As the operator of Villa Medicina, Pro gyno-med Kft., 1126 Budapest, Szendi utca 16. ensures in all cases the legality and expediency of data management with regard to the personal data it manages. The purpose of this information is that patients who make an appointment and provide their personal data can receive appropriate information about the conditions and guarantees and for how long their data will be processed by our company before making the reservation or providing their personal data. Our company adheres to the contents of this information sheet in all cases involving personal data management, and we consider what is described here mandatory for us.
At the same time, we reserve the right to change what is described in this unilateral legal statement, in which case we will inform the affected parties in advance ( www.villamedicina.hu) . Please, if you have any questions about the contents of this information sheet,write a letter (www.info@villamedicina.hu) to us. The data management of our company's activities is based on voluntary consent and legal authorization (cf. health legislation. (see point 3), and in some cases data management is necessary to take steps at the request of the data subject before concluding the contract.
Legal references for institutions providing health services:Legal references for institutions providing health services:
The details and contact details of the data controller are as follows:
Name: Pro gyno-med Kft. (Villa Medicina)
Head office: 1126 Budapest, Szendi utca 16. (1124 Bp. Németvölgyi út 68.)
span>Company registration number: 01 09 717455
Phone number: +36 70 625 7975
E-mail:info@villamedicina. en
Name of data protection officer: Vanda Hajdinák.
Email address of Data Protection Officer: vhajdinak@villamedicina.hu
"data protection incident": a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled. 3. Principles for handling personal data:
Personal data:
Personal data:
The data controller is responsible for compliance with the above, and must also be able to prove this compliance ("accountability").
We provide the following information regarding our individual data management.
Our company provides the opportunity to book an appointment online so that you can book an appointment with our doctors working at Villa Medicina in a quick, convenient and cost-free way.
Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.
Data processor name | Address | Data processing task description |
---|---|---|
Salonic International Kft. | 1054 Budapest, Honvéd utca 8. 1. em. 2. | Providing the possibility of online appointment booking thanks to the Salonic system |
By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Data processor name | Address | Data processing task description |
---|---|---|
KARDI-SOFT Orvosi Rendszerek Kft. | 9024 Győr Táncsics Mihály utca 43. | When using the DOKIREX medical system, performing customer management tasks |
Possible consequences of failure to provide data: no contract for booking an appointment or regarding medical care.
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
Our company has entered into a data processing contract for the data processing tasks, in which Salonic International Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the case of using an additional data processor, in view of this, we also ensure the legal processing of personal data in the case of the data processor.
Date cancellation: If the Patient does not show up for the appointment or cancels it within 24 hours, the previously paid deposit (50% of the treatment price) no will be refunded!
5. DATA MANAGEMENT IN CONNECTION WITH MEDICAL SERVICES
Our clinic enables appropriate medical care after providing various personal data.
Personal data manager: Pro gyno-med Kft., 1126 Budapest, Szendi u. 16.
Purpose of data management: medical care
Legal basis for data management: prior consent of the patient, GDPR Article 6 (1) point a), and data management prior to the conclusion of the contract by the data subject necessary to take steps at your request - GDPR Article 6 (1) point b
Scope of processed personal data: address; surname and first name; residential address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business company, company name and seat, bank card number, EP card data (identification, name on the card), TAJ number
Duration of data management: thirty years after the date of medical care.
Use of a data processor: our company is the medical to operate the system, it uses the help of an IT service provider as follows.
Data processor name | Address | Data processing task description |
---|---|---|
KARDI-SOFT Orvosi Rendszerek Kft. | 9024 Győr Táncsics Mihály utca 43. | When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings |
By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Data processor name | Address | Data processing task description |
---|---|---|
KBOSS.hu Kft. | 1031 Budapest Záhony utca 7. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, ensuring the traceability of transactions for trading partners |
Spektrum Lab Kft. | 1038 Budapest, Papírgyár utca 58-59. | Human health laboratory service |
Istenhegyi Géndiagnosztika Kft. | 1125 Budapest Zalatnai u.2. | Human health laboratory service |
Preventrend Diagnosztika Központ Kft. | HU-1148 Budapest, Bolgárkertész u. 56. | Other human health care screening test |
HUMANCELL MCC Kft | 1087 Budapest Fiumei út 7. | Other human health care screening test |
MEDSERV Egészségügyi Szolg. És Ker. Kft. | 1112 Budapest, Süveg u. 10/B. | Provision of healthcare services, histological examination |
New Era Genetics Kft. | 1026 Budapest Gábor Áron u. 74-78. | Other human health care screening test |
Vascular Diagnostics Kft. | 1095 Budapest, Lechner Ödön fasor 3. C. lház. 3. em. 1. | Other human health care screening test |
Possible consequences of failure to provide data: no contract for booking an appointment or regarding medical care
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
Our company has entered into a data processing contract for the data processing tasks, in which KARDI-SOFT Medical Systems Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the case of using an additional data processor, taking into account the legal processing of personal data in the case of the data processor we also provide.
6. DATA MANAGEMENT IN CONNECTION WITH DIFFERENT MEDICAL SERVICES
Our clinic enables appropriate medical care after providing various personal data.
Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.
Purpose of data management: medical care
Legal basis for data management: prior consent of the patient, GDPR Article 6 (1) point a), and data management prior to the conclusion of the contract by the data subject necessary to take steps at your request - GDPR Article 6 (1) point b
Scope of processed personal data: address; surname and first name; residential address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business company, company name and registered office, bank card number, EP card data (identification, name on the card), TAJ number, medical history
Duration of data management: thirty years after the date of medical care. (In some cases, due to legal obligations, there is no way to delete health data. 30 or 50 years retention obligation - see Eüak.).
span>Use of a data processor: our company uses the help of an IT service provider to operate the medical system as follows.
Data processor name | Address | Data processing task description |
---|---|---|
KARDI-SOFT Orvosi Rendszerek Kft. | 9024 Győr Táncsics Mihály utca 43. | When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings |
By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Data processor name | Address | Data processing task description |
Pro gyno-med kft. | 1124 Bp. Szendi u. 16. | Management of data required for health care, medical examinations, and preparation of medical recommendations |
Medical Express Betéti Társaság | 2053 Herceghalom, Széchenyi u. 5. | Management of data required for health care, medical examinations, and preparation of medical recommendations |
H P Diagnózis Bt. | 2890 Tata, Toldi Miklós u. 19. A ép. | Management of data required for health care, medical examinations, and preparation of medical recommendations |
Intermed Bt. | 1027 Bp. Horvát u. 28. fsz. 1. | Management of data required for health care, medical examinations, and preparation of medical recommendations |
Infertility Betéti Társaság | 4800 Vásárosnamény Dózsa György út 30. | Management of data required for health care, medical examinations, and preparation of medical recommendations |
INFENDO-med kft. | 2721 Pilis, Tölgyfa u. 15. | Management of data required for health care, medical examinations, and preparation of medical recommendations |
ZOÉ-MED Egészségügyi Kft. | 2330 Dunaharaszti, Fő út 84. A. ép. Fsz. 1. ajtó | Management of data required for health care, medical examinations, and preparation of medical recommendations |
Possible consequences of failure to provide data: no contract for booking an appointment or regarding medical care
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
Our company has entered into a data processing contract for the data processing tasks, in which KARDI-SOFT Medical Systems Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the case of using an additional data processor, taking into account the legal processing of personal data in the case of the data processor we also provide.
7. DATA MANAGEMENT IN CONNECTION WITH FINANCIAL SERVICES FOLLOWING MEDICAL CARE
Our clinic enables appropriate medical care after providing various personal data.
Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.
Purpose of data management: performance of financial services following medical care
Legal basis for data management: prior consent of the patient, GDPR Article 6 (1) point a), and data management prior to the conclusion of the contract by the data subject necessary to take steps at your request - GDPR Article 6 (1) point b
Scope of processed personal data: surname and first name; residential address (country, postal code, city, street, house number; in the case of a business company, company name and registered office, bank card number, EP card data (identifier, name on the card), e-mail address in the case of an e-invoice
Duration of data management: eight years after the date of issue of the invoice
Using a data processor: our company uses the help of an IT service provider to operate the invoicing program as follows.
Data processor name | Address | Data processing task description |
---|---|---|
KBOSS.hu Kft. | 1031 Budapest Záhony utca 7. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, ensuring the traceability of transactions for trading partners |
By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Data processor name | Address | Data processing task description |
---|---|---|
2PM Bt. | 2093 Budajenő, Füzes utca 9. | Use of the accounting service following payment transactions |
Generali Egészség- és Önsegélyező Pénztár | 1066 Budapest, Teréz krt. 42-44. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
TEMPO Egészség- és Önsegélyező Pénztár | 1025 Budapest II. Nagybányai út 92. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Patika Zrt. | 1022 Budapest, Bimbó út 18. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
OTP Országos Egészség és Önsegélyező Pénztár | 1051 Bp. Mérleg u. 4. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
MKB-Pannónia Egészség és Önsegélyező Pénztár | 1056 Bp. Váci u. 38. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Prémium Egészségpénztár | 1138 Bp. Dunavirág u. 2-6. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Allianz Hungária Egészség- és Önsegélyező Pénztár | 1087 Bp. Könyves Kálmán körút 48-52. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Vitamin Egészségpénztár | 1023 Budapest, Bécsi út 4. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Medicina Egészségpénztár | 1037 Bp. Montevideó u. 5. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Vasutas Egészségpénztár | 1144 Bp. Kőszeg u. 26. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Dimenzió Egészségpénztár | 1119 Budapest, Fehérvári út 84. A. épület III | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Card Consulting Kft.
| 1033 Budapest, Kárpát u. 52. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
OTP Pénztárszolgáltató Zrt. | 1051 Budapest, Mérleg u. 4. | Conducting the data communication required for payment transactions between the merchant and the payment service provider's system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users. |
Possible consequences of failure to provide data: no contract regarding medical care is created
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
Our company has entered into a data processing contract for the data processing tasks, in which KBOSS.hu Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the event of the use of an additional data processor, in view of this, we also ensure the legal processing of personal data in the case of the data processor. .
8. DATA MANAGEMENT RELATED TO FINDINGS AND RESULTS FOLLOWING MEDICAL CARE
Our clinic makes it possible to provide information about the results of medical care electronically, by phone or by post.
Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.
Purpose of data management: information about the results of medical findings
Legal basis for data management: the patient's prior consent, Id. Eüak., GDPR Article 6 (1) point a) or data processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract - GDPR Article 6 (1) point b)
The range of personal data handled: surname and first name; residential address (country, postal code, city, street, house number; in the case of a business company, company name and registered office, bank card number, telephone number, e-mail address
span>Duration of data management: 30-50 years after the date of issue of the invoice.
ld:
"The medical documentation and the findings of the imaging diagnostic procedure must be kept for at least 30 years from the date of data collection, and the final report for at least 50 years must be kept for 10 years. The pharmacy will keep prescriptions for 3 years. Exceptions to this are prescriptions containing narcotic and psychotropic substances, which have a retention period of 5 years."
Use of a data processor: our company uses the help of an IT service provider to operate the program related to medical care as follows.
Data processor name | Address | Data processing task description |
---|---|---|
KARDI-SOFT Orvosi Rendszerek Kft. | 9024 Győr Táncsics Mihály utca 43. | When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings |
By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Data processor name | Address | Data processing task description |
---|---|---|
Pro gyno-med Kft. (06 70 625 7975) | 1126 Budapest Szendi u. 16. | Telephone information |
Possible consequences of failure to provide data: the patient will not be informed about the results of the examination after the medical treatment
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
Our company has entered into a data processing contract for the data processing tasks, in which KARDI-SOFT Medical Systems Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the case of using an additional data processor, taking into account the legal processing of personal data in the case of the data processor we also provide.
9. SERVICES OF THE ELECTRONIC HEALTH SERVICE AREA (EEST), MANAGEMENT OF PERSONAL DATA
Brief introduction and purpose of the EESZT
Hungary's new e-health system is the Electronic Health Services Area (EESZT). The goal of the Hungarian e-health care reform system is to provide the population with faster, more efficient and service-centric care. The key to this is continuous contact between care institutions, treating doctors and pharmacies, through which information is uniform and accessible.
The EESZT is basically a system that facilitates the flow of information, with the help of which the data sent to the Space reaches the right person more easily and quickly. These data include personal data and health data for health care purposes. The manager of the data is the State Health Care Center (ÁEEK), which operates the EESZT.
If you would like to receive more extensive information about the operation of the EESZT and data management than this information, visit https://e-egeszsegugy.gov.hu to the information portal, where you can read the EESZT's data management information by clicking on the Data protection menu item.
Personal data managed in the EESZT
Uploading data to the EESZT starts with patient admission. The data generated in the course of health care are recorded in the EESZT in the following cases and in the following ways:
The central event catalog contains up-to-date data on your health care.
For the central event catalog, the data of the following events, the date of the event, the date of recording in the healthcare institution's system and the identifier of the person responsible for recording the event must be indicated:
Data retention period: 5 years after the Data Subject's death.
You can access the data:
Record of health documents
The purpose of the register is to enable treating physicians to access their patients' medical documents, the register contains these documents (e.g. outpatient card, findings, final report, etc.). The documents included here are stored according to the rules for health documentation and for a certain period of time.
Data retention period: 5 years after the Data Subject's death.
You can access the data:
eProfile
The register related to the health profile contains data describing the Data Subject's general state of health (current illnesses, general health data). The purpose of the record is
Provision of up-to-date and comprehensive health information for the attending physician for the benefit of the patient.
Data retention period: 5 years after the Data Subject's death.
You can access the data:
Where can you view the data entered into the EESZT regarding the Health Care of the Data Subject?
EESZT's Resident Portal is https://www.eeszt.gov.hu> can be found on the website. By clicking on the Login button, the person concerned can access his or her own personalized EESZT user account after entering the customer gatekeeper identification and TAJ number. With the help of this, you can easily get to know and at any time access or download the health documents and data related to the Affected person that are sent to the EESZT.
If the Data Subject does not have a customer portal, she can create one in the following ways:
More EESZT services offered by digital options can also be used by the Data Subject:
Under the SUPPLIES tab, the You can track your care events in your event catalog and in your e-Disease History ;"> find your patient documents created during your care and uploaded to EESZT.
You can query your own your electronic referrals filtered for a specific period, you can view their data content and print them out.
Under the RECIPES tab, you can inquire about the electronic recipes, also a list of your already triggered recipes, going back for a specified period. All prescription content is also available to the Data Subject, however, this does not replace the prescription certificate, which can be used to substitute the preparations prescribed for the Data Subject, so the prescription printed from here cannot be used to substitute medication.
Your traditional paper prescriptions only appear among triggered prescriptions, because they are added to the system by the pharmacy when the prescription is triggered.
You can request a notification under the SELF DETERMINATION tab if data or documents related to a Contact will be entered into the system. You can keep track of who and when, and what kind of data and documents you requested from the system. It is also in a position to provide for the accessibility of the data and documents of the EESZT.
10. DATA MANAGEMENT RELATED TO NEWSLETTER SUBSCRIPTION AND OTHER MARKETING ACTIVITIES
Our company keeps in touch with its guests by means of a newsletter, to whom it recommends its services, and informs about news and special offers related to its operation.
Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.
Purpose of data management: contact with potential patients
Legal basis for data management: consent of the data subject - Article 6 (1) point a) GDPR.
Indication of legitimate interest: maintaining and developing relationships with patients
Scope of processed personal data: name, e-mail address
Duration of data management: our company manages e-mail addresses until you unsubscribe from the newsletter.
Use of a data processor: our company uses the help of an IT service provider for the online newsletter sending system as follows. span>
Data processor name | Address | Data processing task description |
---|---|---|
The Rocket Science Group LLC (MailChimp) |
675 Ponce de Leon Ave NE, Suite 5000
| Mailchimp newsletter database storage |
By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Data processor name | Address | Data processing task description |
---|---|---|
KARDI-SOFT Orvosi Rendszerek Kft. | 9024 Győr Táncsics Mihály utca 43. | When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings |
Possible consequences of failure to provide data: The person concerned will not receive a newsletter from our company.
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
You can unsubscribe from the newsletter at any time by sending a letter to our company at info@villamedicina.hu or by clicking on the unsubscribe icon in the newsletter. In this case, we will immediately delete your e-mail address from our database.
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
Our company has entered into a data processing contract for the data processing tasks, in which GrandSoft Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the event of the use of an additional data processor, in view of this, we also ensure the legal processing of personal data in the case of the data processor.
11. COOKIE MANAGEMENT
In order to provide customized service, the Data Controller stores a small data package on the user's computer, the so-called it places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to link the user's current visit with previous ones, but only with regard to its own content.
Purpose of data management: identification, tracking and differentiation of users, identification of users' current session, storage of data provided during it, data loss prevention, web analytics measurements, personalized service.
Legal basis for data management: consent of the data subject.
Scope of managed data: ID number, date, time, and previously visited page.
Duration of data management: maximum 90 days
Additional information about data management: The user can delete cookies from his computer or disable the use of cookies in his browser. Cookies can usually be managed in the Tools/Settings menu of browsers under the Data protection/History/Personal settings menu under the names cookie, cookie or tracking.
Possible consequences of failure to provide data: the impossibility of using the service is described in 2-5 above. with regard to the services described in points.
12. WEBSITE SERVER LOGGING
When visiting the villamedicina.hu website, the web server automatically logs the user's activity.
Purpose of data management: during visits to the website, the service provider records visitor data in order to check the operation of the services and prevent abuse.
Legal basis for data management: point f) of Article 6 (1) of the GDPR. Our company has a legitimate interest in the safe operation of the website.
Type of personal data handled: ID number, date, time, address of the page visited.
Duration of data management: maximum 90 days.
Data processor name | Address | Data processing task description |
---|---|---|
Pro gyno-med Kft. | 1126 Budapest, Szendi u. 16. | Recording of visitor data and information necessary for the operation of the server |
Further information: Our company does not connect the data generated during the analysis of the log files with other information, and does not seek to identify the user. The address of the pages visited, as well as the date and time data, are not in themselves suitable for identifying the data subject, however, combined with other data (e.g. provided during registration), they are suitable for drawing conclusions about the user.
Logging-related data management by external service providers: The html code of the portal contains links to and from an external server independent of our company. The server of the external service provider is directly connected to the user's computer. We draw our visitors' attention to the fact that the providers of these links are able to collect user data (e.g. IP address, browser, operating system data, mouse pointer movement, address of the page visited and the time of the visit) due to the direct connection to their server and direct communication with the user's browser. The IP address is a series of numbers with which the computers and mobile devices of users accessing the Internet can be clearly identified.
IP addresses can even be used to locate the visitor using a given computer geographically. The address of the pages visited, as well as the date and time data, are not in themselves suitable for identifying the data subject, however, combined with other data (e.g. provided during registration), they are suitable for drawing conclusions about the user.
13. INTERNAL DATA PROTECTION
Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.
Purpose of data management: fulfillment of contract
Legal basis of data management: legitimate interest of the data controller
Duration of data management: in accordance with § 169 (2) of Act C of 2000 on accounting - December 31 of the 7th year following the given year.
Possible consequences of failure to provide data: no contract for medical services will be created
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
Other information related to data management: our company takes all necessary technical and organizational measures in the event of a possible data protection incident (e.g. damage, disappearance of files containing personal data, unauthorized to avoid becoming accessible to him). In the event of an incident that does occur, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation prescribing data management.
14. OTHER DATA MANAGEMENT
We provide information on data management not listed in this information when the data is collected. We inform our customers that certain authorities, bodies performing public duties, and courts may contact our company for the purpose of communicating personal data. If the relevant body has specified the exact purpose and the scope of the data, our company will only release personal data to these bodies to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request, and if the fulfillment of the request is required by law.
15. METHOD OF STORING PERSONAL DATA, SECURITY OF DATA MANAGEMENT
Our company's IT systems and other data storage locations are located at the headquarters and on servers rented by the data processor. Our company selects and operates the IT tools used in the provision of the service to manage personal data in such a way that the processed data:
We pay particular attention to the security of the data, we also take the technical and organizational measures and develop the procedural rules that are necessary to enforce the guarantees according to the GDPR. We protect the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.
The IT system and network of our company and our partners are protected against computer-assisted fraud, computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. Daily data backup is done. In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident - according to our incident management policy - we take immediate action to minimize risks and prevent damages.
16. RIGHTS OF THE PERSONS CONCERNED, LEGAL REMEDIES
The data subject can request information about the management of his personal data, and can request the correction of his personal data, or - with the exception of mandatory data management - deletion or withdrawal, he can exercise his right to data portability and protest as indicated when the data was collected, or at the above contact details of the data controller.
At the request of the data subject, we provide the information in electronic form without delay, but within 30 days at the latest, in accordance with our relevant regulations. We fulfill the requests of those concerned to fulfill the rights below free of charge.
Right to information:
Our company takes appropriate measures in order to provide the data subjects with all the information mentioned in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded, and at the same time precise.
The right to information can be exercised in writing, via the contact details given in point 1. At the request of the person concerned, information can also be provided orally after proof of identity. We inform our customers that if our company's employees have doubts about the identity of the data subject, we can request the provision of the information necessary to confirm the identity of the data subject.
The data subject's right to access:
The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed. If personal data is being processed, the data subject is entitled to access the personal data and the following information in the list.
In addition to the above, if personal data is transferred to a third country or an international organization, the data subject is entitled to receive information about the appropriate guarantees for the transfer.
Right of rectification:
Pursuant to this right, anyone can request the correction of inaccurate personal data managed by our company and the addition of incomplete data.
Right to erasure:
If one of the following reasons exists, the data subject has the right to have his or her personal data deleted without undue delay upon request:
Data deletion cannot be initiated if data management is necessary for the following purposes:
The right to restrict data processing:
At the request of the data subject, we restrict data processing in the case of conditions in Article 18 of the GDPR, i.e. if:
If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the European Union or a member state. The data subject must be informed in advance of the lifting of the restrictions on data management.
Right to data portability:
The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to transmit this data to another data controller. Our company can fulfill such a request of the person concerned in word or excel format.
Right to protest:
If personal data is processed for the purpose of direct business acquisition, the data subject has the right to object at any time to the processing of his personal data for this purpose, including profiling, if it is related to direct business acquisition. In case of objection to the processing of personal data for the purpose of direct business acquisition, the data cannot be processed for this purpose.
Automated decision-making in individual cases, including profiling:
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent. The above authorization cannot be applied if the data management
Right of withdrawal:
The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
Procedural rules:
The data controller informs the data subject without undue delay, but in any case within one month of receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.
If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.
If the data controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the data subject may file a complaint with the supervisory authority and exercise his right to judicial redress.
The data controller informs all recipients of all corrections, deletions or data management restrictions carried out by them, to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.
Compensation and damages:
Any person who has suffered material or non-material damage as a result of a violation of the data protection regulation is entitled to compensation from the data manager or data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations set out in the law, specifically burdening the data processors, or if it has ignored or acted contrary to the legal instructions of the data controller. If several data managers or data processors or both data managers and data processors are involved in the same data management and are liable for damages caused by data management, each data manager or data processor is jointly and severally liable for the entire damage.
The data manager or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.
Right to go to court and official data protection procedure:
In the event of a violation of their rights, the data subject may appeal to the court against the data controller. The court acts out of sequence in the case.
You can file a complaint with the National Data Protection and Freedom of Information Authority.
Address of the authority: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36-1-391.1400
E-mail: ugyfelszolgalat@naih.hu
* We would like to inform you that in accordance with the General Data Protection Regulation ("GDPR"), which entered into force on May 25, 2018, we cannot start medical care without your consent.
CAMERA RULES
The Camera Regulations enter into force: Budapest, on September 14, 2020 |
1. Purpose of the policy
These regulations (hereinafter: "Regulations") aim to ensure that , that Pro Gyno-Med Kft., as a data controller and as an employer (hereinafter: "Institution") at its headquarters installed electronic image surveillance system by the affected persons (including employees of the Institution and persons in a legal relationship with the Institution for other work purposes, hereinafter: "Employees"; as well as patients and other visitors to the Institution, as the persons affected by camera surveillance, hereinafter collectively: "Affected") in accordance with the European Union and Hungarian legal regulations regarding the right to self-determination of information, applies transparently and fully respects the constitutional and personal rights of the Data Subjects.
The regulation also aims to define in detail the data management rules related to the operation of the surveillance camera system, in particular:
2. Scope of the policy
The territorial scope of this regulation covers the areas of VILLA MEDICINA monitored by camera.
The personal scope of these regulations applies to persons in a legal relationship for employment at the VILLA MEDICINA institution , as well as patients and natural persons visiting the Institution.
The material scope of these regulations covers all data management and data processing that applies to data recorded by the Institute’s cameras.
3. The purpose of camera surveillance
The purpose of camera surveillance is to protect the security of the building used by the Institution and the assets, equipment, technical items, and valuables of the building used by the Institution and affected by the surveillance, to protect their value and condition, as well as to protect and ensure the life, physical integrity and property of the persons staying in the monitored area, prevention of unlawful actions, detection of detected violations, and proof within the framework of official or court proceedings.
The camera system operated for these purposes is a safety technology solution that serves to prevent accidents, as well as illegal acts involving damage, as well as to detect detected violations and prove them in the framework of official or court proceedings.
The scope of the processed data: the likeness of the persons concerned, the behavior affected by the surveillance, as well as the data that can be obtained with the camera image (place of stay, time of stay).
4. The regulations to be considered
Member State or EU legislation considered when preparing the regulations:
5. Interpretative provisions
Surveillance camera system: The surveillance camera system: the devices and solutions that, by placing and operating cameras, enable remote monitoring of the area, with the cameras taking pictures, storing the pictures, and transmitting the data.
Territory: An area within the jurisdiction of the Institution that can be identified in the real estate register as a plot of land used by the Institution (or as an operational area within it). span>
Personal data: GDPR Article 4. "personal data": any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.
Data controller: GDPR Article 4.2 "data processing": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such the collection, recording, systematization, segmentation, storage, transformation or change, query, insight, use, communication through transmission, distribution or otherwise making it available, coordination or connection, restriction, deletion or destruction.
Data processing: GDPR Article 4.2 "data processing": any operation or set of operations performed on personal data or data files in an automated or non- automated manner, such as the collection, recording, systematization, segmentation, storage, transformation or change, query, insight, use, communication through transmission, distribution or otherwise making it available, coordination or connection, restriction, deletion or destruction.
Data transmission: Data transmission - Infotv. Data transfer according to § 3.11: making the data available to a specific third party.
Adattörlés: Adattörlés – az Infotv. 3. § 13. pontja szerinti adattörlés: az adat felismerhetetlenné tétele oly módon, hogy a helyreállítása többé nem lehetséges.
Data destruction: Data destruction - Infotv. Data erasure according to Section 3.16: complete physical destruction of the data carrier containing the data.
Data processor: Data processor - Infotv. Data processor according to Section 3, point 18: a natural or legal person, or an organization without legal personality, who processes data on the basis of a contract, including a contract concluded under the provisions of the law.
6. The area surveillance camera system
6.1. Structure of the system
The area surveillance camera system consists of the following parts:
6.2. Cameras placed in the area
A camera may be placed and operated in the area only in accordance with the provisions of these regulations and in accordance with the decision to place the camera. The cameras can therefore be placed in the place specified by the regulations in such a way that they are suitable for monitoring the area included in the regulations.
The inspection service decides on the exact location of the cameras, considering the visibility of the area to be monitored. In justified cases, you can make a proposal to the head of the Institution for the placement of several cameras to accurately monitor a given area.
The cameras must be placed in a clearly visible location. Information on the fact of the operation of the posted cameras must be posted at all monitored locations.
The information must include at least:
The information must be placed in such a way that the information becomes visible to persons wishing to enter the area before the observation. The information must be displayed in a clearly visible place or places.
In the surveillance system, cameras with technical certificates suitable for the purpose of surveillance must be used.
7. Information
CXXXIII of 2005 on the rules for the protection of persons and assets, as well as private detective activities. in accordance with the provisions of Article 28, paragraph (2) point c) of the Act, the Institution places a warning sign on the fact that an electronic surveillance system is operating in the given area for third parties who wish to enter the building. Employees are informed in accordance with the Data Protection and Data Management Regulations.
8. The central room
The central monitoring and recording and data management room of the area surveillance camera system is located in the premises of the Institution provided for this purpose.
The images transmitted by the external cameras:
9. Viewing recordings
The surveillance system used by the Institution can be used for direct observation (live image), only employees employed in the position according to these regulations have the right to direct observation, and only to the extent necessary for the performance of their duties. The monitor for viewing and possibly reviewing the images must be placed in such a way that during the broadcast of the images they cannot be seen by persons outside the scope of authorization.
10. Operating order of the system
10.1. The purpose of operating the system
Monitoring of employees may be carried out in accordance with § 9 and § 11 of the Labor Code. Infotv must be observed during operation. the provisions of § 4.
The primary purpose of the operation of the area surveillance camera system is the Szvtv. Define. The Szvtv. enables the use of the electronic monitoring system in four cases:
The Institution is the Szvtv. You may act in accordance with § 26, paragraph (1) when guarding your facilities, except that pursuant to paragraph (2), you may not use an electronic surveillance system in public areas either.
10.2. Owner and operator of the system
The territorial surveillance camera system is the property of the Institution. The unit and personnel determined by the Institution are authorized to use, manage and operate the system.
10.3. Operation of the Surveillance camera system
Images transmitted by the surveillance camera system:
Duration of monitoring: Monday-Friday, from 8:00 a.m. to 7:00 p.m.
Recording the images of the surveillance camera system:
Duration of recording: Monday-Friday, from 8:00 a.m. to 7:00 p.m.
The purpose of recording the images is that, if necessary, they can be used as evidence in individual proceedings.
10.4. Viewing recorded footage
Reviewing the images recorded by the CCTV system:
It must be isolated on the viewed recordings:
The area supervisor is obliged to:
In the case of recordings of an incident, the area supervisor must, within two working days of the recording of the images, sounds and images and sounds:
12. Data management related to the area surveillance camera system
12.1. Footage recorded by the camera system as personal data
Recordings recorded in the area surveillance camera system are considered personal data, therefore the data management rules defined in the Information Act and these regulations must be enforced.
12.2. Basic principles of data management
The main principles of data management:
The purpose of processing personal data on the part of those entitled to control:
12.3. Legal basis for data management
The legal basis for the data management of those entitled to control is the Szvtv. It is defined by § 26, paragraph (1) and § 30.
12.4. Limitations of data management
Recordings recorded by the area surveillance camera as personal data in the area affected by the recording:
The footage recorded by the area surveillance camera must be issued as evidence:
The justification is appropriate if it contains:
The request must be refused if:
12.5. Time content of data management, deletion of data
The General Data Protection Regulation. during data processing, personal data can only be processed for the time necessary to achieve the purpose.
Data management period for recordings that do not contain extraordinary events
Recordings that do not contain extraordinary events can be processed for three working days after recording, after which they must be deleted immediately.
Time content of data management of recordings containing extraordinary events
The data processing time of recordings containing extraordinary events may not exceed 30 days. Data management may last longer than 3 working days after the recording, if during the procedure initiated by the supervision, the person entitled to initiate the procedure has informed the supervision of the fact of the initiation of the procedure within 3 working days after the recording.
If data has been forwarded to the body conducting the procedure or to a private individual in a procedure initiated to exercise their rights, the data must be deleted.
Extension of the data management period upon request
The person whose right or legitimate interest is affected by the recording of the image, sound, or image and sound recording, or other personal data, within three working days from the recording of the image, sound, image and sound recording, or other personal data by proving your right or legitimate interest, you can request that the data is not destroyed or deleted by its manager. At the request of a court or other authority, the recorded image, sound, image and sound recording, as well as other personal data must be sent to the court or authority immediately. If an inquiry is not made within 30 days of the request not to be destroyed, the recorded image, sound, and image and sound recording, as well as other personal data, must be destroyed or deleted. Information on data transfer to the person included in the recorded recording is free of charge.
12.6. Right of inspection
On the part of those entitled to control, it must be ensured for the private individuals concerned that the person in the recording can view the recording made of him/her during the time available for data management, typically within 3 working days of the recording of the recorded image, sound, and image and sound. The data subject has his rights in accordance with Article III of the General Data Protection Regulation. can practice according to the provisions of chapter.
13. Data security
On the part of those entitled to control, the protection of the personal data of those concerned must be ensured. The protection must cover private secrets and the circumstances of private life, so that they do not come to the knowledge of an unauthorized person.
The data must be protected in particular:
14. Organizational measures
14.1. Persons
The person authorized to check may be in the central room of the area surveillance camera system.
The recordings recorded by the area surveillance camera system can only be managed by a specific person, the person authorized to check.
The person designated in these regulations is entitled to:
Only persons who are entrusted with data management or who have the right to access may enter the central room. They must prove their access rights.
Only the person performing personal and asset protection activities is entitled to see the recorded image, sound, image and sound recording, as well as other personal data, for whom this is necessary to enforce their obligations arising from the contract and is indispensable in order to prevent or interrupt the illegal act. The name of the person handling the recorded image, sound, and image and sound recording, as well as personal data, or the person carrying out personal and property protection activities entitled to access it for other reasons, as well as the reason and time of access to the data, must be recorded in a protocol.
14.2. Operational safety
Those authorized to check regularly, but at least at the beginning of the working day, check the operation of the system. During operation, it is necessary to ensure that the data is continuously backed up to a separate device.
Devices suitable for serving the system and other data carriers – except for legal data transmission – cannot be taken out of the central room.
Compliance with data protection regulations must also be ensured when IT devices are maintained. Maintenance and repairs may only be carried out in the presence of an authorized person.
Strangers may stay in the central room only in the presence of those authorized to check.
In the presence of strangers, the review of the recordings must be interrupted, if it is not possible to exclude the possibility of the review data being read by strangers in any other way.
An operational diary must be kept about the operation and the stay of strangers in the central room.
14.3. Data transfer
Data may only be forwarded in the cases specified in these regulations – and in the legislation. The data is transferred to a data carrier provided by the representative of the body or authority authorized for the procedure.
15. Technical measures
Uninterruptible power source
By providing an uninterrupted power source, it is necessary to ensure that the system can operate continuously and that malfunctions do not occur due to power outages.
IT protection
The management of data files must be organized in such a way that their content can be reconstructed in the event of partial or total destruction. At least one backup of the original data files must be made so that the original data is still available in case of destruction or damage of one of them. In the computer system operating the IT system enabling data recording of the area surveillance camera system, it must be ensured that:
Identification of data carrier
Only registered data carriers can be used in the system so that the location and destruction of the managed data can be tracked. Apart from data transmission, only a storage space that is not separated from the computer can be used as a data carrier.
16. Other data security measures
The central room of the area surveillance camera system:
The data stored in the central room is protected by:
17. Obligation to keep records
Records must be kept in connection with the operation of the area surveillance camera system:
17.1 Camera records
Camera records must include at least:
17.2. Operating log
During the operation of the system, an operational log must be kept on regular, daily checks of the system’s condition, as well as on the presence of strangers in the central room. The operation log contains:
17.3 Observation log
In the case of surveillance in a central room of footage broadcast by the surveillance camera system, the data relating to the surveillance must be recorded in the surveillance log. The monitoring log must include:
17.4 Look back log
In the case of viewing the footage recorded by the surveillance camera system in a central room, the data relating to the viewing and the saving of image details of extraordinary events must be recorded in a log.
The lookback log should include:
17.5 Register of data carriers
The data carrier register must contain:
17.6. Data copy log
The data copying log must contain the following from recorded recordings, recorded image, sound, and image and sound recording parts:
17.7. Data transfer log
The data transfer register must be kept annually and the register must be kept for 5 years.
The register must include:
17.8 Record of destruction of recordings
Records must be kept of the destruction of recordings. The register must include:
17.9. Incident record
The register must include:
18. Duties and powers
Exercises data management tasks and powers:
18.1. The data management duties and powers of the person (manager) performing the task of inspection
The manager’s data management task is to:
18.2. Data management tasks and powers of the area supervisor
The data management tasks of the Head of the Institution or his representative:
19. Introducing the content of the regulations
The persons concerned are obliged to acknowledge the fact that they have read the content of the regulations by signing.
The contents of the regulations must be made known:
20. Final provisions
The regulations are annexed to:
Dr. Kiarash Bahrehmand
managing director
Copyright © 2024 Villa Medicina All rights reserved