Privacy Policy

Fedász Fogászati Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
registered seat: H-2085 Pilisvörösvár, Szent János utca 1/D.
Company registration number: 13-09-067990
VAT number 10906251-2-13

DATA PROCESSING
POLICY

based on Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the „Privacy Act”)

as well as
Regulation (EU) No 2016/679 of the European Parliament and of the Council
(GDPR – General Data Protection Regulation)

PREAMBLE

On behalf of Fedász Fogászati Kft. (hereinafter referred to as: Data Controller) we would like to inform our customers and the visitors of our website – www.fedaszdental.hu and our social media sites – collectively as data subject(s) that we respect the personal rights of the data subjects therefore act according to the following rules in the course of our data processing.

We reserve the right to change our policy for alignment with the prevailing legal background and other internal regulations.

The electronic version of our policy is available on our website, www. fedaszdental.hu and on paper basis at our registered seat: H-2085 Pilisvörösvár, Szent János u. 1/D.

Therefore, our Company as a Data Controller considers the provisions of this Policy binding for itself and shall act accordingly in the course of its operation.

I. Definitions pursuant to Section 3 of the Privacy Act
Data subject means any natural person identified or identifiable on the basis of any information;
Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data: means any information relating to the data subject, in particular an identifier such as a name, an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person, as well as the conclusions that may be deduced from the data.
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Protest means the statement of the data subject in which he or she objects to the processing of his/her personal data and requests the termination of the data processing and the erasure of the processed data;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, makes and enforces decisions on data processing (including the devices used) or has them executed by the entrusted data processor.
Data processing means irrespective of the method used, any operation or set of operations which is performed on data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; to prevent further use of the data, to take photographs, sound recordings or images, and to record the physical characteristics (e.g. finger or palm print, DNA pattern, iris image) for identifying the person;
Data transmission means making the data available to a specific third party;
Third party means a natural or legal person, or an organization without a legal personality other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data;
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

II. The purpose and scope of this policy
II/1. The purpose of the data processing policy
The purpose of this policy is to ensure that the data processing of Fedász Fogászati Kft., as Data Controller respects the privacy of natural persons and that its data processing operations are in conformity with the constitutional principle of information self-determination and the information received by the Data Controller is not misused.
II/2. Scope of the Policy
The scope of this Policy applies to the employees of the Company and to the flow of information among employees and to all data processing related to personal data, i.e. all personal data processed by the Company.

III. Principles of data processing

Personal data can only be processed for clearly defined, legitimate purposes, in order to exercise a right and fulfill an obligation. Data processing shall in all stages be compliant with the purpose thereof, furthermore, data collection and processing shall be fair and legitimate.

Only personal data that is essential for achieving the purpose of data processing can be processed to achieve this purpose. Personal data can only be processed to the extent and for the duration necessary for the achievement of the purpose.

Personal data will continue to maintain this quality while processing the data as long as its connection can be restored with the data subject. The connection can be restored with the data subject if the data controller possesses the technical conditions required for restoration.

In the course of data processing the accuracy and completeness of the data shall be ensured, and, where necessary for the purposes of data processing, the updating of the data and that the data subject can only be identified for the time necessary for the purpose of data processing shall be ensured.
Adequate security of personal data shall be ensured in the course of data processing by applying appropriate technical or organizational measures, in particular protection against unauthorized or unlawful processing, accidental loss, destruction or damage to data.

IV. Legal basis and general terms and conditions of data processing

Personal data can be processed, if
a) it is strictly necessary for the performance of the data controller’s statutory tasks and the data subject has explicitly consented to the processing of personal data;
b) it is ordered by law or – by virtue of the authorization of the law, in the scope specified therein, in the case of data not classified as special data or criminal personal data – a local government decree for purposes of public interest;
c) it is necessary and proportionate to the protection of the vital interests of the data subject(s) or other person, and to the elimination or prevention of the direct threat to the life, physical integrity or the goods of persons, or
d) the personal data has been expressly disclosed by the data subject and it is proportionate to the purpose of the data processing;

We perform data processing pursuant to Article 6, paragraph (1), item a) and b) of the GDPR, namely when the data subject has consented to the processing of his/her personal data for one or more specific purposes, and the processing of data is necessary for the performance of an agreement, the data subject is a party thereto, or for the actions required to be taken by the data subject before concluding the agreement.

In addition to the relevant personal identification data of the data subject, pursuant to the principle of data frugality and purpose limitation, the agreement contains only data that is absolutely necessary to the performance of the agreement and to enforce the customer’s debt or to assess the business risk. Further data processing may only be performed with the explicit consent of the data subject. Prior to obtaining the consent statement, the data subject shall be duly informed that the refusal to provide a consent statement does not cause him/her any disadvantage.

If the data subject does not intend to provide the Company with the minimum data required for the conclusion of the agreement, the Company may refuse to conclude the agreement.

We only make a copy of the documents presented by our Customers with the consent of the Customers, that is, with the consent of the data subjects. In case of a refusal of providing a consent, the conclusion of the agreement is not denied.

The information provided by our customers during the conclusion of the agreement is used exclusively by the Company for exercising the rights arising out of the agreement and for the fulfillment of the obligations contained therein.

V. Rights of the Data subjects
1. Relating to the personal data of the data subject processed by the data controller or the data processor based on the mandate of the data controller, the data subject shall be entitled to

a.) receive information about the data processing prior to the commencement of the data processing – right to preliminary information;
b.) access his/her personal data and the information relating to its processing by the data controller – the right to access;
c.) upon request, his/her personal data shall be corrected or supplemented by the data controller – right to correction;
d.) upon request, the processing of his/her personal data is restricted by the data controller – the right to restrict the processing of data;
e.) upon request, the data controller shall erase his/her personal data – right to erasure;
f.) initiate authority proceedings – the right to an authority remedy;
g.) initiate court proceedings – the right to judicial redress;

The data controller shall take appropriate technical and organizational measures to facilitate the enforcement of the rights of the data subject, by providing notifications and information to the data subject in a readily accessible, legible format, with a clear and comprehensible content, and
make a decision on the request submitted by the data subject for the enforcement of his/her rights in the shortest possible time, but within a maximum of 25 days, and shall inform the data subject of its decision in writing or if the request had been submitted electronically, by electronic means. The above-mentioned activities of the Data Controller are provided free of charge.
In order to ensure the right of obtaining preliminary information, we immediately provide the data subject with the following data prior to the commencement of the data processing operations but at the latest after the first data processing operation commences:
a.) the name and contact details of the data controller;
b.) the purpose of the intended data processing;
c.) the rights of the data subject and the manner in which they can be enforced;
We provide information to data subjects on
a.) the legal basis of data processing
b.) the retention time of the processed personal data:
c.) the scope of the recipients of the data transmission in the case of data transmission or planned transmission;
d.) the source of processed personal data;
e.) and any other substantive facts related to the circumstances of data processing.
If our Customers find that their personal data processed by us is inaccurate, incorrect, or incomplete, it will be promptly corrected or supplemented upon request.

Customers’ personal data is processed by us as a data controller, without involving a data processor, who processes personal data on behalf of the data controller.

The data subject has the right to withdraw his/her consent to data processing at any time free of charge. The withdrawal shall not affect the lawfulness of the data processing effected prior to the withdrawal of the consent. Withdrawals can be initiated via mail or electronic mail at info@fedaszdental.hu.
The data subjects have the right to file a complaint with the supervisory authority (National Authority for Data Protection and Freedom of Information, http://naih.hu, phone: +36 (1) 391-1400, mail address: 1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu). Foreign citizens may also file a complaint with the supervisory authority of their residence.
In the event of a breach of his or her rights, the data subject may contact the court concerned. The court proceeds forthwith in the case. The decision on the data protection lawsuits falls within the jurisdiction of the regional court, however, the lawsuit can be initiated even at the court of the place of residence or stay of the data subject at his/her choice.
Please do not hesitate to contact us before filing a complaint with the supervisory authority or the court – in order to cooperate and solve the problem as quickly as possible.

The recipients of the personal data of the data subject
a) the employees of the Company performing customer service tasks,
b) the employees of the Company providing financial, accounting and taxation functions, and
c) the data processors of the Company.
Personal data is retained for 5 years after the termination of the agreement, which constitutes the basis of this Data Processing Information.
The personal data of the data subject will be handed over for processing
a) for accountancy and tax purposes, to the accounting office entrusted by the company: ………………………………………………………………………………………….
b) for postal and delivery purposes to the Hungarian Post

VI. Data Controller’s Register
Our Company as a data controller keeps a register of the data processing operations related to the personal data it processes, which records
– the name and contact details of the data controller;
– the purpose of data processing:
– the recipients of data transmission;
– the scope of data subjects and the data being processed;
– the fact of profiling if applicable;
– in the case of international data transmission, the scope of the data transmitted;
– the legal basis for data processing operations;
– the erasure date of the processed personal data:
– a general description of the technical and organizational security measures;
– the circumstances surrounding the occurrence of personal data breach, their effects and the measures taken to deal with them;
– the legal and factual grounds for the measure restricting or refusing to enforce the data subject’s access rights.

VII. Management of personal data breach
Our company records the nature of the incident, including the scope and approximate number of data subjects, including the scope and approximate amount of the data involved in the personal data breach in connection with the personal data breach related to the data processed.
We describe the likely consequences of a personal data breach and the actions taken or planned to address the personal data breach.
The personal data breach shall be reported to the competent authority immediately, but not later than 72 hours after information has been received thereof.
The personal data breach does not have to be reported if it is probable that it does not pose a risk to the enforcement of the rights of the data subjects.
In order to comply with the legal requirements for the processing of personal data and to facilitate the enforcement of the rights of the data subjects, our Company does not employ a Data Protection Officer on the basis of Section 25/L, paragraph (1) of the Privacy Act.

VIII. Data processing related to our website
Our website, www.fedaszdental.hu enables visitors, as potential customers to send us an Inquiry about the services provided by our Company.
By sending us an inquiry through our website, you voluntarily provide us with your personal data, so please make sure that the data provided are true, correct and accurate, because you are responsible for these data. Incorrect, inaccurate or incomplete data may be an obstacle to using our services.
If you provide personal information of another person, we assume that you have the authority to do so.
You can withdraw your consent to data processing any time by sending a simple request to our Company’s e-mail address info@fedaszdental.hu free of charge.
Registration of withdrawal of consent – for technical reasons – is undertaken with a two-day deadline, but please be aware that certain data may be processed after the withdrawal of consent to fulfill our legal obligations or to enforce our legitimate interests.
In the event of fraudulent use of personal data, or when a visitor commits a criminal offense or attacks our system, simultaneously with the abolition of the registration of that visitor, his/her data will be erased immediately, or, if necessary, retained in the course of the determination of the civil liability or the conduct of criminal proceedings.

IX. Miscellaneous
An electronic device suitable for image recording is used by our Company for property protection purposes on the external facade of the building of our regsitered seat, the Clinic and the Hotel, and inside the building.
Our surveillance system
a) does not monitor public areas,
b) does monitor employees or their activities,
c) is not intended to influence the behavior of employees in the workplace.

A noticeable, awareness-raising information sign was placed in the monitored area in the vicinity of the camera. Our new and old Employees and our visitors are always informed of the surveillance system.
We have placed signs at our registered seat in order to inform our customers and visitors that by entering the building they consent to participate in the recordings. Access to recordings, authorizations, erasure and supervision of the recordings are regulated by our Company in a separate Policy.

X. Confidentiality

Employees of our Company undertake to retain the personal information they receive during their duties without any time limitation. Employees undertake to use the data concerned solely in the performance of their duties and not to disclose them to third parties.

This Policy enters into force on May 25th, 2018.

Dated: Budapest, May 25th, 2018

Fedász Fogászati Kft.

 

Fedász Fogászati Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

registered seat: H-2085 Pilisvörösvár, Szent János utca 1/D.

Company registration number: 13-09-067990

VAT number 10906251-2-13

 

 

DATA PROCESSING 

POLICY

 

CONCERNING ITS ELECTRONIC SURVEILLANCE SYSTEM

 

 

 

based on Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the „Privacy Act”)

  

as well as

Regulation (EU) No 2016/679 of the European Parliament and of the Council

(GDPR – General Data Protection Regulation)

 

 

 

 

PREAMBLE

 

On behalf of Fedász Fogászati ​​Kft. (hereinafter referred to as: Data Controller), we would like to inform our customers and the visitors of our website – www.fedaszdental.hu and our social media sites – (hereinafter collectively referred to as: data subject(s)) that we respect the personal rights of data subjects therefore act according to the following rules in the course of our data processing taking into account the fact that a surveillance system suitable for recording images has been installed at the company’s headquarters.

 

We reserve the right to change our policy for alignment with the prevailing legal background and other internal regulations.

 

The electronic version of our policy is available on our website, www.fedaszdental.hu and on paper basis at our registered seat: H-2085 Pilisvörösvár, Szent János u. 1/D.

 

Therefore, our Company as a Data Controller considers the provisions of this Policy binding for itself and shall act accordingly in the course of its operation.

  1. Definitions pursuant to Section 3 of the Privacy Act

Data subject means any natural person identified or identifiable on the basis of any information;

Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Personal data means any information relating to the data subject, in particular an identifier such as a name, an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person, as well as the conclusions that may be deduced from the data.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Protest means the statement of the data subject in which he or she objects to the processing of his/her personal data and requests the termination of the data processing and the erasure of the processed data;

Controller  means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, makes and enforces decisions on data processing (including the devices used) or has them executed by the entrusted data processor.

Data processing means irrespective of the method used, any operation or set of operations which is performed on data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; to prevent further use of the data, to take photographs, sound recordings or images, and to record the physical characteristics (e.g. finger or palm print, DNA pattern, iris image) for identifying the person;

Data transmission means making the data available to a specific third party;

Third party means a natural or legal person, or an organization without a legal personality other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  1. The purpose and scope of this policy

II/1. The purpose of the data processing policy

The purpose of this policy is to ensure that the data processing of Fedász Fogászati Kft., as Data Controller by the use of an electronic surveillance system respects the privacy of natural persons and that the data processing is in conformity with the constitutional principle of information self-determination and the information received by the Data Controller is not misused.

II/2. Scope of the Policy

The scope of this Policy applies to the Company’s employees, customers and visitors.

 

  • Data processing by the use of an electronic surveillance system

 

We inform our existing and new Customers, Visitors and Employees that our Company uses a fixed electronic surveillance system, which is suitable for image recording – hereinafter referred to as recording – for property protection purposes at its headquarters – H-2085 Pilisvörösvár, Szent János u. 1/D.: 6 cameras in the area of the Clinic and the Hotel, and 3 cameras on the external facade of the building to monitor private land which belongs to the property.

The list of cameras installed by our company at H-2085 Pilisvörösvár, Szent János u. 1/D.:

  Location of the camera The area monitored by the camera Purpose Mode of operation Comment
1. northeast facade of the building internal parking lot, dispatch area at the back property protection 24-hour fixed  
2. northern facade of the building back yard, garden area property protection 24-hour fixed  
3. southern facade clinic pedestrian gate and entrance property protection 24-hour fixed  
4. hotel lobby front of the corridor property protection 24-hour fixed  
5. hotel lobby End of the corridor property protection 24-hour fixed  
6. hotel staircase at the back of the corridor property protection 24-hour fixed  
7. hotel’s garden door garden entrance, lobby and staircase  

property protection

24-hour fixed  
8. dining area ceiling top right corner dining area  

property protection

24-hour fixed  
9. dining area ceiling top left corner dining area  

property protection

24-hour fixed  

 

Our surveillance system

  1. does not monitor public areas,
  2. does not monitor employees, visitors or their activities,
  3. is not intended to influence the behavior of employees in the workplace.

 

Our new and old Employees and our visitors are always informed of use of the surveillance system.

In order to inform our customers and visitors, a noticeable, awareness-raising information sign was placed in the monitored area to alert our customers, visitors, and employees that by entering the building they consent to participate in the recordings.

Our company respects human dignity while using the surveillance system, and uses no hidden or fake cameras.

The behaviour of the data subject on the recording shall be considered to be personal data.

When using an electronic surveillance system, the legal basis for data processing is the legitimate interest of the employer with regard to our employees, the consent of the data subject with regard to visitors and customers.

The basis for the personal data processing of the Company is voluntary consent provided by our visitors, therefore we draw the attention of our Customers and Visitors to the fact that by entering the area monitored by the surveillance system in the knowledge of this information, your behavior is considered as a consent to making the recording.

If you do not wish to provide us with your consent to the processing of your personal data, please do not enter the area monitored by the surveillance system.

The applied device also records activities.

 

  1. The storage location, retention period and data security measures related to the recordings

The recordings are stored at the registered seat of  the company located at H-2085 Pilisvörösvár, Szent János u. 1/D. for three business days. The person authorized to watch, erase and supervise the data is the Managing Director of the Company. The supervisor indicated herebelow may authorize the viewing of the recordings by completing the form attached hereto in the Annex.

 Contact details of the supervisor:

  • Ferenc Tamás Fedász (contact details: +36 30 934 7601)

Anyone whose right or legitimate interest is affected by the data recorded may, within three business days of the recording, request the Company not to destroy or erase the recording after justifying his/her rights or legitimate interests. Upon request, the recordings will be blocked, but if a court or authority does not request them from the Company within 30 days, they shall be destroyed. Our company may not issue a copy of the recordings that may contain the personal data of other data subjects other than the person who submitted the request.

If the recording is intended to be used as an evidence in judicial or other official proceedings, it is considered as a use of the recording.

 

Your rights regarding the processing of your personal data are governed by law, which entitles you to 

  1. request information about our data processing,
  2. request the correction, erasure or blocking of the data being processed, and
  3. you may object to the processing of your personal data, and
  4. in the case of breach of your rights you may file a lawsuit at court and demand indemnification and grievance fee.

The legal basis for data processing (recording) is based on Article 6, paragraph (1), item f) of the GDPR.

Regarding the processing of personal data, the main governing rules are Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the „Privacy Act”), Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators (“Security Services Act”), and Act I of 2012 on the Labour Code.

 

 

This Policy enters into force on May 25th, 2018.

 

Dated: Budapest, May 25th, 2018

 

Fedász Fogászati ​​Kft.