1stDent Dentistry

Address: 1067 Budapest
Further information


Dental Aesthetic Salon


Opening hours

Opening hours

Monday-Friday: 9-19h

Privacy policy

1stDent Egészségügyi Szolgáltató és Kereskedelmi Kft. 


Privacy Policy


25 May 2018



Table of Contents


I. Purpose of the Privacy Policy


II. Temporal, personal and material scope of the Privacy Policy


III. Legal basis and basic data-processing principles of the Policy


IV. Definitions


V. Purpose of data processing, purpose limitation of data processing


VI. Data of the Data Controller


VII. Carrying out of data-processing tasks, the process of data processing


VIII. Duration of data processing


IX. Data processing, data forwarding and transmission


X. Rights and remedies of the Data Subjects in relation to data processing


XI. Data security, storage of personal data, information security


XII. Obligation of confidentiality


XIII. Use of cookies


XIV. Other provisions







1st Dent Egészségügyi Szolgáltató és Kereskedelmi Korlátolt Felelősségű Társaság (company registration number: Cg.01-09-297799; registered seat: 1067 Budapest, Teréz körút 7. represented by: dr. Balogh István Árpád, managing director, hereinafter referred to as 1st Dent Kft.), as Data Controller, hereby informs its clients (who are hereinafter collectively referred to as Data Subjects) that it shall respect the moral rights of Data Subjects; therefore, it shall act based on the following Privacy Policy (hereinafter referred to as Policy) in its data processing operations. 


The purpose of this Policy is to lay down detailed rules for the data processing carried out in the organisation of 1st Dent Kft., ensure the functioning of the constitutional principles of protecting one’s healthcare and personal data, the publicity of public data, and the requirements of data security during data processing. 




II.1. This Policy shall be in force from 25 May 2018 until provided for otherwise or withdrawal.


II.2. The personal scope of this Policy shall include

  1. the Controller, 
  2. all persons whose data are involved in data processing operations falling within the scope of this Policy, and
  1.  persons whose rights or legitimate interests are affected by data processing.


The Data Controller shall, basically, process the data of individuals who

  1.  contacted the Data Controller to establish a client relationship in a way available to them, e.g. via the 
    1stdentkft@gmail.comemail address by sending their data, or on the phone or in person, 
  2. used or requested the services of the Data Controller, 
  3.  contacted the Data Controller for purposes or reasons that are not establishing a client relationship,
  4. Colleagues of the Data Controller,
  1.  individual partners of the Data Controller, representatives, contact persons, and/or other employees of Partners which are legal entities.


II.3. The material scope of this Policy shall include all data processing operations and data involving personal data and conducted at the Data Controller, regardless of the fact whether it is done electronically and/or in a paper-based form. It shall cover all healthcare and personal identification data pertaining to the Data Subject and processed according to the requirements of the Health Care Act of Hungary. 


II.4. This Policy shall include provisions related to the use and data processing of the website and Facebook site operated on behalf of the Data Controller, their operation shall be governed by the provisions of the Privacy Policies available on the the 




III.1. The legal basis of this Policy shall be the following pieces of legislation:

  1.  Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as Information Act), 
  2. Act V of 2013 on the Civil Code (hereinafter referred to as Civil Code),
  3. act XLVII of 1997 on the Processing and Protection of Health Care Data and Associated Personal Data (hereinafter referred to as Health Care Act), 
  4. Decree No. 62/1997. (XII. 21.) of the Minister for Welfare on Certain Issues on the Processing of Health Care Data and Associated Personal Data, 
  5. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).


III.2. In carrying out its activities, the Data Controller shall respect the following basic principles in Article 5 of the General Data Protection Regulation

  1. data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’),
  2. data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
  3. data processing shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  4. data shall be accurate and, where necessary, kept up to date; and we shall take every necessary step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
  1. data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).




The Data Controller shall apply the following terms in this Policy and in its Annexes. 

  1. personal data’ shall mean data that may be associated with any specific (identified or identifiable) individual (hereinafter referred to as Data Subject) or conclusion drawable from the data and pertaining to the Data Subject. Personal data shall retain this characteristic during data processing until its relationship with the Data Subject remains restorable. A person shall be identifiable especially if he/she can be identified, either directly or indirectly, based on his/her name, identifier or one or more factors typical of his/her physical, mental, economic, cultural or social identity; 
  2. special datashall mean personal data pertaining to 

(ba) racial origin, membership of any national or ethnical minority, political opinion or party affiliation, religion or other belief, membership in any representative body, 

(bb) health, abnormal addiction, sexual life, as well as criminal personal data; 

  1. data of public interestshall mean information or data other than personal data, registered in any mode or form, controlled by the body or individual performing state or local government responsibilities, as well as other public tasks defined by legislation, concerning their activities or generated in the course of performing their public tasks, irrespective of the method or format in which it is recorded, its single or collective nature, 
  2. healthcare datashall mean all kinds of data pertaining to the physical, mental and spiritual condition, abnormal addiction of the Data Subject, the circumstances of any sickness or death, the cause of death, and any data disclosed about the Data Subject by the Data Subject or any other person, or detected, examined, measured, mapped or derived by the healthcare network, moreover, any data that may be associated with or affect the foregoing (e.g. behaviour, environment, occupation); 
  3. personal identification datashall mean the first name and the surname, the maiden name, gender, place and date of birth, the first name and the surname of the mother, the place of domicile, the place of stay, the social security number (hereinafter referred to as social security number) or any of them, if it is capable or may be capable of identifying the Data Subject, 
  4. data processingshall mean, regardless of the procedure applied, the totality of any operation or operations executed on the data; thus, particularly, the collection, recording, systematisation, storage, modification, utilisation, forwarding, disclosure, harmonisation or linking, blocking, deletion and destruction, and prevention of any further use of data. Data processing shall also mean the making of photographic, audio or video records, and the recording of physical characteristic capable of identifying any person (e.g. fingerprint, palmprint, DNS-sample, iris image); 
  5. Data Controller shall be any natural or legal entity or organisation without legal personality, which defines the purpose of data handling, makes and executes data handling decisions (including the means to be used), or has them executed by the data processer engaged by it;
  6. data processing shall mean the execution of technical tasks related to data-processing operations, regardless of the methods and means applied to execute such operations and the place of application. 
  7. data processor shall mean the natural or legal entity or organisation without legal personality which processes personal data, under a contract of services with the Data Controller, including any contracting under any legislative provision; 
  8. consentshall mean voluntary and defined expression of the concerned person, based on appropriate information, and by which he/she gives his/her unmistakable consent to the, complete or operation-specific, handling of any personal data concerning him/her. 
  9. data forwardingshall mean the case where data is made available to any specific third person, 
  10. disclosureshall mean the case where data is made available to anybody, 
  11. third personshall mean the individual or legal entity or organisation without legal personality, which is different from the Data Subject, the Data Controller or the data processor. 
  12. personal data filing systemshall mean any structured, functionally or geographically centralised, decentralised or scattered set of personal data which is accessible according to specific criteria, 
  13. datasetshall mean the totality of data controlled in a filing system, 
  14. documentshall mean recorded information, dataset generated during the operation of a body or the activity of a person or received by it and to be handled as a unit that can appear in the form of paper, microfilm, magnetic, electronic or any other data carrier; its content may be text, data, graph, voice, image, motion picture or any other form of information or a combination of these, 
  15. healthcare documentationshall mean a note, record or data recorded in any other way, containing healthcare and personal identification data the care provider becomes aware of during the medical treatment, regardless of its carrier or form, 
  16. medical treatmentshall mean any activity the aim of which is to preserve health, prevent, early recognise, establish, cure diseases, sustain or improve any deteriorated condition as a result of the disease, and to process the examination materials of the Data Subject with a view to directly examining, treating, providing care for, medically rehabilitating, and performing all that, including medications, medical devices, the provision of medical care, rescuing and patient transportation, and perinatal care, 
  17. medical secretshall mean healthcare and personal identification data the Data Controller becomes aware of during the treatment, and any other data pertaining to the necessary or ongoing or completed medical treatment and learnt in connection with the medical treatment,
  18.  urgent necessityshall mean a sudden change in the health the result of which would mean that the life of the Data Subject gets in danger or the Data Subject suffers serious or lasting harm if no immediate healthcare is provided.





V.1. An employee of the Data Controller may process personal data only during performing his/her activities falling within the scope of his/her job and to the extent necessary and for the purposes of performing his/her specific tasks and according to legislative requirements and this Policy. 


V.2. According to the provisions of the Advertising Act in force, personal data shall not be used for the purposes of subsequent advertising and/or promotion and/or market research. 


V.3. The purpose of processing healthcare and personal identification data shall be 

  1. the promotion of preserving, improving, sustaining health, 
  2. facilitating effective medical treatment, 
  1. monitoring the health of the Data Subject. 

For the purposes specified in Points (a) to (c) of this Clause, only such data may be processed which are indispensable for and capable of the achievement of the purpose of processing. Personal data and special data may be processed to the extent and for a period necessary for accomplishing the purpose. All stages of processing shall comply with these purposes. 


V.4. The Data Controller may not use data processed by it for the purposes of statistics even if they are incapable of personal identification, and it shall not provide data for such purposes. 


V.5. The Data Controller shall not perform newsletter-related activities and shall not contact the Data Subject using its contact details for promotional purposes. 





For this Policy, the Data Controller shall be

(a) 1st Dent Kft.  

a. registered seat: 1067 Budapest, Teréz körút 7.

b. company registration number: 01-09-297799 

c. tax identification number: 25945472-1-42

d. address of actual data processing: 1067 Budapest, Teréz körút 7.

e. phone number: 06309428738

f. email:

g. represented by, with individual power of representation: dr. István Árpád Balogh, managing director


(b) the Employee for the activities of whom the Data Controller shall be fully liable towards the Data Subjects and third persons. If the provisions of this Policy not imply otherwise, an Employee shall also be Data Controller.





VII.1. Responsibilities related to data protection, data processing, data security and information security within the scope of interest of the Data Controller shall rest with the Data Controller.


VII.2. The Data Controller shall

(a) set the date and the time of data processing to be carried out by a person or body outside the organisation,

(b) check records concerning data processing, data protection and information technology,

(c) give authorisation to the Employee(s) to access the IT applications necessary for carrying out the job of the Employee, if an Employee is employed.


VII.3. The Employee at whom the data was generated and/or who has access to the data and/or who received the data from another data manager or third person and/or who has gained possession of the data in any other way shall be data manager under this Policy. Data erasure, rectification, blocking or destruction shall be done only by the data manager having access or the Data Controller or the Employee whom the Data Controller so instructs. If any piece of legislation or internal policy so requires, the Employee performing the erasure, blocking or destruction shall properly document that process.


VII.4. Employee responsibilities

  1.  ensuring full and complete functioning of the data-protection and the confidentiality requirements,
  2.  providing necessary data for the Partners to the extent necessary for performing their tasks, 
  3. providing data for other data manager(s) having access authorisation or third persons, if such data is necessary for them to perform their tasks,
  4. protection of data recorded on paper and generated by him/her or getting into his/her possession from unauthorised access, loss, physical damage and destruction in order to reduce the risk of data getting into the possession of unauthorised third persons. The Employee shall keep data-carrying documents under his/her direct supervision or at the place of work, in a closed place not accessible to unauthorised persons (in a closed drawer, cabinet),
  1. he/she shall protect personal data and rights relating to personality he/she becomes aware of.


VII.5. Data processing may take place based on the prior, voluntarily consent of the Data Subject and prior information provided by the Data Controller. Prior consent shall be regarded as acceptable according to law if it meets all three requirements, i.e. it is

  1. voluntary,
  2. expressed (clear), and
  1.  based on information.

The consent must clearly imply that the Data Subject agrees to the data processing. If the data processing is based on the consent of the Data Subject, then, in case of doubt, the Data Controller shall prove that the Data Subject consented to the data-processing operation. The Data Subject shall be entitled to withdraw his/her consent at any time. Withdrawal of consent shall not affect the lawfulness of data processing based on the consent and preceding the withdrawal, i.e. the withdrawal shall only apply to the future, it does not have a retroactive effect.


VII.6. Within the meaning of the Health Care Act, if the Data Subject is unable to provide his/her consent due to his/her incapacity or any other unavoidable reason, then personal data of the Data Subject may be processed while the obstacles to the consent apply, to the extent necessary for protecting his/her or any other person’s vital interests and for the aversion or prevention of any direct threat threatening the lives, physical integrity or property of persons. The validity of a declaration with legal effect of a minor older than 16 years, containing the consent of the Data Subject, shall not require the consent or subsequent approval of his/her legal representative. In case of a child younger than 16 years, personal data of the child shall be lawful only and to the extent if the consent has been provided or approved by the person exercising legal custody over the child.





In case of each data-processing operation, the duration of data processing shall last

  1.  until the accomplishment of the goal or the erasure of personal data, or 
  2.  until the withdrawal of the authorisation to process data and so the erasure of personal data,
  3.  until implementing the decision of a court or authority to erase the data, or, in the absence of such provisions and divergent provisions of any piece of legislation,
  4. until the lapse of the enforceability of rights and obligations arising from a legal relationship based on which the Data Controller processes personal data. According to Section 6:22 of the Civil Code in force, the general term of limitation is 5 years.
  5.  According to the Health Care Act, the Data Controller shall keep healthcare documentation and healthcare data for a period of 30 (thirty) years at minimum, final reports for a period of 50 (fifty) years at minimum, records made with imaging diagnostic procedures for a period of 10 (ten) years as from their preparation, findings based on recordings for a period of 30 (thirty) years as from the preparation of the recording.
  6.  The term of limitation shall be 5 (five) years for complaint management and consumer-protection cases.
  1. In the case of withdrawal of the data-processing authorisation of the Data Subject, a request of erasure, decision of erasure, the Data Controller shall erase data within 1 (one) working day as from receipt.




IX.1. The Data Controller shall not engage any external data processor, it shall process data controlled by it.


IX.2. If the Data Controller engages third persons for bookkeeping, payroll accounting and/or hosting/server services, system administration or other services that are otherwise the functions of the data processor, then such partner shall comply with and enforce the functioning of the following rules.

  1. The Data Controller shall be liable for the lawfulness of the data controlling instructions given to the data processor.
  2. Within the scope of its activities and the limits set by the Data Controller, the data processor shall be responsible for the processing, alteration, erasure, forwarding and disclosure of personal data.
  3. In performing its activities, the processor may not engage any other processor.
  4. The data processor may not make decisions on the merits of data processing; it may process personal data it becomes aware of only according to the instructions of the Data Controller; it may not process data for its own purposes; furthermore, it shall store and keep personal data according to the instructions of the Data Controller.
  5. The data processor shall report any personal data breach to the Data Controller after becoming aware of it and without any undue delay.
  6.  Data forwarding and linking the database controlled by the Data Controller with other data controller shall be subject to the consent of the Data Subject or legal authorisation.
  7. The Data Controller shall forward personal data only if its legal basis is clear, its purpose and the person of the recipient of the data forwarding are specified.
  1.  In the case of data forwarding subject to the consent of the Data Subject, the Data Subject shall provide his/her consent in the light of all the data concerned by the data forwarding, the recipient, purpose of data forwarding, and the expected duration of data forwarding.


IX.3. Data may be forwarded within the Data Controller only if the receiving data manager also has access to the data to be forwarded. The data manager shall obtain information regarding the access right of the receiving data manager still before the forwarding.


IX.4. The Data Controller may forward data specified by the Data Subject to its Partners if the Data Controller has specified the Partner to the Data Subject as well as the expected duration of data processing and its goal, and the Data Subject has consented to the data forwarding. The Data Controller may specify Partners by way of information materials as well, if it makes that available to the Data Subjects. The Data Controller may forward data the Data Subject has preliminarily approved to its Partners only. 




X.1. The Data Subject shall have the right to get information regarding data processing related to the medical treatment, he/she may access healthcare and personal identification data pertaining to him/her, investigate the healthcare documentation, and get copies of it, at his/her own cost. 


X.2. The Data Subject may request information from the Data Controller regarding the processing of his/her personal data and may also investigate such data. Investigation shall be so provided that the Data Subject in question may not investigate the data of other persons. 


X.3. The Data Controller shall provide the information in writing and a non-technical manner within 30 (thirty) days as from the submission of the request. The information must include 

  1. the data of the Data Subject processed by the Data Controller, 
  2. the purpose and legal basis of the processing, 
  3. the duration of data processing, 
  4. who and why have got the data during processing. 


X.4. The Data Subject may request the rectification of his/her personal data. The Data Controller shall rectify false data within 2 (two) working days, or immediately and on the spot, if the Data Subject is present in person. 


X.5. The Data Subject may request the erasure of his/her data processed without being obliged to assign his/her reasons. The Data Controller shall fulfil the request of data erasure within 2 (two) working days. 


X.6. The Data Subject may object against the processing of his/her personal data, if

  1. the processing and/or forwarding of personal data is necessary for the assertation of the rights or legitimate interests of the Data Controller or the data recipient, except if data processing is required by law, 
  2. personal data is used or forwarded for the purposes of direct business acquisition, public opinion polling or academic research; 
  3. the exercising of the right to object is otherwise provided by the law. 


X.7. In the case of violation of his/her rights related to the data processing, the Data Subject may submit a complaint via the above contact details of 1st Dent Kft, to the Hungarian National Authority for Data Protection and Freedom of Information (; 1125 Budapest, Szilágyi Erzsébet fasor 22/c; mailing address: 1530 Budapest, Pf.: 5.; phone: +36-1-391-1400; telefax: +36-1-391-1410; Email: or go to court. The Data Subject may file the lawsuit at the Budapest-Capital Regional Court or the regional court having jurisdiction over his/her place of domicile. In Hungary, contact details of regional courts are on this site: If the place of habitual residence of the Data Subject is in another Member State of the European Union, then the lawsuit may be brought before the court with jurisdiction in the Member State of the place of habitual residence.


X.8. The Data Controller shall, concurrently with the suspension of the data processing, examine the objection within the shortest possible time-limit as from the submission of the request, but within 15 (fifteen) days at maximum, and inform the person having submitted the request in writing of its result. If the objection is well-founded, the Data Controller shall terminate the data processing, including further data recording and data forwarding, block data, and inform everybody whom it previously forwarded the personal data concerned by the objection and who shall take measures in order to ensure the functioning of the right to object of the objection and the measures taken on the basis of the objection. 


X.9. If the Data Subject disagrees with the decision of the Data Controller, then he/she may go to court within 30 (thirty) days as from the communication of that decision. 


X.10. If the data recipient does not receive the data necessary for the enforcement of his/her/its legal right due to the objection of the Data Subject, then it may bring a lawsuit before a court against he Data Controller in order to gain access to the data within 15 (fifteen) days as from the communication of the notification. 


X.11. If the court rejects the petition of the data recipient, the Data Controller shall erase the personal data of the Data Subject within 3 (three) days as from the communication of the ruling. The Data Controller shall also erase the data if the data recipient does not go to court within the time-limit specified in this Policy. 


X.12. The Data Controller may not erase the data of the Data Subject if data processing is required by the law. The data shall, however, not be forwarded to the data recipient if the Data Controller agrees with the objection or the court has found that the objection is well-founded. 


X.13. If the rights of the Data Subject are violated, the Data Subject may bring an action before a court against the Data Controller. The court shall hear the case as a matter of urgency. 




XI.1. Personal data may be processed only according to the purpose of the data processing operation in question.


XI.2. The Data Controller shall ensure the security of the data. It shall take the necessary technical and organisational measures regarding datasets stored using IT equipment. The Data Controller shall ensure the functioning of the data-security rules provided for in the relevant pieces of legislation.


XI.3. It shall ensure data security; take the technical and organisational measures and set up the procedural rules that are necessary to ensure the functioning of the relevant pieces of legislation and data-security and confidentiality rules.


XI.4. The Data Controller shall protect data against unauthorised access, modification, forwarding, disclosure, erasure or destruction, and accidental destruction or damage, and their becoming inaccessible due to any change in the technology applied by taking appropriate measures.


XI.5. In determining and applying data security measures, the Data Controller shall consider the current level of technological development and shall choose the data processing solution, from various potential solutions, that ensures the highest level of protection for the personal data, except if that would mean a disproportionate difficulty. Within the scope of its IT protection responsibility, the Data Controller shall ensure, amongst other things

  1.  measures to protect against unauthorised access, including the protection of software and hardware equipment and physical protection,
  2.  measures ensuring the restorability of datasets, including regular backup saving and the separate and secure processing of copies,
  1. The protection of datasets against viruses (virus protection).


XI.6. The Data Controller shall provide the IT environment for the processing of personal data within the scope of its services in a way that 

  1. the personal data provided by the Data Subject are linked to data and in a way specified in this Policy only.
  2.  it ensures that personal data are accessed only by the Employees of the Data Controller who, by all means, need that in order to perform their responsibilities arising from their job obligations.
  3.  all modifications of data are done by indicating the date of modification.
  1. false data are erased within 24 hours as from the relevant request of the Data Subject.




XII.1. The Data Controller shall have a confidentiality obligation regarding all data and facts it became aware of during performing its responsibilities. The confidentiality obligation of the Data Controller shall survive the termination of his/her agency and/or contractor relationship. 


XII.2. The Data Controller shall become exempt from the confidentiality obligation only based on a relevant legislative provision or the written consent of the Data Subject. 


XII.3. The Data Controller shall, except as provided for in the Health Care Act, as well as the data processor, keep medical secrets. The Data Controller shall become exempt from the confidentiality obligation if 

  1. the Data Subject or his/her legal representative approved of the forwarding of healthcare and personal identification data in writing, but within the scope of the limitations of such approval, and 
  2. forwarding of healthcare and personal identification data is a mandatory legal requirement.






The www.1stdent.comwebsite uses cookies (Facebook like box, Google Analytics follow-up code and Google Adwords) to measure the traffic on our site and to ensure quick access to our sites on social media portals. We use the cookies to share information with our advertisement, social media and analytics partners about the use of our website and social networking sites to prepare statistics and advertisements. For further information about the Google Analytics cookies, please click here.


The follow-up codes of the remarketing services of Google Adwords enable customised advertisements for the website visitors on the websites belonging to the Google Display network. You can disable these cookies by following the instructions in the Google Ads Settings. You can read about the data-protection guidelines of Google regarding advertisementsby clicking here.


All modern browsers allow the changing of cookie setups. Most browsers automatically accept cookies by default; these can, however, usually be changed to prevent automatic acceptance, and the browser will always offer options regarding the enabling of cookies.

Please be informed that the disabling or enabling of cookies might limit the functionality of our website and the website might run not as planned in your browser.

You can read further information about the cookie settings of the most popular browsers by clicking on the following links

·      Google Chrome

·      Firefox

·      Microsoft Internet Explorer 11

·      Microsoft Internet Explorer 10

·      Microsoft Internet Explorer 9

·      Microsoft Internet Explorer 8

·      Microsoft Edge

·      Safari





The prevailing version of this Policy is available at the reception desk of our Clinic. 

1stDent Dentistry - Magyar1stDent Dentistry - angol