defined purposes, and adequate technical and organisational measures are applied to protect it.

II. SUPPLIER DATA

The controller of the personal data is FARNETICS EOOD, UIC 131429283, with its registered office and registered address in. Sofia, ul. Georgi Sofiiski № 1A. To contact us, you can use the above address, telephone 0700 46 100 or e-mail office@pharnetix.com. Any enquiry regarding the manner in which data is processed will be dealt with in good faith and in accordance with the requirements of the law.

III. USE OF THE E-APPLICATIONS SECTION

When visiting the Website, using the contact form, accessing the E-Request system, subscribing to the newsletter or when communicating with the company, different categories of personal data may be processed depending on the specific interaction. The data that is processed when making enquiries via the contact form or by email usually includes first name, last name, telephone number, email address and the information contained in the message sent. This data is necessary to carry out the communication, to provide the requested information and to take action prior to the possible conclusion of a contractual relationship. Where the enquiry is not related to a future contractual relationship, the processing is based on our legitimate interest to manage the correspondence received and to respond to the questions asked.

For the purposes of managing access to the E-application platform, which is intended for the company's partners and customers, data such as username, password, representative names, business phone, business email and details of the relevant legal entity may be processed. The processing of this data is necessary to provide access to the system, to administer the submitted requests and to fulfil the obligations arising from the contractual relationship between the parties.

IV. OTHERS

When a user wishes to receive marketing messages or newsletters regarding products, services, promotions or new developments, only the provided email address and, where applicable, name are processed. This processing is only carried out in the presence of prior, freely given and specific consent. The user may withdraw this consent at any time via the opt-out link included in any communication sent or by contacting the company. The withdrawal does not affect the lawfulness of the processing carried out prior to that time.

When you visit the Website, certain technical data is also processed, including IP address, access logs, information about the browser used, device and behaviour on the site. This data is necessary to maintain the security of the platform, prevent abuse, diagnose technical problems and improve the functionality of the website. The processing is carried out on the basis of the company's legitimate interest in providing a stable, secure and optimally functioning online environment.

Data collected through cookies and tracking technologies is processed in accordance with the Cookie Policy, which provides a detailed description of the types of cookies used, their purposes, storage periods and the applicable legal basis. Cookies that are not technically necessary are only activated after consent has been provided.

V. STORAGE

FARNETICS LTD shall keep the personal data only for the periods necessary to achieve the specific purposes for which it was collected or for the periods provided for by law. Data relating to enquiries which have not resulted in a contract shall be kept for up to one year from the conclusion of the relevant correspondence. Data obtained in connection with commercial contracts, requests and the execution of supplies shall be kept for the periods provided for in the contracts and in the Accountancy Act, including up to ten years for financial and tax documents. Data processed on the basis of consent shall be retained until the consent is withdrawn. Technical logs and IP addresses are kept for up to one year, unless a longer period is provided for by law for cyber security.

The Company may disclose personal data to third parties only to the extent necessary to perform obligations, provide services or comply with legal requirements. Such recipients may include hosting providers, IT support, software providers, accounting firms and competent government authorities. All data processors operate on the basis of contracts that ensure compliance with the requirements of the GDPR and provide adequate data protection.

The controller shall implement appropriate technical and organisational measures to protect personal data, including SSL connection encryption, restricted access to systems, protection by domain tools and access control.

The controller shall not carry out automated decision-making or profiling that produces legal effects for the subject.

VI. DATA TRANSFER

The website uses tools such as Google Analytics and Facebook Pixel provided by companies based in the United States of America. When using these services, technical data may be transferred to a third country, which requires the implementation of protection mechanisms. The transfer is based on Standard Contractual Clauses approved by the European Commission, as well as additional measures taken to ensure a level of protection comparable to that in the European Union. By using cookies for analytics and marketing, the user consents to such transfer and can manage it through the cookie settings.

VII. RIGHTS OF THIRD PARTIES

Each data subject shall have the right to request access to, rectification, erasure, restriction of processing or transfer to another controller, as well as to object to processing on the grounds of legitimate interest. Where processing is based on consent, the data subject shall have the right to withdraw it at any time.

Applications to exercise rights should be made by email to office@pharnetix.com
or through the postal address of the company. FARNETICS LTD shall process all requests without undue delay and within the time limits provided for in the GDPR, and may request additional identifying information where necessary for data protection.

The data subject shall have the right to lodge a complaint concerning the processing of personal data concerning him or her with the Commission for the Protection of Personal Data through its website www.cpdp.bg.
or to the address. 1592 Sofia Blvd. 1592 1592 1592 1595. 2.

The Company may update this Privacy Policy as changes in legislation, internal processes or technology occur and the current version will always be posted on the Website.