1. Purpose, Scope of the present Information, Decisive Legislation
Purpose of the present Information is to define the principles and policy of data protection and data management applied by OrthoPred Ltd. which are recognised by this organisation as compulsory for themselves.
In preparing the provisions of the Information, the organisation considered with special interest the provisions contained in Order 2016/679 of the European Parliament and Council (General Data Protection Regulations – “GDPR”), Act CXII of 2011 dealing with the right of self-determination in information and the freedom of information (“Act of Information”), Act V of 2011 on the Civil Code (in Hungarian: “Ptk.”), as well as in Act XXVIII of 2008 on the basic conditions and some restrictions of the economic publicity activity (Hungarian: “Grtv”).
Force of the present Information on Data Management shall cover the data managements related to the home page accessible under address www.orthopred.com (hereafter: “Home Page”). The present Information on Data Management shall be valid until revocation.
Another purpose of the Information on Data Management is to harmonise other provisions of internal regulations of the organisation in respect of data management activities, striving after the protection of basic rights and freedoms of natural persons, as well as to assure a proper management of personal data.
A further important purpose is to enable the organisation to know and observe the present information, thus, to manage the data of natural persons in conformity to law.
2. Person of Data Manager
- Name: OrthoPred Kft
- Headquarter: Hungary, 9026-Győr, Egyetem tér 1.
- Phone: +36 (20) 379 8567
- E-mail: email@example.com
- Responsible for data protection: Dr. Gál Andor Viktor
Data Manager is an organisation registered in Hungary.
3. Main Terms
- GDPR (General Data Protection Regulations) is the new Data Protection Order of the European Union.
- Data manager: a natural or legal person, administration organ, agency or any other organ defining the purposes and tools of the management of personal data either individually or jointly with other parties. Unless such purposes and tools of the data management are not defined by the right of European Union or of any member State, the Data Manager and any specific consideration for assigning this Data Manager may be defined also by the right of the European Union or that of any member State.
- Data management: totality of any automated or not automated operation or operations carried out with personal data or files, thus, by collection, data recording, systematisation, structuring, storing, transformation, conversion or alteration, query, inspection, utilisation, publication, transmittal, propagation or by any other mode of accessibility, as harmonisation or connection, restriction, deletion or destruction (annihilation).
- Data Processor: a natural or legal person, administrative organ, agency or any other organ which manage data on behalf of the Data Processor.
- Personal Data: any information related to an identified or identifiable (concerned) person; identifiable is a natural person who can directly or indirectly be identified especially on the basis of any identifier sign, e.g. name, number, localisation data, online identifier, one or several factors related to the corporal, physiological, genetic, intellectual, economic, cultural or social identity of this natural person.
- Third Party: a natural or legal person, administrative organ, agency or any other organ which is not identical with the concerned person, data manager, data processor or any other person who had received authority to manage personal data under the direct control of the data manager or the data processor.
Consent of the party concerned: voluntary, concrete declaration of the concerned party based on proper information and in a definite manner, by which the concerned party may signal by means of a declaration or any other action expressing his confirmation in an unambiguous manner that he formally agrees with the management of any personal data related to him.
- Restriction of Data Management: designation of the personal data stored for the restriction of their future management.
- Data Deletion: making the data unrecognisable in a manner that their restoration is not possible any more.
- Incident of Data Protection: such an injury of the safety which may result in an accidental or illegal destruction, loss, altering, illegitimate publication or illegal accessibility to the transmitted, stored or in any other management of personal data.
4. Directives of Data Management
- Their management shall be performed in a legitimate and honest manner which should be transparent for the person concerned (“legality, honest procedure and transparency”).
- Collection or any personal data shall occur for definite, unambiguous and legitimate purpose, avoiding their management in a manner not reconcilable with such purposes; in conformity to Article 89 (1), archiving for public interest, for scientific, historical or statistical purposes shall not be considered as non reconcilable with the original purpose (“connection to purpose”).
- From a viewpoint of the purposes of data management, the personal data shall be proper and relevant, as well as restricted to a necessary scope (“data economy”).
- The personal data should be accurate and updated as necessary; all reasonable measure should be taken in order to delete or correct any personal data not accurate from the viewpoint of the purposes of data management (“accuracy”).
- Storing of personal data shall occur in a manner to enable the identification of those concerned not any longer than necessary to the purpose of the management of such personal data; a longer storing of personal data is only allowed whenever the management of personal data has an archiving, scientific, historic or statistical purpose as laid down in Article 89, al.(1), with consideration of proper technical and organisational measures provided in this Order for the protection of the rights and freedoms of the persons concerned (“restricted transparency”).
- Management of personal data shall be carried out in a manner to assure a proper protection or personal data by means of proper technical or organisational measures, including the protection against any illegitimate or illegal management, accidental loss, destruction or damage of such personal data (“integrity and confidentiality”).
Data Manager is responsible for the satisfaction of above provisions, and he shall be able to attest this conformity (“accountability”).
5. Purpose of Data Management
Data Manager may manage personal data exclusively out of definite reasons. Data registration and data management shall occur in honest and legal manner. Data Manager shall strive after a management of only such personal data which are indispensable for achieving the purpose of data management, i.e. suitable for achieving this purpose. Personal data may only be managed to the extent and duration necessary to achieve the purpose mentioned.
6. Scope of the Data Managed
- Purpose of data management: contacting and maintaining contact, information transmission, information request.
- Legal ground of data management: voluntary consent of the person concerned, Article 6, al.(1), Item a) in “GDPR”.
- Scope of the data managed: name (identification), E-mail address (maintaining contact), phone number (maintaining contact).
- Deadline of data deletion: 2 years from the last contacting.
Deletion or amendment of the personal data may be initiated in one of the following manners.
- By post: Hungary, 9026-Győr, Egyetem tér 1.
- By E-mail: firstname.lastname@example.org
7. Mode of Data Management
Data Manager shall keep the data of concerned persons on his own servers or temporarily on his computers. Exclusively only Data Manager may have accessibility to the management of the data of concerned persons.
Data supply shall be in all situations voluntary, i.e. the person concerned may decide without restraint whether he supplies any of his personal data. Provided that he gives his consent, Data Manager may manage his data in conformity to the legislation in force, a well as within the limits outlined by the person concerned.
In order to avoid any illegitimate utilisation of personal data and any abuse related, Data Manager shall apply comprehensive technical and safety measures. We shall periodically inspect our safety procedures and update them in harmony with relevant technologic developments.
8. Management of Technical Data and Cookies
Since the natural persons can be related to online identifiers made available by the tools, applications, instruments and protocols, e.g. IP addresses and cookie identification attributes, thus, such data connected with other information are suitable and usable for the creation of the profile of natural persons and for the identification of the person concerned.
In addition, cookies are also suitable for memorizing adjustments, so these should not be recorded again by the use when entering into a new page. They also can memorise previously put in data, so these data should not be typed again, they can analyse the usage of home pages to assure their operation in accordance to the user’s expectations, as a result of any development carried out by means of the information obtained in this manner. Thus, the user can easily find the information looked for and monitor the efficiency of our advertisements.
Provided that Data Manager displays various contents on the home page by means of external web services, it can result in the storing of such a cookie not surveyed by Data Manager, so he has no influence on the data collected by these web pages or, respectively, external domains. Information concerning these cookies are supplied by the services concerned. The user shall adjust his web searching tool to accept all cookies, to reject all of them or to announce the user whenever a cookie has arrived on his machine, respectively. Adjustment possibilities are usually to be found in menu items “Options” or “Setups”. Detailed information available on the web page www.aboutcookies.org can also help the setting up in various browsers.
Cookies Used by Home Page
- Required Cookies: cookies characteristic to web stores are the so called “password protected cookies for working process”, “cookies necessary to shopping basket” and “safety cookies” for these use of which no previous consent should be asked from the parties concerned. Following the closure of home page, these cookies are automatically deleted and the process closed.
- Functional Cookies: in order to improve the user’s experience, such cookies may notice the tool used to open our home page, they can memorise your previous user’s decisions (e.g. user’s name, password, selected name, region, whether you had log in the course of a previous session, as well as any user’s amendment carried out by you in respect of text size, font type or any other home page elements adaptable to client’s needs). Thus, we can offer to you superior and better personalised functions. These cookies shall not follow any other activity of your performed on other home pages, and shall not use them to such an objectives as to send to you advertisements through other pages.
9. Data Transmission
Data Manager may only transmit any personal data to a third person if the person concerned definitely consented to it, had been informed on the data scope transmitted and on the addressee of the data transmission, or the law had given authorization to such a data transmission. Data Manager shall document such a data transmission in every case, keeping the record of data transmissions.
10. Data Processing
For the performance of his activity, Data Manager may make use of sub-contracting data processors. These latter data processors may not make any individual decision, just to proceed pursuant to the contract concluded with Data Manager and the instructions received. Data Manager shall check the data processors’ work. Concerning the making use of any further subcontracting data processors, Data Processor is only entitled to do it with the initial Data Manager’s consent.
Sub-contracting Data Processors Used by the initial Data Processor
10.1 Data Processing Activity Related to Web Buffer Storage
- Designation of Data Processor: Rackforest Kft.
- Headquarters of Data Processor: Hungary 1132 Budapest, Victor Hugo utca 11.
- Tax number of Data Processor: 14671858241
- Phone number of Data Processor: +3612110044
- E-mail address of Data Processor: email@example.com
- Web page of Data Processor: https://rackforest.com
Data Processor shall co-operate in the service of a buffer storing place of the web page on the basis of a written contract concluded with Data Processor and Data Manager. Within this activity, Data Processor shall record all the personal data recorded in the data bank of the Data Processor’s web site in his own system of informatics.
Date of the data management, deadline of data deletion: by the termination of the agreement between Data Processor and the buffer storage supplier, or until the deletion request addressed by the party concerned to the buffer storage supplier.
10.2 Data Processing Activity Related to Google Analytics Aggregated Data Analysis
- Designation of Data Processor: Google, Mountain View, California, United States
- Headquarters of Data Processor: Ireland, Dublin, Barrow Street 4
- E-mail address of Data Processor: –
On the basis of a contract concluded with Data Manager, Data Processor shall make use of the services referred to as Google Analytics of Data Processor which shall enable both Data Manager and Data Processor to obtain a more accurate image on the activity of their visitors.
10.3 Data Processing Activity Related to the Operation of a Web Page
- Designation of Data Processor: Lilla Kispál
- Headquarters of Data Processor: 4200 Hajdúszoboszló, Ady Endre u. 38/A.
- Tax number of Data Processor: 59577636-1-29
- E-mail address of Data Processor: firstname.lastname@example.org
On the basis of a written contract concluded between Data Processor and Data Manager, Data Processor shall periodically perform web page maintenance.
11. External Service Providers
In operating the web page, Data Manager may also use external service providers with which Data Manager shall cooperate.
In respect of any personal data managed in the systems of external service providers, those comprised in their own regulations of such service providers are decisive. Data Manager shall make his best to treat the personal data transmitted to this external service provider in conformity to legislation and to use them to the purpose provided in the information decided by User or in the present information.
Data Manager shall inform the users on the data transmission performed for external service providers within the present Information.
External Service Providers
- Google, Mountain View, California, United States (Google Analystics aggregated data analysis)
12. Data Safety, Data Knowledge
Data Manager shall take care of data safety, take those technical and organisational measures and prepare the operation rules which are necessary to enforce relevant legislation, as well as data and secrete protection regulations. Data Manager shall protect the data with proper measures against illegitimate access, altering, transmission, publication, deletion or annihilation, as well as accidental destruction or damage, against any inaccessibility resulted from the modification of the technique applied.
Data Manager shall keep in record the data managed by him in conformity to relevant legislation, thereby assuring that only those employees and other persons (data processors) proceeding on behalf of Data Manager who need these data for their activity and duty. Such data may not be known within the employee’s organisation but by logging. The Data Manager’s employees may not fulfil individual searches or may not perform individual operations but on the user’s request or if this is indispensable for service providing.
13. Duration of Data Management
Data Manager shall delete any personal data in the following situations.
- Data management is contrary to the law: whenever it comes to light that data management occurs in illegal manner, Data Manager shall delete the data without delay.
- Request of the party concerned (except for data managements based on legislation): the party concerned may request the deletion of the data managed on the bases of its voluntary consent. In this case, Data Manager shall delete the data.
- Deficient or wrong data – and this condition cannot be remedied according to the law – provided that it is not excluded by the law.
- Purpose of the data management has ceased or the deadline of data storing defined in the law has expired. Since Data Manager shall provide continuous services for the party concerned, the relation of the parties shall not be bound to any time limit. Out of this reason and in lack of a request of the party concerned, Data Manager shall treat the data as long as a relation exists between Data Manager and the party concerned and as long as Data Manager may provide services to the party concerned. Any other data shall be deleted by Data Manager whenever it becomes evident that the usage of data shall not be foreseen for the future, i.e. the purpose of data management has ceased.
- It has been ordered by the Hungarian National Authority for Data Protection and Freedom of Information. Data Manager shall carry out data deletion whenever it is ordered by a Court or the National Authority for Data Protection and Freedom of Information. Instead of deletion and informing the party concerned, Data Manager may also block the personal data provided if requested by the party concerned or it can be supposed on the basis of the information available that any deletion would hurt the legal interests of the party concerned. The personal data blocked in this manner may be treated exclusively as long as the data management purpose exists and is contrary to the deletion of personal data. Data Manager shall mark the personal data treated by him whenever the party concerned may discuss their correctness or accuracy, but this incorrectness or inaccuracy cannot be established in an unambiguous manner. In case of data management situations ordered by legislation, provisions of such legislations are decisive. In case of any deletion, Data Manager shall make the data unsuitable for personal identification. If provided by legislation, Data Manager shall destroy any data carrier containing such personal data.
14. Client Relations
- Whenever any question is raised by Data Manager in relation with the use of our service providing, or the party concerned would have any problem, Data Manager may be contacted by the manners (phone, E-mail, public pages etc.) indicated on our home page.
- Data Manager shall delete such E-mails, messages, the data specified on phone, Facebook etc. not later than after 2 years from data transmission, including the name and E-mail address and other, voluntarily communicated personal data of the inquirer.
- We shall give information about the data managements not listed in the present Information on the occasion of data recording.
- In case of the request of other organs, service provider shall be committed to information supply, data transmission or making available of documents in case of extraordinary official requests or on the basis of any legal authorization.
- In such situations and as far inquirer has indicated a definite purpose and the sphere of requested data, Service Provider may only communicate as much data and to an extent which are indispensable for the satisfaction of the purpose of inquiry.
15. Rights Related to Data Management
Right to request information: any person may request information by the access lines specified on which data of his, on which legal basis, because of which data management purpose, from what source and how long shall be managed by the organisation. On his request, comprehensive information shall be sent to him without delay, but not later than within 30 days, to the contact indicated by him.
Right related to correction: any person may request the amendment of his any data through the accessibilities specified. To this request, proper measures should be taken without delay, however, not later than within 30 days and relevant information should be sent to the accessibility specified.
Right to deletion: any person may request the deletion of his data through the accessibilities specified. On his request, proper measures should be taken without delay, however, not later than within 30 days and relevant information should be sent to the accessibility specified.
The data shall be blocked instead of deletion whenever they should be stored due to legal, legislation or contractual commitment for the preservation of any commercial registration in order to avoid their utilisation to other purposes.
Right to blocking or restriction: any person may request the blocking of his data through the accessibilities specified. The blocking shall be maintained as long as the reason indicated justifies data storing. On his request, this should be done within not more than 30 days and relevant information should be sent to the accessibility specified.
Right to protest: any person may raise protest against data management through the accessibilities specified. Such a protest shall be investigated within the shortest time from its submittal, however, not more than within 15 days, a decision shall be made on its foundation and the relevant decision shall be sent to the accessibility specified.
16. Possibility of Legal Enforcement Related to Data Management
- Hungarian National Authority for Data Protection and Freedom of Information
- Mail address: 1530 Budapest, Pf. 5
- Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
- Phone: +36 (1) 391-1400
- E-mail: ugyfelszolgalat (dot) naih.hu
- Web: https://naih.hu