NorDent Smile Kft. (Headquarters: 6782 Mórahalom, Szent László Park 3. company registration number: 06-09-020949, hereinafter “the Company”) as a private healthcare provider in accordance with Act CXII of 2011 on Information Freedom of Information Act and Freedom of Information and Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), in accordance with its business activities, communicates the following privacy notice to its customers:
- data subject: any natural person identified directly or indirectly from any of the personal data supplied to the Company;
- personal data: data related to the data subject, in particular the name, personal identity number, and the knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, as well as the conclusion that may be deduced from the data;
- special data:
(a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs of the world, membership of an interest representation organization, personal data relating to sexual life,
(b) personal data relating to the state of health, abnormal passion and criminal personal data;
- consent: voluntary and decisive expression of the will of the person concerned (data subject), based on appropriate information and with which he or she gives his / her unambiguous consent to the handling of his / her personal data, covering all or part of the data operations;
- protest: the statement of the person concerned (data subject) with which he or she is objecting to the handling of his / her personal data and requesting the termination of the data processing and the cancellation of the processed data;
- data controller: is a natural or legal person or an organization without legal personality who either independently or with others determines the purpose of data management, makes and executes decisions on data handling (including the equipment used) or performs it with the data processor;
- data management: irrespective of the method used, any operation and all operations of the data recording, such as collecting, capturing, recording, systematizing, storing, modifying, using, querying, transmitting, publishing, aligning, linking, blocking, deleting and destroying data, to prevent further use of the data, to take photographs, sound, and to record physical features (such as finger or palm print, DNA pattern, iris image) for identifying the person;
- data deletion: making the data unrecognizable in such a way that its recovery is no longer possible
- data designation: Providing the identification of the data with a view to distinguishing it;
- data encryption: for the purpose of limiting the further handling of the data by means of an identification mark for a definite or fixed period of time;
- data destruction: complete physical destruction of the data-containing media.
- data processing: carrying out technical tasks related to data management operations, irrespective of the method and device used to perform the operations and the location of the application, provided that the technical task is carried out on the data;
- data processor: is a natural or legal person or an organization without legal personality who, on the basis of a contract, including a contract concluded under a provision of the law, processes data;
- data file: the sum of the data processed in one register;
- third party: a natural or legal person or a non-legal entity who is not the same as the data subject, the data controller or the data processor;
- third country: any State other than an EEA State;
- Data Controller: NorDent Smile Ltd Company Registration Number: 06-09-020949; headquarters: 6728 Mórahalom, Szent László Park 3 ..; Registrar: Court of Szeged, tax number: 24847010-1-06 telephone: +36702525595, electronic contact: firstname.lastname@example.org, company gate: 24847010 # cegkapu
- Data Processor: Accountant at Nordent Smile Ltd, Sedria Alterego Kft. (Headquarters: 6728 Szeged, Pázsit utca 42.)
- Individuals and consumers in a contractual relationship with NorDent Smile Ltd. and employees of Nordent Smile Ltd. are subject to data management.
- The aim of the data management is to collect, store, transmit, process the data necessary for the use of the company’s dental health services by the clients of NorDent Smile Kft. and also to fulfill the obligations of the company for the conclusion of the employment contracts. Data can also be processed for enforcing the company’s legitimate rights and claims towards the data subjects as defined in Infotv. (section 4 (1) of the Infotv).
- The legal basis for data handling: – the voluntary contribution of the person concerned (data subject) or legally mandated cases (section 5 (1) (a), (b)) . Legally mandated cases are when:
(a) it is necessary to comply with a legal obligation for the data controller, or
- b) it is necessary to enforce the legitimate interest of the data controller or a third party and the enforcement of this interest is proportionate to the limitation of the right to the protection of personal data. (Article 6 (1) (a) and (b) of the Infotv
- The managed data will not be transmitted to a third party except the data processor unless Nordent Smile Kft has a claim against the data subject. In this case the data – name, mother’s name, place of birth and date of birth – will be handed over to the authorized legal representative of NorDent Smile Kft..
6 / a- The data being transmitted to the data processor is in accordance with the provisions of Hungarian law in force and it is the name and address of the data subjects.
- In order to enter into a contract with the data controller and use the services provided by him, the data subject expressly, clearly and irrevocably agrees on handling his data by the data controller.
- Personal data will be processed only if the client gives a full and voluntary consent for it. In the case of minor, the consent has to be given by his or her caretaker and legal representative.
- Data processed by the data controller considering the data subjects who are using the data controller’s services:
9/3. Date of birth
9/4. Mother’s name at birth
9/5. Health insurance number
9/6. Telephone number
9/7. Electronic contacts
9/8. Profile photo for an easier identification
9/9. Health and medical documentation related to the services provided
The personal data, that is being processed about the company’s employees is based on the data required by the Hungarian legislation and also the employee’s telephone number, electronic address and bank account number.
- Data retention time
The retention time of the data of the data subjects was laid down in Act XLVII of 1997. TV. Section 30 (1) and (2) which states that “The medical records, with the exception of paragraph (7), shall be kept for a period of at least 30 years after the date of the recording and use of imaging diagnostic procedures, while the final medical records must be kept for at least 50 years. After the obligatory retention time, data may continue to be kept for medical treatment or for scientific research, where justified. If the additional keeping of records is not justified – except for paragraph 3 – the registered data shall be destroyed.
A diagnostic image shall be kept for a period of 10 years after the date of its creation, while the report made from the imaging shall be kept for a period of 30 years from the date of recording. ”
Employee data will be deleted within 10 days of the termination of the employment contract, except the data for which the statutory regulations require a longer period of keeping.
In other cases defined by law, for the time prescribed by law or until the lawful fulfillment of the law.
- Rights of the data subject: (section 14 of the infotv)
The data subject may apply a request to the data controller for the following:
- a) information on handling his/her personal data
- b) correction of his / her personal data being controlled
- c) deleting or blocking of his/her personal information, with the exception of data that must be kept by the controller according to the law
- d) forwarding to third parties of his / her personal data
The data subject may withdraw the his / her statment on data handling at any time, but this does not affect the legitimacy of data handling based on his / her prior consent.
The data controller must comply to the requests of the data subjects within 30 days. The application is free of charge once a year. For additional requests the data controller may set a fee.
The data subject has the right to receive his / her data in a widely used electronic format and further more to forward this data to another data controller other than the one who made the records in the first place.
The data subject may request the deleting or forwarding of his / her personal data only in a written form.
11/A The data subject may file a complaint against the his / her data handling by the data controller to the Hungarian National Authority for Data Protection and Freedom of Information and appeal to a court with jurisdiction.
Name: Hungarian National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.: 5.
Telephone number: +36(1)391-1400
- The data subject may protest against using his / her personal data
- a) if the processing or transmission of personal data is only necessary to comply with the legal obligation of the data controller or to enforce the legitimate interests of data controller, except in the case of mandatory data handling;
- b) if the use or transfer of personal data is done for direct business acquisition, polling or scientific research;
- c) in other cases specified by law.
The data controller shall examine the protest in the shortest time, but within a maximum of 30 days of the submission of the request and make a decision on its validity and inform the applicant in writing.
If the data controller verifies the validity of the data subject’s protest, data management, including further data collection and data transfer will be terminated and the data will be locked. The data controller will also inform all parties who may have previously received the personal data that is being protested to terminate the data according to the subject’s right to protest.
- If the data subject disagrees with the decision of the data controller, as defined in section 18, he or she may appeal to court to enforce his or her rights. This court may be the court or tribunal of his or her residence. The data controller must prove the compliance of his data handling with the law.
- If NorDent Smile Kft. during the performance of its regular activities accidentally collects data that is unnecessary for its activities, it will delete the unnecessary data and will make a record of this deletion and also inform the data subject of this matter.
- In the event of a data privacy incident, the data controller shall immediately inform the competent authority and the data subject about the occurrence of the data incident, the scope of the data affected, and the measures taken to protect the data and to remedy the caused damage.
- If the data controller breaches the personality rights of the data subject through the unlawful handling of his / her data or violating the requirements of data security, the data subject may request a compensation. The Data Controller is exempt from liability for damages, if he proves that the damage to the personality of the data subject was caused by an unavoidable cause outside of the control of the data controller. No compensation is required and no damages can be claimed in cases when the privacy infringement was caused by the deliberate or negligent conduct of the data subject.
Mórahalom, 05th July 2018.
Arpad Vida, manager
representing NorDent Smile Kft.