Privacy Policy | Villa Medicina

PRO GYNO-MED LTD. DATA MANAGEMENT NOTICE

GENERAL PROVISIONS

As the operator of Villa Medicina, Pro gyno-med Kft., 1126 Budapest, Szendi utca 16. ensures in all cases the legality and expediency of data management with regard to the personal data it manages. The purpose of this information is that patients who make an appointment and provide their personal data can receive appropriate information about the conditions and guarantees and for how long their data will be processed by our company before making the reservation or providing their personal data. Our company adheres to the contents of this information sheet in all cases involving personal data management, and we consider what is described here mandatory for us.

At the same time, we reserve the right to change what is described in this unilateral legal declaration, in which case we will inform the affected parties in advance (www.villamedicina.hu). If you have any questions about the contents of this information sheet, please write us a letter (www.info@villamedicina.hu). The data management of our company’s activities is based on voluntary consent and legal authorization (cf. health legislation. (see point 3), and in some cases, data management is necessary to take steps at the request of the data subject before concluding the contract.

year CXII. Act on the right to self-determination of information and freedom of information (infotv.)
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation, GDPR);

Legal references for institutions providing health services:

Act V of the year on the Civil Code (Ptk.);
CLIV of 1997 on health care. law
XLVII of 1997 on the management and protection of health and related personal data. law (Eüak)
Government Decree 44/2008 (II.29) on the appointment of the body performing data management tasks in the event of the termination of the health documentation manager without a legal successor
381/2016. (XII.2.) Government Decree on the Integrated Legal Protection Service
year CLXXII. Act on the amendment of certain laws on health and health insurance
Constitutional Court No. 15/1991 (IV.13.) decision
XXV of 2000 on chemical safety. law
XCV per year. Act – Medicines Act

The details and contact details of the data controller are as follows:

Name: Pro gyno-med Kft. (Villa Medicina)

Address: 1126 Budapest, Szendi utca 16. (1124 Bp. Németvölgyi út 68.)

Company registration number: 01 09 717455

Tax number: 13074571-2-43

Phone number: +36 70 625 7975

E-mail: info@villamedicina.hu

Name of data protection officer: Vanda Hajdinák.

The e-mail address of the data protection officer is: vhajdinak@villamedicina.hu

House rule

General terms of service

Camera policy

Sweepstakes Rules

Concept definitions

“personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
“data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or by making it available in other ways, coordinating or connecting, limiting, deleting or destroying;
“data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
“data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
“recipient”: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
“consent of the data subject”: a voluntary, specific and well-informed and clear declaration of the will of the data subject, with which the data subject indicates by means of a statement or an unmistakable act of confirmation that he/she consents to the processing of personal data concerning him/her;
“data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled. 3. Principles for handling personal data:

Personal data:
it must be handled lawfully and fairly, as well as in a transparent manner for the data subject (“legality, fair procedure and transparency”);
should be collected only for specific, clear and legitimate purposes, and should not be handled in a manner incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose (“purpose limitation”);
they must be appropriate and relevant in terms of the purposes of data management, and must be limited to what is necessary (“data economy”);
they must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (“accuracy”);
it must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms (“limited storage capacity”);
must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (“integrity and confidentiality”).

The data controller is responsible for compliance with the above, and must also be able to prove this compliance (“accountability”).

We provide the following information regarding our individual data management.

DATA MANAGEMENT RELATED TO ONLINE APPOINTMENT

Our company provides the opportunity to book an appointment online so that you can book an appointment with our doctors working at Villa Medicina in a quick, convenient and cost-free way.

Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.

The purpose of data management: to make appointment booking easier, cost-free and more efficient.

Legal basis for data management: prior consent of the person booking the appointment.

Scope of processed personal data: address; surname and first name; telephone number; e-mail address

Duration of data management: two years following the date of the reservation (in some cases, due to legal obligations, there is no way to delete health data. 30 or 50 years retention obligation – see Eüak.).

Use of a data processor: our company uses the help of an IT service provider for the online accommodation system as follows.

Name of data processor	Location	Description of data processor task
Salonic International Kft.	1054 Budapest, Honvéd utca 8. 1. em. 2.	Providing the possibility of online appointment booking through the Salonic system

Name of data processor	Location	Description of data processor task
KARDI-SOFT Orvosi Rendszerek Kft.	9024 Győr Táncsics Mihály utca 43.	Performance of customer management tasks when using the DOKIREX medical system

Name of data processor

Location

Description of data processor task

KARDI-SOFT Orvosi Rendszerek Kft.

9024 Győr

Táncsics Mihály utca 43.

Performance of customer management tasks when using the DOKIREX medical system

By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:

Possible consequences of failure to provide data: no contract is created for booking an appointment or regarding medical care.

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format, and is also entitled to have this data forwarded to another data controller by our company upon request.

Other information related to data management: our company takes all necessary technical and organizational measures to avoid a possible data protection incident (e.g. damage, disappearance of files containing personal data, access to unauthorized persons). In the event of an incident that still occurs, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of people affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation requiring data management.

Our company has entered into a data processing contract for the data processing tasks, in which Booked4.us Bt. and Salonic International Kft. undertake to obligatorily apply the data protection and data management guarantees required by the data processing contract if additional data processors are used, in view of this, personal data is lawful we also provide for the processing of the data processor.

DATA MANAGEMENT IN CONNECTION WITH MEDICAL SERVICES

Our clinic enables appropriate medical care after providing various personal data.

Controller of personal data: Pro gyno-med Kft., 1126 Budapest, Szendi u. 16.

Purpose of data management: medical care

Legal basis for data processing: prior consent of the patient, GDPR Article 6 (1) point a), and data processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract – GDPR Article 6 (1) point b)

Scope of processed personal data: address; surname and first name; residential address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business company, company name and seat, bank card number, EP card data (identification, name on the card), TAJ number

Duration of data management: thirty years after the date of medical care.

Use of a data processor: our company uses the help of an IT service provider to operate the medical system as follows.

Name of data processor	Location	Description of data processor task
KARDI-SOFT Orvosi Rendszerek Kft.	9024 Győr Táncsics Mihály utca 43.	When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Name of data processor

Location

Description of data processor task

KARDI-SOFT Orvosi Rendszerek Kft.

9024 Győr

Táncsics Mihály utca 43.

When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Name of data processor	Location	Description of data processor task
KBOSS.hu Kft.	1031 Budapest Záhony utca 7.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, ensuring the traceability of transactions for trading partners
Spektrum Lab Kft.	1038 Budapest, Papírgyár utca 58-59.	Human health laboratory service
Istenhegyi Géndiagnosztika Kft.	1125 Budapest Zalatnai u.2.	Human health laboratory service
Preventrend Diagnosztika Központ Kft.	HU-1148 Budapest, Bolgárkertész u. 56.	Other human health care screening test
Vascular Diagnostics Kft.	1095 Budapest, Lechner Ödön fasor 3. C. lház. 3. em. 1.	Other human health care screening test
HUMANCELL MCC Kft	1087 Budapest Fiumei út 7.	Other human health care screening test
MEDSERV Egészségügyi Szolg. És Ker. Kft.	1112 Budapest, Süveg u. 10/B.	Provision of healthcare services, histological examination
New Era Genetics Kft.	1026 Budapest Gábor Áron u. 74-78.	Other human health care screening test

Possible consequences of failure to provide data: no contract is created for booking an appointment or regarding medical care

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format, and is also entitled to have this data forwarded to another data controller by our company upon request.

Our company has entered into a data processing contract for the data processing tasks, in which KARDI-SOFT Medical Systems Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the event of the use of an additional data processor, taking into account the legal processing of personal data in the case of the data processor we also provide.

DATA MANAGEMENT IN CONNECTION WITH DIFFERENT
MEDICAL SERVICES

Our clinic enables appropriate medical care after providing various personal data.

Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.

Purpose of data management: medical care

Scope of processed personal data: address; surname and first name; residential address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business company, company name and registered office, bank card number, EP card data (identification, name on the card), TAJ number, medical history

Duration of data management: thirty years after the date of medical care. (In some cases, due to legal obligations, there is no way to delete health data. 30 or 50 years retention obligation – see Eüak.).

Use of a data processor: our company uses the help of an IT service provider to operate the medical system as follows.

Name of data processor	Location	Description of data processor task
KARDI-SOFT Orvosi Rendszerek Kft.	9024 Győr Táncsics Mihály utca 43.	When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Name of data processor

Location

Description of data processor task

KARDI-SOFT Orvosi Rendszerek Kft.

9024 Győr

Táncsics Mihály utca 43.

When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

Possible consequences of failure to provide data: no contract is created for booking an appointment or regarding medical care

Name of data processor	Location	Description of data processor task
Pro gyno-med kft.	1124 Bp. Szendi u. 16.	Management of data required for health care, medical examinations, and preparation of medical recommendations
OPHTOGYN Kft.	2071 Páty, Móricz Zs. u. 53.	Management of data required for health care, medical examinations, and preparation of medical recommendations
Medical Express Betéti Társaság	2053 Herceghalom, Széchenyi u. 5.	Management of data required for health care, medical examinations, and preparation of medical recommendations
H P Diagnózis Bt.	2890 Tata, Toldi Miklós u. 19. A ép.	Management of data required for health care, medical examinations, and preparation of medical recommendations
Intermed Bt.	1027 Bp. Horvát u. 28. fsz. 1.	Management of data required for health care, medical examinations, and preparation of medical recommendations
Infertility Betéti Társaság	4800 Vásárosnamény Dózsa György út 30.	Management of data required for health care, medical examinations, and preparation of medical recommendations
Dr. Fábián Medical kft.	2094 Nagykovácsi, Bajcsy Zsilinszky u. 40.	Management of data required for health care, medical examinations, and preparation of medical recommendations
ZOÉ-MED Egészségügyi Kft.	2330 Dunaharaszti, Fő út 84. A. ép. Fsz. 1. ajtó	Management of data required for health care, medical examinations, and preparation of medical recommendations

Other information related to data management: our company takes all necessary technical and organizational measures to avoid a possible data protection incident (e.g. damage, disappearance of files containing personal data, access to unauthorized persons). In the event of an incident that still occurs, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of people affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation requiring data management. you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format, and is also entitled to have this data forwarded to another data controller by our company upon request.

DATA MANAGEMENT IN CONNECTION WITH FINANCIAL SERVICES FOLLOWING MEDICAL CARE

Our clinic enables appropriate medical care after providing various personal data.

Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.

The purpose of data management is to provide financial services following medical care

Scope of processed personal data: surname and first name; residential address (country, postal code, city, street, house number; in the case of a business company, company name and registered office, bank card number, EP card data (identifier, name on the card), e-mail address in the case of an e-invoice

Duration of data management: eight years after the date of issue of the invoice

Use of a data processor: our company uses the help of an IT service provider to operate the invoicing program as follows.

Name of data processor	Location	Description of data processor task
KBOSS.hu Kft.	1031 Budapest Záhony utca 7.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, ensuring the traceability of transactions for trading partners

Name of data processor

Location

Description of data processor task

KBOSS.hu Kft.

1031 Budapest

Záhony utca 7.

Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, ensuring the traceability of transactions for trading partners

Name of data processor	Location	Description of data processor task
2PM Bt.	2093 Budajenő, Füzes utca 9.	Use of the accounting service following payment transactions
Generali Egészség- és Önsegélyező Pénztár	1066 Budapest, Teréz krt. 42-44.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
TEMPO Egészség- és Önsegélyező Pénztár	1025 Budapest II. Nagybányai út 92.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Patika Zrt.	1022 Budapest, Bimbó út 18.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
OTP Országos Egészség és Önsegélyező Pénztár	1051 Bp. Mérleg u. 4.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
MKB-Pannónia Egészség és Önsegélyező Pénztár	1056 Bp. Váci u. 38.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Prémium Egészségpénztár	1138 Bp. Dunavirág u. 2-6.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Allianz Egészségpénztár	1087 Bp. Könyves Kálmán körút 48-52.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Vitamin Egészségpénztár	1023 Budapest, Bécsi út 4.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Medicina Egészségpénztár	1037 Bp. Montevideó u. 5.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Vasutas Egészségpénztár	1144 Bp. Kőszeg u. 26.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Dimenzió Egészségpénztár	1119 Budapest, Fehérvári út 84. A. épület III	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
Card Consulting Kft.	1033 Budapest, Kárpát u. 52.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.
OTP Pénztárszolgáltató Zrt.	1051 Budapest, Mérleg u. 4.	Conducting the data communication required for payment transactions between the merchant and the payment service provider’s system, customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.

Possible consequences of failure to provide data: no contract for medical care will be created

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format, and is also entitled to have this data forwarded to another data controller by our company upon request.

Other information related to data management: our company takes all necessary technical and organizational measures to avoid a possible data protection incident (e.g. damage, disappearance of files containing personal data, access to unauthorized persons). In the event of an incident that still occurs, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of people affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as the other data specified in the legislation requiring data management.

Our company has entered into a data processing contract for the data processing tasks, in which KBOSS.hu Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the event of the use of an additional data processor, in view of this, we also ensure the legal processing of personal data in the case of the data processor.

DATA MANAGEMENT RELATED TO FINDINGS AND RESULTS FOLLOWING MEDICAL CARE

Our clinic makes it possible to provide information about the results of medical care electronically, by phone or by mail.

Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.

Purpose of data management: information on the results of medical findings

The legal basis for data processing: the patient’s prior consent, Id. Eüak., GDPR Article 6 (1) point a), and data processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract – GDPR Article 6 (1) paragraph b ) point

Duration of data management: 30-50 years after the date of issue of the invoice.

see:

“The health documentation and the findings from the imaging diagnostic procedures must be kept for at least 30 years from the date of data collection, and the final report for at least 50 years. The recording itself, made with an imaging diagnostic procedure, must be kept for 10 years from the time it was taken. The pharmacy keeps the prescriptions for 3 years. Exceptions to this are prescriptions for drugs containing narcotic and psychotropic substances, which have a retention period of 5 years.”

Use of a data processor: our company uses the help of an IT service provider to operate the program related to medical care as follows.

Name of data processor	Location	Description of data processor task
KARDI-SOFT Orvosi Rendszerek Kft.	9024 Győr Táncsics Mihály utca 43.	When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Name of data processor

Location

Description of data processor task

KARDI-SOFT Orvosi Rendszerek Kft.

9024 Győr

Táncsics Mihály utca 43.

When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Name of data processor	Location	Description of data processor task
Pro gyno-med Kft. (06 70 625 7975)	1126 Budapest Szendi u. 16.	Telephone information

Name of data processor

Location

Description of data processor task

Pro gyno-med Kft. (06 70 625 7975)

1126 Budapest

Szendi u. 16.

Telephone information

Possible consequences of not providing data: the patient is not informed about the results of the examination after the medical treatment

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format, and is also entitled to have this data forwarded to another data controller by our company upon request

SERVICES OF THE ELECTRONIC HEALTH SERVICE SPACE (EESTIA), MANAGEMENT OF PERSONAL DATA

Brief introduction and purpose of the EESZT

Hungary’s new e-health system is the Electronic Health Services Area (EESZT). The goal of the Hungarian e-health care reform system is to provide the population with faster, more efficient, and service-centric care. The key to this is continuous contact between care institutions, treating doctors and pharmacies, through which information is uniform and accessible.

The EESZT is basically a system that promotes the flow of information, with the help of which the data sent to the Space reaches the right person more easily and quickly. These data include personal data and health data for health care purposes. The manager of the data is the State Health Care Center (ÁEEK), which operates the EESZT.

If you would like to receive more extensive information about the operation of the EESZT and data management than this information, visit the information portal https://e-egeszsegugy.gov.hu , where you can read the data management information of the EESZT by clicking on the Data protection menu item.

Personal data managed in the EESZT

Uploading data to the EESZT starts with patient admission. The data generated during health care are recorded in the EESZT in the following cases and in the following ways:

The central event catalog contains up-to-date data on your health care.

For the central event catalog, the data of the following events, the date of the event, the date of recording in the healthcare institution’s system and the identifier of the person responsible for recording the event must be indicated:

start/end of inpatient care and other data
start/end of outpatient specialist care and other data
initiation/completion and other data of primary care provided by a family doctor, family pediatrician and dentist
Start/completion of CT/MR examination and other data.

Data retention period: 5 years after the Data Subject’s death.

You can access the data:

court, authorities (acting in their duties)
The Data Subject’s treating physician, family doctor in relation to health care, in accordance with the Data Subject’s digital self-determination settings.

Record of health documents

The purpose of the register is to enable treating physicians to access their patients’ medical documents, the register contains these documents (e.g. outpatient card, findings, final report, etc.). The documents included here are stored according to the rules for health documentation and for a certain period of time.

Data retention period: 5 years after the Data Subject’s death.

You can access the data:

the healthcare institution
Affected

eProfile

The register related to the health profile contains data describing the Data Subject’s general state of health (current illnesses, general health data). The purpose of the record is

Provision of up-to-date and comprehensive health information to the attending physician for the benefit of the patient.

Data retention period: 5 years after the Data Subject’s death.

You can access the data:

the Data Subject’s treating physician or general practitioner

Where can you view the data entered in the EESZT regarding the Data Subject’s health care?

The Resident Portal of the EESZT can be found on the website https://www.eeszt.gov.hu. By clicking on the Login button, the person concerned can access his or her own personalized EESZT user account after entering the customer gatekeeper identification and TAJ number. With this, you can easily get to know and at any time access or download the health documents and data related to the Data Subject that are sent to the EESZT.

If the Data Subject does not have a customer portal, he can create one in the following ways:

In person at any document office, government office customer service office, tax authority customer service or foreign representation;
Electronically, if you have a valid identity card issued after January 1, 2016.

The Data Subject can also use several EESZT services offered by digital options on the Citizen Portal interface:

Under the ELLÁTÁSOK tab, in the Event Catalog, you can track your care events, and in your e-Disease history you can find your patient documents created during your care and uploaded to EESZT.

Under the BEUTALÓK tab, you can query your own electronic referrals filtered for a specific period, view their data content, and print them out.

Under the RECEPTEK tab, you can query the electronic prescriptions prescribed for the Data Subject, as well as the list of prescriptions that have already been issued, dating back to a specific period. All prescription content is also available to the Data Subject, however, this does not replace the prescription certificate, which can be used to substitute the preparations prescribed for the Data Subject, so the prescription printed from here cannot be used to substitute medication.

Your traditional paper prescriptions only appear among triggered prescriptions, because they are added to the system by the pharmacy when the prescription is triggered.

Under the ÖNRENDELKEZÉS tab, you can request a notification if data or documents related to a Contact will be added to the system. You can keep track of who and when, and what kind of data and documents you requested from the system. It is also able to provide for the accessibility of the data and documents of the EESZT.

DATA MANAGEMENT RELATED TO SUBSCRIBING TO THE NEWSLETTER AND OTHER MARKETING ACTIVITIES

Our company keeps in touch with its guests by means of a newsletter, to whom it recommends its services, and informs about news and special offers related to its operation.

Controller of personal data: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.

Purpose of data management: contact with potential patients

Legal basis for data management: the consent of the data subject – Article 6 (1) point a) GDPR.

Designation of the legitimate interest: maintaining and developing relationships with patients

Scope of processed personal data: name, e-mail address

Duration of data management: our company manages e-mail addresses until you unsubscribe from the newsletter.

Use of a data processor: our company uses the help of an IT service provider for the online newsletter sending system as follows.

Name of data processor	Location	Description of data processor task
The Rocket Science Group LLC (MailChimp)	675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA	Mailchimp newsletter database storage

By accepting this data management information, the data subject gives her express consent to the Data Processor using additional data processors to make the service more convenient and customized as follows:

Name of data processor	Location	Description of data processor task
KARDI-SOFT Orvosi Rendszerek Kft.	9024 Győr Táncsics Mihály utca 43.	When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Name of data processor

Location

Description of data processor task

KARDI-SOFT Orvosi Rendszerek Kft.

9024 Győr

Táncsics Mihály utca 43.

When using the DOKIREX medical system, performing customer management tasks, recording medical histories, and reporting findings

Possible consequences of not providing data: The person concerned will not receive a newsletter from our company.

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format and is also entitled to have this data forwarded to another data controller by our company upon request.

You can unsubscribe from the newsletter at any time by sending a letter to our company at info@villamedicina.hu or by clicking on the unsubscribe icon in the newsletter. In this case, we will immediately delete your e-mail address from our database.

Our company has entered a data processing contract for the data processing tasks, in which GrandSoft Kft. undertakes to obligatorily apply the data protection and data management guarantees required by the data processing contract in the event of the use of an additional data processor, in view of this, we also ensure the legal processing of personal data in the case of the data processor.

COOKIE MANAGEMENT

To provide customized service, the Data Controller stores a small data package on the user’s computer, the so-called it places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider can connect the user’s current visit with previous ones, but only regarding its own content.

The purpose of data management is to: identify, track, and distinguish users from one another, identify the current user session, store the data entered during that session, prevent data loss, web analytics measurements, personalized service.

Legal basis for data management: the consent of the data subject.

Scope of managed data: ID number, date, time, and previously visited page.

Duration of data management: maximum 90 days

Additional information on data management: The user can delete cookies from his computer or disable the use of cookies in his browser. Cookies can usually be managed in the Tools/Settings menu of browsers under the Data protection/History/Personal settings menu under the name’s cookie, cookie or tracking.

Possible consequences of failure to provide data: impossibility of using the service, as described in 2-5 above. in terms of services described in points.

WEBSITE SERVER LOGGING

When visiting the villamedicina.hu website, the web server automatically logs the user’s activity.

Purpose of data management: during visits to the website, the service provider records visitor data to check the operation of the services and prevent abuse.

Legal basis for data management: point f) of Article 6 (1) of the GDPR. Our company has a legitimate interest in the safe operation of the website.

Type of personal data handled: ID number, date, time, address of the page visited.

Duration of data management: maximum 90 days.

Name of data processor	Location	Description of data processor task
Pro gyno-med Kft.	1126 Budapest, Szendi u. 16.	Recording of visitor data and information necessary for the operation of the server

Additional information: our company does not connect the data generated during the analysis of the log files with other information and does not seek to identify the user. The address of the pages visited, as well as the date and time data are not suitable for identifying the data subject by themselves, but when combined with other data (e.g., provided during registration) they are suitable for drawing conclusions about the user.

Logging-related data management by external service providers: The html code of the portal contains links to and from an external server independent of our company. The server of the external service provider is directly connected to the user’s computer. We draw our visitors’ attention to the fact that the providers of these links are able to collect user data (e.g. IP address, browser, operating system data, mouse pointer movement, address of the page visited and the time of the visit) due to the direct connection to their server and direct communication with the user’s browser. The IP address is a series of numbers with which the computers and mobile devices of users accessing the Internet can be clearly identified.

IP addresses can even be used to locate the visitor using a given computer geographically. The address of the pages visited, as well as the date and time data are not suitable for identifying the data subject by themselves, but when combined with other data (e.g., provided during registration) they are suitable for drawing conclusions about the user.

INTERNAL DATA PROTECTION personal data manager: Pro gyno-med Kft. 1126 Budapest, Szendi u. 16.

Purpose of data management: contract fulfillment

The legal basis for data management: the legitimate interest of the data controller

Duration of data management: in accordance with § 169 (2) of Act C of 2000 on accounting – December 31 of the 7th year following the given year.

Possible consequences of failure to provide data: no contract for medical services will be created

The rights of the data subject: the data subject (the person whose personal data is managed by our company)

you can request access to your personal data,
can request their correction,
you can request their deletion,
you can apply to limit the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority requests it, but for a maximum of thirty days, and beyond that, the data is not used for any other purpose handle),
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format and is also entitled to have this data forwarded to another data controller by our company upon request.

OTHER DATA MANAGEMENT

We provide information on data management not listed in this information when the data is collected. We inform our customers those certain authorities, bodies performing public duties, and courts may contact our company for the purpose of providing personal data. If the relevant body has specified the exact purpose and the scope of the data, our company will release personal data to these bodies only to the extent and to the extent that is necessary to achieve the purpose of the request, and if the fulfillment of the request is required by law.

METHOD OF STORING PERSONAL DATA, SECURITY OF DATA MANAGEMENT

Our company’s IT systems and other data storage locations are located at the headquarters and on servers rented by the data processor. Our company selects and operates the IT tools used in the provision of the service to manage personal data in such a way that the processed data:

accessible to those authorized to do so (availability);
its authenticity and authentication are ensured (authenticity of data management);
its immutability can be verified (data integrity);
be protected against unauthorized access (data confidentiality).

We pay special attention to the security of the data; we also take the technical and organizational measures and develop the procedural rules that are necessary to enforce the guarantees according to the GDPR. We protect the data with appropriate measures, against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

The IT system and network of our company and our partners are both protected against computer-assisted fraud, computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. Daily data backup is done. To avoid data protection incidents, our company takes all possible measures, in the event of such an incident – according to our incident management policy – we take immediate action to minimize the risks and prevent damages.

RIGHTS OF THE PERSONS CONCERNED, LEGAL REMEDIES

The data subject may request information about the processing of his personal data, and may request the correction of his personal data, or – except for mandatory data processing – deletion or withdrawal, he may exercise his right to data portability and protest as indicated when the data was collected, or at the above contact details of the data controller.

At the request of the data subject, we provide the information in electronic form without delay, but within 30 days at the latest, in accordance with our relevant regulations. We fulfill the requests of those concerned to fulfill the rights below free of charge.

Right to information:

Our company takes appropriate measures to provide data subjects with all the information mentioned in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible, and easily accessible form, clearly and comprehensibly worded, and at the same time precise.

The right to information can be exercised in writing, via the contact details given in point 1. At the request of the person concerned, information can also be provided orally after proof of identity. We inform our customers that if our company’s employees have doubts about the identity of the data subject, we can request the provision of the information necessary to confirm the identity of the data subject.

The data subject’s right to access:

The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed. If personal data is being processed, the data subject is entitled to access the personal data and the following information listed.

Purposes of data management;
categories of personal data concerned;
recipients or categories of recipients to whom or to whom the personal data has been or will be disclosed, including in particular recipients from third countries (outside the European Union) and international organizations;
the planned period of storage of personal data;
the right to rectification, deletion or restriction of data processing and the right to object;
the right to submit a complaint to the supervisory authority;
information about data sources; the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject.

In addition to the above, if personal data is transferred to a third country or an international organization, the data subject is entitled to receive information about the appropriate guarantees for the transfer.

Right of rectification:

Pursuant to this right, anyone can request the correction of inaccurate personal data managed by our company and the addition of incomplete data.

Right to erasure:

If one of the following reasons exists, the data subject has the right to have his/her personal data deleted without undue delay upon request:

personal data are no longer needed for the purpose for which they were collected or otherwise processed;
the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
the data subject objects to data processing and there is no overriding legal reason for data processing;
unlawful processing of personal data can be established;
the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller;
the collection of personal data took place in connection with the offering of services related to the information society.

Data deletion cannot be initiated if data management is necessary for the following purposes:

for the purpose of exercising the right to freedom of expression and information;
for the purpose of fulfilling an obligation according to EU or Member State law applicable to the data controller, requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority vested in the data controller;
in the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest;
or to present, assert or defend legal claims.

The right to restrict data processing:

At the request of the data subject, we restrict data processing in the case of conditions in Article 18 of the GDPR, i.e. if:

the data subject disputes the accuracy of the personal data, in this case the restriction applies to the period that allows the accuracy of the personal data to be checked;
the data processing is illegal and the data subject opposes the deletion of the data and instead requests the limitation of its use
the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, except for storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the European Union or a member state. The data subject must be informed in advance of the lifting of the restrictions on data management.

Right to data portability:

The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller. Our company can fulfill such a request of the person concerned in word or excel format.

Right to protest:

If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. In case of objection to the processing of personal data for the purpose of direct business acquisition, the data cannot be processed for this purpose.

Automated decision-making in individual cases, including profiling:

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent. The above authorization cannot be applied if the data management.

necessary in order to conclude or fulfill the contract between the data subject and the data controller;
is made possible by EU or Member State law applicable to the data controller, which protects the rights and freedoms and legitimate interests of the data subject
establishes appropriate measures for its protection; obsession
is based on the express consent of the data subject.

Right of withdrawal:

The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.

Procedural rules:

The data controller informs the data subject without undue delay, but in any case, within one month of receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art. If necessary, considering the complexity of the application and the number of applications, this deadline can be extended by another two months. The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.

If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.

If the data controller does not take measures following the data subject’s request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to act, and of the fact that the data subject may file a complaint with the supervisory authority and exercise his right to judicial redress.

The data manager informs all recipients of all corrections, deletions or data management restrictions carried out by him, to whom or to whom the personal data was disclosed, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.

Compensation and damages:

All persons who have suffered material or non-material damage because of a violation of the data protection regulation are entitled to compensation from the data manager or data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specified in the law, which are specifically imposed on data processors, or if it has ignored or acted contrary to the legal instructions of the data controller. If several data managers or data processors or both data managers and data processors are involved in the same data management and are liable for damages caused by data management, each data manager or data processor is jointly and severally liable for the entire damage.

The data controller or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.

Right to go to court and official data protection procedure:

In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.

You can file a complaint with the National Data Protection and Freedom of Information Authority.

The address of the authority: 1055 Budapest, Falk Miksa utca 9-11.

Telephone: +36-1-391.1400

E-mail: ugyfelszolgalat@naih.hu

* We would like to inform you that in accordance with the General Data Protection Regulation (“GDPR”), which entered into force on May 25, 2018, we cannot start medical care without your consent.

Services

About us

Contact