This Notice regulates the management and processing of certain personal data implemented by MEDITECH Egészségügyi Szolgáltató, Műszerfejlesztő és Kereskedelmi KFT. (registered seat: H-1184 Budapest, Mikszáth Kálmán utca 24.; company registration number: 01-09-069263; represented by :dr. István Szőllősi Managing Director) (hereinafter referred to as: Data Controller) as follows.
This Notice is acknowledged by the Data Controller as binding for itself. In addition, Data Controller shall commit itself to perform the processing of personal data at all times in accordance with the rules of law in effect and as described in this Notice.
This Notice can be amended and/or withdrawn unilaterally any time with information to be sent simultaneously to the Data Subject. The information shall be implemented by publication on the website or, subject to the type of change, by direct notification to be sent to the Data Subjects.
Should you have any question or remark with regard to this Notice or the data processing, please do not hesitate to contact us on any of the following contact details: at the e-mail address of meditech@meditech.hu or at the postal address H-1184 Budapest, Mikszáth Kálmán utca 24. of the Data Controller.
1. Personal scope: this Notice covers all data processing implemented by the Data Controller in relation to the following natural persons (hereinafter referred to summarized as: Data Subject):
In the case of personal data that do not originate from the Data Subject, the person disclosing the data is responsible for acquiring the consent of the Data Subject so that the data can be disclosed to the Data Controller.
2. Temporal scope: This Notice enters into force on 27 August 2021 and remains in force until withdrawn or amended. This Notice shall be also applied to data processing in progress at the time of entering into force.
3. Territorial scope: the scope of this Notice covers all data processing implemented by the Data Controller on any (geographical) territory.
4. Scope of coverage: this Notice regulates the data processing implemented by the Data Controller in relation to the Data Subjects, defining its purposes and legal basis, the applied tools and methods as well as the introduced security measures.
The other definitions applied in this Notice comply with the rules of law in effect, including in particular: the definitions described in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as: GDPR) and in Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as: Privacy Act). When performing data processing, the Data Controller shall act in full conformity with the prevailing regulations.
When processing the data of the Data Subject, the Data Controller shall act with full consideration of the following basic principles:
The Data Controller established its rules of procedure in conformity with the above-mentioned principles, it continuously reviews and, if necessary, amends them. In the course of data processing, the Data Controller ensures the integrated and default data protection.
Purpose of data processing | Affected data | Legal ground | Period of storing |
For the position applied, examination of the employment of the Candidate, contact-keeping | according to the CV | consent (Article 6 Paragraph (1) a) of the GDPR) | maximum up to the closing of the election process |
possible future employment of the Candidate, for the purpose of contacting them with new job offers, the CV is stored | according to the CV | consent (Article 6 Paragraph (1) a) of the GDPR) | maximum for one year after the submission of the CV |
Data transfer will not take place. Only the managing director of the Data Controller and/or the head of the area for which area the Candidate submits an application may have access to the data of the Candidates.
Possible legal consequences of failing to have consent: in the lack of consent, the Data Controller cannot employ the Candidate, because in lack of a CV it cannot make a well-founded decision with regard to their employment.
The Data Controller may enter into several types of contracts with the Data Subjects, the conclusion and fulfilment of which serves the interest of both parties. The present Chapter does not apply to the labour contracts to be entered into with the Candidates, for which a separate Notice is applicable.
Purpose of data processing | Affected data | Legal ground | Period of storing |
measures to enter into a contract (e.g. giving an offer); entering into the contract/establishment, modification and termination of an obligation | complete name, home address, mother’s name, place and date of birth, number of identity card, in case of a self-employed entrepreneur, in addition their registered seat, tax ID code, bank account number, number of self-employed certificate, contact details. | fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) | general taxation period of limitation (termination of the contract + 8 years) |
authority notifications with regard to the contract – if required by law | according to the requirements of law (for example: number of certificates, tax ID code/tax number, social security number) | fulfilment of legal obligation (Article 6 Paragraph (1) c) of the GDPR) | general taxation period of limitation (termination of the contract + 8 years) unless legal regulation does not provide for a longer period of storing |
determination and disbursement of remuneration, payment of public dues | amount of remuneration, sum of public dues, certificate of performance, bank account number, tax ID code/tax number | fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) and fulfilment of legal obligation – in particular: taxation rules (Article 6 Paragraph (1) c) of the GDPR) | general taxation period of limitation (termination of the contract + 8 years) unless legal regulation does not provide for a longer period of storing |
Data transfer: in the case of certain contracts or obligations, personal data may be transferred to third persons. Such is, for example, the authorized accountant with regard to determination, disbursement of the remuneration and payment of the public dues (this entity is currently: ARANY MARNA KÖNYVELDE Cégszolgáltató Korlátolt Felelősségű Társaság, registered seat: HU-1118 Budapest, Radóc u. 15.; company registration number: 01-09-709134, represented by: Mariann Ágnes AZARI Managing Director). The Data Controller shall provide for the safety of data transferred through appropriate guarantees and other measures (also see Chapters V-VI).
In addition, Data Controller is entitled to transfer the contact person’s data (name, telephone number, address) to the freighter. Freighters used by the Data Controller:
In order to fulfil the contracts concluded by the Data Controller, it is entitled to process certain personal data of employees and other delegates of the (non-natural person) contracting partners.
Purpose of data processing | Affected data | Legal ground | Period of storing |
contact-keeping with the contracting partner, making legal statements for the purpose of the fulfilment of the contract, implementation of other actions (e.g. delivery, management of complaints, transfer and receipt procedure, etc.) | name, name and address of the workplace, position, e-mail address, telephone number (company), fax number (company) | Legitimate interest of the Data Controller and the partner to the possibility of fulfilment of the contract (Article 6 Paragraph (1) f) of the GDPR) | termination of the contract or lawful objection by the data subject |
Collection or enforcement of receivables in relation to claims against the partner | name, name and address of the workplace, position, e-mail address, telephone number (company), fax number (company) | Legitimate interest of the Data Controller to lawfully and quickly enforce its claims (Article 6 Paragraph (1) f) of the GDPR) | general civil law period of limitation (termination of the contract + 5 years) or the lawful objection by the data subject |
Acquisition of qualification certificates | data of the certifying natural person according to their CV | Legitimate interest of the Data controller to qualification of its products (Article 6 Paragraph (1) f) of the GDPR) | general civil law period of limitation (termination of the contract + 5 years) or the lawful objection by the data subject |
Data transfer: The Data Controller is entitled to store these data in data bases accessible to its employees/delegates and to store them for the purpose of fulfilment of the contract, including the possible transfer to the transporter/freighter. In addition to the above-mentioned cases, the data may be forwarded to any authority on the basis of legal regulation.
Freighters used by the Data Controller:
The Data Controller is entitled to monitor the activity of the Data Subject carried out at the registered seat of the Data Controller (H-1184 Budapest, Mikszáth Kálmán utca 24.) in certain cases. The methods applied protect certain legitimate interests of the Data Controller (for example: property protection, protection of business secrets, etc.).
Purpose of data processing | Affected data | Legal ground | Period of storing |
at the seat of camera surveillance | image, motion picture, date and place | Legitimate interest of the Data Controller manifested in the protection of property and safety of the Data Controller and its employees, and the business secrets of the Data Controller (Article 6 Paragraph (1) f) of the GDPR) | recording + 7 days; if used, the records are stored through the shortest period needed for the achievement of the goal |
The website www.meditech.hu and other landing pages operated by the Data Controller (hereinafter collectively referred to as: Website) are the property of the Data Controller. The Website is a public interface, accessible to anybody, but certain parts of it can be accessed only by registered users.
When using the individual functions and sub-pages of the Website, the following data processing take place:
Purpose of data processing | Affected data | Legal ground | Period of storing | Data transfer |
entering into contact | Name, country, e-mail address, message; voluntary, furthermore: phone number, product | consent (Article 6 Paragraph (1) a) of the GDPR) | 5 years | not applicable |
request for offer through the Website (special case of entering into contact) | Name, country, e-mail address, message; voluntary, furthermore: phone number, product | consent (Article 6 Paragraph (1) a) of the GDPR) | 5 years | Where appropriate: distributor * |
education interface (dobedu) | Name, e-mail address, password, fact of completion of the education; browser used for education, type of device and operating system | fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) | deletion of registration by the user or automatically** | Yodaforce Holding Kft. data processor (registered seat: H-1145 Budapest, Amerikai út 13. company registration number: 01-09-200516) |
registration interface for the purpose of software download | name, e-mail address, phone number, serial number of the device | fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) | deletion of registration by the user or automatically** | not applicable |
notification of defects through the website | Name, company name, country, e-mail address, description of the problem, serial number of the machine; optional: telephone number | consent (Article 6 Paragraph (1) a) of the GDPR) | 5 years | not applicable |
Use of PayPal | name, bank card number, expiry date | fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) | general taxation period of limitation (termination of the contract + 8 years) | PayPal (Europe) S.à.r.l. et Cie, S.C.A. *** |
* We draw your attention to the fact that, in case you request a quotation from us through the contact form of the Website (including the landing page) and the Data Controller is unable to directly submit the quotation due to contractual or distribution difficulties, then we will forward your personal data provided at the time of contacting us to our regionally competent distributor, who will contact you for the purpose of sending the quotation. The list of our distributors is available here. The distributors will process your personal data under their own right.
** We draw attention to the fact that, because the downloadable software products are typically updated three times a year, therefore, if a person who registered fails to enter the system for at least one year, i.e. they fail to regularly update the software from the Website, and they fail to enter the system even despite a reminding e-mail sent subsequently, then the registration will be deleted within 14 days following the date of sending the e-mail.
*** In case you choose the PayPal payment method through the Website, then we draw your attention to the fact that you establish legal relationship with PayPal (Europe) S.à.r.l. et Cie, S.C.A. and its associated enterprises (registered seat: 22-24 Boulevard Royal L-2449, Luxembourg, EU; tax number: LU22046007). Below you can find information of the data processing carried out by PayPal: https://www.paypal.com/myaccount/privacy/privacyhub.
The hosting service provider of the Website is 3 in 1 Hosting Számítástechnikai és Szolgáltató Betéti Társaság (registered seat: H-2310 Szigetszentmiklós, Brassó utca 4/A.; company registration number: 13-06-055290, https://megacp.com/contact.php).
Cookies used by the Website:
1. Fundamental cookies
For the proper operation of the Website fundamental cookies are needed. Such cookies make the Website appropriate for use with such fundamental functions as, for example, the navigation of the site and the access to the safe areas of the Website, or language settings. Since they are important for the operation of the Website, you cannot ban such cookies. We perform the related processing of the personal data pursuant to Article 6 Paragraph (1) f) of the GDPR.
The fundamental cookies used by us for the provision of the Website include the cookies which
Name of the cookie | Description of the cookie | Date of deletion |
Login | Detection of the logging in to the Website and maintenance of the logging in during navigation | If the session expires, it becomes deleted |
GDPR cookie | It stores the data of declaration for storing the cookies, in a coded format. | Its expiry period is 1 year. |
2. Google Analytics
We use the web analytical service called Google Analytics, provided by Google, LLC. Google Analytics helps analysing how the individual users use the Website. Google Analytics does not collect personal data and does not use cookies either. Google uses the information to make and deliver reports on the activities relating to the Website as well as to provide other services connected to the use of the Website and use of internet. The analytical service provides assistance to us in improving our services.
You can ban and delete the cookies in the settings of your browser any time. However, afterwards it may occur that certain functions of the Website are accessible only in a limited form.
Purpose of data processing | Affected data | Legal ground | Period of storing |
sending newsletters – to existing contracting partners | e-mail address | Legitimate interest of the Data Controller (Article 6 Paragraph (1) f) of the GDPR)* | until the data subject does not object or the partner status is not lost |
sending newsletters to other companies which are not partners | e-mail address | Legitimate interest of the Data controller (Article 6 Paragraph (1) f) of the GDPR)* | until the data subject does not object |
sending newsletters to interested parties | e-mail address | consent (Article 6 Paragraph (1) a) of the GDPR)** | until the consent is not withdrawn |
organization of events | Name, e-mail address | Legitimate interest of the Data controller (Article 6 Paragraph (1) f) of the GDPR)* | until the event is completed |
use of social media interfaces (Facebook, Instagram, LinkedIn, YouTube) *** | Name | consent (Article 6 Paragraph (1) a) of the GDPR)** | until the consent is not withdrawn |
* In data processing activities defined in this Chapter that are based on a legitimate interest, the legitimate interest is manifested in the fact that the Data Controller is able to continue its commercial activity efficiently and is able to directly inform the existing and potential partners of its new products, any possible sales and any changes affecting the products and software.
** Possible legal consequences of not having consent: the data subject does not receive any notification of the sales and novelties affecting the products. The giving of consent is not a precondition for the conclusion of a contract.
*** We draw the attention of the data subjects to the fact that the data processing notice of the relevant interface applies to the data processing implemented by the individual social media interfaces.
Data Controller provides for default and integrated data protection. For this purpose, the Data Controller applies appropriate technical and organisational measures in order to
The Data Controller endeavours not to transfer any data of the Data Subject to third persons. However, the transfer of data cannot be avoided in certain cases. Data Controller shall transfer data to third persons primarily in the following cases:
In addition to the cases specified above, the Data Controller is also entitled to transfer data to third persons, which data transfer shall be made in compliance with the prevailing rules of law.
The processing and control of certain part of the data is performed through the server at the registered seat of the Data Controller.
Data transfer to third countries may only take place if a conformity decision is available, and in lack of such decision, by presentation of appropriate company guarantees, general data protection stipulations or differences provided by rule of law for the relevant situation, and, as a last resort, only if Data Subject consents to it. If there is no satisfactory data protection law or policy available in the country where the Data Controller transfers the Personal data to, the Data Controller itself or through any other member of the group of companies shall provide the contractual assurances with the severity provided by the rules of law in effect for the protection of the data. The Data controller is fully liable for the lawfulness and safety of the data.
The data protection backup is stored in Hungary.
The Data Controller stores the data of the Data Subject for the period described above at the individual purposes of data processing, afterwards the data will be destroyed. The ever prevailing legal regulations also apply to the period of storing the data, that is, in case the legal regulations provide for the storing of the data for a longer period than that mentioned above, then the Data Controller is entitled to store the data for the period defined in the legal regulation.
The Data Controller applies physical, technical and organisational safety measures to a reasonable extent for the protection of the data of Data Subjects, particularly against their accidental, unauthorized and illegitimate destruction, loss, change, transfer, use, access or processing. The Data Controller shall immediately notify the Data Subject if any unauthorized access to or use of the personal data is detected by it, which unauthorized access or use have high risk for the Data Subject.
If transfer of any data of the Data Subject is necessary, the Data Controller shall ensure the protection of the data transferred, for example by encrypting the data file. The Data Controller has full liability for the processing of the data of the Data Subject implemented by third persons.
The Data Controller also ensures by proper and regular backups for the data of the Data Subject to be protected against destruction or loss.
With regard to the data processing, the Data Subject has the following rights:
The Data Subject can exercise their rights any time. The Data Subject can send the request for it to the e-mail address meditech@meditech.hu or to the following mail address: Adatkezelő (Data controller) H-1184 Budapest, Mikszáth Kálmán utca 24. Data Controller informs the Data Subjects that, pursuant to the legal regulations in effect, it is not obligated to appoint a data protection officer, but an appointed data protection officer is at the disposal of the Data Subjects at the above contact details.
The Data Controller is entitled to identify the Data Subject before giving any reply (in order to check whether the request came from the eligible person). The Data Controller considers the contacts received from the e-mail address of the Data Subject registered by the Data Controller that they come from the Data Subject. In the case of requests received in any other form, the Data Controller is entitled to verify the Data Subject in another way (e.g. to inquire about the truthfulness of the written request orally on the telephone number provided, to require written confirmation of an oral request, or to initiate any other adequate identification).
The Data Controller will check the requests received and arranges them without delay but not later than within one month, in exceptional cases in a longer term allowed by law, or rejects them (with explanation). The Data Controller will inform the Data Subject of the result of the decision in writing. Solving the request is free of charge, except for unfounded or exaggerate requests, for the solving of which the Data Controller is entitled to charge a reasonable fee complying with its administration costs.
The Data Subject can submit comments or complaints any time against the data processing at the Data Controller at the above-mentioned contact details (at e-mail address meditech@meditech.hu or the mail address HU-1184 Budapest, Mikszáth Kálmán utca 24.). In addition, the Data Subject is entitled to initiate a legal proceeding at the court seated at the place of residence of the Data Subject, which proceeding is free of duty and in the course of which the court will give priority to the proceeding. In addition, the Data Subject may submit a complaint to the Hungarian National Authority for Data Protection and Freedom of Information:
Telephone: +36 (30) 683-5969
address: H-1055 Budapest, Falk Miksa utca 9-11. (1363 Budapest, P.O.B. 9.)
In the course of data processing, the accuracy and completeness of the data must be ensured and, if necessary with regard to the purpose of the data processing, their updating. For this purpose, the Data Controller requests the Data Subjects to inform the Data Controller of any change in their personal data registered by the Data Controller as soon as possible.
***