Privacy Policy

​

In this document, NÉMETH ÉS TÁRSA KFT. (Hereinafter: Service Provider) informs its customers about the data management applied during the services provided by it. The Data Processing Rule is a description of the processing of identifiable or identified personal data concerning natural persons (hereinafter: data subject), effective from 25 May 2018, Commission (EU) 2016/679 of the European Parliament and of the European Union. (hereinafter: GDPR).

​

1. Data of the Service Provider

NÉMETH és TÁRSA KFT.

Headquarters: 8500 Pápa, Hársfa u. 13 / a.

Email: info@abmedical.hu

Phone number: +36309232829

2. The Service Provider follows the following principles in its data management:

-It handles personal data lawfully and fairly and in a way that is transparent to data subjects.

-Processes personal data only for specified, clear and legitimate purposes

-Personal data collected and managed by the Service Provider are appropriate and relevant to the purposes of data management and are limited to what is necessary.

-The Service Provider takes all possible measures to ensure that the data managed by it is accurate and up-to-date, and inaccurate personal data is immediately deleted or corrected.

- The Service Provider ensures the adequate security of personal data against unauthorized or illegal handling, accidental loss, destruction or damage of the data by applying the appropriate technical and organizational measures.

3. The Service Provider shall provide the data of the persons concerned:

-After prior information, handle to the extent necessary and in all cases in a targeted manner.

-The processing of the data of the data subjects is based on legal regulations and is mandatory.

-In some cases, the Service Provider or a third party has a legitimate interest in the processing of the personal data of the data subjects, such as the operation, development and security of our website, and the use of certain health services.

4. The scope of data managed by the Service Provider and the purposes of data management:

Name of activity and purpose of data management: as a company providing physical wellness services, we store the following data due to communication with the Client.

Legal basis based on legislative consent (Article 6 (1) (c) GDPR) (Article 6 (1) (a) GDPR)

Managed data  Name, address, telephone number, email address

Period      defined by law (10-50 years)

Informing Stakeholders     on the website of the Institution, by means of this data protection information sheet at the time agreed with the Data Protection Officer, in justified cases by means of personal, detailed information

4. Data security measures

The Service Provider organizes its data security measures taking into account the current technological possibilities and the rational implementation costs, as well as the degree of risk to the rights and freedoms of natural persons as follows: - ensuring the confidentiality of systems and services used for personal data management; - in case of a possible technical incident, its elimination, ensuring accessibility as soon as possible; - regular assessment and testing of the individual organizational and technical measures in order to guarantee the security of data management. The Service Provider shall keep a record of the data protection incident (s) in accordance with Article 33 (5) of the GDPR. The data in the register must be kept for a) 5 years in the case of an incident involving personal data, b) 20 years in the case of an incident involving special data. The register may not contain personal data of the data subject.

5. Transmission of personal data within the care system

Act XLVII of 1997 on the protection of health and the processing of personal data related thereto. According to the provisions of § 35 / AN of the Act, from 1 November 2018, our institution is obliged to send to the EESZT (Electronic Health Service Area) the health documents and data listed in the law generated during its health care. The Service Provider has no possibility to refuse the transmission of data. The above data processing shall be deemed to have been carried out on the basis of a statutory authorization, taking into account the right of self-determination of the data subject, as Act XLVII of 1997 Pursuant to Section 35 / H (1) of Act no. Information on the above can be found on the information portal of the EESC: https://e-egeszsegugy.gov.hu/eeszt.

6. Camera surveillance at the seat of the Institution

Camera mounting location

The area monitored by the camera

Purpose (according to Section 31 (1) of Act CXXXIII of 2005)

Method of operation

​​

1. north entrance area in front of north entrance, property protection, 24 hours, fixed

2. west façade area in front of west façade, property protection, 24 hours, fixed

3. western part of the windbreak pedestrian gate area and ramp, property protection, 24 hours, fixed

4. east part of the windbreak area in front of the south entrance and ramp, property protection 24 hours, fixed

5. above waiting passage, ground floor waiting area, property protection, 24 hours, fixed

6. east facade, parking area, property protection, 24 hours, fixed

7. outbuilding west corner, outbuilding north entrance, property protection, 24 hours, fixed

8. outbuilding west corner, outbuilding west entrance, property protection, 24 hours, fixed

9. outbuilding interior room, interior larger room west wall, property protection, 24 hours, fixed

Monitoring is performed with 24-hour recorded recording for all camera devices. The legal basis for data processing in connection with camera surveillance is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR). The construction of the technical monitoring system was preceded by the preparation of an interest balance test. The scope of the processed personal data: the portrait and behavior of the data subjects as seen in the image. Duration of data management: 7 days from the date of recording.

Data management relating to children, persons with reduced mobility or incapacity

If the Institution is obliged to record personal data for the provision of the service, children or persons without legal capacity may record the data only with the permission of the parent, legal representative or guardian. Forms for this purpose will be handed over at the receptions.

If the person using the service is not entitled to provide any personal data on his / her own, he / she is obliged to obtain the consent of the relevant third party (legal representative, guardian, person on whose behalf) or provide another legal basis for providing the data. In this context, the recipient of the service is obliged to consider whether the consent of a third party is required in connection with the provision of the personal data in question. The responsibility for maintaining the above rests solely with the person using the service. The Institution has the right to check at any time whether the appropriate legal basis for the processing of personal data is available.

Management of personal data

Personal data must be handled in such a way as to ensure an adequate level of security and confidentiality, inter alia, in order to prevent unauthorized access to and use of personal data and the means used to process personal data.

All reasonable steps must be taken to correct inaccurate personal information.

Consent of the data subject: - If the data processing is based on consent, the data controller must provide credible proof that the data subject has consented to the processing of his or her personal and data data. -If the data subject gives his or her consent in the form of a written statement relating to other matters, the request for consent shall be dealt with in a manner which is clearly distinguishable from those other matters, in a comprehensible and easily accessible form and in clear and simple language. - The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based data processing prior to withdrawal. The data subject must be informed before consent is given. Withdrawal of consent should be as simple as giving it. The processing of personal data in connection with information society services directly related to children is lawful if the child has reached the age of 10. In the case of a child under the age of 16, the processing of children's personal data is lawful only if and to the extent that the consent has been given or authorized by the person exercising parental control over the child.

The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of a professional body, as well as genetic and biometric data for the unique identification of natural persons, health data and personal data concerning the sexual life or sexual orientation of natural persons shall be prohibited, except , if: -the data subject has given his or her explicit consent to the processing of that personal data for one or more specific purposes, -the processing is necessary to protect the vital interests of the data subject or another natural person if the data subject necessary for the submission, enforcement or defense of legal claims; - data processing is necessary for preventive or occupational health purposes, to assess the worker's ability to work, to make a medical diagnosis, to provide health or social care or treatment, or to manage health or social systems and services; - data processing is necessary in the public interest in the field of public health, such as protection against serious cross-border threats to health or ensuring a high standard and safety of healthcare, medicines and medical devices.

Rights related to data management

Right to information: The institution shall take appropriate measures to provide data subjects with all information and information relating to the processing of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner.

Right to request information: Any person may request information on the data of the institution, on what legal basis, for what data processing purpose, from what source, for how long, through the contact details provided. Upon request, information shall be sent without delay, but within a maximum of 30 days, to the contact details provided by the data subject.

Right to rectification: Any person may request the correction of inaccurate personal data concerning him or her and the addition of incomplete data through the contact details provided.

Right to restrict data processing: Any person may request, through the contact details provided, that the data controller restrict the data processing if one of the following fully disputes the accuracy of the personal data, in which case the restriction applies to the period allowing the data controller to check the the accuracy of personal data: - the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted; - the controller no longer needs the personal data for the purpose of processing the data, but the data subject requests them in order to make, enforce or protect legal claims, or; - the data subject has objected to the processing; in that case, the restriction shall apply for as long as it is established that the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject. Your request must be made immediately, but no later than 30 days, and information must be sent to the contact details provided.

Right to protest: Any person may object to the processing of his or her personal data for the performance of a task carried out in the public interest or in the exercise of a public authority conferred on the controller or to the processing of a legitimate interest of the controller or a third party, including profiling based on those provisions. . The objection shall be examined as soon as possible after the submission of the application, but not later than within 15 days, a decision shall be made on its merits and the decision shall be communicated to the contact person provided by the data subject.

Right of withdrawal: The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal.

Possibility of legal enforcement in connection with data management: We are at your disposal at the e-mail address info@abmedical.hu in connection with any remarks and complaints related to data management.

Interested parties may lodge a complaint with the supervisory authority.

Supervisory Authority: National Authority for Data Protection and Freedom of Information Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c. Mailing address: 1530 Budapest, Pf .: 5. Phone: +36 (1) 391-1400 - Fax: +36 (1) 391-1410 E-mail: ugyfelszolgalat@naih.hu Website: https://naih.hu /

Before contacting the supervisory authority, please contact the Institution at one of its contact points in order to resolve the problem as soon as possible.

Personal rights of the data subject:

access to relevant personal data;

correction of personal data;

deletion of personal data;

restrictions on the processing of personal data;

protest against profiling and automated data management,

the right to data portability.

The controller shall inform the data subject without undue delay and at the latest within one month of receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The obligation to provide information can be ensured by operating a secure online system through which the data subject can easily and quickly access the necessary information.

The data processing performed by the institution must be reviewed, and the enforcement of the right to information self-determination must be ensured. At the request of the data subject, his or her data shall be deleted without delay if the data subject withdraws the consent on which the data processing is based.

The consent of the data subject must unequivocally indicate that the data subject consents to the processing. If the data subject's consent is in doubt, the controller must prove that the data subject has consented to the data processing operation.

In the case of children's personal data, special attention must be paid to compliance with data processing rules. The processing of personal data relating to information society services offered directly to children is lawful if the child has reached the age of 16. In the case of a child under the age of 16, the processing of children's personal data is lawful only if and to the extent that the consent has been given or authorized by the person exercising parental supervision over the child.

In the event of unlawful handling or processing of personal data, a notification obligation arises for the supervisory authority. The controller shall, without undue delay and no later than 72 hours after becoming aware of the data protection incident, - notify the supervisory authority, unless the incident is not likely to pose a risk to the rights of the natural person.

In some cases, it may be appropriate for the controller to carry out a data protection impact assessment prior to the processing. The impact assessment should examine how the planned data processing operations affect the protection of personal data. If the data protection impact assessment finds that the processing is likely to involve a high risk, the controller should consult the supervisory authority before processing the personal data.

Data management for business and record keeping purposes

The institution also handles personal data in cases belonging to its activities and for administrative and record-keeping purposes.

Data management prior to the establishment of an employment relationship prior to the establishment of an employment relationship shall be carried out in connection with the previous application procedure and the examination of suitability for the position.

Data processing during the tender procedure for the recruitment of employees (including, for the purposes of these regulations, persons wishing to be employed and employed in any employment relationship) The legal basis for the data processing during the tender procedure for the recruitment of employees is the data subject's consent. - The purposes of data management: judging the application, concluding a contract. - Data affected by data management: name, address, place of birth, time, education, professional qualifications, telephone number, e-mail address, image. - Categories of persons involved in data processing: candidates for the job application. - Recipients of personal data: the person exercising the employer's authority, the employees performing the human policy task. - Duration of data processing: after the selection of the employee, the purpose of data processing for non-selected applicants will cease, therefore the personal data of the applicants must be deleted immediately.

The obligation to cancel also exists in the event that the person concerned changes his / her mind during the application and withdraws his / her application. The candidate must be informed of the outcome of the selection decision. Data management during the suitability test for the job.

Pursuant to Section 10 (1) of the Labor Code, only two types of aptitude tests may be applied to employees: - aptitude tests prescribed by the employment rules, - on the other hand, tests which are not prescribed by the employment rules but for which the necessary for the exercise of a right or obligation specified in the employment law.

In both cases of the aptitude test, the employees must be informed in detail, among other things, about the skills and abilities of the aptitude test, and the means and methods of the examination. If the examination is required by law, employees must also be informed of the title of the law and the exact location of the law. - Legal basis for data management: legitimate interest of the employer. - The purpose of data management: to determine the suitability to fill a job, to establish an employment relationship. - The persons authorized to process personal data with regard to the test result are the test specialist and the test subject. The employer can only receive information on whether the person being examined is suitable for the job or not, and what conditions must be provided for this. However, the details of the test and its complete documentation cannot be known to the employer. - Duration of processing of personal data related to the aptitude test: 3 years after termination of employment.

Data management during the employment relationship

Data management within the framework of the labor register: The institution handles the personal data of the employees managed in the labor register, named below, on the basis of the legitimate interest of the employer, the fulfillment of a legal obligation and the fulfillment of a contract. The institution shall inform the employee of the legal basis and purpose of the data processing before starting the data management activity.

The scope of personal labor data: a) name b) address, temporary address, postal address, contact details, telephone number, e-mail address, c) TAJ number, tax identification number, identity card number, d) amount of wages, e) bank account number, f) addresses of foreclosures, deductions, bank account number g) number of children, dependents and their TAJ, h) next of kin to be notified. - Persons involved in data processing: employees of the institution. - Recipients of personal data: the person exercising the employer's authority, the employees of the institution performing personnel, accounting and payroll tasks, data processors. - The purpose of data management: fulfillment of obligations arising from employment, (payment of wages), exercise of rights arising from employment. Creation and termination of employment. Duration of data management: 3 years after termination of employment.

Control of the employee's employment-related behavior: The employer may only control the employee in the context of his employment-related behavior. Control and the tools and methods used in it must not violate human dignity. The employee's privacy cannot be verified. The employer shall inform the employee in advance of the use of the technical means used to control the employee.

Main applicable legislation

Regulation (EU) No 2016/679 of the European Parliament and of the Council Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, hereinafter "GDPR")

XLVII of 1997. Act on the Protection of Health and Related Personal Data (Eüad)

Act on the Right to Information Self-Determination and Freedom of Information 2011 (Infotv.)

Act V of 2013 on the Civil Code

Act I of 2012 on the Labor Code (Mt.)

Act CXXXIII of 2005 on the rules for the protection of persons and property and for the activities of private investigators. Act (Act)

Getting to know and accept the Privacy Policy

By providing his / her personal data to the Institution, the user confirms that he / she has read and expressly accepts the version of the data management information in force at the time of providing the data. However, due to the burden of proof, our employee signs a data protection consent form with the user of the service before using the service.

15. Cookie information

Cookie information

We would like to inform you that during the use of the www.abmedicaé.hu website, the data controller uses small data packets on the user's computer, so-called places cookies, which can be read back from the user's computer by the data controller in case of later visits. If the browser used by the user on the next visit returns a cookie previously placed on the user's computer, the data controller has the option to link the user's current visit to the previous visits.

When a user visits a website, they can set a pop-up window to determine which cookies they consent to. By accepting the cookie settings, the user agrees to the placement of cookies on the computer.

Cookies used by the data controller:

Cookies that provide basic operation

Cookies that ensure the basic operation of the website are necessary for the proper functioning of the website, they allow the user to use the functions of the website properly. If the basic cookies are not enabled by the user, you must re-enter the cookie handling settings each time you visit the website.

Cookies for statistical purposes

With the help of Google Analytics, cookies are used on the website in order to measure the website traffic and the activity performed on it, which enables users to obtain more detailed information about the use of the website for analytical purposes.

To learn more about Google Analytics cookies, visit:

Google Analytics cookie management: https://developers.google.com/analytics/ informational devguides / collection / analyticsjs / cookie-usage

Targeting and advertising cookies

The website uses targeted and advertising cookies to display personalized, relevant ads using Google Analytics, Google Adwords, and Facebook.

For information about Google's and Facebook's privacy practices and the privacy practices associated with the cookies they use and manage, please visit:

Google Analytics Privacy Policy:

https://policies.google.com/?hl=en

Google Analytics ad settings:

https://adssettings.google.com/u/0/authenticated

Google Analytics Ads Privacy Policy:

https://policies.google.com/technologies/ads?hl=en

Facebook Privacy Policy

https://www.facebook.com/privacy/explanation

Browsers allow you to change cookie settings. Most browsers automatically accept cookies by default, but this can be changed so that your browser prevents cookies from being accepted automatically.

For more information about the exact settings for your browser, see your browser's help. You can find information about the cookie settings of the most popular browsers on the following websites:

Google Chrome

https://support.google.com/accounts/answer/61416?hl=en_US

Firefox

https://support.mozilla.org/en/kb/sutik-informacio-amelyet-website-szololnak-szamiredirectlocale=hu&redirectslug=S%C3%BCtik+management%C3%A9se

Internet Explorer

https://support.microsoft.com/en-us/help/17442/windows-

internet-explorer-delete-manage-cookies # ie = ie-11

Microsoft Edge

https://privacy.microsoft.com/en-US/windows-10-

microsoft-edge-and-privacy

Safari

https://support.apple.com/hu-hu/guide/safari/manage-

cookies-and-website-data-sfri11471 / mac

Use Google AdWords Conversion Tracking

An online advertising program called "Google AdWords" is used by the data controller and uses Google's conversion tracking service. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").

When a User accesses a website through a Google ad, a conversion tracking cookie is placed on their computer. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.

When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the advertisement.

Each Google AdWords customer receives a different cookie, so they cannot be tracked through AdWords customers' websites.

The information obtained through conversion tracking cookies is used to generate conversion statistics for customers who choose AdWords conversion tracking. This gives customers information about the number of users who clicked on your ad and were redirected to a page with a conversion tracking tag. However, they do not have access to information that could identify any user.

If you do not wish to participate in conversion tracking, you can disable it by disabling the ability to set cookies in your browser. You will then not be included in your conversion tracking statistics.

More information and Google's privacy statement can be found at www.google.de/policies/privacy/

Apply Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site.

The information created by the cookie about the website used by the User is usually stored and stored on a Google server in the USA. By activating IP anonymization on the Website, Google will abbreviate the User's IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

The full IP address will be transmitted to and truncated to Google's server in the U.S. only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the user has used the website, to provide the website operator with reports on website activity and to provide additional services related to website and internet usage.

Within the framework of Google Analytics, the IP address transmitted by the User's browser is not reconciled with other data of Google. The User may prevent the storage of cookies by setting the appropriate browser, however, please note that in this case, not all functions of this website may be fully available. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link. https: // tools.google.com/dlpage/gaoptout?hl=en_US

Amendments to the Privacy Notice

The Institution reserves the right to amend the Data Management Information in accordance with the current legal background, provided that it communicates the fact of the amendment on www.abbodícare.hu and makes the current version available.

​

​