Csalogány Medical Center / Privátmed Kft., Budapest Skin Kft.
Headquarters: 1027 Budapest, Csalogány utca 3. Building D, 1st floor, 2nd door

The purpose of this document is to regulate data management of the Csalogány Medical Center operated by Privátmed Kft. snd Budapest Skin Kft. (Hereinafter: Privátmed and Budapest Skin) in a uniform, interpretable and transparent manner that fully complies with the current Hungarian legislation.

Privátmed and Budapest Skin consider it important to comply with data protection legislation, therefore they have created this brief to inform patients about the main rules of data management, the scope of data processed, the method and purpose of processing, and other data management related issues.

In compliance with the provisions of Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter referred to as the Data Protection Act) Privátmed and Budapest Skin informs their patients about their Data Management Policy as below.

1. Data controller

Privátmed Kft. (Registered office: 1027 Budapest, Csalogány utca 3. Building D, 1st floor 2nd door), Budapest Skin Kft. (Registered office: 1027 Budapest, Csalogány utca 3. Building D, 1st floor 2nd door.).

2. Scope of data processed

Data managed by Privátmed and Budapest Skin includes the following:

a.) health data: the physical, mental and psychological condition of the person concerned, his or her addictions, the circumstances and possible causes of any illness or death (eg.: behaviour, environment, occupation), whether if it is communicated by the patient or another person, or detected, examined, measured, mapped or derived by the healthcare network;
b.) personal identification data: surname, first name, maiden name, sex, place and time of birth, mother's maiden name, place of residence, social security identification number (hereinafter: TAJ number) together or any of these, if they can be used to identify the data subject;
c.) voluntarily provided data: telephone number, e-mail address.

3. Purpose of data management

Prior to data collection Privátmed and / or Budapest Skin will inform the data subject whether the provision of data is voluntary or mandatory. Processing the mandatory personal data provided on each form is to necessary for using the services of Privátmed and / or Budapest Skin, to identify the patient, and to validate contact information.

Privátmed and Budapest Skin comply with Act XLVII of 1997 on the management and protection of health and personal and they act in accordance with the law.

The purpose of processing health and personal data is:

• the preservation and improvement of health,
• the contribution to a series of effective treatments including supervision,
• monitoring the health condition,
• taking the necessary measures of public health [§ 16] and epidemiology policy,
• the enforcement of patients' rights.

The purpose of optional data management is to make this data available to Privátmed and / or Budapest Skin, based on the patient's voluntary decision. Without the prior consent from the patient, we will not use personal data for purposes other than those stated, and we will not pass on data to third parties. The data provided is processed with the voluntary consent of the patient.

During the registration - and thus in connection with the use of the service - it is mandatory to provide certain data as without them the registration cannot take place successfully. The scope of mandatory information is as follows: name, place and time of birth, TAJ number, home address, mother's name, telephone number.

Privátmed and Budapest Skin do not impose any sanctions on patients and do not disadvantage patients who refuse to provide non-mandatory data. The data management of Privátmed and Budapest Skin included in this policy covers all data provided by the patient.

4. Information on data management, duration of data management

We inform our patients clearly and in detail about all the facts related to the processing of personal data indicated in point 2: the purpose and legal basis of the data processing, the person authorized to process the data, the duration of the data management and the people who can access the data in particular. This document also covers the rights and legal remedies of the data subject.

Upon request, the data controller shall provide information to the data subject in writing within 30 days about the data processed by him or her, the purpose, legal basis, duration, name, address (registered office) and activities related to data processing, as well as the people who received them and for what purpose. Anyone can request this information at the data controller's mailing address by providing their own mailing address.
Upon request (of the patient), we modify, correct, block, or delete any personal information from our system. These requests should be sent to: 1027 Budapest, Csalogány utca 3. D. ép. 1. em. 2. or by e-mail at info@csaloganyorvosikozpont.hu. Please be informed that consent-based data management is in action until the patient's consent is withdrawn.

5.The scope of data access, data processors

Personal, non-public data provided by patients may only be accessed by designated employees of Privátmed and Budapest Skin. Under no circumstances will Privátmed and Budapest Skin transfer the processed data to third parties or people, except if obligated by the applicable legislation or with the consent of the data subject.

Our company takes all measures to ensure the safe storage of the personal data processed and to prevent its unauthorized use and misuse.

Privátmed and Budapest Skin are aware that the data controller and the data processor are obliged to ensure the security of the data, to take the technical and organizational measures to enforce confidentiality rules and to establish the procedural rules in accordance with this Policy and other data protection regulations.

Data - personal data classified as state secrets and professional secrets in particular - shall be safely protected against unauthorized access, alteration, disclosure, deletion, damage, or destruction.

The data may be transferred and the various data processing operations may be combined with the data subject’s consent or if it is permitted by law and if the conditions for data processing are met for each personal data.

6. Patients' rights regarding the processing and deletion of their personal data

Privátmed and Budapest Skin undertake to inform each patient clearly and unambiguously about the method, purpose and principles of data collection prior to recording.

In all cases where data collection, processing and recording are not required by law, Privátmed and Budapest Skin draw their patients’ attention to the voluntary nature of data provision. In case of mandatory data provision, the related legislation must also be indicated.

Deletion of data:
As stated in the Act XLVII of 1997 on the processing and protection of health and personal data, medical records shall be kept for at least 30 years from the data collection - for 40 years in the case of an employee exposed to biological factors according to a separate legal act - by a body assessing work or professional suitability at the first instance.

7. Remedies and Enforcement

KIf you feel that Privátmed and / or Budapest Skin has violated your right to privacy, please contact us so that we can provide remedy.

We would like to inform our patients that in case of a possible violation, they may turn to the National Data Protection and Freedom of Information Authority, or they may enforce their claim in court. Detailed legal provisions and the obligations of the data controller are set out in Act CXII of 2011 on the right to self-determination and freedom of information under the Hungarian Law.

Contact details of the National Office for Data Protection and Freedom of Information:
Mailing address: 1534 Budapest, Pf .: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: http://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu

Below we inform our patients about additional safeguards to protect the data subject:

Everyone has the right to know about the registered personal data, its main purposes and the person and location of the data controller.

In addition, everyone has the right to be informed regularly and without undue delay or expense whether his or her personal data are stored in an automated data file and to be informed of such data in a form that is comprehensible to him or her. The data subject should be able to request correction or deletion of such data in the simplest and quickest possible manner; to seek legal redress if his or her request for information (provided for in the legislation) or, in justified cases, for information, modification or deletion is not complied with. At the request of the data subject, the controller shall provide information on the data processed by the processor or the data controller, the purpose, legal basis, duration, name, address (registered office) and activities of the data controller, as well as who and for what purpose receive or have received the data.

The data controller is obliged to provide written information in a comprehensible form as soon as possible after the submission of the request, but within 30 days the latest. In case of violation of the rights of the data subject, he / she may take legal action against the data controller. The data controller is obliged to compensate the damage caused to others by the illegal processing of the data subject's data or by violating the requirements of technical data protection.

The data controller is also liable for the damage caused by the data processor. The data controller shall be released from liability if he proves that the damage was caused by an unavoidable cause outside the scope of data processing. There is no need to compensate for the damage if it was caused by the injured party's intentional or grossly negligent conduct.

8. Other

Privátmed and Budapest Skin reserve the right to change their privacy statement. This may be the case, in particular, where required by law. A change in data management must not mean a different way of handling personal data.

In all cases, the data are managed according to Act CXII of 2011 § 5 (1) a) and (2) a).

Privátmed and Budapest Skin undertake to

• ensure the security of the data, take the technical and organizational measures and establish the rules of procedure to ensure that the data recorded, stored or processed are protected and prevent their destruction, unauthorized use and unauthorized alteration,
• any third parties to whom the data may be transferred or transferred are also called upon to fulfill their obligations in this regard.

Privátmed and Budapest Skin hereby publish their data protection and management principles and policies, which they acknowledge as binding on them. In developing these rules, we have taken into account in particular the provisions of Act CXII of 2011 on the Right to Self-Determination and Freedom of Information, Act VI of 1998 on the Protection of Individuals with regard to Automatic Processing of Personal Data. The purpose of these rules is to ensure that in all areas of our services, for all individuals, regardless of nationality or place of residence, their rights and fundamental freedom, in particular the right to privacy, are respected in the processing of personal data (data protection).

Privátmed and Budapest Skin also take into account the personal data requirements set out below during machine processing.

1. the data may only be obtained and processed fairly and lawfully;
2. the data may only be stored for specified and lawful purposes and may not be used in any other way;
3. the data must be proportionate to the purpose for which they are stored and must not go beyond that purpose;
4. the data must be accurate and, where necessary, kept up to date;
5. the data must be stored in such a way that the data subject can be identified only for the time necessary for the purpose for which they were stored;
6. Personal data relating to racial origin, political opinions, religious or other beliefs, health or sex life may not be processed automatically unless national law provides adequate safeguards;
7. Appropriate security measures shall be taken to protect personal data stored in automated data files in order to prevent accidental or unlawful destruction or accidental loss, and unauthorized access, alteration or dissemination.
8. Exclusion of liability of Privátmed and Budapest Skin:
If Privátmed and / or Budapest Skin become aware that data provided by a patient violates any of these policies, the rights of a third party, or other legislation, uses publicly available or unlawfully obtained personal or other data or violates the rights of third parties to infringe the law (for example, for direct marketing purposes), Privátmed and / or Budapest Skin will take the necessary legal measures to compensate the offended and bring the perpetrator to justice. In such cases, Privátmed and / or Budapest Skin will provide all possible assistance to the competent authorities in order to identify the the infringer and to hold him / her liable.

Last modified: 9 August 2018