main page

treatments

about us

the team

price list

Blogg

customer reviews

gallery

Contact

availability

info@aestellaklinika.hu

+36/70-301-8188

Appointment booking

closure

Privacy Policy

Adatkezelés

Klaas - Dentist website Webflow template
Főoldal
Adatkezelés
Privacy Policy
Időpontfoglalás

Aestella Clinic

Purpose of the Privacy and Data Security Policy

1.

The purpose of the Privacy and Data Security Policy (hereinafter referred to as the “Policy”) is to define Aestella Clinic[i.e. Togala Kft. (registered office: 1064 Budapest, Izabella utca 80., registered office: 1095 Budapest, Lechner Ödön fasor 10/B/Millenium Gardens/ company registration number: Cg; 01-09-386340, tax number; 24926025-2-42, represented by Jacquess Cousseau, as Togala Kft) the data realized in its organization ensure the detailed rules of processing, the constitutional principles of health and the protection of personal data and the disclosure of data of public interest, as well as the requirements of data security, during data processing. In all areas of the service provided by the Institution, patients should be provided with protection of their rights and information on the processing of their data.

Scope of the Policy

2.

The scope of the Regulations extends

  1. In particular, to the members and employees of the Aestella Clinic who, on the basis of their job description, carry out the processing of health, personal and public interest data
  2. To persons and entities having an assignment or business relationship with the Aestella Clinic.
  3. To protect the personal and special data of all patients who enter into contact with Aestella Clinic.

Legal basis of the Regulations

3.

The legal basis of the Regulations

  1. Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter referred to as Info.),
  2. Act V of 2013 on the Civil Code
  3. XLVII of 1997 on the processing and protection of health and related personal data. The Act, and
  4. 62/1997 on certain matters relating to health and the processing of personal data relating thereto. (XII.21.) It is formed by NM Decree.
  5. Regulation (EU) 2016/679 of the European Parliament and of the Council,
  6. the provisions of Act XLVIII of 2008 on the basic conditions and certain limitations of commercial advertising activities.
  7. Regulation 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”) and Act CXII of 2011 on the Right to Information and Self-Determination

Interpretative provisions

4.

personal data: Any data, information or factors relating to an identified or identifiable natural person (“data subject”) on the basis of which that natural person can be identified. These include, in particular, name, number, location data, online identification, physical, physiological, genetic, intellectual, economic, cultural and social identity data of a natural person. Personal data processing also includes the creation of photographs, sound and images, as well as the collection of physical characteristics suitable for personal identification. (Article 4 GDPR)

medical documentation: a record or any other recorded data, regardless of its carrier or form, containing health and identity data that came to the attention of the health care provider in the course of medical treatment;

special data: within the scope of personal data, special data referring to racial ethnic origin, political opinion, religious or worldview beliefs, trade union membership, as well as genetic, biometric data, health data capable of uniquely identifying natural persons, data referring to the sexual life and sexual orientation of natural persons. The processing of these data is only possible with the exclusive consent of the natural person concerned. If the data subject refuses his consent, the processing of the data indicated above is prohibited.

medical secret: health and personal identification data that came to the attention of the data controller during the medical treatment, as well as other data relating to necessary or ongoing or completed medical treatments and other data acquired in connection with the medical treatment;

Technical data: Data to be recorded technically during the operation of the system: the data of the patient's computer which are generated during the use of the service and which are recorded by the system of the Institution as a result of the automatic technical processes. The automatically recorded data is automatically logged by the system at the time of entry or exit without any specific declaration or action of the Data Subject. This data cannot be combined with other personal user data. The data shall be accessible only to the Institution.

Purpose of data processing

5.

Employees of the Aestella Clinic may process personal data only in the course of carrying out activities within the scope of the company's activities, to the extent necessary for fulfilling their duties specified in the job description, in accordance with the legal requirements and this data protection policy.

The primary purpose of this policy is to define and comply with the basic principles and provisions regarding the processing of data of natural persons who come into contact with Aestella Clinic in order to protect the privacy of natural persons in accordance with the relevant legal regulations and official resolutions.

The purpose of the processing of health and personal identification data; to promote the preservation, improvement and maintenance of health. To promote the effective therapeutic activities of the Society.

Principles of data management

6.

  1. “Purpose bound principle”: Personal data may only be processed for a specific purpose, in order to exercise a right and fulfil an obligation. At all stages of data processing, it must comply with the purpose of data processing, the collection and processing of data must be fair and lawful.
  2. Principle of “Legality, due process and transparency”: The processing of personal data must be carried out lawfully and fairly and in a manner that is transparent to the data subject.
  3. Principle of “proportionality, necessity” or “data saving”: Only personal data that is essential to the realization of the purpose of the data processing, suitable for achieving the purpose may be processed. Personal data may only be processed to the extent and for the period necessary to achieve the purpose. Accordingly, the Data Controller processes only and exclusively data that is absolutely necessary.
  4. Principle of “accuracy”: In the course of data processing, it is necessary to ensure that the data are accurate, complete and up to date, if necessary in view of the purpose of the processing, and that the data subject can be identified only for the period necessary for the purpose of the processing.
  5. Principle of “limited storage”: Personal data should be stored in a form that allows the identification of data subjects only for the time necessary to achieve the purposes for which the personal data are processed; personal data may be stored for longer than that period only if the personal data are processed for archiving purposes in the public interest, scientific and historical research or statistics in accordance with Article 89 (1) of Regulation (EU) 2016/679 will be carried out for a specific purpose, in accordance with this Regulation, the rights of data subjects and subject also to the implementation of the appropriate technical and organisational measures required to protect their freedoms.
  6. Principle of “integrity and confidentiality”: By applying appropriate security measures to protect personal data stored in automated data files, the Controller ensures that accidental or unlawful destruction or accidental loss, as well as unlawful access, alteration or distribution is prevented.
  7. Principle of “Accountability”: The Controller is responsible for compliance with points (a) (f) and those set out in the Policy and must be able to demonstrate such compliance.

Carrying out data protection tasks

7.

The Head of the Institution supervises the performance of data protection tasks. In this context, it accepts the data protection policy and ensures its implementation.

The Head of the Institution will take care of;

  1. on the appointment of the Data Protection Officer
  2. on the control of data protection activities
  3. on the preparation and updating of the Policy
  4. on training in data protection

By completing the form, the data subject consents to the storage and processing of their data as defined in this Privacy Policy.

Data Controller;

the natural or legal person who independently or jointly with others determines the purpose, legal basis and means of the processing of personal data.

Designation of the Institution as data controller;

Name: Togala Kft/ Aestella Clinic/

Registered office: 1064 Budapest, Izabella utca 80.

Location: 1095 Budapest, Lechner Ödön fasor 10/B/Millenium Gardens/

Phone number: 06/70-600-1325

E-mail: info@aestellaklinika.hu 

Data processor:

A natural or legal person or any other body that processes personal data on behalf of the controller on behalf of the controller shall perform the technical tasks related to the processing.

An internal employee of the Institution who, on the instructions and authorizations of the Head of the Institution, processes the personal and special data of the Patients and performs technical tasks related to data processing, is considered a data processor.

Legal basis for data processing

8.

  • Exclusive consent of patients
  • Fulfillment of a legal obligation
  • Institution, Patient, Third Party's Legitimate Interest

Contributions of patients (affected):

According to the GDPR, the consent of the Data Subjects must be voluntary, specific, based on appropriate information and unambiguous. In the case of special categories of personal data — health data — consent must be expressed in addition to the above.

Fulfillment of a legal obligation:

The processing of personal and special data recorded and stored in the System of the Institution is necessary for the fulfilment of other obligations under Union and domestic legislation applicable to the Institution as a Data Controller.

Legitimate interest of institution, patient, third party:

The legal basis for the processing of personal and special data is the legitimate interest of the Institution, Patient, third party, since there is an electronic camera system on the territory of the Institution, which is capable of capturing and storing images and sound recordings. The operation of the camera system is aimed at the protection of persons and property, protection of business secrets, clarification of the facts in the event of a dispute.

Taking health data is part of medical treatment. It is determined by the treating physician, taking into account the nature of the treatment, which health data must be collected in accordance with professional rules, in addition to the mandatory data to be collected, in order to achieve the purpose of data processing.

The other person carrying out activities related to the treatment of the Data Subject may collect health data in accordance with the instructions of the treating physician or to the extent necessary for the performance of his or her duties.

Duration of data processing

9.

The Aestella Clinic processes the data provided in accordance with this privacy policy only for the time necessary to achieve the purpose of data processing.

The health record must be kept for at least 30 years from the date of data collection and the final report for at least 50 years. If further registration is not justified, the record shall be destroyed.

All emails received, together with the data entered in the message, will be deleted no later than 5 years from the date of disclosure.

Pursuant to Article 17 (1) of the GDPR Regulation: the personal data processed by the Data Controller shall be deleted from the Data Controller's database without undue delay at the request of the Data Subject (Patient), if there is no other legal basis for the processing than the consent of the Data Subject.

Pursuant to Article 17 (3) of the Regulation, where the personal data processed is necessary for enforcement or reporting to an authority, the processing may be carried out, notwithstanding the request of the Data Subject, on the basis of a legal obligation or on the basis of a legitimate interest.

Personal data shall be deleted by the controller from the registers and documents containing personal data if;

  1. the purpose of the data processing has ceased or the period of storage of the data specified by law has expired
  2. data processing is unlawful
  3. the person concerned requests
  4. ordered by the court or the data protection officer
  5. is incomplete or erroneous and cannot be legally corrected

The circle of persons who know the data, data transmission

10.

The data shall be available primarily to the internal staff of the Institution. Data on the patient's medical treatment will be transmitted to medical institutions and authorities to the extent necessary. The legal basis for the transfer of data is the fulfilment of the legal obligation of the Institution based on legislation.

Current list of data processors;

Mariann Baláti/accountant/

Registered office; 1064 Budapest, Izabella utca 80.

Scope of transmitted data; name, postal code and address of patient, account

Magyar Posta Zrt.

Registered office; 1138 Budapest, Dunavirág u. 2-6

Fiscal Code; 10901232-2-44

Company registration number; 01-10-042463

Website; www.posta.hu

Scope of transmitted data; name, postal code and address of patient, account

Data Processing-Data Security

11.

The personal and health (special) data of the Patients are processed and stored with the express consent of the Patients. The processing of the data is carried out by the internal staff of the Aestella Clinic. The data will be stored in a computer encrypted system on paper, inaccessible to unauthorized third parties.

The controller ensures the protection of health and personal data against unauthorized access, alteration, transmission, disclosure, deletion, destruction and damage, and is responsible for the preservation of records.

Rights of Data Subjects (Patients)

12.

The right to transparent information;

The fundamental right of patients is the right to adequate and transparent information, which is an obligation incumbent on the institution. The information must be provided to the patient in an understandable manner and free of charge. If the patient requests information, it must be given to him without undue delay, but within a maximum of 30 days.

Right of access;

On the basis of the right of access, the Data Controller (Institution) shall, at the request of the Patient, provide a copy of the personal data that is the subject of data processing to the Patient.

Right to data retention;

On the basis of the right to data portability, the Data Subject (Patient) has the right to receive the data provided to him or her by the Institution as controller in a structured, widely used, machine-readable format, as well as the right to transmit such data to another Data Controller without hindrance from the Institution.

Right to rectification;

On the basis of this right, the Patient has the right to have inaccurate personal and special data concerning him corrected by the Institution without undue delay at his request.

Right to be forgotten (erased);

Based on this, the Patient, if there is no other legal basis for data processing, may request the erasure of his personal and special data processed in the Institution, as well as the elimination of traces of data processing.

Right to protest;

In the case of data processing based on legitimate interest, the Data Subject (Patient) may object in writing to the further processing of their personal data despite their request to delete their personal data. In this case, the Institution must demonstrate that there is a legitimate interest in further processing of the Data Subject's data.

Right to restriction of data processing;

The Data Subject has the right to request the controller to restrict the processing if any of the following conditions are met;

  • the data subject disputes the accuracy of the personal data
  • data processing is unlawful, but the data subject objects to the deletion of the data
  • the controller no longer needs the personal data for the purpose of data processing, but the data subject requires them for the establishment, enforcement and protection of a legal claim
  • the data subject has objected to the processing based on a legitimate interest, in which case the restriction lasts until it is established that the legitimate interest of the controller takes precedence.

Managing a Privacy Incident

13.

A data protection incident is the unlawful handling or processing of personal data, in particular unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction or damage.

Procedure in the event of a data protection incident;

Data protection incident management is always the responsibility of the data controller.

  • categorisation of the incident on the basis of the risk to the rights and freedoms of natural persons
  • reporting the incident to the supervisory authority within 72 hours
  • taking measures to eliminate, remedy the incident
  • Identification of those responsible
  • information to stakeholders

Remedies

14.

Right to complain;

If the Data Subject considers that the processing of personal data concerning him or her does not comply with the legal requirements, he or she may lodge a complaint with the National Authority for Freedom of Information on Data Protection to the NAIH. The complainant may have recourse to a judicial remedy against the decision of the NAIH.

Name: NAIH

Registered office; 1125 Budapest, Erzsébet Szilágyi tree line 22/C

Phone: 06 — 1 — 391-1400

Email: ugyfelszolgalat@naih.hu

Website: www.naih.hu

Claim for damages;

Any person who suffers damage as a result of the violation of the provisions of the Info Act and the Regulation has the right to demand compensation for their property and non-pecuniary damage from the data controller or the data processor.

The controller and the data processor are exempt from liability if they prove that they are not in any way liable for the event giving rise to the damage.

Asset Protection

15.

Electronic monitoring system;

In the area operated by Togala Kft there is an electronic monitoring and recording system, as part of which cameras have been placed at the entrance, waiting room and treatment rooms.

Purpose of data processing;

In order to protect human life, physical integrity and property, the prevention, detection of violations, the perpetrator's actions and proof of violations, identification of unauthorized persons entering the premises of the clinic, recording the fact of entry, documenting the activities of unauthorized residents, possible accidents at work and other accidents that may occur examination of the circumstances.

Legal basis for data processing;

Consent of the data subject by entering the territory of Togala Kft.

Type of personal data processed;

Photographs and other personal data recorded by the surveillance system of persons entering the territory of Togala Ltd.

Duration of data processing; SvMT. 31 (3) (c).

Data processor;

Name; Togala Kft.

Registered office; 1064 Budapest, Izabella utca

Location: 1095 Budapest, Lechner Ödön fasor 10/B/Millenium Gardens/

Use of recordings;

Togala Ltd., or the Data Subject whose rights or legitimate interests are affected by the recording, are entitled to view the current image of the cameras. The data controller shall record the name of the person making them, the reason for and the time of obtaining the data in a record of the insights into the recorded recordings. Transfer of data to the authorities conducting them in case of infringement or criminal proceedings.

Other provisions

16.

1. /The Institution undertakes that, if the Institution intends to use the provided data for a purpose other than the purpose of the initial data collection, it will inform the Patient about this and arrange for his prior express consent, or provide him with the opportunity to prohibit the use.

2. /The Institution undertakes to ensure the security of the data and to take technical measures to ensure that the data collected, stored or processed are protected, or to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration. It also undertakes to invite any third party to whom the data may be transferred or transmitted to comply with its obligations in this regard.

3. /The Institution reserves the right to unilaterally amend this policy without prior notification to the Data Subjects on the Website.

Menu

Appointment booking

General Contractual Terms and Conditions (GTC)
Imprint
Privacy Policy
By Brandingo Agency