Now loading.
Please wait.

DATA PRIVACY NOTICE

 

This Notice regulates the management and processing of certain personal data implemented by MEDITECH Egészségügyi Szolgáltató, Műszerfejlesztő és Kereskedelmi KFT. (registered seat: H-1184 Budapest, Mikszáth Kálmán utca 24.; company registration number: 01-09-069263; represented by :dr. István Szőllősi Managing Director) (hereinafter referred to as: Data Controller) as follows.

 

Introduction

This Notice is acknowledged by the Data Controller as binding for itself. In addition, Data Controller shall commit itself to perform the processing of personal data at all times in accordance with the rules of law in effect and as described in this Notice.

This Notice can be amended and/or withdrawn unilaterally any time with information to be sent simultaneously to the Data Subject. The information shall be implemented by publication on the website or, subject to the type of change, by direct notification to be sent to the Data Subjects.

Should you have any question or remark with regard to this Notice or the data processing, please do not hesitate to contact us on any of the following contact details: at the e-mail address of meditech@meditech.hu or at the postal address H-1184 Budapest, Mikszáth Kálmán utca 24. of the Data Controller.

 

I. The Scope of the Notice

 

1. Personal scope: this Notice covers all data processing implemented by the Data Controller in relation to the following natural persons (hereinafter referred to summarized as: Data Subject):

  1. persons who submitted a CV to the Data Controller for the purpose of establishing an employment relationship (hereinafter: Candidate)
  2. the natural person contracting partners of the Data Controller, including the self-employed entrepreneurs (hereinafter: Contracting Partners)
  3. the contact persons and other contact partners specified by the non-natural person contracting partners of the Data Controller (hereinafter collectively referred to as: Contact partner)
  4. Furthermore, other natural persons in special cases.

In the case of personal data that do not originate from the Data Subject, the person disclosing the data is responsible for acquiring the consent of the Data Subject so that the data can be disclosed to the Data Controller.

2. Temporal scope: This Notice enters into force on 27 August 2021 and remains in force until withdrawn or amended. This Notice shall be also applied to data processing in progress at the time of entering into force.

3. Territorial scope: the scope of this Notice covers all data processing implemented by the Data Controller on any (geographical) territory.

4. Scope of coverage: this Notice regulates the data processing implemented by the Data Controller in relation to the Data Subjects, defining its purposes and legal basis, the applied tools and methods as well as the introduced security measures.

 

II. Basic definitions

 

  1. Personal data: any information relating to an identified or, directly or indirectly, identifiable natural person (“data subject”);
  2. Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. As a main rule, the Data Controller shall not process any special data (e.g. information on health) in relation to the Data Subject. Processing of special data may only take place on the basis of explicit preliminary consent or legal authorization.
  3. Consent of the Data Subject: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  4. Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  5. Data Controller: MEDITECH Egészségügyi Szolgáltató, Műszerfejlesztő és Kereskedelmi KFT. (registered seat: H-1184 Budapest, Mikszáth Kálmán utca 24.; company registration number: 01-09-715665, represented by: dr. István Szőllősi Managing Director; contact details: meditech@meditech.hu, tel.: +36-1-280-82-32);
  6. Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  7. Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

The other definitions applied in this Notice comply with the rules of law in effect, including in particular: the definitions described in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as: GDPR) and in Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as: Privacy Act). When performing data processing, the Data Controller shall act in full conformity with the prevailing regulations.

 

III. Basic principles

 

When processing the data of the Data Subject, the Data Controller shall act with full consideration of the following basic principles:

  1. The processing of data has to be performed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
  2. the collection of data shall be made for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”).
  3. they shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimising”);
  4. they must be precise and, if necessary, kept up-to-date (“accuracy”);
  5. they shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
  6. personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
  7. the data controller shall be responsible for, and be able to demonstrate compliance with the above-mentioned basic principles (“accountability”).

The Data Controller established its rules of procedure in conformity with the above-mentioned principles, it continuously reviews and, if necessary, amends them. In the course of data processing, the Data Controller ensures the integrated and default data protection.

 

IV. Certain data processing purposes

 

1.Management of CVs
Purpose of data processing Affected data Legal ground Period of storing
For the position applied, examination of the employment of the Candidate, contact-keeping according to the CV consent (Article 6 Paragraph (1) a) of the GDPR) maximum up to the closing of the election process
possible future employment of the Candidate, for the purpose of contacting them with new job offers, the CV is stored according to the CV consent (Article 6 Paragraph (1) a) of the GDPR) maximum for one year after the submission of the CV

 

Data transfer will not take place. Only the managing director of the Data Controller and/or the head of the area for which area the Candidate submits an application may have access to the data of the Candidates.

Possible legal consequences of failing to have consent: in the lack of consent, the Data Controller cannot employ the Candidate, because in lack of a CV it cannot make a well-founded decision with regard to their employment.

 

2. Fulfilment of contracts and obligations entered into with the Data Subjects

The Data Controller may enter into several types of contracts with the Data Subjects, the conclusion and fulfilment of which serves the interest of both parties. The present Chapter does not apply to the labour contracts to be entered into with the Candidates, for which a separate Notice is applicable.

Purpose of data processing Affected data Legal ground Period of storing
measures to enter into a contract (e.g. giving an offer); entering into the contract/establishment, modification and termination of an obligation complete name, home address, mother’s name, place and date of birth, number of identity card, in case of a self-employed entrepreneur, in addition their registered seat, tax ID code, bank account number, number of self-employed certificate, contact details. fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) general taxation period of limitation (termination of the contract + 8 years)
authority notifications with regard to the contract – if required by law according to the requirements of law (for example: number of certificates, tax ID code/tax number, social security number) fulfilment of legal obligation (Article 6 Paragraph (1) c) of the GDPR) general taxation period of limitation (termination of the contract + 8 years) unless legal regulation does not provide for a longer period of storing
determination and disbursement of remuneration, payment of public dues amount of remuneration, sum of public dues, certificate of performance, bank  account number, tax ID code/tax number fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) and fulfilment of legal obligation – in particular: taxation rules (Article 6 Paragraph (1) c) of the GDPR) general taxation period of limitation (termination of the contract + 8 years) unless legal regulation does not provide for a longer period of storing

 

Data transfer: in the case of certain contracts or obligations, personal data may be transferred to third persons. Such is, for example, the authorized accountant with regard to determination, disbursement of the remuneration and payment of the public dues (this entity is currently: ARANY MARNA KÖNYVELDE Cégszolgáltató Korlátolt Felelősségű Társaság, registered seat: HU-1118 Budapest, Radóc u. 15.; company registration number: 01-09-709134, represented by: Mariann Ágnes AZARI Managing Director). The Data Controller shall provide for the safety of data transferred through appropriate guarantees and other measures (also see Chapters V-VI).

In addition, Data Controller is entitled to transfer the contact person’s data (name, telephone number, address) to the freighter. Freighters used by the Data Controller:

  • TNT Express Hungary Kft. (company registration no.: 01-09-068137; registered seat: H-1185 Budapest Logistic Center II – Office Building, BUD International Airport Building No. 283; https://www.tnt.com/express/hu_hu/site/home.html)
  • FedEx Express Hungary Korlátolt Felelősségű Társaság (company registration no.: 01-09-381339, registered seat: H-1185 Budapest, BUD International Airport Logistic Center II – Office Building, 283. Building No. 283; https://www.fedex.com/hu-hu/home.html)
  • Cargomind (Hungary) Korlátolt Felelősségű Társaság (company registration no.: 13-09-154895; registered seat: H-2220 Vecsés, Lőrinci út 59-61.; https://www.cargomind.com.my/)
  • REDDA-MOTOR Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (company registration number: 01-09-366986, registered seat: H-1097 Budapest, Gubacsi út 30.; www.redda.hu).

 

3. Processing of contact person data in case of contracts entered into with other than private persons

In order to fulfil the contracts concluded by the Data Controller, it is entitled to process certain personal data of employees and other delegates of the (non-natural person) contracting partners.

Purpose of data processing Affected data Legal ground Period of storing
contact-keeping with the contracting partner, making legal statements for the purpose of the fulfilment of the contract, implementation of other actions (e.g. delivery, management of complaints, transfer and receipt procedure, etc.) name, name and address of the workplace, position, e-mail address, telephone number (company), fax number (company) Legitimate interest of the Data Controller and the partner to the possibility of fulfilment of the contract (Article 6 Paragraph (1) f) of the GDPR) termination of the contract or lawful objection by the data subject
Collection or enforcement of receivables in relation to claims against the partner name, name and address of the workplace, position, e-mail address, telephone number (company), fax number (company) Legitimate interest of the Data Controller to lawfully and quickly enforce its claims (Article 6 Paragraph (1) f) of the GDPR) general civil law period of limitation (termination of the contract + 5 years) or the lawful objection by the data subject
Acquisition of qualification certificates data of the certifying natural person according to their CV Legitimate interest of the Data controller to qualification of its products (Article 6 Paragraph (1) f) of the GDPR) general civil law period of limitation (termination of the contract + 5 years) or the lawful objection by the data subject

 

Data transfer: The Data Controller is entitled to store these data in data bases accessible to its employees/delegates and to store them for the purpose of fulfilment of the contract, including the possible transfer to the transporter/freighter. In addition to the above-mentioned cases, the data may be forwarded to any authority on the basis of legal regulation.

Freighters used by the Data Controller:

  • TNT Express Hungary Kft. (company registration no.: 01-09-068137; registered seat: H-1185 Budapest Logistic Center II – Office Building, BUD International Airport Building No. 283; https://www.tnt.com/express/hu_hu/site/home.html)
  • FedEx Express Hungary Korlátolt Felelősségű Társaság (company registration no.: 01-09-381339, registered seat: H-1185 Budapest, BUD International Airport Logistic Center II – Office Building, 283. Buidling No. 283; https://www.fedex.com/hu-hu/home.html)
  • Cargomind (Hungary) Korlátolt Felelősségű Társaság (company registration number: 13-09-154895; registered seat: H-2220 Vecsés, Lőrinci út 59-61.; https://www.cargomind.com.my/)
  • REDDA-MOTOR Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (company registration number: 01-09-366986, registered seat: H-1097 Budapest, Gubacsi út 30.; www.redda.hu).

 

4. Monitoring implemented by the Data Controller – surveillance by camera

The Data Controller is entitled to monitor the activity of the Data Subject carried out at the registered seat of the Data Controller (H-1184 Budapest, Mikszáth Kálmán utca 24.) in certain cases. The methods applied protect certain legitimate interests of the Data Controller (for example: property protection, protection of business secrets, etc.).

Purpose of data processing Affected data Legal ground Period of storing
at the seat of camera surveillance image, motion picture, date and place Legitimate interest of the Data Controller manifested in the protection of property and safety of the Data Controller and its employees, and the business secrets of the Data Controller (Article 6 Paragraph (1) f) of the GDPR) recording + 7 days; if used, the records are stored through the shortest period needed for the achievement of the goal

 

5. Data processing implemented through the use of the website; cookies

The website www.meditech.hu and other landing pages operated by the Data Controller (hereinafter collectively referred to as: Website) are the property of the Data Controller. The Website is a public interface, accessible to anybody, but certain parts of it can be accessed only by registered users.

When using the individual functions and sub-pages of the Website, the following data processing take place:

Purpose of data processing Affected data Legal ground Period of storing Data transfer
entering into contact Name, country, e-mail address, message; voluntary, furthermore: phone number, product consent (Article 6 Paragraph (1) a) of the GDPR) 5 years not applicable
request for offer through the Website (special case of entering into contact) Name, country, e-mail address, message; voluntary, furthermore: phone number, product consent (Article 6 Paragraph (1) a) of the GDPR) 5 years Where appropriate: distributor *
education interface (dobedu) Name, e-mail address, password, fact of completion of the education; browser used for education, type of device and operating system fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) deletion of registration by the user or automatically** Yodaforce Holding Kft. data processor (registered seat: H-1145 Budapest, Amerikai út 13. company registration number: 01-09-200516)
registration interface for the purpose of software download name, e-mail address, phone number, serial number of the device fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) deletion of registration by the user or automatically** not applicable
notification of defects through the website Name, company name, country, e-mail address, description of the problem, serial number of the machine; optional: telephone number consent (Article 6 Paragraph (1) a) of the GDPR) 5 years not applicable
Use of PayPal name, bank card number, expiry date fulfilment of the contract (Article 6 Paragraph (1) b) of the GDPR) general taxation period of limitation (termination of the contract + 8 years) PayPal (Europe) S.à.r.l. et Cie, S.C.A. ***

 

* We draw your attention to the fact that, in case you request a quotation from us through the contact form of the Website (including the landing page) and the Data Controller is unable to directly submit the quotation due to contractual or distribution difficulties, then we will forward your personal data provided at the time of contacting us to our regionally competent distributor, who will contact you for the purpose of sending the quotation. The list of our distributors is available here. The distributors will process your personal data under their own right.

** We draw attention to the fact that, because the downloadable software products are typically updated three times a year, therefore, if a person who registered fails to enter the system for at least one year, i.e. they fail to regularly update the software from the Website, and they fail to enter the system even despite a reminding e-mail sent subsequently, then the registration will be deleted within 14 days following the date of sending the e-mail.

*** In case you choose the PayPal payment method through the Website, then we draw your attention to the fact that you establish legal relationship with PayPal (Europe) S.à.r.l. et Cie, S.C.A. and its associated enterprises (registered seat: 22-24 Boulevard Royal L-2449, Luxembourg, EU; tax number: LU22046007). Below you can find information of the data processing carried out by PayPal: https://www.paypal.com/myaccount/privacy/privacyhub.

The hosting service provider of the Website is 3 in 1 Hosting Számítástechnikai és Szolgáltató Betéti Társaság (registered seat: H-2310 Szigetszentmiklós, Brassó utca 4/A.; company registration number: 13-06-055290, https://megacp.com/contact.php).

 

Cookies used by the Website:

1. Fundamental cookies

For the proper operation of the Website fundamental cookies are needed. Such cookies make the Website appropriate for use with such fundamental functions as, for example, the navigation of the site and the access to the safe areas of the Website, or language settings. Since they are important for the operation of the Website, you cannot ban such cookies. We perform the related processing of the personal data pursuant to Article 6 Paragraph (1) f) of the GDPR.

The fundamental cookies used by us for the provision of the Website include the cookies which

  • detect whether the user uses JavaScript,
  • determine which category was accepted by the user on the application band calling attention to the cookies,
  • maintain the user’s position for requesting the page.
Name of the cookie Description of the cookie Date of deletion
Login Detection of the logging in to the Website and maintenance of the logging in during navigation If the session expires, it becomes deleted
GDPR cookie It stores the data of declaration for storing the cookies, in a coded format. Its expiry period is 1 year.

 

2. Google Analytics

We use the web analytical service called Google Analytics, provided by Google, LLC. Google Analytics helps analysing how the individual users use the Website. Google Analytics does not collect personal data and does not use cookies either. Google uses the information to make and deliver reports on the activities relating to the Website as well as to provide other services connected to the use of the Website and use of internet. The analytical service provides assistance to us in improving our services.

You can ban and delete the cookies in the settings of your browser any time. However, afterwards it may occur that certain functions of the Website are accessible only in a limited form.

 

6. Data processing for marketing purposes
Purpose of data processing Affected data Legal ground Period of storing
sending newsletters – to existing contracting partners e-mail address Legitimate interest of the Data Controller (Article 6 Paragraph (1) f) of the GDPR)* until the data subject does not object or the partner status is not lost
sending newsletters to other companies which are not partners e-mail address Legitimate interest of the Data controller (Article 6 Paragraph (1) f) of the GDPR)* until the data subject does not object
sending newsletters to interested parties e-mail address consent (Article 6 Paragraph (1) a) of the GDPR)** until the consent is not withdrawn
organization of events Name, e-mail address Legitimate interest of the Data controller (Article 6 Paragraph (1) f) of the GDPR)* until the event is completed
use of social media interfaces (Facebook, Instagram, LinkedIn, YouTube) *** Name consent (Article 6 Paragraph (1) a) of the GDPR)** until the consent is not withdrawn

 

* In data processing activities defined in this Chapter that are based on a legitimate interest, the legitimate interest is manifested in the fact that the Data Controller is able to continue its commercial activity efficiently and is able to directly inform the existing and potential partners of its new products, any possible sales and any changes affecting the products and software.

** Possible legal consequences of not having consent: the data subject does not receive any notification of the sales and novelties affecting the products. The giving of consent is not a precondition for the conclusion of a contract.

*** We draw the attention of the data subjects to the fact that the data processing notice of the relevant interface applies to the data processing implemented by the individual social media interfaces.

 

V. Access to data, transfer of data to third persons, storage of data

 

1.General Provisions

Data Controller provides for default and integrated data protection. For this purpose, the Data Controller applies appropriate technical and organisational measures in order to

  • precisely regulate the access to the data;
  • to permit the access to the data only to persons for whom the data are necessary for performing the task related to them, and even in such a case, the access should be allowed only to those data that are necessary for the implementation of the task as a minimum;
  • to circumspectly select the data processors assigned by it and to ensure the safety of the data by proper data processing contracts;
  • to ensure the permanence of the data managed (data integrity), their truthfulness and protection.

 

2. Data transfer, data processing, access to data

The Data Controller endeavours not to transfer any data of the Data Subject to third persons. However, the transfer of data cannot be avoided in certain cases. Data Controller shall transfer data to third persons primarily in the following cases:

  • data transfer to any authority (authorities): the Data Controller may have the legal obligation to send notifications with regard to the establishment, fulfilment and termination of contracts. For this reason, data are primarily transferred to the National Tax and Customs Administration (NAV) and the National Health Insurance Fund of Hungary (OEP). Other data transfer may also take place on request by authorities or on the basis of suspect of a criminal act.
  • transfer of contact persons’ data: arising from fulfilment of contracts, the contact with clients, partners and other persons may be needed. For this reason, the Data Controller may become entitled to transfer the company contact details of the Data Subject (primarily: name, company e-mail address, company telephone number, position) to third persons. In such cases, the basic contract contains provisions to which third persons shall the data be transferred to.
  • transport: In order to fulfil the contracts entered into, the Data Controller uses the services of freighters to whom certain data of the recipient (name and address of the recipient, name and contact details of the contact person) must be given. The list of freighters used by the Data Controller is also contained in points IV/2 and IV/3 of this Notice.

In addition to the cases specified above, the Data Controller is also entitled to transfer data to third persons, which data transfer shall be made in compliance with the prevailing rules of law.

 

3. Physical storage of data

The processing and control of certain part of the data is performed through the server at the registered seat of the Data Controller.

Data transfer to third countries may only take place if a conformity decision is available, and in lack of such decision, by presentation of appropriate company guarantees, general data protection stipulations or differences provided by rule of law for the relevant situation, and, as a last resort, only if Data Subject consents to it. If there is no satisfactory data protection law or policy available in the country where the Data Controller transfers the Personal data to, the Data Controller itself or through any other member of the group of companies shall provide the contractual assurances with the severity provided by the rules of law in effect for the protection of the data. The Data controller is fully liable for the lawfulness and safety of the data.

The data protection backup is stored in Hungary.

 

4. Period of storing

The Data Controller stores the data of the Data Subject for the period described above at the individual purposes of data processing, afterwards the data will be destroyed. The ever prevailing legal regulations also apply to the period of storing the data, that is, in case the legal regulations provide for the storing of the data for a longer period than that mentioned above, then the Data Controller is entitled to store the data for the period defined in the legal regulation.

 

VI. Measures taken by the Data Controller under the scope of data protection

 

The Data Controller applies physical, technical and organisational safety measures to a reasonable extent for the protection of the data of Data Subjects, particularly against their accidental, unauthorized and illegitimate destruction, loss, change, transfer, use, access or processing. The Data Controller shall immediately notify the Data Subject if any unauthorized access to or use of the personal data is detected by it, which unauthorized access or use have high risk for the Data Subject.

If transfer of any data of the Data Subject is necessary, the Data Controller shall ensure the protection of the data transferred, for example by encrypting the data file. The Data Controller has full liability for the processing of the data of the Data Subject implemented by third persons.

The Data Controller also ensures by proper and regular backups for the data of the Data Subject to be protected against destruction or loss.

 

VII. Rights of the Data Subject

 

With regard to the data processing, the Data Subject has the following rights:

  1. Right to receive transparent information: prior and during the data processing, the Data Subject has the right to receive information of the data processed and also of the data processing itself; the present Notice is also part of such information;
  2. Right to have access to the data stored: The Data Subject is entitled to request information of the data stored regarding them and the individual components of the data processing (in particular: the existence, purpose, legal ground of the data processing, the scope of processed data, data transfer to third persons, period of storing the data, method of exercising the rights, possible legal remedies, data source, profiling, automated decision-making, guarantees, etc.);
  3. Right to rectification: in case of erroneous data, the Data Subject may initiate the rectification of the data;
  4. Right to erasure (be forgotten): the Data Subject may ask the erasure of the data if:
    • the data are not needed for the original purpose, for which they were collected
    • the Data Subject withdraws its consent to the data processing
    • the Data Subject objects to the data processing and there is no other reason and legal ground for the data processing
    • the data processing is illegitimate
    • legal obligation requires the erasure
    • the data collection took place in relation to offering any service connected to the information society;
  5. Right to object: the Data Subject may object to the data processing if it is based on a public or legitimate interest; in such a case, the Data Controller is entitled to continue the data processing only in the event that it is justified by such compelling legitimate interest that have priority over the Data Subject or are connected to a legal claim enforcement. Objection to data processing for direct marketing purposes can be submitted any time, and in case of objection for such a reason, the data processing shall not be continued;
  6. Right to restriction of data processing: in the event of unlawfully processed data or in any other case allowed by the law, the restriction of data processing can be requested,
  7. Right to data portability: in the case of data processing carried out by automatic data processing which is based on consent or contract, the Data Subject is entitled to request the surrender of the data provided by them in a structured, commonly used, machine-readable format and they can transmit those data at their own discretion;
  8. Right to withdrawal: the Data Subject may withdraw their consent any time.

The Data Subject can exercise their rights any time. The Data Subject can send the request for it to the e-mail address meditech@meditech.hu or to the following mail address: Adatkezelő (Data controller) H-1184 Budapest, Mikszáth Kálmán utca 24. Data Controller informs the Data Subjects that, pursuant to the legal regulations in effect, it is not obligated to appoint a data protection officer, but an appointed data protection officer is at the disposal of the Data Subjects at the above contact details.

The Data Controller is entitled to identify the Data Subject before giving any reply (in order to check whether the request came from the eligible person). The Data Controller considers the contacts received from the e-mail address of the Data Subject registered by the Data Controller that they come from the Data Subject. In the case of requests received in any other form, the Data Controller is entitled to verify the Data Subject in another way (e.g. to inquire about the truthfulness of the written request orally on the telephone number provided, to require written confirmation of an oral request, or to initiate any other adequate identification).

The Data Controller will check the requests received and arranges them without delay but not later than within one month, in exceptional cases in a longer term allowed by law, or rejects them (with explanation). The Data Controller will inform the Data Subject of the result of the decision in writing. Solving the request is free of charge, except for unfounded or exaggerate requests, for the solving of which the Data Controller is entitled to charge a reasonable fee complying with its administration costs.

The Data Subject can submit comments or complaints any time against the data processing at the Data Controller at the above-mentioned contact details (at e-mail address meditech@meditech.hu or the mail address HU-1184 Budapest, Mikszáth Kálmán utca 24.). In addition, the Data Subject is entitled to initiate a legal proceeding at the court seated at the place of residence of the Data Subject, which proceeding is free of duty and in the course of which the court will give priority to the proceeding. In addition, the Data Subject may submit a complaint to the Hungarian National Authority for Data Protection and Freedom of Information:

ugyfelszolgalat@naih.hu

Telephone: +36 (30) 683-5969

address: H-1055 Budapest, Falk Miksa utca 9-11. (1363 Budapest, P.O.B. 9.)

 

In the course of data processing, the accuracy and completeness of the data must be ensured and, if necessary with regard to the purpose of the data processing, their updating. For this purpose, the Data Controller requests the Data Subjects to inform the Data Controller of any change in their personal data registered by the Data Controller as soon as possible.

***