Home / Data Protection Policy

Data Protection Policy

Name and contact details of the Data Controller
Definitions
The importance of the processing of personal data by the Controller
Rights of the Data Subject

1. Name and contact details of the Data Controller

HUNMED Partners Korlátolt Felelősségű Társaság, (registered office: 1077 Budapest, Rózsa utca 38. A. ép.; registration number: 01-09-423705, hereinafter referred to as the "Company" or the "Controller") is considered as the controller of personal data in accordance with the General Data Protection Regulation and the Information Act (hereinafter referred to as the "Controller") due to the processing of personal data by visitors to the website www.odoktor.hu (hereinafter referred to as the "Website").

Contact details:
Address: 1077 Budapest, Rózsa utca 38. A. ép.
E-mail: info@odoktor.hu

Contact details of the Data Protection Officer:
UNI HILL Consulting Kft.
Donát Dékány
info@unihill.hu

2. Definitions

Terms not otherwise defined in this Privacy Notice have the meaning given to them in the General Terms and Conditions.

- "Personal Data": Any information related to a natural person, referred to in data protection legislation as the "Data Subject," may be considered personal data if it allows the identification of the natural person. Examples include name, telephone number, email address, and IP address.
- "Health Data": Refers to personal data concerning the physical or mental health of a natural person. This encompasses data about health services provided to a natural person that contains information about the individual's health.
- "Processing": Denotes any operation performed on personal data.
- "Controller": Refers to a natural or legal person, public authority, agency, or any other body that independently or jointly with others determines the purposes and methods of personal data processing.
- "Data Processor": Indicates a natural or legal person, public authority, agency, or any other body processing personal data on behalf of the controller.
- "Recipient": Denotes a natural or legal person, public authority, agency, or any other body to whom or to which personal data are disclosed, regardless of whether they are a third party.
- "Consent of the data subject": Refers to a freely given, specific, informed, and unambiguous indication of the data subject's wishes. It involves a statement or act unambiguously expressing consent to the processing of personal data concerning the data subject.

3. The importance of the processing of personal data by the Controller

¹Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
² Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information

3.1 Use of the Website
It is of importance for the Data Controller to provide its services to its customers in accordance with the needs and requirements of the modern age. This Policy contains detailed information about the processing of data during your visit to the Website.

Anyone's use of the Website's services and the provision of Personal Data in connection therewith is voluntary.

The Controller explicitly draws attention that a transfer of Personal Data to a third country takes place and informs the user of the Website as data subject that

- in case of transferring data to the United States, the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies.

- in case of transfer to Kazakhstan, due to the absence of an adequacy decision and appropriate safeguards such transfers may involve risks. The user of the Website as data subject shall explicitly consent to the transfer.

However, without consent to the provision and processing of Personal Data, the services of the Website may not be used.

You can make an appointment for a medical examination at a health institution via the website or use the Website as a healthcare service provider. Your Personal Data will be processed as described below:
3.2 Data processing related to Cookies
The Company uses cookies to facilitate the use of its Website.

A cookie is a small packet of data that is stored by Internet services in your browser. A cookie is a technology that is essential for the operation of an online service that provides an efficient and modern user experience.

The User can find out about the current cookies in the pop-up window on the Website and set his/her preferences when he/she uses the Website.

The User has the option to maintain and/or delete cookies at his/her convenience, which he/she can set in the internet browser settings.

Scope of data processed	Purpose of data processing	Legal basis for data processing	Data recipients, contractual partners, data processors	Duration of data processing
a) name b) e-mail address c) phone number d) selected health institution e) selected specialist f) selected medical service, examination g) place and time of medical examination h) fee for a medical examination i) review on the provided treatment j) type, date, nature of the treatment	The purpose of the data processing is to operate the appointment booking system available on the Website, to book appointments to the medical institutions and specialists (Partners) available on the Website, and to maintain contact with (e.g. to change or cancel an appointment). In case of healthcare professionals, the purpose of the data processing, further to the above, is to generate review of the services.	Explicit consent of the data subject /User (Article 6(1)(a) and Article 9 (2)a of the General Data Protection Regulation).	Health institutions and specialists available on the Website, visitors of the Website, analytics and marketing service providers. Please note that the Data Controller is not responsible for the adequacy of the data management of the Partners, so please give your consent to the transfer of data by familiarizing yourself with the data management rules of the Partner concerned. Data Processor: • QAZMED Partners LLP (registered office: Astana, Dom 11, kv. 366, prospekt Qabanbai Batyr, registration number: 161140013287) – providing marketing advisory and programming activities (monitoring the system, identifying bugs, optimizing the performance, error detection) • Twilio (registered office: 94105-1554 San Francisco, 101 Spear St FL 5, registration number: 4518652) – providing SMS, Whatsapp and API Services • Mailchimp (The Rocket Science Group LLC, registered office: 30308-2172 Atlanta, 675 Ponce De Leon Ave NE Ste 5000) – providing email services • Amazon AWS (registered office: 98101-1424 Seattle, 1915 Terry Ave) – providing Cloud servers and cloud storage • Medio MedTech Zrt. (registered office: 1095 Budapest, Lechner Ödön fasor 2. 7. em. 13. ajtó, registration number: 01-10-141172) - providing online appointment booking infrastructure • Google (registered office: 94043-1351 Mountain View, 1600 Amphitheatre Pkwy, registration number: 3582691) (Gmail, Google Analytics, Google maps, etc.) • Sentry (Functional Software, Inc., registered office: 94107-1308 San Francisco, 132 Hawthorne St) (indicting error logs)	The Website will process Personal Data until you request to withdraw your consent.

4. Rights of the Data Subject

The Data Controller attaches the utmost importance to ensuring that the rights of Data Subjects with regard to data processing are adequately protected at all times when processing Personal Data of natural persons. In this context, the following rights shall apply. In the event of any request by a data subject in relation to the processing of Personal Data, the Data Controller will ensure the exercise of the data subject's right within the shortest possible time from the receipt of the request, but not later than 1 month or, if it needs further information to ensure the exercise of the right, will contact the Data Subject without delay by e-mail or telephone (preferably using the same means of communication as the Data Subject used) to deal with the request.

4.1 Right to information and access

The Data Subject has the right to receive feedback from the Controller at any of the contact details indicated in this Policy as to whether or not his or her Personal Data is being processed and, if such processing is ongoing, the right to access the Personal Data and the following information:
a) the purposes of the processing;
b) the categories of Personal Data concerned;
c) the recipients or categories of recipients to whom or with whom the Personal Data have been or will be disclosed, including in particular recipients in third countries or international organisations;
d) the intended duration of the storage of the Personal Data or, if this is not possible, the criteria for determining that duration;
e) the right of the Data Subject to request the Controller to rectify, erase or restrict the processing of Personal Data relating to him or her and to object to the processing of such Personal Data;
f) the right to lodge a complaint with a supervisory authority;
g) where the data have not been collected from the Data Subject, any available information about their source.
h) the fact of automated decision-making, including profiling, and, at least in these cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
4.2 Right to rectification and completion

The Data Subject has the right to request the rectification of his or her Personal Data processed by the Data Controller if he or she considers that they are inaccurate or inaccurate. The Data Subject shall have the right to request the completion of the Personal Data processed by the Controller if he or she considers them to be incomplete.
4.3 Right to restriction

The Data Subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller, unless otherwise provided by law, if one of the following conditions is met:
a) the Data Subject contests the accuracy of the Personal Data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the Personal Data;
b) the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
c) the Controller no longer needs the Personal Data for the purposes of processing, but the Data Subject requires it for the establishment, exercise or defence of legal claims; or
d) the Data Subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over those of the Data Subject.
4.4 Withdraw consent , right to object

Where the processing by the Data Controller is based on the explicit request and consent of the Data Subject, the Data Subject has the right to withdraw his or her consent at any time. In this case, the Controller shall delete the Personal Data relating to the Data Subject without undue delay.

Where the processing of data on the Website is carried out for the protection of the legitimate interests of the data subject or of a third party, the data subject has the right to object to the processing of his or her data.
4.5 Right to data portability

In the case of processing based on the data subject's consent, by contract or by automated means, the data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data.
4.6 Right to erasure

The Data Subject has the right to request the erasure of his or her Personal Data processed by the Controller if:
a) considers that the processing of Personal Data for the original purpose is no longer necessary;
b) not consent to further processing of your Personal Data - where the processing is based on consent and there is no other legal basis for the processing;
c) considers that your Personal Data is unlawfully processed by the Controller;
d) expressly objects to the processing of your Personal Data , where the legal basis for the processing is the protection of the legitimate interests of the Company or a third party.
4.7 Remedies

If the Data Subject believes that the Data Controller is unlawfully processing his or her data, he or she has the right to lodge a complaint with the Data Controller in order to have the Data Controller terminate the processing. If this is unsuccessful, he or she has the right to apply to the National Authority for Data Protection and Freedom of Information or to the courts.

- Complaints can be submitted to the National Authority for Data Protection and Freedom of Information at the following contact details: National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf.: 9.; address: 1055 Budapest, Falk Miksa utca 9-11; telephone: +36-1-391-1400, fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu; website: http://www.naih.hu)

- In the case of legal action, the competent court has jurisdiction to hear the case. At the Data Subject's option, the lawsuit may also be brought before the court of the place of residence or domicile. If the court upholds the request, the Controller shall delete the personal data of the Data Subject within 3 days of the notification of the final judgment.
4.8 Exercise of rights of access

The Data Subject may exercise the above rights against the Data Controller. Requests under this point may be sent to or made at the Data Controller.

Data Protection Policy

1. Name and contact details of the Data Controller

2. Definitions

Terms not otherwise defined in this Privacy Notice have the meaning given to them in the General Terms and Conditions.

- "Personal Data": Any information related to a natural person, referred to in data protection legislation as the "Data Subject," may be considered personal data if it allows the identification of the natural person. Examples include name, telephone number, email address, and IP address.
- "Health Data": Refers to personal data concerning the physical or mental health of a natural person. This encompasses data about health services provided to a natural person that contains information about the individual's health.
- "Processing": Denotes any operation performed on personal data.
- "Controller": Refers to a natural or legal person, public authority, agency, or any other body that independently or jointly with others determines the purposes and methods of personal data processing.
- "Data Processor": Indicates a natural or legal person, public authority, agency, or any other body processing personal data on behalf of the controller.
- "Recipient": Denotes a natural or legal person, public authority, agency, or any other body to whom or to which personal data are disclosed, regardless of whether they are a third party.
- "Consent of the data subject": Refers to a freely given, specific, informed, and unambiguous indication of the data subject's wishes. It involves a statement or act unambiguously expressing consent to the processing of personal data concerning the data subject.

3. The importance of the processing of personal data by the Controller

3.1 Use of the Website
It is of importance for the Data Controller to provide its services to its customers in accordance with the needs and requirements of the modern age. This Policy contains detailed information about the processing of data during your visit to the Website.

Anyone's use of the Website's services and the provision of Personal Data in connection therewith is voluntary.

The Controller explicitly draws attention that a transfer of Personal Data to a third country takes place and informs the user of the Website as data subject that

- in case of transferring data to the United States, the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies.

- in case of transfer to Kazakhstan, due to the absence of an adequacy decision and appropriate safeguards such transfers may involve risks. The user of the Website as data subject shall explicitly consent to the transfer.

However, without consent to the provision and processing of Personal Data, the services of the Website may not be used.

You can make an appointment for a medical examination at a health institution via the website or use the Website as a healthcare service provider. Your Personal Data will be processed as described below:
3.2 Data processing related to Cookies
The Company uses cookies to facilitate the use of its Website.

A cookie is a small packet of data that is stored by Internet services in your browser. A cookie is a technology that is essential for the operation of an online service that provides an efficient and modern user experience.

The User can find out about the current cookies in the pop-up window on the Website and set his/her preferences when he/she uses the Website.

The User has the option to maintain and/or delete cookies at his/her convenience, which he/she can set in the internet browser settings.

Scope of data processed	Purpose of data processing	Legal basis for data processing	Data recipients, contractual partners, data processors	Duration of data processing
a) name b) e-mail address c) phone number d) selected health institution e) selected specialist f) selected medical service, examination g) place and time of medical examination h) fee for a medical examination i) review on the provided treatment j) type, date, nature of the treatment	The purpose of the data processing is to operate the appointment booking system available on the Website, to book appointments to the medical institutions and specialists (Partners) available on the Website, and to maintain contact with (e.g. to change or cancel an appointment). In case of healthcare professionals, the purpose of the data processing, further to the above, is to generate review of the services.	Explicit consent of the data subject /User (Article 6(1)(a) and Article 9 (2)a of the General Data Protection Regulation).	Health institutions and specialists available on the Website, visitors of the Website, analytics and marketing service providers. Please note that the Data Controller is not responsible for the adequacy of the data management of the Partners, so please give your consent to the transfer of data by familiarizing yourself with the data management rules of the Partner concerned. Data Processor: • QAZMED Partners LLP (registered office: Astana, Dom 11, kv. 366, prospekt Qabanbai Batyr, registration number: 161140013287) – providing marketing advisory and programming activities (monitoring the system, identifying bugs, optimizing the performance, error detection) • Twilio (registered office: 94105-1554 San Francisco, 101 Spear St FL 5, registration number: 4518652) – providing SMS, Whatsapp and API Services • Mailchimp (The Rocket Science Group LLC, registered office: 30308-2172 Atlanta, 675 Ponce De Leon Ave NE Ste 5000) – providing email services • Amazon AWS (registered office: 98101-1424 Seattle, 1915 Terry Ave) – providing Cloud servers and cloud storage • Medio MedTech Zrt. (registered office: 1095 Budapest, Lechner Ödön fasor 2. 7. em. 13. ajtó, registration number: 01-10-141172) - providing online appointment booking infrastructure • Google (registered office: 94043-1351 Mountain View, 1600 Amphitheatre Pkwy, registration number: 3582691) (Gmail, Google Analytics, Google maps, etc.) • Sentry (Functional Software, Inc., registered office: 94107-1308 San Francisco, 132 Hawthorne St) (indicting error logs)	The Website will process Personal Data until you request to withdraw your consent.

4. Rights of the Data Subject

4.1 Right to information and access

The Data Subject has the right to receive feedback from the Controller at any of the contact details indicated in this Policy as to whether or not his or her Personal Data is being processed and, if such processing is ongoing, the right to access the Personal Data and the following information:
a) the purposes of the processing;
b) the categories of Personal Data concerned;
c) the recipients or categories of recipients to whom or with whom the Personal Data have been or will be disclosed, including in particular recipients in third countries or international organisations;
d) the intended duration of the storage of the Personal Data or, if this is not possible, the criteria for determining that duration;
e) the right of the Data Subject to request the Controller to rectify, erase or restrict the processing of Personal Data relating to him or her and to object to the processing of such Personal Data;
f) the right to lodge a complaint with a supervisory authority;
g) where the data have not been collected from the Data Subject, any available information about their source.
h) the fact of automated decision-making, including profiling, and, at least in these cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
4.2 Right to rectification and completion

The Data Subject has the right to request the rectification of his or her Personal Data processed by the Data Controller if he or she considers that they are inaccurate or inaccurate. The Data Subject shall have the right to request the completion of the Personal Data processed by the Controller if he or she considers them to be incomplete.
4.3 Right to restriction

The Data Subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller, unless otherwise provided by law, if one of the following conditions is met:
a) the Data Subject contests the accuracy of the Personal Data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the Personal Data;
b) the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
c) the Controller no longer needs the Personal Data for the purposes of processing, but the Data Subject requires it for the establishment, exercise or defence of legal claims; or
d) the Data Subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over those of the Data Subject.
4.4 Withdraw consent , right to object

Where the processing by the Data Controller is based on the explicit request and consent of the Data Subject, the Data Subject has the right to withdraw his or her consent at any time. In this case, the Controller shall delete the Personal Data relating to the Data Subject without undue delay.

Where the processing of data on the Website is carried out for the protection of the legitimate interests of the data subject or of a third party, the data subject has the right to object to the processing of his or her data.
4.5 Right to data portability

In the case of processing based on the data subject's consent, by contract or by automated means, the data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data.
4.6 Right to erasure

The Data Subject has the right to request the erasure of his or her Personal Data processed by the Controller if:
a) considers that the processing of Personal Data for the original purpose is no longer necessary;
b) not consent to further processing of your Personal Data - where the processing is based on consent and there is no other legal basis for the processing;
c) considers that your Personal Data is unlawfully processed by the Controller;
d) expressly objects to the processing of your Personal Data , where the legal basis for the processing is the protection of the legitimate interests of the Company or a third party.
4.7 Remedies

If the Data Subject believes that the Data Controller is unlawfully processing his or her data, he or she has the right to lodge a complaint with the Data Controller in order to have the Data Controller terminate the processing. If this is unsuccessful, he or she has the right to apply to the National Authority for Data Protection and Freedom of Information or to the courts.

- Complaints can be submitted to the National Authority for Data Protection and Freedom of Information at the following contact details: National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf.: 9.; address: 1055 Budapest, Falk Miksa utca 9-11; telephone: +36-1-391-1400, fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu; website: http://www.naih.hu)

- In the case of legal action, the competent court has jurisdiction to hear the case. At the Data Subject's option, the lawsuit may also be brought before the court of the place of residence or domicile. If the court upholds the request, the Controller shall delete the personal data of the Data Subject within 3 days of the notification of the final judgment.
4.8 Exercise of rights of access

The Data Subject may exercise the above rights against the Data Controller. Requests under this point may be sent to or made at the Data Controller.

Data Protection Policy

1. Name and contact details of the Data Controller

2. Definitions

3. The importance of the processing of personal data by the Controller

3.1 Use of the Website

3.2 Data processing related to Cookies

4. Rights of the Data Subject

Data Protection Policy

1. Name and contact details of the Data Controller

2. Definitions

3. The importance of the processing of personal data by the Controller

3.1 Use of the Website

3.2 Data processing related to Cookies

4. Rights of the Data Subject