PRIVACY POLICY

2018. május 25.

PRIVACY POLICY OF  PRO GYNO-MED LTD.

  1. GENERAL PROVISIONS

Pro gyno-med Ltd. is the manager of Villa Medicina (address: 16 Szendi Street 1126 Budapest.; website: https://villamedicina.hu) in all cases ensures the legality and practicality as regards the handling of the personal data managed by it. The purpose of this information is to provide people making appointments at the clinic with adequate information about the conditions, guarantees and duration of the personal data processing even before making the appointment or providing their personal data. Our company in all cases involving the processing of personal data adheres to the contents of this declaration, we consider the contents thereof obligatory for us.

Our data management complies with all applicable laws, in particular:

  • (EU) No 2016/679 Regulation of the European Parliament and Council (27. April 2016.) – the protection of personal data of natural persons with regard to the processing of such data and about the free movement of such data, and on the repealing of 95/46/EK Regulation (General Data Protection Regulation, hereinafter “GDPR”);
    • Law No CXII of 2011 on the right to informational self-determination and freedom of information;
    • Law No V of 2013 on the Civil Code;
    • Law No C of 2000 on public accountancy;
    • Law No CL of 2017 on the order of taxation
    • Law CXXXIII of 2005 on the rules of personal and property protection and private detective activities; (hereinafter referred to as: “Szvtv.”);
    • Law XLVIII of 2008 on the Fundamental Terms and Given Limitations of Economic Advertising Activity;
    • Law CVIII of 2001 on certain aspects of e-commerce services and services related to the information society.

 

We provide the following information regarding our given data management procedures.

 

Personal data of the controller
Name: Pro gyno-med Kft. (Villa Medicina)
Address: 16 Szendi Street, 1126 Budapest
Company register number: Cg. 01 09 717455
Tax number: 13074571-2-43
Phone: +36 70 625 7975
E-mail: info@villamedicina.hu

 

    2. DEFINITIONS

  1.   ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  5. ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the 4.5.2016 EN Official Journal of the European Union L 119/33 framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  6. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  7. ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

 

  1. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

Personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); 4.5.2016 EN Official Journal of the European Union L 119/35 ( 1 ) Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1).
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).

We give the next informations in connection with our data managements.

 

  1. DATA MANAGEMENT BEING LINKED TO AN ONLINE APPOINTMENT PROCESS

Our firm provides an opportunity online onto a time reservation in order that an employee should be allowed to take a time on a fast, comfortable and manner free of charge to make an appointment to our doctors in Villa Medicina.

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: the facilitation of the time reservation, free of charge, efficiency
The legal basis of the data handling: the contribution of the person who makes an appointment
Scope of managed personal data: address; surname and first name; phone number; e-mail address
The duration of data management: 2 years from the reservation
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of data processor Address Description of a data processor task
Booked4.us Bt. 12 Zichy Hippolyt street, 2600 Vác the insurance of the opportunity of an on-line appointment reservation

By accepting this information sheet, you expressly consent to the fact that Pro gyno-med Ltd. – in order to make the data processing more comfortable and more tailored – uses further data processors as follows:

Name of the further processor Address Description of a data processor task
KARDI-SOFT Orvosi Rendszerek Kft. 43 Táncsics Mihály Street, 9024 Győr The supply of client treatment tasks in case of the application of the DOKIREX medical system


Possible consequences of the lack of data services
: the contract does not establish referring to the time reservation and the medical supply.

Rights of the person concerned: the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. DATA MANAGEMENT CONNECTED TO MEDICAL SERVICES

Our clinic enables the possibility of a suitable medical supply after getting the personal data

The controller of the data
: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: health services and medical treatments
The legal basis of the data handling: the prelimenary contribution of the person who makes an appointment (GDPR article 6)
Scope of managed personal data: address; surname and first name; phone number; e-mail address, company name and the headquarter, number of the bank card, date of welfare fund (identification number, name), social security number (TAJ-number)
The duration of data management: 30 years from the day of the medical treatment
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of the processor Address Description of a data processor task
KARDI-SOFT Orvosi Rendszerek Kft. 43 Táncsics Mihály Street, 9024 Győr The supply of client treatment tasks, the fixing of anamnesis, diagnoses in case of the application of the DOKIREX medical system

By accepting this information sheet, you expressly consent to the fact that Pro gyno-med Ltd. – in order to make the data processing more comfortable and more tailored – uses further data processors as follows:

Name of the further processor Address Description of a data processor task
KBOSS.hu Kft. 7 Záhony Street 1031 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners
Synlab Hungary Kft. 1st floor 53 Bajcsy-Zsilinszky Street. 1065 Budapest I. emelet Human hygienic laboratory service
Istenhegyi Géndiagnosztika Kft. 2 Zalatnai Street, 1125 Budapest Human hygienic laboratory service
Preventrend Diagnosztika Központ Kft. 56  Bolgárkertész Street, HU-1148 Budapest Other human health screening
Teladoc Hungary Kft. 1092 Budapest, Köztelek utca 6. I. épület, 2. emelet A network of partners offering help with health services
HUMANCELL MCC Kft 1087 Budapest, Fiumei út 7. Other human health screening
MEDSERV Egészségügyi Szolg. És Ker. Kft. 1112 Budapest, Süveg u. 10/B. Provision of medical services, histological examination
New Era Genetics Kft. 1026 Budapest,

Gábor Áron u. 74-78.

Other human health screening
PentaCore Lab Egészségügyi Szolgáltató Kft. 1094 Budapest, Bokréta u. 5. Other human health screening


Possible consequences of the lack of data services
: the contract does not establish referring to the time reservation and the medical supply.

Rights of the person concerned: the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. DATA MANAGEMENT RELATED TO MEDICAL SERVICES

Our clinic enables the possibility of a suitable medical supply after getting the personal data.

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: health services and medical treatments
The legal basis of the data handling: the prelimenary contribution of the person who makes an appointment (GDPR article 6)
Scope of managed personal data: address; surname and first name; phone number; e-mail address, company name and the headquarter, number of the bank card, date of welfare fund (identification number, name), social security number (TAJ-number), anamnesis
The duration of data management: 30 years from the day of the medical treatment
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of the processor Address Description of a data processor task
KARDI-SOFT Orvosi Rendszerek Kft. 43 Táncsics Mihály Street, 9024 Győr The supply of client treatment tasks, the fixing of anamnesis, diagnoses in case of the application of the DOKIREX medical system

By accepting this information sheet, you expressly consent to the fact that Pro gyno-med Ltd. – in order to make the data processing more comfortable and more tailored – uses further data processors as follows:

Name of the further processor Address Description of a data processor task
OPHTOGYN Kft. 53 Móricz Zs. Street 2071 Páty Data management referring to medical treatments, diagnosis and medical proposions
Medical Express Betéti Társaság 5 Széchenyi Street 2053 Herceghalom Data management referring to medical treatments, diagnosis and medical proposions
H P Diagnózis Bt. 19/A Toldi Miklós Street 2890 Tata Data management referring to medical treatments, diagnosis and medical proposions
Dr. Nyulasi Tibor János egyéni vállalkozó

 

19 Amfiteátrum Street 1031 Bp. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Domján Zsolt egyéni vállalkozó 27 Dombi Lajos Street 6000 Kecskemét Data management referring to medical treatments, diagnosis and medical proposions
Dr. Sipos Attila egyéni vállalkozó 1 Semmelweis Square 2149 Kistarcsa Data management referring to medical treatments, diagnosis and medical proposions
Budapest Chiropractic Egészségügyi Szolgáltató Betéti Társaság 16/B Tállya Street 1121 Budapest Data management referring to medical treatments, diagnosis and medical proposions
Premfert Egészségügyi Szolgáltató Kft. 88/B Viola Street, 2022 Tahitótfalu Data management referring to medical treatments, diagnosis and medical proposions
Infertility Betéti Társaság 30 Dózsa György Street, 4800 Vásárosnamény Data management referring to medical treatments, diagnosis and medical proposions

 

Name of the further processor Address Description of a data processor task
Pro gyno-med kft. 1124 Bp. Szendi u. 16. Data management referring to medical treatments, diagnosis and medical proposions
OPHTOGYN Kft. 2071 Páty, Móricz Zs. u. 53. Data management referring to medical treatments, diagnosis and medical proposions
Medical Express Betéti Társaság 2053 Herceghalom, Széchenyi u. 5. Data management referring to medical treatments, diagnosis and medical proposions
H P Diagnózis Bt. 2890 Tata, Toldi Miklós u. 19. A ép. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Nyulasi Tibor János egyéni vállalkozó

 

1031 Bp. Amfiteátrum utca 19. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Domján Zsolt egyéni vállalkozó 6000 Kecskemét Dombi Lajos u. 27. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Sipos Attila egyéni vállalkozó 2149 Kistarcsa Semmelweis tér. 1. Data management referring to medical treatments, diagnosis and medical proposions
Budapest Chiropractic Egészségügyi Szolgáltató Betéti Társaság 1121 Budapest, Tállya u. 17. B. ép. Data management referring to medical treatments, diagnosis and medical proposions
Premfert Egészségügyi Szolgáltató Kft. 2022 Tahitótfalu, Viola u. 88. b. ép. Data management referring to medical treatments, diagnosis and medical proposions
Infertility Betéti Társaság 4800 Vásárosnamény Dózsa György út 30. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Harangozó Andrea egyéni vállalkozó 2045 Törökbálint, Munkácsy Mihály Utca Data management referring to medical treatments, diagnosis and medical proposions
Dr. Fábián Medical kft. 2094 Nagykovácsi, Bajcsy Zsilinszky u. 40. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Tarnai László egyéni vállalkozó 6726 Szeged, Ökörszem u. 30. Data management referring to medical treatments, diagnosis and medical proposions
Dr. Vízkeleti Júlia egyéni vállalkozó 2030 Érd, Kádár u. 25. Data management referring to medical treatments, diagnosis and medical proposions
Archi-Medical Kft. 2151 Fót, Klára u. 4. Data management referring to medical treatments, diagnosis and medical proposions
Intermed Bt. 1027 Bp. Horvát u. 28. fsz. 1. Data management referring to medical treatments, diagnosis and medical proposions


Rights of the person concerned:
 the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. DATA MANAGEMENT RELATED TO FINANCIAL SERVICES

Our clinic enables the possibility of a suitable medical supply after getting the personal data.

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: the fulfilment of a medical financial service following the medical service
The legal basis of the data handling: the prelimenary contribution of the person who makes an appointment (GDPR article 6)
Scope of managed personal data: address; surname and first name; phone number; e-mail address, company name and the headquarter, number of the bank card, date of welfare fund (identification number, name)
The duration of data management: 2 years two years following the day of the exhibition of the invoice
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of the processor Address Description of a data processor task
KBOSS.hu Kft. 7 Záhony Street 1031 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners

By accepting this information sheet, you expressly consent to the fact that Pro gyno-med Ltd. – in order to make the data processing more comfortable and more tailored – uses further data processors as follows:

Name of the further processor Address Description of a data processor task
NOÉ BÁRKÁJA Zrt. 2/4 Dolgos Street 1126 Budapest The strain of the book-keeping service following the salary transactions
Generali Egészség- és Önsegélyező Pénztár 42-44 Teréz boulevard 1066 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners. Customer service assistance
TEMPO Egészség- és Önsegélyező Pénztár 92 Nagybányai Street 1025 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners. Customer service assistance
Patika ZRt. 18 Bimbó Street 1022 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners. Customer service assistance
Card Consulting Kft.

 

52 Kárpát Street 1033 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners. Customer service assistance
OTP Pénztárszolgáltató Zrt. 4  Mérleg Street 1051 Budapest The transaction of data communication is necessary to the salary transactions between the dealer’s and the salary service provider’s system, the insurance of the retrievable of the transactions for the partners. Customer service assistance

Possible consequences of the lack of data services: the contract does not establish referring to the time reservation and the medical supply.

Rights of the person concerned: the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. DATA MANAGEMENT RELATED TO DIAGNOSTIC REPORTS AND RESULTS

Our clinic enables the possibility of a suitable medical supply after getting the personal data.

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: providing information of the results of the medical treatments
The legal basis of the data handling: the prelimenary contribution of the person who makes an appointment (GDPR article 6)
Scope of managed personal data: address; surname and first name; phone number; e-mail address, company name and the headquarter, number of the bank card, date of welfare fund (identification number, name)
The duration of data management: 30 years from the day of the medical treatment
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of the processor Address Description of a data processor task
KARDI-SOFT Orvosi Rendszerek Kft. 43 Táncsics Mihály Street 9024 Győr A DOKIREX orvosi rendszer alkalmazása esetén ügyfélkezelési feladatok ellátása, kórelőzmények rögzítése, leletek értesítése

By accepting this information sheet, you expressly consent to the fact that Pro gyno-med Ltd. – in order to make the data processing more comfortable and more tailored – uses further data processors as follows:

Name of the further processor Address Description of a data processor task
Pro gyno-med Kft. (06 70 625 7975) 16

Szendi Street 1126 Budapest

Providing information via telephone


Possible consequences of the lack of data services
: the contract does not establish referring to the time reservation and the medical supply.

Rights of the person concerned: the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. DATA MANAGEMENT RELATED TO NEWSLETTER SUBSCRIBING AND OTHER MARKETING ACTIVITIES

We have newsletter system in order to has interactions with our patients, offers our services inform them our news and discounts.

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: communication with potential patients
The legal basis of the data handling: the prelimenary contribution of the person who makes an appointment (GDPR article 6)
Scope of managed personal data: surname and first name; e-mail address
The duration of data management: until the unsubscription from the newsletter system
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of the processor Address Description of a data processor task
The Rocket Science Group LLC (MailChimp) 675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308 USA
Storage of the database of MailChimp newsletter system

By accepting this information sheet, you expressly consent to the fact that Pro gyno-med Ltd. – in order to make the data processing more comfortable and more tailored – uses further data processors as follows:

Name of the further processor Address Description of a data processor task
KARDI-SOFT Orvosi Rendszerek Kft. 43 Táncsics Mihály Street 9024 Győr A DOKIREX orvosi rendszer alkalmazása esetén ügyfélkezelési feladatok ellátása, kórelőzmények rögzítése, leletek értesítése


Possible consequences of the lack of data services
: the contract does not establish referring to the time reservation and the medical supply.

Rights of the person concerned: the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. COOKIES POLICY

We use cookies on our site to improve performance and enhance your user experience.

If you provide personal information (such as name, address, email address, phone number, fax number) through the Website or by using the email address represented on it, those data will be managed by Villa Medicina.

The purpose of the data management: users’ identification, tracking users, differentiation of users, the identification of the users’ current working process, the storage of granted data,
the prevention of the data losing, web analytics measurements,  personalized service providing
The legal basis of the data handling: contribution of the user
Scope of managed personal data: tracking number, date, last visited page
The duration of data management: maximum 90 days
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. SERVER DIARY OF THE WEBSITE

When a user visits our website (villamedicina.hu) our web server automatically logs a diary of the user’s activity.

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: during the visit of our site, the service provider records the visitor data in order to check the functionality of the services and to prevent abuse.
The legal basis of the data handling: Legitimate interest of the data controller [Article 6. Paragraph (1) Section f) of the GDPR]
Scope of managed personal data: ID number, date, time, address of the page visited
The duration of data management: up to 90 days after visiting the site
Use of data processor: our firm takes advantages of an informatics service in order to handle the online appointment system

Name of data processor Address Description of a data processor task
Pro gyno-med Ltd. 16 Szendi Street 1126 Budapest Collecting and fixing visitor’s data and other information in favour of  the function of our web server


Other information about data processing:
 Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. INTERNAL DATA PROTECTION

The controller of the data: Pro gyno-med Kft. 16 Szendi Street, 1126 Budapest
The purpose of the data management: fulfilment of the contract
The legal basis of the data handling: controller’s legitimate interest
The duration of data management: 2000. yearly C. speaking about accountancy law the 169. parag (2) his paragraph adequately – the given year delegating 7. year December 31.

Possible consequences of the lack of data services: the contract does not establish referring to the medical treatment.
Rights of the person concerned: the person concerned (whose personal information is handled by our company)
a) may request information on the processing of his/her personal data or to access these personal data,
b) may request the rectification of the data,
c) may request the deletion thereof,
d) in case the conditions of GDPR Article 18. are met, he/she may request the limitation of the processing of the personal data (which means that our company does not delete or destroy the data until a court or official order, but only for maximum 30 days, and beyond this the company shall not process the data for any other reasons).
e) may object to the processing of personal data,
f) exercise his/her right for data transmission. Under the latter law, the concerned person is entitled to receive his/her personal data in a word or excel format, and he/she is further entitled to ask the data to be forwarded by our company to another data processor.

Other information about data processing: Our company will take all necessary technical and organizational measures to avoid any possible privacy incidents (e.g. damage, loss of files containing personal information and to prevent unauthorized access). In the event of an incident occurring, we keep a record of the necessary measures and in order to be able to inform the concerned persons, which includes the circle of the given personal data, the circle and number of the people affected by the data protection incident, the time of the data protection incident, its circumstances, effects and the measures taken to remedy the data protection incident, and all other data specified in the law governing the data management.

Our company has concluded a data processing contract with the data processors in which the data processors undertake that in case they use further data processors, they will obligatorily use the data protection and data processing guarantees that are required from them by the data processing agreement, taking this into consideration we provide the legal processing of the personal data even in case of data processors.

 

  1. OTHER DATA MANAGEMENT

In case of data management not listed in this information material, we provide information when the data is recorded. We inform our customers that some authorities, public service bodies, courts may approach our company to provide personal information. For these bodies, our company – in case the body has indicated the exact purpose and the scope of the information – provides information only to the extent that is necessary for the achievement of the purpose of the request, and in case the accomplishment of the approach is legally required.

 

  1. A STORAGE OF PERSONAL DATA, SAFETY OF THE DATA MANAGEMENT

The computing systems and other data retention locations of our company are located at the headquarters and on the servers rented by the data processor. Our company selects and manages the IT tools used to manage personal data for the provision of the service in a way that:

  1. a) it is accessible for the authorized persons (availability);
    b) its authenticity and certification is provided (credibility of data management);
    c) its unchanged nature can be verified (data integrity);
    d) it is protected from unauthorized access (confidentiality of data).

We pay particular attention to the security of the data, and we also take the technical and organizational measures and develop the procedures necessary to enforce the GDPR guarantees. We protect the data by appropriate measures, particularly against unauthorized access, modification, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and the unavailability due to the applied technology.

The IT system and network of our company and our partners is protected against computer-aided fraud, computer viruses, computer intrusions, and against attacks leading to a service denial. The operator also provides for the security through server-level and application-level security measures. The daily data backup is provided for. In order to avoid data protection incidents, our company will take all possible measures, in case such an incident occurs – according to our internal rules – we take immediate actions to minimize the risks and to remedy the damages.

 

  1. THE RIGHTS OF THE PARTIES CONCERNED, LEGAL REMEDY OPPORTUNITIES

The Party concerned may request information about the handling of his/her personal data, may request the rectification of his/her personal data or – with the exception of the mandatory data handling – may request the deletion, cancellation of his/her data, he/she may use his/her right to transfer his/her data, to protest as indicated at the time of the recording of the data, and at the above contact details of data manager.

At the request of the person concerned, we provide the information in electronic format without delay, but no later than 30 days, in accordance with our applicable regulations. Requests for the fulfilment of the below rights are provided free of charge to the concerned persons.

Right to receive information:
Our company takes appropriate actions to ensure that we provide all the information as regards the handling of personal data to persons concerned as mentioned in Article 13. and 14. of the GDPR according to articles 15-22. and 34. in a concise, transparent, comprehensible and easily accessible form, in a clear and straightforward, but at the same time in a precise manner.

The right to receive information can be exercised in writing through the contact details given in point 1. At the request of the person concerned – after the verification of his/her identity – oral information may also be given. We inform our customers that in case the co-workers of our company have concerns about the identity of a concerned person, we may request information from him/her that is needed for the verification of his/her identity.

Right of access by the data subject
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f) the right to lodge a complaint with a supervisory authority;

(g) where the personal data are not collected from the data subject, any available information as to their source;

(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  1. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  2. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  3. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 4.5.2016 EN Official Journal of the European Union L 119/43

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

  1. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  2. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

Right to restriction of processing

  1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

  1. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. L 119/44 EN Official Journal of the European Union 4.5.2016
  2. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

 

Right to data portability

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point

(a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

(b) the processing is carried out by automated means.

  1. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  2. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  3. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

 

Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 4.5.2016 EN Official Journal of the European Union L 119/45
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

Automated individual decision-making, including profiling

  1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  2. Paragraph 1 shall not apply if the decision: (a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; (b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (c) is based on the data subject’s explicit consent.
  3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
  4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

Procedural rules:
The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

 

Right to compensation and liability

  1. Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.
  2. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
  3. A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.

 

The right of applying to the courts and data protection magisterial procedure:

It affected may apply to the courts against the data handling system in case of the violation of his rights. The court intervenes in the case apart from a row.

You can make a complaint with the Hungarian National Authority for Data Protection and Freedom of Information. (Nemzeti Adatvédelmi és Információszabadság Hatóság)

The address of the authority: 1055 Budapest, Falk Miksa Street 9-11.
Phone: +36-1-391.1400
E-mail: ugyfelszolgalat@naih.hu

We inform you, that we cannot provide our medical services without your approval in terms of General Data Protection Rules (GDPR).