1stDent Egészségügyi Szolgáltató és Kereskedelmi Kft.
Privacy Policy
25 May 2018
Table of Contents
I. Purpose of the Privacy Policy
II. Temporal, personal and material scope of the Privacy Policy
III. Legal basis and basic data-processing principles of the Policy
IV. Definitions
V. Purpose of data processing, purpose limitation of data processing
VI. Data of the Data Controller
VII. Carrying out of data-processing tasks, the process of data processing
VIII. Duration of data processing
IX. Data processing, data forwarding and transmission
X. Rights and remedies of the Data Subjects in relation to data processing
XI. Data security, storage of personal data, information security
XII. Obligation of confidentiality
XIII. Use of cookies
XIV. Other provisions
I. PURPOSE OF THE PRIVACY POLICY
1st Dent Egészségügyi Szolgáltató és Kereskedelmi Korlátolt Felelősségű Társaság (company registration number: Cg.01-09-297799; registered seat: 1067 Budapest, Teréz körút 7. represented by: dr. Balogh István Árpád, managing director, hereinafter referred to as 1st Dent Kft.), as Data Controller, hereby informs its clients (who are hereinafter collectively referred to as Data Subjects) that it shall respect the moral rights of Data Subjects; therefore, it shall act based on the following Privacy Policy (hereinafter referred to as Policy) in its data processing operations.
The purpose of this Policy is to lay down detailed rules for the data processing carried out in the organisation of 1st Dent Kft., ensure the functioning of the constitutional principles of protecting one’s healthcare and personal data, the publicity of public data, and the requirements of data security during data processing.
II. TEMPORAL, PERSONAL AND MATERIAL SCOPE OF THE PRIVACY POLICY
II.1. This Policy shall be in force from 25 May 2018 until provided for otherwise or withdrawal.
II.2. The personal scope of this Policy shall include
The Data Controller shall, basically, process the data of individuals who
II.3. The material scope of this Policy shall include all data processing operations and data involving personal data and conducted at the Data Controller, regardless of the fact whether it is done electronically and/or in a paper-based form. It shall cover all healthcare and personal identification data pertaining to the Data Subject and processed according to the requirements of the Health Care Act of Hungary.
II.4. This Policy shall include provisions related to the use and data processing of the website and Facebook site operated on behalf of the Data Controller, their operation shall be governed by the provisions of the Privacy Policies available on the https://1stdent.com/hu/and the https://www.facebook.com/1stdent/sites.
III. LEGAL BASIS AND BASIC DATA-PROCESSING PRINCIPLES OF THE PRIVACY POLICY
III.1. The legal basis of this Policy shall be the following pieces of legislation:
III.2. In carrying out its activities, the Data Controller shall respect the following basic principles in Article 5 of the General Data Protection Regulation
IV. DEFINITIONS
The Data Controller shall apply the following terms in this Policy and in its Annexes.
(ba) racial origin, membership of any national or ethnical minority, political opinion or party affiliation, religion or other belief, membership in any representative body,
(bb) health, abnormal addiction, sexual life, as well as criminal personal data;
V. PURPOSE OF DATA PROCESSING, PURPOSE LIMITATION OF DATA PROCESSING
V.1. An employee of the Data Controller may process personal data only during performing his/her activities falling within the scope of his/her job and to the extent necessary and for the purposes of performing his/her specific tasks and according to legislative requirements and this Policy.
V.2. According to the provisions of the Advertising Act in force, personal data shall not be used for the purposes of subsequent advertising and/or promotion and/or market research.
V.3. The purpose of processing healthcare and personal identification data shall be
For the purposes specified in Points (a) to (c) of this Clause, only such data may be processed which are indispensable for and capable of the achievement of the purpose of processing. Personal data and special data may be processed to the extent and for a period necessary for accomplishing the purpose. All stages of processing shall comply with these purposes.
V.4. The Data Controller may not use data processed by it for the purposes of statistics even if they are incapable of personal identification, and it shall not provide data for such purposes.
V.5. The Data Controller shall not perform newsletter-related activities and shall not contact the Data Subject using its contact details for promotional purposes.
VI. DATA OF THE DATA CONTROLLER
For this Policy, the Data Controller shall be
(a) 1st Dent Kft.
a. registered seat: 1067 Budapest, Teréz körút 7.
b. company registration number: 01-09-297799
c. tax identification number: 25945472-1-42
d. address of actual data processing: 1067 Budapest, Teréz körút 7.
e. phone number: 06309428738
f. email: 1stdentkft@gmail.com
g. represented by, with individual power of representation: dr. István Árpád Balogh, managing director
(b) the Employee for the activities of whom the Data Controller shall be fully liable towards the Data Subjects and third persons. If the provisions of this Policy not imply otherwise, an Employee shall also be Data Controller.
VII. CARRYING OUT OF DATA-PROCESSING TASKS, THE DATA PROCESSING PROCESS
VII.1. Responsibilities related to data protection, data processing, data security and information security within the scope of interest of the Data Controller shall rest with the Data Controller.
VII.2. The Data Controller shall
(a) set the date and the time of data processing to be carried out by a person or body outside the organisation,
(b) check records concerning data processing, data protection and information technology,
(c) give authorisation to the Employee(s) to access the IT applications necessary for carrying out the job of the Employee, if an Employee is employed.
VII.3. The Employee at whom the data was generated and/or who has access to the data and/or who received the data from another data manager or third person and/or who has gained possession of the data in any other way shall be data manager under this Policy. Data erasure, rectification, blocking or destruction shall be done only by the data manager having access or the Data Controller or the Employee whom the Data Controller so instructs. If any piece of legislation or internal policy so requires, the Employee performing the erasure, blocking or destruction shall properly document that process.
VII.4. Employee responsibilities
VII.5. Data processing may take place based on the prior, voluntarily consent of the Data Subject and prior information provided by the Data Controller. Prior consent shall be regarded as acceptable according to law if it meets all three requirements, i.e. it is
The consent must clearly imply that the Data Subject agrees to the data processing. If the data processing is based on the consent of the Data Subject, then, in case of doubt, the Data Controller shall prove that the Data Subject consented to the data-processing operation. The Data Subject shall be entitled to withdraw his/her consent at any time. Withdrawal of consent shall not affect the lawfulness of data processing based on the consent and preceding the withdrawal, i.e. the withdrawal shall only apply to the future, it does not have a retroactive effect.
VII.6. Within the meaning of the Health Care Act, if the Data Subject is unable to provide his/her consent due to his/her incapacity or any other unavoidable reason, then personal data of the Data Subject may be processed while the obstacles to the consent apply, to the extent necessary for protecting his/her or any other person’s vital interests and for the aversion or prevention of any direct threat threatening the lives, physical integrity or property of persons. The validity of a declaration with legal effect of a minor older than 16 years, containing the consent of the Data Subject, shall not require the consent or subsequent approval of his/her legal representative. In case of a child younger than 16 years, personal data of the child shall be lawful only and to the extent if the consent has been provided or approved by the person exercising legal custody over the child.
VIII. DURATION OF PROCESSING
In case of each data-processing operation, the duration of data processing shall last
IX. DATA PROCESSING, DATA FORWARDING AND TRANSMISSION
IX.1. The Data Controller shall not engage any external data processor, it shall process data controlled by it.
IX.2. If the Data Controller engages third persons for bookkeeping, payroll accounting and/or hosting/server services, system administration or other services that are otherwise the functions of the data processor, then such partner shall comply with and enforce the functioning of the following rules.
IX.3. Data may be forwarded within the Data Controller only if the receiving data manager also has access to the data to be forwarded. The data manager shall obtain information regarding the access right of the receiving data manager still before the forwarding.
IX.4. The Data Controller may forward data specified by the Data Subject to its Partners if the Data Controller has specified the Partner to the Data Subject as well as the expected duration of data processing and its goal, and the Data Subject has consented to the data forwarding. The Data Controller may specify Partners by way of information materials as well, if it makes that available to the Data Subjects. The Data Controller may forward data the Data Subject has preliminarily approved to its Partners only.
X. RIGHTS AND REMEDIES OF THE DATA SUBJECTS IN RELATION TO DATA PROCESSING
X.1. The Data Subject shall have the right to get information regarding data processing related to the medical treatment, he/she may access healthcare and personal identification data pertaining to him/her, investigate the healthcare documentation, and get copies of it, at his/her own cost.
X.2. The Data Subject may request information from the Data Controller regarding the processing of his/her personal data and may also investigate such data. Investigation shall be so provided that the Data Subject in question may not investigate the data of other persons.
X.3. The Data Controller shall provide the information in writing and a non-technical manner within 30 (thirty) days as from the submission of the request. The information must include
X.4. The Data Subject may request the rectification of his/her personal data. The Data Controller shall rectify false data within 2 (two) working days, or immediately and on the spot, if the Data Subject is present in person.
X.5. The Data Subject may request the erasure of his/her data processed without being obliged to assign his/her reasons. The Data Controller shall fulfil the request of data erasure within 2 (two) working days.
X.6. The Data Subject may object against the processing of his/her personal data, if
X.7. In the case of violation of his/her rights related to the data processing, the Data Subject may submit a complaint via the above contact details of 1st Dent Kft, to the Hungarian National Authority for Data Protection and Freedom of Information (http://naih.hu/; 1125 Budapest, Szilágyi Erzsébet fasor 22/c; mailing address: 1530 Budapest, Pf.: 5.; phone: +36-1-391-1400; telefax: +36-1-391-1410; Email: ugyfelszolgalat@naih.hu) or go to court. The Data Subject may file the lawsuit at the Budapest-Capital Regional Court or the regional court having jurisdiction over his/her place of domicile. In Hungary, contact details of regional courts are on this site: http://birosag.hu/torvenyszekek. If the place of habitual residence of the Data Subject is in another Member State of the European Union, then the lawsuit may be brought before the court with jurisdiction in the Member State of the place of habitual residence.
X.8. The Data Controller shall, concurrently with the suspension of the data processing, examine the objection within the shortest possible time-limit as from the submission of the request, but within 15 (fifteen) days at maximum, and inform the person having submitted the request in writing of its result. If the objection is well-founded, the Data Controller shall terminate the data processing, including further data recording and data forwarding, block data, and inform everybody whom it previously forwarded the personal data concerned by the objection and who shall take measures in order to ensure the functioning of the right to object of the objection and the measures taken on the basis of the objection.
X.9. If the Data Subject disagrees with the decision of the Data Controller, then he/she may go to court within 30 (thirty) days as from the communication of that decision.
X.10. If the data recipient does not receive the data necessary for the enforcement of his/her/its legal right due to the objection of the Data Subject, then it may bring a lawsuit before a court against he Data Controller in order to gain access to the data within 15 (fifteen) days as from the communication of the notification.
X.11. If the court rejects the petition of the data recipient, the Data Controller shall erase the personal data of the Data Subject within 3 (three) days as from the communication of the ruling. The Data Controller shall also erase the data if the data recipient does not go to court within the time-limit specified in this Policy.
X.12. The Data Controller may not erase the data of the Data Subject if data processing is required by the law. The data shall, however, not be forwarded to the data recipient if the Data Controller agrees with the objection or the court has found that the objection is well-founded.
X.13. If the rights of the Data Subject are violated, the Data Subject may bring an action before a court against the Data Controller. The court shall hear the case as a matter of urgency.
XI. DATA SECURITY, STORAGE OF PERSONAL DATA, INFORMATION SECURITY
XI.1. Personal data may be processed only according to the purpose of the data processing operation in question.
XI.2. The Data Controller shall ensure the security of the data. It shall take the necessary technical and organisational measures regarding datasets stored using IT equipment. The Data Controller shall ensure the functioning of the data-security rules provided for in the relevant pieces of legislation.
XI.3. It shall ensure data security; take the technical and organisational measures and set up the procedural rules that are necessary to ensure the functioning of the relevant pieces of legislation and data-security and confidentiality rules.
XI.4. The Data Controller shall protect data against unauthorised access, modification, forwarding, disclosure, erasure or destruction, and accidental destruction or damage, and their becoming inaccessible due to any change in the technology applied by taking appropriate measures.
XI.5. In determining and applying data security measures, the Data Controller shall consider the current level of technological development and shall choose the data processing solution, from various potential solutions, that ensures the highest level of protection for the personal data, except if that would mean a disproportionate difficulty. Within the scope of its IT protection responsibility, the Data Controller shall ensure, amongst other things
XI.6. The Data Controller shall provide the IT environment for the processing of personal data within the scope of its services in a way that
XII. OBLIGATION OF CONFIDENTIALITY
XII.1. The Data Controller shall have a confidentiality obligation regarding all data and facts it became aware of during performing its responsibilities. The confidentiality obligation of the Data Controller shall survive the termination of his/her agency and/or contractor relationship.
XII.2. The Data Controller shall become exempt from the confidentiality obligation only based on a relevant legislative provision or the written consent of the Data Subject.
XII.3. The Data Controller shall, except as provided for in the Health Care Act, as well as the data processor, keep medical secrets. The Data Controller shall become exempt from the confidentiality obligation if
XIII. USE OF COOKIES
The www.1stdent.comwebsite uses cookies (Facebook like box, Google Analytics follow-up code and Google Adwords) to measure the traffic on our site and to ensure quick access to our sites on social media portals. We use the cookies to share information with our advertisement, social media and analytics partners about the use of our website and social networking sites to prepare statistics and advertisements. For further information about the Google Analytics cookies, please click here.
The follow-up codes of the remarketing services of Google Adwords enable customised advertisements for the website visitors on the websites belonging to the Google Display network. You can disable these cookies by following the instructions in the Google Ads Settings. You can read about the data-protection guidelines of Google regarding advertisementsby clicking here.
All modern browsers allow the changing of cookie setups. Most browsers automatically accept cookies by default; these can, however, usually be changed to prevent automatic acceptance, and the browser will always offer options regarding the enabling of cookies.
Please be informed that the disabling or enabling of cookies might limit the functionality of our website and the website might run not as planned in your browser.
You can read further information about the cookie settings of the most popular browsers by clicking on the following links
· Firefox
· Microsoft Internet Explorer 11
· Microsoft Internet Explorer 10
· Microsoft Internet Explorer 9
· Microsoft Internet Explorer 8
· Safari
XIV. OTHER PROVISIONS
The prevailing version of this Policy is available at the reception desk of our Clinic.