Privacy Policy — DrMolander.com

Last updated: [November 27, 2025]

1. Introduction

This Privacy Policy explains how Dr. Diana K. Molander (“Dr. Molander”) and NouriGene Ltd. (“we,” “us,” “our”) collect, use, store, and protect your personal data when you visit DrMolander.com (the “Website”), create an account, book medical or non-medical services, purchase products, or interact with our content.

We are committed to protecting your privacy and ensuring compliance with:

  • The EU General Data Protection Regulation (“GDPR”)
  • The Bulgarian Personal Data Protection Act
  • UK GDPR (for UK residents)
  • Relevant U.S. state privacy laws (for U.S. residents accessing commercial services)

This Policy explains your rights and how to exercise them.

2. Who We Are  

Because the Website hosts both medical and non-medical services, two separate data controllers operate under this Privacy Policy:

A. Medical Data Controller

Dr. Diana K. Molander
Licensed Medical Doctor (Bulgaria)
 
Clinical practice address:
Ivan Vazov, ul. Dimitar Manov 
101408 Sofia, Bulgaria

Email: patients _at_ drmolander.com
Phone: +359 0876284917

Dr. Molander is the data controller only for data relating to medical consultations and clinical records.

Legal Basis for Processing (GDPR Articles 6 & 9):

  • Article 6(1)(b) — performance of a contract
  • Article 6(1)(c) — legal obligation (medical record retention)

Article 9(2)(h) — provision of medical diagnosis and healthcare.


B. Commercial Data Controller

NouriGene Ltd. Managing Directors:
Jeffrey G. Molander
Dr. Diana K. Molander

Registered Address:
NouriGene Ltd.
Ulitsa 1 va # 16
Plovdivska oblast
Obshtina Kaloyanovo
4196 Celo Gorna Mahala, Bulgaria

email: jeff.molander_at_ @drmolander.com 

NouriGene Ltd. controls data relating to:

  • Accounts used for courses, memberships, support groups
  • Commercial purchases (supplements, workshops, digital products)
  • Email lists
  • Website analytics
  • Payment and invoicing details

Legal Basis for Processing:

  • Article 6(1)(b) — performance of a contract
  • Article 6(1)(f) — legitimate interest (security, fraud prevention)
  • Article 6(1)(a) — consent (marketing communications)

3. Types of Data We Collect

We collect different categories of data depending on your interactions with the Website.

3.1 Medical Data (Processed by Dr. Molander Only)

This applies only if you become a medical patient.

Includes:

  • Name, date of birth, contact details
  • Medical history and symptoms
  • Laboratory test results
  • Intake and assessment forms
  • Consultation notes
  • Treatment recommendations
  • Communications relating to clinical care
  • Payment data associated with medical services

This is special category data under GDPR.

3.2 Commercial Data (Processed by NouriGene Ltd.)

Collected when you create an account or purchase non-medical services/products:

  • Name, email, phone number
  • Billing and payment information (via secure payment processors)
  • Purchase history (courses, memberships, supplements)
  • Account login details
  • Communication preferences
  • Feedback and support requests
  • IP address, browser details, device info
  • Website usage data (analytics, cookies)

NouriGene Ltd. does not collect or access medical record data.

4. How We Use Your Data

4.1 How Dr. Molander Uses Medical Data

For the purposes of:

  • Providing medical diagnosis and consultations
  • Reviewing laboratory tests
  • Preparing clinical recommendations
  • Maintaining legally required medical records
  • Scheduling and communicating about medical appointments
  • Fulfilling legal, ethical, and regulatory obligations

Medical data is never used for marketing, commercial profiling, or transferred to NouriGene Ltd.

4.2 How NouriGene Ltd. Uses Commercial Data

For the purposes of:

  • Account creation and authentication
  • Delivering courses, memberships, and digital programs
  • Processing and shipping supplement orders
  • Invoicing and payment confirmations
  • Providing customer support
  • Sending service-related communications
  • Sending marketing emails (only with explicit opt-in)
  • Website analytics and performance optimization
  • Fraud prevention and security monitoring

5. Legal Bases for Processing

A. Medical Services — Dr. Molander

  • Performance of a contract
  • Provision of healthcare (GDPR Art. 9(2)(h))
  • Legal obligation (record retention, safety rules)

B. Commercial Services — NouriGene Ltd.

  • Performance of a contract (course access, memberships)
  • Consent (newsletter sign-ups, non-essential cookies)
  • Legitimate interest (security, fraud protection)

At no time is your medical data used for commercial purposes.

6. Sharing Your Data

Your personal data may be shared with the following third parties, depending on context:

6.1 For Medical Services (Dr. Molander)

  • Accredited laboratories (with your consent)
  • Clinical record management systems
  • IT and hosting providers who ensure secure data storage
  • Regulators or legal authorities where required by law

Medical data is not shared with NouriGene Ltd.

6.2 For Commercial Services (NouriGene Ltd.)

  • Payment processors (e.g., Stripe, PayPal)
  • Email marketing platforms (with consent)
  • Course/membership hosting platforms
  • Shipping providers (if supplements are shipped)
  • Analytics providers (e.g., Google Analytics)
  • IT and website hosting services
  • Affiliates or third-party vendors where relevant

NouriGene Ltd does not share commercial data with Dr. Molander unless you separately authorize it.

6.3 No Sale of Personal Data

Neither controller sells your personal data.

7. International Transfers (UK/USA Section)

Your data may be processed or stored outside the EU, including the UK and USA.

To ensure protection:

Transfers to the UK comply with UK GDPR adequacy regulations.

Transfers to the USA use Standard Contractual Clauses (SCCs), or The EU–US Data Privacy Framework (if applicable)

We ensure equivalent protection consistent with GDPR requirements.

8. Cookies and Tracking Technologies

We use cookies to provide essential Website functions and optional analytics.

Categories:

  • Essential cookies — required for site functionality
  • Analytics cookies — only activated with your consent
  • Preference cookies — save your settings

A cookie banner appears upon your first visit, allowing you to:

  • Accept all
  • Reject all
  • Customize settings

You can update your cookie settings at any time.

9. Data Retention

Different categories of data follow different retention rules.

Medical Data (Dr. Molander)

Retained according to Bulgarian medical law: 10+ years

Commercial Data (NouriGene Ltd.)

  • Account data: retained until account deletion
  • Purchase history: retained as required by Bulgarian tax law
  • Marketing consent data: retained until you opt-out
  • Analytics data: retained per cookie provider settings

After retention periods expire, data is securely deleted.

10. Your Rights Under GDPR

You have the right to:

  • Access your data
  • Request correction
  • Request deletion
  • Withdraw consent
  • Restrict processing
  • Data portability
  • Object to processing
  • Lodge a complaint with your supervisory authority

Bulgarian Supervisory Authority:

Commission for Personal Data Protection Website: https://www.cpdp.bg/

UK Residents:

Information Commissioner’s Office (ICO)

U.S. Residents:

Certain state-specific rights may apply (e.g., CCPA/CPRA). Contact us to exercise them.

11. Children’s Data

The Website is intended for adults. Medical care for minors is permitted only when:

  • Initiated by a parent/guardian
  • Accompanied by legally valid consent

Commercial services are not targeted toward children.

12. Security

We implement administrative, technical, and physical safeguards to protect your data, including:

  • Encryption in transit and at rest
  • Access control restrictions
  • Secure hosting environments
  • Staff confidentiality requirements
  • Regular monitoring for unauthorized access

However, no system is 100% secure, and we cannot guarantee absolute protection.

13. How to Exercise Your Rights

To submit a request:

For Medical Data

Email: diana _at_ drmolander.com Subject line: Data Request — Medical

For Commercial Data

Email: jeff _ at _ drmolander.com Subject line: Data Request — Commercial

We will respond within one month as required by GDPR.

14. Changes to This Policy

We may update this Privacy Policy periodically. Updates will appear on this page with a revised “Last Updated” date.

Continued use of the Website indicates acceptance of the updated Policy.

15. Contact Information

For Medical Data (Dr. Molander)

Dr. Diana K. Molander
Ulitsa 1 va # 16
Plovdivska oblast
Obshtina Kaloyanovo
4196 Celo Gorna Mahala, Bulgaria

email: diana _at_ drmolander.com 

For Commercial Data (NouriGene Ltd.)

Managing Directors: Jeffrey G. Molander & Dr. Diana K. Molander
NouriGene Ltd.
Ulitsa 1 va # 16
Plovdivska oblast
Obshtina Kaloyanovo
4196 Celo Gorna Mahala, Bulgaria

email: jeff.molander_at_ @drmolander.com