Data Protection Statement


MEDITECH Egészségügyi Szolgáltató, Műszerfejlesztő és Kereskedelmi Korlátolt Felelősségű Társaság (hereinafter: MEDITECH Kft., Company or controller) as data controller, considers the contents of this legal notice to be binding. It undertakes to ensure that all data processing related to its activity meets the requirements set out in this policy and in all applicable legislation.

MEDITECH Kft. reserves the right to modify this information document, in which case it shall inform its customers of this in the same manner and scope as this information document is published.

The controller:
Name: MEDITECH Egészségügyi Szolgáltató, Műszerfejlesztő és Kereskedelmi Korlátolt Felelősségű Társaság
Registered office: 1184 Budapest, Mikszáth Kálmán utca 24
Company registration number: 01-09-069263
Court of registration: Court of Registration of the Metropolitan Court of Budapest
Tax number: 10397880-2-43
Telephone number: +36 1 2808232
Email: meditech@meditech.hu

I. General Information

MEDITECH Kft. is committed to the protection of the personal data of its customers and partners and considers it extremely important to respect the right of informational self-determination of its customers. It processes personal data confidentially and will take all security, technical and organisational measures that guarantee the security of data. MEDITECH Kft. keeps the data covered by this information document in the computer system kept at its registered office. The electronically processed data are protected against viruses, with passwords only valid for certain periods, boundary protection devices and regular backups.
 
The data processing activity of MEDITECH Kft. is governed by the following legal regulations:

•    Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
•    Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act);
•    Act V of 2013 on the Civil Code (Civil Code);
•    Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society-Related Services (E-commerce Act);
•    Act C of 2003 on Electronic Communications (Electronic Communications Act);
•    Act XLVIII of 2008 on Essential Conditions Of And Certain Limitations On Business Advertising (Advertising Act).

This data protection information document contains the facts, rights and obligations relating to data processing exhaustively. It is not necessary to be aware of the legal regulations listed above in order to interpret the information document, the sole purpose of this list is to enable the data subject to verify, at their discretion, that this information document complies with legal regulations.

The data processing activities of MEDITECH Kft. are based primarily on voluntary consent. This information document expressly indicates where the processing, storage or transfer of certain data is ordered by a legal regulation. If the provider of the data does not provide their own personal data, they are obliged to obtain the consent of the data subject. The provider of the data is responsible for the authenticity and accuracy of the supplied personal data.

MEDITECH Kft. does not offer or provide services to children below the age of 16.

II. Data processing

A) Website of the Company (www.meditech.hu)

The data supplied by the data subjects on the Company’s website are entered into the database of MEDITECH Kft.

Purpose of the processing:
-    to identify and distinguish the users;
-    to record events and actions relating to the existing and potential customers of the company,
-    to analyse the services used and user habits in order to continuously improve the quality of service,
-    to transfer data to local resellers within the territory of the European Union.

Legal basis for data processing: voluntary consent of the data subject. Personal data may be provided when the data subject has studied the information document and confirms this by ticking the corresponding checkbox on the website.

Scope of data processed:
-    name,
-    electronic contact information (email),
-    contact language,
-    indication of the country where the data subject resides,
-    phone number,
-    proposals requested by the data subject, executed orders.

Duration of data processing: until the user withdraws consent, but no later than 2 years from the user’s last activity.

Registration

The data subject may choose to register on the Company’s website as a user. Certain content elements of the website and some detailed personalised information and offers are only available to users who are registered on the website.

Purpose of the processing:
-    to identify and distinguish the users;
-    to record events and actions relating to the existing and potential customers of the company,
-    to send support materials, to analyse the services used and user habits in order to continuously improve the quality of service,
-    to transfer data to local resellers within the territory of the European Union.

When the data subject has no legal relationship with the company, data processing is based on voluntary consent. Personal data may be provided when the data subject has studied the information document and confirms this by ticking the corresponding checkbox on the website. When the data subject has a contract with the Company, data processing is required for performing the contract and for performing the Company’s legal (accounting, tax) obligations.

Scope of data processed:
-    name,
-    username, password
-    electronic contact information (email), phone number
-    contact language,
-    indication of the country where the data subject resides,
-    proposals requested by the data subject, executed orders.

The Company sends occasional newsletters to registered users in compliance with the provisions of Section II/C.

*     *     *

The Company also provides information on its services on the basis of email and phone inquiries, for which no registration or supply of personal data is required.

Data Processors: 3 in 1 Hosting Számítástechnikai és Szolgáltató Betéti Társaság
Registered office: 2310 Szigetszentmiklós, Brassó u. 4/A. HUNGARY
Telephone number: +36 (21) 200 0040
Email: admin@megacp.com

B) Adwords landing pages

www.ambulatorybloodpressuremonitor.com/ambulatory-blood-pressure-monitor-systems.php
www.ambulatorybloodpressuremonitor.com/24-hour-blood-pressure-monitor-systems.php
www.ambulatorybloodpressuremonitor.com/24-hr-ambulatory-holter-abpm-monitor-sale.php
www.holter-tension.com/monitoreo-ambulatorio-de-presion-arterial-mapa.php
www.holter-tension.com/holter-de-presion-arterial.php
www.holter-tension.com/mapa-cardiologia-de-tension-arterial-24-horas.php
www.holter-tension.com/holter-pression-arterielle-ta-hypertension-mapa.php
www.holter-tension.com/mapa-cardiologie-mesure-ambulatoire-de-la-pression-arterielle-24-heures.php
www.meditech.hu/24-stunden-langzeit-blutdruckmessung-gerat-rr-holter-abpm.php

www.meditech.hu/langzeit-24-stunden-blutdruckmessgerat-blutdruckmesser.php
www.meditech.hu/24-hour-holter-ecg-system.php

The data of the individuals registering on the above website are entered into the Company’s database.

Purpose of the processing:
-    user identification,
-    to send personalised information and price quotations to customers,

Legal basis for data processing: voluntary consent of the data subject. Registration may take place when the data subject has studied the information document and confirms this by ticking the corresponding checkbox on the website.

Scope of data processed:
-    name,
-    electronic contact information (email),
-    contact language,
-    indication of the country where the data subject resides,
-    phone number,
-    proposals requested by the data subject, executed orders.

Duration of data processing: until the user withdraws consent, but no later than 2 years from the user’s last activity.

Data Processors: 3 in 1 Hosting Számítástechnikai és Szolgáltató Betéti Társaság
Registered office: 2310 Szigetszentmiklós, Brassó u. 4/A. HUNGARY
Telephone number: +36 (21) 200 0040
Email: admin@megacp.com

C) Newsletter

MEDITECH Kft. analyses the data and user habits of users and interested parties in order to send personalised queries to users. MEDITECH Kft. follows and monitors the user activities in the newsletters sent. The system distributes individual and personalised newsletters on the basis of the collected data.

Purpose of data processing: to send email newsletters to interested parties with economic advertisements, to provide information on the relevant and current facts and promotions, to send direct marketing materials containing the business offers of the controller and its partners, to monitor the activity related to the distributed messages and to personalise the newsletters on the basis of other data (position) provided by the subscribed users as well as to maintain contact with them.
 
Legal basis for data processing: voluntary consent of the data subject. The data subject may request newsletters by ticking the corresponding checkbox on the website.

Processed data: email address, name, consent to receiving direct marketing material; furthermore, the system stores the analytical data of subscription and unsubscription, distribution, delivery and opening of messages (e.g., date and time of the events, IP address of the computer, reason for failed delivery).

Duration of data processing: until the user withdraws consent, but no later than 2 years from the last opening of the newsletter by the user.
 
Requests to withdraw consent to receiving direct marketing messages and for the erasure or modification of personal data may be sent in one of the following ways:
•    by clicking on the link to unsubscribe from direct marketing in the footer of the newsletters,
•    by email, addressed to meditech@meditech.hu, or
•    by post sent to MEDITECH Kft., 1184 Budapest, Mikszáth Kálmán utca 24

Data Processors: 3 in 1 Hosting Számítástechnikai és Szolgáltató Betéti Társaság
Registered office: 2310 Szigetszentmiklós, Brassó u. 4/A. HUNGARY
Telephone number: +36 (21) 200 0040
Email: admin@megacp.com

D) Online payment (PayPal)

Our customers can pay for the ordered goods or services via PayPal. As online payment only takes place when a contract is established between the customer and the Company, the Company retains the provided data in order to perform the contract, to manage any claims arising from it and to fulfil accounting and tax obligations. The duration of processing is 5 years.

E) Blog

The Company operates an online blog for interested parties. Users can subscribe to the blog by providing their names and email addresses.

Purpose of the processing:
-    user identification,
-    notification whenever a new post is added,

Legal basis for data processing: voluntary consent of the data subject. Registration may take place when the data subject has studied the information document and confirms this by ticking the corresponding checkbox on the website.

Scope of data processed:
-    name,
-    electronic contact information (email),

Duration of data processing: until the user withdraws consent, but no later than 2 years from the user’s last activity. Each notification sent to the data subject contains an option to unsubscribe from the blog.

III. Other information relating to Internet use

The Company does not register the user's IP address or other personal data not listed in this information document.

In order to offer a personalised service, the service provider may place a small data package, known as a cookie, on the computer of the user. A cookie is a text file, not larger than 4 kilobytes and is stored on the Internet browser about the visited servers. The purpose of the cookies is to make Internet use more comfortable by storing certain data (name, password etc.). With the help of cookies, websites can be customised. [Why does MEDITECH use cookies?]. Users can delete cookies from their own computers and may also set up their browser to block cookies.

The html code of the portal is independent from MEDITECH Kft. and contains links from an external server pointing to an external server. The external service provider’s server has a direct connection with the user’s computer. We wish to inform our visitors that the providers of such links are able to collect user data based on the direct connection with their servers and direct communication with the user’s browser (e.g., IP address, browser, data of the operating system, mouse pointer movement, address of the visited site and time of the visit). Any content, personalised for the user, is served by the external provider’s server. The controllers listed below can provide detailed information on the processing of data by servers of external providers.

The Company employs a web analytics provider, who may process only data, deprived of information referring to individuals and no personal data. The web analytics service is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View CA94043) within the framework of the Google Analytics service. Info: www.google.com.

IV. Personal and telephone contact

MEDITECH Kft. does not record incoming/outgoing calls.

It uses an electronic surveillance system at the premises of the registered office of the Company, marked with a sign, in order to protect people’s life, physical integrity, personal freedom and business secrets as well as to protect its assets. The electronic surveillance system supports image, voice, and image and voice recording and storage.

Whenever a data subject enters the surveilled area being aware of this information, they give their voluntary consent to the image or voice recording.

The recordings are stored at the registered office of the Company.
Duration of storage: 3 working days.
System operator (data processor):
Persons entitled to access the data: Executive director, operating staff.

V. Other data processing

Information is provided on processing not listed in this information document when the data are recorded. We hereby inform our customers that the court, the prosecutor, the investigative authority, the offence authority, the administrative authority, the National Authority for Data Protection and Freedom of Information and, based on an authorisation granted by law, other agencies may approach the controller for information, disclosure and transfer of data or the supply of documents. When the authority specifies the exact purpose and the scope of data, MEDITECH Kft. discloses personal data to authorities only to such an extent that is absolutely required for achieving the objective of the request.

MEDITECH Kft. selects and operates the IT equipment used for processing personal data and supplying its service by making sure that the processed data are accessible by the authorised parties, their integrity may be certified and they can be protected against unauthorised access.
 
MEDITECH Kft. protects data the with appropriate measures against unauthorised access, change, transfer, publication, deletion or destruction and against accidental destruction or damage or non-accessibility resulting from a change in the applied technology.
 
To protect the data files processed electronically in various records, MEDITECH Kft. ensures via appropriate technical solutions that the data stored in the records – unless permitted by law – cannot be directly linked and associated with the data subject.

VI. Rights of the data subject

The data subject may request information about the processing of their personal data and may request the rectification and, with the exception of data not processed based on voluntary consent, the erasure or blocking of their personal data in a manner indicated at data registration or at the contact points of the controller.
 
Right of access: process upon the data subject’s request, MEDITECH Kft. as data controller shall provide information concerning the data processed by it and the data processed by a data processor on its behalf, the sources from where they were obtained, the purpose, grounds and duration of processing, the name and address of the data processor and on its activities relating to data processing, the circumstances and effects of the personal data breach and the measures taken for its elimination and - if the data are transferred- the legal basis and the recipients. The data controller must comply with requests for information, within the shortest possible time, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than 15 days and shall make available copies of the personal data being processed to the data subject. The information is provided free of charge once a year, but if there is more than one request, MEDITECH Kft. reserves the right to establish a charge for the supply of information.

Right to rectification: upon the data subject’s request, the Company rectifies any inaccurate personal data relating to the data subject within 8 days from the receipt of the request. Furthermore, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement

The Company shall communicate any rectification to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about such recipients at the request of the Data Subject.

Right to erasure (‘right to be forgotten’): MEDITECH Kft. shall erase personal data if
-    they are no longer necessary in relation to the purposes for which they were processed,
-    the data subject withdraws consent on which the processing is based provided that there is no other legal ground for the processing,
-    the data subject objects to processing and the personal data are not required for enforcing the interests of the controller,
-    they are processed unlawfully;
-    the personal data must be erased for compliance with a legal obligation in Union or Member State law,
-    the data storage period defined by law has expired.

The controller erases the personal data within 15 days from the receipt of the request. If the controller does not fulfil the erasure request, the reasons of the rejection shall be communicated in writing or, with the data subject’s consent, electronically, within 15 days.

The rejection may be lawful when
-    the conditions of the request for erasure indicated above do not prevail,
-    the processing is required for exercising the right of freedom of expression and information;
-    there is a public interest that relates to employment or public health,
-    the erasure of the data would make its archiving in the public interest or its use for scientific, historical and statistical purposes impossible,
-    personal data are required for the establishment, exercise or defence of legal claims.

The Company shall communicate any erasure of personal data to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about such recipients at the request of the Data Subject.

Right to restriction of processing: the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
-    the accuracy of the personal data is contested by the data subject, in which case the restriction concerns the 15-day period during which the Company can verify the accuracy of the personal data;
-    the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
-    the Company no longer needs the personal data but they are required by the data subject for the establishment, exercise or defence of legal claims;
-    the data subject has objected to processing; pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing shall be informed by the Company in advance of the lifting of the restriction on processing.

The Company shall communicate any restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about such recipients at the request of the Data Subject.

Right to data portability:

The data subject shall have the right to receive the personal data concerning them, which they provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. The data subject is entitled to this right in respect of the scope of personal data which the Company processes on the basis of the data subject’s voluntary consent or for the performance of a contract to which the data subject is a party.

The data subject may also request the Company to transfer data processed as indicated above directly to another controller. The Company may refuse the request if technically impossible or if it involves disproportionate effort.

The disclosure and transfer of data is free of charge on xxx occasions a year, but if there is more demand, MEDITECH Kft. reserves the right to establish a charge for the supply of information. Furthermore, the Company is entitled to refuse to disclose or transfer data if it involves an abuse of a right.

Right to object:

If, for any reason relating to their situation, the data subject objects to the processing of personal data that the Company processes because it is in the interest of the public or for the enforcement of legitimate interest of the controller or a third party, the Company shall assess the request within the shortest possible time from its submission, but within no more than 15 days and shall decide whether it is a well-substantiated request and then shall inform the applicant of its decision in writing. If, according to the findings of the controller, the data subject’s objection is justified, the controller shall terminate all processing operations (including data collection and transfer), block the data involved and notify all recipients to whom any of these personal data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection. Should the data subject disagree with the controller’s decision, they shall be entitled to initiate – within 30 days of receipt – a court action against it. MEDITECH Kft. shall not erase the data of the data subject if processing has been prescribed by law. However, data may not be transferred to the data recipient if the controller agrees with the objection or if the court has found the objection justified.

Contrary to the above, where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of their data for such marketing purposes, which also includes profiling to the extent that it is related to such direct marketing. [see: Article 21 (4) of the GDPR]. In such a case, the Company shall terminate all processing operations and notify all recipients to whom any of these personal data had previously been transferred concerning the objection and the ensuing measures.

Liability and restitution

MEDITECH Kft. shall be liable for any damage caused to a data subject as a result of unlawful processing or by any breach of data security requirements. When the personal rights of the data subject have been violated, the data subject may demand restitution (Section 2:52 of the Civil Code). The controller shall also be liable to the data subject for any damage caused by a data processor acting on its behalf. The controller may be exempted from liability if the damage was caused by reasons beyond the scope of processing. The controller shall pay no compensation and no restitution may be demanded where the damage was caused by, or the violation of rights relating to personal is attributable to, intentional or gravely negligent conduct by the data subject.

VII. Legal remedies

Right to turn to a court:
In the event of any infringement of their rights, the data subject may file for court action against the controller. The court shall hear such cases in priority proceedings.
 
Data protection authority proceedings:
Complaints may be submitted to the National Authority for Data Protection and Freedom of Information:
Name: Hungarian National Authority for Data Protection and Freedom of Information
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36 1/391-1400
Fax: +36 1/391-1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu