Data Controller Name and Contact Details
Data Controller: Bárándi Gergő sole proprietor
Contact Details:
- Phone: +36308765079
- Email: [email protected]
- Address: 8000 Székesfehérvár, Mandula utca 21, Hungary
The data controller acknowledges as binding upon itself the content of this data protection notice. The purpose of this data protection notice is to inform clients and partners regarding the processing of their personal data. The data controller processes personal data exclusively in accordance with applicable legal provisions, strictly observing data protection and privacy regulations, taking into account the principles of lawfulness, fair processing and transparency, purpose limitation, data minimization, accuracy, and storage limitation.
The data controller takes all technical and organizational measures to process partners’ personal data securely, in the manner prescribed by Regulation (EU) 2016/679 of the European Parliament and of the Council. The data controller reserves the right to modify this notice at any time.
Definitions
Data Subject: Any identified or identifiable natural person who can be identified, directly or indirectly, on the basis of personal data.
Personal Data: Any data that can be connected to the data subject – particularly the data subject’s name, identifier, and knowledge characteristic of one or more physical, physiological, mental, economic, cultural or social identities – as well as conclusions about the data subject that can be drawn from the data.
Consent: A voluntary and definite expression of the data subject’s wishes, based on appropriate information, by which they give unambiguous consent to the processing of personal data relating to them – either comprehensive or covering specific operations.
Objection: A statement by the data subject by which they object to the processing of their personal data and request the cessation of data processing or the deletion of processed data.
Data Processing: Any operation or set of operations performed on personal data, regardless of the procedure applied, such as collection, recording, registration, organization, storage, modification, use, transmission, disclosure, coordination or combination, blocking, deletion and destruction, as well as preventing further use of data, taking photographs, audio or video recordings.
Data Processing Services: Performance of technical tasks related to data processing operations, regardless of the method and tools used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data Transfer: Making data accessible to a specific third party.
Disclosure: Making data accessible to anyone.
Data Controller: A natural or legal person, or organization without legal personality, who or which, alone or jointly with others, determines the purpose of personal data processing, makes and implements decisions regarding data processing (including the tools used), or has it implemented by a data processor commissioned by them.
Data Processor: A natural or legal person, or organization without legal personality, who or which processes data under contract – including contracts concluded based on legal provisions.
Data Deletion: Making data unrecognizable in such a way that their restoration is no longer possible.
Data File: The totality of data processed in one register.
Third Party: A natural or legal person, or organization without legal personality, who or which is not identical to the data subject, data controller or data processor.
Types of Data Processed
The data controller processes the following types of data:
Name: The data controller records partners’ names for service provision and administrative purposes.
Phone Number: The data controller processes partners’ phone numbers to contact them regarding current campaigns, information and offers.
Email Address: The data controller uses email addresses for communication purposes, such as newsletters, information and campaigns.
Purpose of Data Processing
The data controller uses the data for the following processing purposes:
Patient Marketing Services: The data controller provides services using partners’ data, which includes planning and executing marketing campaigns and communicating with partners.
Marketing Activities: Uses data for marketing activities, such as promoting services, preparing offers and determining target audience interest.
Statistical Analysis: The data controller performs statistical analyses based on data to understand website visitors’ behavior, preferences and current market trends.
Legal Basis for Data Processing by Purpose
Legal basis by purpose:
The legal basis for data processing under Article 6(1) of the GDPR:
Contact and quotation requests: consent of the data subject [GDPR Article 6(1)(a)].
Newsletter and marketing communication: consent of the data subject [GDPR Article 6(1)(a)].
Processing of billing-related data: contract performance and legal obligation compliance [GDPR Article 6(1)(b) and (c)].
Website analytics (e.g., Google Analytics): legitimate interest [GDPR Article 6(1)(f)], with provision of the data subject’s right to object.
Remarketing and advertising targeting (e.g., Meta pixel, Google tracking codes): exclusively with consent of the data subject [GDPR Article 6(1)(a)].
Legal Basis
The legal basis for data processing is the consent of data subjects. The data controller only processes data that data subjects voluntarily provide and consent to its processing.
Data Retention Period
The data controller retains data only for the necessary period, which depends on patient marketing service purposes and applicable legal requirements. Data is stored as long as it is relevant and necessary to achieve the purposes. However, it is important to note that under data protection regulations, data storage periods must be determined in accordance with applicable laws.
Data retention periods:
Data is retained for the following periods:
Quotation request data: maximum 6 months from the response.
Newsletter subscription / marketing consent: until consent withdrawal, but maximum 2 years.
Billing data: 8 years according to the Accounting Act.
Analytics data: 26 months, in anonymized form.
Cookie data: from 1 day to 2 years depending on cookie type and data subject consent.
Cookie Notice and Consent
The website uses cookies that serve to improve user experience, statistical analysis and personalize advertisements.
Types of cookies:
Essential cookies: necessary for website operation.
Statistical cookies (e.g., Google Analytics): anonymously measure traffic.
Marketing cookies (e.g., Facebook pixel, Google Ads): remarketing and advertising targeting.
Consent management:
Visitors must actively provide consent for cookies. Consent can be withdrawn at any time.
Data Processors Associated with the Data Controller
If data processing is performed by others on behalf of the data controller, the data controller may only engage data processors that provide adequate guarantees for compliance with requirements or implement appropriate technical and organizational measures ensuring protection of data subjects’ rights.
The data controller hereby declares that in its work it only engages data processors who have adequate guarantees for GDPR compliance and implementation of appropriate technical and organizational measures ensuring protection of data subjects’ rights.
The scope of data processors is available below in list format.
By becoming familiar with and acknowledging this Data Protection Notice, data subjects accept that the data controller transfers their personal data to the data processors and joint controllers listed below.
Partner for invoice issuance: KBOSS Kft., 1031 Budapest, Záhony u. 7. [email protected]
Company providing website hosting: Rackhost Zrt., 6722 Szeged, Tisza Lajos körút 41. [email protected]
Due to web analytics systems used by the website: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085 USA
Accounting company used by data processor: Szigin Számviteli Kft, 8649 Balatonberény, Kossuth Lajos utca 15.
Legal Background
The Service Provider is obliged to comply with legal provisions regarding personal data processing in all phases of data processing. The data processing performed by the Service Provider is primarily governed by provisions established in the following legislation:
- Act V of 2013 on the Civil Code (“Civil Code”)
- Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
- Act CXII of 2011 on the right of informational self-determination and freedom of information (“Data Protection Act”);
Rights of Data Subjects
The notice appropriately contains data subjects’ rights according to the data protection regulation. Data subjects’ rights are as follows:
Right of Access: Data subjects are entitled to know what data the data controller processes about them and how this data is used.
Right of Rectification: Data subjects may request correction of inaccurate or incomplete personal data.
Right of Erasure: Data subjects are entitled to request deletion of personal data if it is no longer necessary for achieving the purpose or if data processing is unlawful.
Right to Object: Data subjects are entitled to object to data processing under certain circumstances.
Right to Lodge a Complaint: Data subjects are entitled to lodge a complaint with the supervisory authority if they believe data processing violates data protection laws.
Data Security
The data controller pays great attention to data security measures. In the interest of data security, the data controller takes the following measures:
The data controller carefully selects cloud service partners whose services it uses and concludes contracts with them that consider the data security interests of its clients and customers.
The data controller does everything to ensure that partners’ data processing principles are transparent and that data processing complies with applicable data protection laws. The data controller regularly reviews partners’ data security practices and processes to ensure data security and compliance with data protection principles.