Adatvédelmi tájékoztató | Dr.Hajdinák Adrienn

DATA PROCESSING NOTICE of INFENDO-MED Ltd., in which we inform you, as a visitor to our website and a user of our services, about the data protection rules of our practice and website (https://drhajdinaka.hu).

1. What principles do we follow?

we process personal data lawfully and fairly, and in a transparent manner for you,
we collect personal data only for specified, explicit and legitimate purposes and do not process them in a way that is incompatible with those purposes,
the personal data we collect and process are adequate and relevant for the purposes for which they are processed and are limited to what is necessary,
we take all reasonable steps to ensure that the data we process are accurate and, where necessary, up-to-date, and that inaccurate personal data are erased or rectified without delay,
we store personal data in a form that allows you to be identified only for as long as is necessary to achieve the purposes for which the personal data are processed.
we ensure the appropriate security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical and organisational measures.

We collect, record, systematize, store and use your personal data

based on your prior informed and voluntary consent and only to the extent necessary and in all cases for a specific purpose,
in some cases the processing of your data is based on legal requirements and is mandatory, in such cases we will specifically draw your attention to this fact,
it also happens that our Chamber or a third party has a legitimate interest in the processing of your personal data, such as the operation, development and security of our website.

2. Who are we?

Name of the organization: INFENDO-MED Ltd.

Address: 2721 Pilis, Tölgyfa utca 15.

Phone number: +36 30 825 8930

Website: https://drhajdinaka.com

Our e-mail address: info.drhajdinak@gmail.com

Company registration number: 13-09-228152

3. What data do we process?

We use the following data processors to process your data during my specialist appointments:

3.1. Data processing related to medical services:

Name: KARDI-SOFT Medical Systems Ltd.

Address: 9024 Győr Táncsics Mihály utca 43.

Purpose of data processing: medical care

Legal basis for data processing: prior consent of the patient, GDPR Article 6 (1) a), or data processing is necessary to take steps at the request of the data subject prior to entering into a contract – GDPR Article 6 (1) b)

Duration of data processing: thirty years from the date of medical care. (In certain cases, due to legal obligations, it is not possible to delete health data. 30 or 50 years of retention obligation - see Eüak.)

Use of a data processor: our company uses the help of an IT service provider to operate the medical system as follows.

Name: EESZT (Electronic Health Service Area)

Address: 1125 Budapest Diós árok 3.

Purpose of data processing: medical care, uploading data to the “cloud” for patients and other healthcare providers in accordance with the law

Scope of processed personal data: For the central event catalog, the data of the following events, the time of the event, the time of recording in the healthcare institution’s system and the identifier of the person responsible for recording the event must be indicated::

inpatient care start/end and other data
outpatient specialist care start/end and other data
family doctor, family pediatrician and dental primary care start/end and other data
CT/MR examination start/end and other data

Duration of data management: 5 years after the death of the Data Subject.

Name: Salonic International Kft.

Address: 1054 Budapest, Honvéd utca 8. 1. em. 2.

Purpose of data processing: appointment booking system

Legal basis for data processing: prior consent of the patient, GDPR Article 6 (1) a), or data processing is necessary to take steps at the request of the data subject prior to concluding a contract – GDPR Article 6 (1) b)

Scope of personal data processed: surname and first name; address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business entity, company name and registered office, bank card number, EP card data (identification, name on the card)

Name: SYNLAB Hungary kft.

Address: 1211 Budapest, Weiss Manfréd út 5-7.

Purpose of data processing: medical care, delivery of laboratory and histological samples to the partner company, medical analysis and analysis in accordance with the law

Scope of processed personal data: For the central event catalog, the data of the following events, the date of the event, the date of recording in the healthcare institution's system and the identifier of the person responsible for recording the event must be indicated:

start/end of inpatient care and other data

start/end of outpatient specialist care and other data

start/end of primary care of general practitioner, family pediatrician and dentist and other data

start/end of CT/MR examination and other data

Duration of data processing: 5 years after the death of the Data Subject.

Name: MEDSERV Egészségügyi Szolg. És Ker. Kft.

Address: 1112 Budapest, Süveg u. 10/B.

Purpose of data processing: medical care, delivery of laboratory and histological samples to the partner company, medical analysis and analysis in accordance with the law

start/end of inpatient care and other data

start/end of outpatient specialist care and other data

start/end of primary care of general practitioner, family pediatrician and dentist and other data

start/end of CT/MR examination and other data

Duration of data processing: 5 years after the death of the Data Subject.

Name: Delta Bio 2000 Kft.

Address: 6726 Szeged, Temesvári krt. 62.

Purpose of data processing: medical care, delivery of laboratory and histological samples to the partner company, medical analysis and analysis in accordance with the law

Scope of personal data processed: address; surname and first name; address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business company, company name and registered office, bank card number, EP card data (identification, name on the card), social security number, medical history

Duration of data processing: thirty years following the date of medical care. (In certain cases, due to legal obligations, it is not possible to delete health data. 30 or 50 year retention obligation – see Eüak.).

Name: Salonic International Kft.

Address: 1054 Budapest, Honvéd utca 8. 1. em. 2.

Purpose of data processing: appointment booking system

Name: Forhermed Kft.

Address: Budapest, Bimbó út 108-Udvar 13, 1022

Purpose of data processing: medical system

3.2. Data processing related to financial services:

Name: KBOSS.hu Kft.

Address: 1031 Budapest Záhony utca 7

Purpose of data processing: to carry out data communication necessary for payment transactions between the merchant and the payment service provider's system, to ensure the traceability of transactions for merchant partners

Legal basis for data processing: prior consent of the patient, GDPR Article 6 (1) point a), or data processing is necessary to take steps at the request of the data subject prior to concluding a contract – GDPR Article 6 (1) point b)

Scope of personal data processed: surname and first name; residential address (country, postal code, city, street, house number; in the case of a business company, company name and registered office, bank card number, EP card data (identification, name on the card), in the case of an E-invoice, e-mail address

Duration of data processing: eight years after the date of issue of the invoice

Name: OTP Országos Egészség és Önsegélyező Pénztár

Address: 1051 Bp. Mérleg u. 4.

Data communication between the merchant and the payment service provider system required for payment transactions, customer service assistance for users, transaction confirmation and fraud monitoring for the protection of users.

Scope of personal data processed: surname and first name; residential address (country, postal code, city, street, house number; in the case of a business entity, company name and registered office, bank card number, EP card data (identifier, name on the card), in the case of an E-invoice, e-mail address

Duration of data processing: eight years after the date of issue of the invoice

Name: PRÉMIUM Önkéntes Egészség- és Önsegélyező Pénztár

Address: 1138 Budapest, Dunavirág utca 2-6.

Duration of data processing: eight years after the date of issue of the invoice

Name: Csalló Etelka

Address: 1203 Budapest, Helsinki út 3.

Purpose of data processing: accounting service

Duration of data processing: eight years after the date of issue of the invoice

3.3. Data processing related to marketing activities

The data we process in connection with the operation of our website: http://drhajdinaka.com

Name of activity: website visit

Purpose of data processing: to ensure the proper and high-quality operation of the website, to monitor and improve the quality of our services, to identify malicious visitors attacking our website, to measure traffic, statistical purposes

Scope of personal data processed: patient name, email address, identification number, IP address, time of visit, data on subpages visited, the operating system and browser type you use

Duration of data processing: until you unsubscribe from the newsletter, 2 years

Tevékenység megnevezése: kapcsolattartás pácienseinkkel e-mail útján

Az adatkezelés célja: az érintettek részéről megkeresés, szolgáltatások után érdeklődés, kérdésekkel, panaszokkal kapcsolatos válaszadás

Az adatkezelés jogalapja: hozzájárulás, illetve jogi kötelezettség teljesítése

A kezelt személyes adatok köre: teljes név, e-mail cím, egyéb, az érintett által adott adat

Az adatkezelés időtartama: az adattörlés kérésig

Name of activity: Data processing related to photos and videos on the website

Purpose of data processing: presentation of the clinic's life and services

Legal basis for data processing: consent

Scope of personal data processed: full name, e-mail address, other data provided by the data subject

Duration of data processing: until consent is withdrawn, in the case of a complaint, 5 years after the completion of the complaint investigation (unless the retention period is longer by law)

We only ask visitors to this website for their personal data specified above if they wish to register or log in.

You can withdraw your consent to data processing at any time free of charge

by cancelling the registration,
withdrawing consent to data processing, or
withdrawing consent to the processing or use of any data that must be filled in during registration or requesting its blocking.

We undertake to register the withdrawal of consent – for technical reasons – within 8 working days, however, we draw your attention to the fact that in order to fulfill our legal obligation or to enforce our legitimate interests, we may process certain data even after the withdrawal of consent (Infotv. § 6 (5)), and that the cancellation of the registration does not automatically delete the user's comments before the cancellation of the registration.

In the event of the use of misleading personal data, or if one of our visitors commits a crime or attacks our system, we will immediately delete the data of the given visitor at the same time as the cancellation of their registration, or – if necessary – we will retain them for the duration of the determination of civil liability or the conduct of criminal proceedings.

The administrators are entitled to restrict the use of any nickname, initiate its change and/or delete it if the registered user violates the Forum's terms of use, moderation guidelines or the provisions of this Data Management Policy.

If you have any questions about our websites and the processing of your data, you can request further information at the e-mail or postal address provided at the beginning of this information. We will send you our response without delay, but no later than within 25 days, to the contact information you provided.

4. Data processing related to medical services

Name: MEDSERV Egészségügyi Szolg. És Ker. Kft.

Address: 1112 Budapest, Süveg u. 10/B.

Purpose of data processing: medical care, histological examinations

The scope of personal data processed: title; surname and first name; address (country, postal code, city, street, house number; telephone number; e-mail address; in the case of a business company, company name and registered office, bank card number, EP card data (identification, name on the card), social security number
Duration of data processing: thirty years after the date of medical care.
Use of a data processor: our company uses the assistance of an IT service provider to operate the medical system as follows.

Az adatszolgáltatás elmaradásának lehetséges következményei: nem jön létre szerződés az időpontfoglalásra ill. orvosi ellátásra vonatkozóan

Az érintett jogai: az érintett személy (az, akinek a személyes adatait cégünk kezeli)

Ön az adatkezeléshez adott hozzájárulását bármikor ingyenesen visszavonhatja

a regisztráció törlésével,
az adatkezeléshez hozzájárulás visszavonásával, illetve
a regisztráció során feltétlen kitöltendő bármely adat kezeléséhez vagy felhasználásához való hozzájárulás visszavonásával vagy zárolásának kérésével.

5. What are cookies and how do we manage them?

Cookies are small data files (hereinafter referred to as cookies) that are transferred to your computer through the website when you use the website, and are saved and stored by your internet browser. Most of the most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow the downloading and use of cookies as a default setting, but it is up to you to refuse or block them by changing your browser settings, or you can delete cookies already stored on your computer. The “help” menu of each browser provides more information about the use of cookies.

There are cookies that do not require your prior consent, and our website provides brief information about them when you first visit. These include authentication, multimedia player, load balancer, session cookies that help customize the user interface, and user-centric security cookies.

Our Organization will inform you about cookies that require consent – if data processing begins when you visit the site – at the beginning of your first visit and ask for your consent.

Our Chamber does not use or allow cookies that allow third parties to collect data without your consent.

Accepting cookies is not mandatory, but our Organization does not assume any responsibility if our website does not function as expected if cookies are not allowed.

You can read about third-party cookies at the following links:

6. Data processing related to newsletter subscriptions and other marketing activities

Our company keeps in touch with its guests via newsletter, to whom it recommends its services, informs them about new developments and promotions related to its operation.

Personal data controller: INFENDO-MED Kft. 2721 Pilis, Tölgyfa u. 15.

Purpose of data processing: maintaining contact with potential patients

Legal basis for data processing: consent of the data subject – GDPR Article 6 (1) a).
Indication of legitimate interest: maintaining and developing relationships with patients

Scope of personal data processed: name, e-mail address

Duration of data processing: our company processes e-mail addresses until you unsubscribe from the newsletter.
Use of a data processor: our company uses the help of an IT service provider for the online newsletter sending system as follows.

Data Processor Name: The Rocket Science Group LLC (MailChimp)

Address: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA

By accepting this data processing information, the data subject gives his/her explicit consent to the Data Processor using additional data processors in order to make the service more convenient and customized, as follows:

Possible consequences of failure to provide data: The data subject will not receive a newsletter from our company.

Rights of the data subject: the data subject (the person whose personal data is processed by our company)

request access to personal data concerning him/her,
request rectification,
request erasure,
request restriction of processing of personal data in accordance with the conditions set out in Article 18 of the GDPR (i.e. that our company does not delete or destroy the data until requested by a court or authority, but not for a maximum of thirty days, and that the data is not processed for any other purpose beyond that),
object to the processing of personal data,
exercise the right to data portability. Under the latter right, the data subject has the right to receive the personal data concerning him/her in Word or Excel format, and has the right to have our company transmit these data to another data controller upon request.

You can unsubscribe from the newsletter at any time by sending an email to our company at info.drhajdinak@gmail.com or by clicking on the unsubscribe icon in the newsletter. In this case, your email address will be deleted from our database immediately.

7. What else do you need to know about data processing related to our websites:

During the Registration and your contact with us, you voluntarily provide us with your personal data for the purpose of booking an appointment, therefore we would like to draw your attention to the fact that when providing your data, you should pay attention to its truthfulness, correctness and accuracy, because you are responsible for them. Incorrect, inaccurate or incomplete data may prevent you from using our services.

If you provide the personal data of another person, we assume that you have the necessary authorization to do so.

You can withdraw your consent to data processing at any time free of charge

by cancelling the registration,
withdrawing consent to data processing, or
withdrawing consent to the processing or use of any data that must be filled in during registration or requesting its blocking.

In the event of the use of misleading personal data, or if one of our visitors commits a crime or attacks our system, we will immediately delete the data of the given visitor at the same time as terminating their registration, or – if necessary – we will retain them for the duration of establishing civil liability or conducting criminal proceedings.

8. Other data processing issues

We may only transfer your data within the framework specified by law, and in the case of our data processors, we ensure by stipulating contractual terms that they may not use your personal data for purposes contrary to your consent. Our clinic’s collaborators and employees involved in data management and processing are entitled to access your personal data to a predetermined extent – subject to a confidentiality obligation. Further information about our data processors can be found in Section 2.

Our clinic may only transfer data abroad in accordance with the relevant provisions of the GDPR (Chapter V) and the Infotv.

The court, the prosecutor’s office and other authorities may contact our clinic to provide information, disclose data or make documents available. In these cases, we must fulfill our data provision obligation to the extent necessary to achieve the purpose of the request.

We protect your personal data with appropriate technical and other measures, and ensure the security and availability of the data, and protect it from unauthorized access, alteration, damage, disclosure and any other unauthorized use.

As part of organizational measures, we control physical access in our building, continuously train our employees and keep paper-based documents locked with appropriate protection. As part of the technical measures, we use encryption, password protection and anti-virus software. However, we would like to draw your attention to the fact that data transmission via the Internet cannot be considered completely secure data transmission. Our clinic does everything possible to make the processes as secure as possible, but we cannot assume full responsibility for data transmission via our website.

Regarding security issues, we ask for your help in carefully keeping your access password to our website and not sharing this password with anyone.

9. What are your rights and remedies?

You about our data processing

You may request information,
request the correction, modification, or completion of your personal data processed by us,
object to data processing and request the deletion or blocking of your data (with the exception of mandatory data processing),
take legal action before a court,
file a complaint with the supervisory authority or initiate proceedings (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Data Protection and Freedom of Information Authority

Headquarters: 1055 Budapest, Falk Miksa u 9-11.
Phone: +36 (1) 391-1400, fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu,
Website: https://naih.hu/

At your request, we will provide you with information about the data we process or the data we process on your behalf.

your data,
its source,
the purpose and legal basis of the data processing, and its duration, or if this is not possible, the criteria for determining this duration,
the name, address of our data processors and their activities related to data processing,
the circumstances, effects of data protection incidents and the measures we have taken to address and prevent them, and
in the event of the transfer of your personal data, the legal basis and recipient of the data transfer.

We will provide you with the information as soon as possible after the request is submitted, but no later than 25 days. The information is free of charge, unless you have already submitted a request for information to us regarding the same data set in the current year. We will refund the costs you have already paid if the data has been processed unlawfully or the request for information has led to a correction. We may refuse to provide information only in cases provided for by law, indicating the legal place and informing you about the possibility of legal redress or contacting the Authority.

Our clinic will notify you and all those to whom the data was previously forwarded for data processing purposes about the correction, blocking, marking and deletion of personal data, unless the failure to notify does not violate your legitimate interests.

If we do not comply with your request for rectification, blocking or erasure, we will inform you of the reasons for our refusal in writing or, with your consent, electronically within 25 days of receipt of the request and inform you of the possibility of judicial redress and of contacting the Authority.

If you object to the processing of your personal data, we will examine the objection as soon as possible after the submission of the request, but no later than 15 days, and inform you of our decision in writing. If we have decided that your objection is well-founded, we will terminate the data processing - including further data collection and transmission - and block the data, and we will notify all those to whom we have previously transmitted the personal data affected by the objection, and who are obliged to take measures to enforce the right to object, of the objection and of the measures taken on its basis.

We will refuse to comply with your request if we demonstrate that the processing is justified by compelling legitimate grounds which override your interests, rights and freedoms, or which are related to the establishment, exercise or defence of legal claims. If you disagree with our decision or if we fail to meet the 15-day deadline, you may apply to the court within 30 days of the notification of the decision or the last day of the deadline.

The adjudication of data protection lawsuits falls within the jurisdiction of the court, and the lawsuit may also be initiated - at the choice of the data subject - before the court of the data subject's place of residence or residence. A foreign citizen may also file a complaint with the supervisory authority competent for his or her usual place of residence or work.

We kindly ask you to contact our Clinic before filing a complaint with the supervisory authority or court - in order to discuss and resolve the problem as quickly as possible.

10. What are the main laws governing our activities?

Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons (GDPR)
Act CXII of 2011 on the right to informational self-determination and freedom of information - (Infotv.)

11. Modification of data processing information
Our organization reserves the right to amend this Data Protection Notice, of which it will inform the data subjects in an appropriate manner.

Budapest, January 30, 2025