Privacy Policy

This privacy policy regulates the processing of personal data of individuals by WLF Ltd., UIC: 202710830, represented by the manager Gianluigi Villa in electronic communication through the website, owned by the company.

WLF Ltd., abbreviated as "Administrator", processes personal data of individuals in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), called the "Regulation", as well as all other regulations, guidelines and guidelines relating to the processing and protection of personal data of individuals.

The purpose of this privacy policy is to provide comprehensive information regarding the processing of personal data in accordance with Art. 13 of the Regulation in a transparent, accessible and easily understandable way.


The following terms are used in this policy:

  • personal data controller means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;
  • deletion is the irreversible deletion of the information from the respective medium;
  • personal data means any information related to an individual that allows his / her identification or identifies him / her, including identifiers such as name, identification number (PIN, PIN), location data (geolocation), online identifier (eg IP address) or one or more characteristics specific to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;

The processing of special categories of personal data is prohibited, except in a few explicit hypotheses described in Art. 9, § 2 of the Regulation. Such data include personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying an individual, health data or data on the sexual life or sexual orientation of the individual.

  • a supervisory authority is an independent public body responsible for monitoring the implementation of the Regulation in order to protect the fundamental rights and freedoms of individuals with regard to the processing and to facilitate the free movement of personal data within the EU;
  • breach of personal data security means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;
  • processing means any operation or set of operations carried out with personal data or a set of personal data by automatic (electronic) or other means (on paper) such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval , consulting, using, disclosing by transmission, dissemination or otherwise making the data available, arranging or combining, restricting, deleting or destroying;
  • processor of personal data means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
  • risk is the possibility of property or non-property damage to the data subject under certain conditions, assessed in terms of its severity and probability.
  • data subject's consent means any freely expressed, specific, informed and unambiguous indication of the data subject's will, by means of a statement or clearly confirming action expressing his or her consent to the processing of personal data relating to him or her;
  • a data subject within the meaning of this privacy policy is a natural person whose personal data is processed by the personal data controller within the framework of the website;
  • destruction is the irreversible physical destruction of a material medium of information.

The terms not defined above have the meaning given to them in Regulation (EU) 2016/679, the content of which is available here.

1. Data of the personal data controller

WLF Ltd. is an administrator of personal data within the meaning of Art. 4, § 7 of the Regulation, as it determines the purposes and means for the processing of personal data of individuals in communication through the website

Name of the data administrator: WLF OOD
UIC: 202710830
Contact person: Gianluigi Villa
Contact phone: +359 878 987 608
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

If you need questions, additional information or suggestions related to the processing of personal data or their protection, you can contact us at the above coordinates.

2. Categories of data subjects

Through the website we process the personal data of the following categories of individuals:

  • people loading the domain in their browser;
  • persons making inquiries through the contact forms on the website or by sending an e-mail to our correspondence address.

The administrator does not process personal data of persons under 14 years of age. In the event that you find such processing, please inform us immediately so that we can take the necessary action.

3. Types of personal data. Purposes and legal basis of the processing. Shelf life

3.1. Personal data received from the subject

No. Category and type of data Objectives Legal basis Retention period
1. Physical identity: two names, telephone number, email address, other voluntarily provided information

Request processing.

Preparation and submission of an offer to the subject

Art. 6, §1, letter “e” of the Regulation: legitimate interest or art. 6, §1, letter "b": pre-contractual relations

Up to 3 months after the end of the correspondence (except when concluding a contract as a result of the correspondence)

2. Physical identity: email address Sending newsletters with suggestions Art. 6, §1, letter "a" of the Regulation: consent

Until the withdrawal of consent by the subject


Physical identity: three names, PIN, address, telephone, email address

Maintaining a register of applications

Exercise of any of the rights provided for in the Regulation in favor of the subjects; Processing the application, satisfying the request; Art. 6, §1, letter "c" of the Regulation: regulatory obligation Up to 5 years from the last action taken on the request

We do not process special categories of personal data through the website. We do not process personal data through profiling or other methods of automated decision making.

After the expiration of the terms for processing personal data, they shall be anonymized or deleted / destroyed, unless:

  • are necessary for pending court, arbitration, administrative or enforcement proceedings; or
  • the subject concerned has exercised his / her right to request a restriction on the processing of personal data concerning him / her. 

3.2. Personal data obtained through the use of cookies

More information about the cookies used can be found here (htps://

4. Recipients of the data

Your personal data may be provided to:

  • competent public authorities in compliance with legal provisions or other statutory obligations;
  • our partners with whom we have concluded contracts for the provision of various services, such as: couriers, persons providing technical support for the website, financial institutions.

All our partners comply with the requirements of Regulation (EU) 2016/679 by making such commitments through the personal data protection agreements concluded with us (in accordance with Article 28, § 3 of the Regulation).

WLF Ltd. does not provide personal data to other persons within the EU, nor to third countries or international organizations.

5. Your rights

If we process your personal data, you have the following rights, which you can exercise at any time free of charge:

5.1. Right of access

You have the right to receive confirmation whether we process personal data related to you. In case we process such data, we will provide you with a copy of the documents containing personal data (on the respective medium), as well as the following information:

  • the purposes of the processing;
  • the relevant categories of personal data;
  • the recipients or categories of recipients to whom the personal data are or will be disclosed;
  • where possible, the envisaged period for which the personal data will be stored, and when not possible - the criteria for its determination;
  • the existence of a right to require the controller to correct or delete personal data or to restrict the processing of personal data relating to the data subject, or to object to such processing;
  • the right to appeal to a supervisory authority;
  • where personal data are not collected by the data subject, any available information on their source;
  • the existence of automated decision making, incl. profiling (with relevant information on the logic used and the meaning and intended consequences of this processing)

If the documents containing personal data about the subject contain personal data of other persons, they will be deleted in an appropriate manner.

5.2. Right of adjustment

You have the right to request that we correct the personal data we process relating to you in the event that it is inaccurate. In case you wish to supplement your personal data, we will need to submit a declaration containing the relevant information.

Once we receive your request, we will correct / supplement the data as soon as possible.

5.3. Right to be deleted ("Right to be forgotten")

You have the right to request the deletion of personal data relating to you, which will be deleted when any of the following grounds apply:

  • personal data are no longer needed for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the data processing is based and we have no other legal basis for their processing;
  • You object to the processing and there are no legal basis for the processing to take precedence. When you object to processing for marketing purposes, the basis are not analyzed.
  • your personal data has been processed illegally;
  • personal data must be deleted in order to comply with a legal obligation under EU law or Bulgarian law;
  • personal data have been collected in connection with the provision of information society services.

Even if any of the hypotheses described above are present, we will not delete your personal data when the processing is necessary for:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation that requires processing provided for in EU law or Bulgarian law, or for the performance of a task in the public interest, or in the exercise of official powers of the administrator;
  • for the establishment, exercise or defense of legal claims;
  • two specific hypotheses set out in Art. 17, § 3, letters "c" and "d" of the Regulation.

5.4. Right to limit processing

You may request that we restrict processing when one of the following applies:

  • You dispute the accuracy of personal data. In this case, the restriction is carried out for the period necessary for the administrator to check the accuracy of the data.
  • The processing is illegal, but you want the use of personal data to be restricted instead of being deleted;
  • The controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or protection of legal claims;
  • You have objected to the processing and are awaiting verification that the legitimate interests of the administrator take precedence over your interests.

The controller shall inform any person to whom data have been disclosed that have been corrected, deleted or restricted, except in cases where this is not possible or requires a disproportionate effort. If you wish, we will let you know who these people are.

5.5. Right of portability

You have the right to receive the personal data you have provided to us in a structured, widely used and machine-readable format, as well as to request that we transfer them to another administrator of your choice. In order to take such action, the following two prerequisites must be present:

  • the processing is based on consent or a contractual obligation; and
  • data to be processed in an automated manner.

5.6. Right to object

You have the right to object to the processing of your personal data when it is based on:

  • performance of a task of public interest or in the exercise of official powers granted to the administrator; or
  • legitimate interest.

We will stop processing your data immediately if we are unable to prove that there are compelling legal grounds for processing that take precedence over your interests, rights and freedoms, or for establishing, exercising or defending legal claims.

When the processing is performed for marketing purposes, we will stop processing your data as soon as we process your request.

5.7. Right to withdraw the consent given

When the processing of your data is based on consent, you have the right to withdraw the consent given at any time by notifying us to the specified contacts.

6. How to exercise any of the rights described above?

6.1. If you wish to exercise any of your rights, you can send us a request in free form, which must contain the following information:

  • your three names;
  • PIN / LNC;
  • address;
  • mailing address;
  • description of the request;
  • preferred form of response and information;
  • signature;
  • date of submission.

6.2. You can submit your application in one of the following ways:

  • by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. under the terms of the Electronic Documents and Electronic Certification Services Act (EESA), the Electronic Government Act and the Electronic Identification Act (ie with an electronic signature, with an electronic identifier or otherwise ).
  • by mail or in person at the address: 19 Antim I Str., 4th floor, apt. 11, Sofia. Where the application is submitted by an authorized person, a power of attorney should be attached.

6.3. After reviewing your application, we will analyze its content and, if necessary, request additional information. You will receive information about its processing within one month of sending it in the manner specified by you as preferred for communication.

6.3. If you need assistance in filling out the form, you can contact us at the contact details provided in this policy.

Please note that the Administrator may refuse to grant, in whole or in part, any of the rights described above where the exercise thereof would pose a risk to public order or security, the prevention, investigation, detection or prosecution of criminal offenses or the enforcement of penalties, including the protection of and the prevention of threats to public policy or security, other important objectives of general public interest and in particular an important economic or financial interest, including monetary, budgetary and fiscal matters, public health and social security, data protection or the rights and freedoms of others or the enforcement of civil claims.

In addition to the rights described above, you have the possibility to do the following actions:

  • File a complaint with the Data Protection Commission

Any data subject has the right to file a complaint to the Commission for Personal Data Protection (CPDP), if he considers that the processing of personal data relating to him violates the provisions of the Regulation or the Personal Data Protection Act (PDPA). . The subject should refer to the CPDP within 6 months of learning of the violation, but not later than 2 years from its commission, by submitting a complaint by letter, fax or electronically under the LEDES.

Following the entry into force of the Regulation, personal data subjects may also lodge complaints with other supervisory authorities in the territory of the European Union, where this is provided for in the Regulation.

  • File an appeal with the competent administrative court

Without prejudice to your right to appeal to the CPDP, described above, you have the opportunity to appeal to the competent administrative court when you believe that your rights under the Regulation / LPPD have been violated as a result of the processing of your personal data.

  • Right to compensation and liability for damages

In case you have suffered material or non-material damages as a result of violation of the Regulation, you have the right to receive compensation from the administrator for the damages.

7. Information on the supervisory authority

The supervisory body competent on the territory of the Republic of Bulgaria is the Commission for Personal Data Protection (CPDP).

Contact details of the CPDP:

Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Information and Contact Center - tel. 02/915 35 18

8. Technical protection measures

In order to ensure the security of your personal data, a number of protection measures have been taken, including:

  • integrated SSL certificate;
  • redirecting all links on the site from http: // to https: //;
  • betting on loading all .html, .css, .js files via https: //;
  • forcing the loading of the site through an encrypted connection and https: //;
  • secure identification and authentication of the persons who process personal data on behalf of the company;
  • keeping operating systems up to date;
  • keeping antivirus programs up to date;
  • other measures for protection of the buildings, premises and facilities in which personal data are processed and stored;
  • documented procedures for processing personal data of individuals, etc.

9. Final provisions

9.1. The personal data controller WLF Ltd., taking into account the nature, scope, context and purposes of processing, as well as the risks of varying probability and severity for the rights and freedoms of individuals whose personal data are subject, has introduced appropriate technical and organizational measures to ensure and be able to demonstrate that the processing is carried out in accordance with the Regulation.

9.2. All changes and additions to the Privacy Policy will be applied after the publication of its current content, available on our website. In case the amendments are substantial, in accordance with the Guidelines on Transparency under Regulation 2016/679 of the Article 29 Working Party (now the European Data Protection Board), adopted on 29.11.2017, last revised on 11.04.2018. , we will notify you of them via a pop-up message on the website.

9.3. This Privacy Policy is effective as of February 1, 2021.



WLF Ltd. is a business service company, supplier and distributor of hospital furniture and medical devices.

We provide in Bulgaria products from leading Italian manufacturers of medical equipment for hospitals, clinics and laboratories. Highest quality and reliability of the products guarantee our customers perfect investment efficiency.


Complex supplies of medical equipment and furniture to hospitals and private clinics. Sale of medical furniture.


Hospital beds
Hospital stretchers
Blood donor and therapy armchairs
Specialized examination couches
Pediatric beds and cribs
Multifunctional trolleys
Pharmacy storage and transport
Devices for hygiene - cleaning - disinfection - pest control