fbpx

PRIVACY POLICY

DATA PROCESSING POLICY

I. The purpose of the data processing policy

Premier G Med Egészségügyi Szolgáltató Kft., the company that performs the procedures (Company reg no. 01-09-270966, tax number: 25365801141; Registered address: 1037 Budapest, Virág Benedek utca 35.), hereinafter referred to as “Data controller” or “Health Centre”, provides the following information in regard to its processing of data in connection with the medical procedures performed at the clinic. The Health Centre is committed to protecting the personal data of its clients, partners and employees. Therefore the processing of such data is carried out in a confidential manner. The Health Centre will take every such security, technical and organizational measure that ensures the security of the data and such measures will be subject to periodical supervision.

The present informative section has been prepared with the purpose of presenting the data processing principles of the Health Centre and of publishing the expectations the Health Centre as Data controller puts forward and considers binding.

Data processing within the Premier G. Med group is a jointly performed activity, the companies jointly determine the purposes and means of processing. The other members of the group also have access to the data processed by Premier G. Med Egészségügyi Kft. For the purposes of the present informative section the following companies are jointly included.

Name:Premier G. Med Egészségügyi Kft.
Registered address:1037 Budapest, Virág Benedek utca 35.
Company registration number:01-09-270966
Tax number:25365801141
 
Name:Premier G. Med Kft.
Registered address:1026 Budapest Hidász utca 1.
Company registration number:01-09-562088
Tax number:12179295241
 
Name:Premier G. Med Cardio Kft.
Registered address:1026 Budapest Hidász utca 1.
Company registration number:01-09-919141
Tax number:14772423241
  
 
Name:Premier G. Med Onko Kft.
Registered address:1026 Budapest Hidász utca 1.
Company registration number:01-09-919140
Tax number:14772416241
 
Name:Premier G. Med Vagyonkezelő Kft.
Registered address:1026 Budapest Hidász utca 1.
Company registration number:01-09-274172
Tax number:25421396241

The personal data of our Clients will be processed only for the purposes hereby determined, in accordance with the principles of lawful and fair data processing and to the extent necessary and for no longer than is necessary.

Data processing principles:

Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as the Privacy Act, the English translation of the text in effect can be accessed via the link below: http://njt.hu/translated/doc/J2011T0112P_20190426_FIN.pdf)

Regulation (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as as GDPR, the English language text of the GDPR in effect can be accessed via the link below: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

For data processing not covered in the present informative section we shall provide information when the data processing takes place.

II. Principles with regarding to the processing of personal data
  1. Lawfulness, fairness and transparency

    The Health Centre will be proceeding in a lawful and fair manner and in accordance with the purposes of the data processing in all periods of the data processing.

  2. Purpose limitation

    Personal data shall be collected for specified, explicit and legitimate purposes.

  3. Data minimisation

    The processed data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  4. Accuracy

    During the data processing, the Health Centre shall seek to ensure that the data are accurate, complete and up to date and shall take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

  5. Storage limitation

    The Health Centre processes personal data for no longer than is necessary and only to the necessary extent; once the period of data processing is over, the Health Centre shall ensure that the identification of the data subjects is no longer possible.

  6. Integrity and confidentiality

    The appropriate security of the personal data must be ensured using appropriate technical or organisational measures. It also includes protecting the data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

III. What personal data do we process?

Personal data are all the data that refer to a natural person, in particular the subject’s name, identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject and any deduction referring to the data subject that can be made from the data.

Due to the nature of its activity, the Health Centre processes several personal data of its Clients, including data concerning health, patient history, medical reports and examination results that qualify as sensitive data. The processed personal data and the connecting data processing purposes and legal bases (in chronological order) are as follows:

Patient’s medical reports Providing clinical services Contractual + Legal obligation, protecting the interests of the data subject

Processed personal data
Purpose of data processing   
Legal basis
Patient’s basic data:
Name, maiden name, mother’s maiden name, address, date of birth, social security number, telephone number, email address
Entering into agreement
Contractual + Legal
Providing clinical services

Contractual + Legal obligation, protecting the interests of the data subject

Patient’s medical history
Providing clinical services

Contractual + Legal obligation, protecting the interests of the data subject

Patient’s medication history
Providing clinical services

Contractual + Legal obligation, protecting the interests of the data subject

Patient’s payment data: Bank account number, billing name, billing address

Providing clinical services
Contractual + Legal obligation
Patient histology
Providing clinical services

Contractual + Legal obligation, protecting the interests of the data subject

Video recording of the patient concerned
Overviewing patients’ personal safety
Protecting the interests of the data subject
IV. What do we use your personal data for?
  1. Patient administration for private clinic procedure

    Personal data processing carried out for the procedure performed by Premier G. Med Egészségügyi szolgáltató Kft as a private clinic include the patient’s first appointment and administration, the necessary examinations, surgical procedure if necessary and the monitoring of the patient. Patient data are stored digitally on the servers of the company and in the FőnixPro software and also physically as patient records. External companies also participate in the process as data processors, for example in taking histology tests, or in the external assessments of the patients’ medical records. The physicians who perform the procedures have a contractual relationship with the Health Centre, and they also use the personal data of the patients as data processors.

    Type of personal data 
    Purpose of data processing
    Legal basis
    Name, address, telephone number, social security number, maiden name, mother’s maiden name, place of birth, date of birth, email, medical records, disease data, previous surgeries, diseases and possible complications histology, medication history, bank account number, billing name, billing address
    Contract signing, providing services

    Contractual, Legal obligation, Protecting the interests of the data subject

  2. Video-camera patient surveillance at the private clinic

    After the procedures are performed at the private clinic, our Clients convalesce in a designated room as long as they are under the influence of the anaesthetics applied during the procedure. In order to ensure the safety and well-being of our Clients, we have installed an electronic surveillance system in the room designated for convalescing. A warning sign that indicates the presence of the surveillance system is placed in the room in order to inform our Clients and ensure their consent to being surveilled. On the Clients’ behalf it signifies sufficient consent if they enter the room after reading the informative materials and taking note of the warning sign. The camera system and the connecting support is provided by HQ4 Kft.

    Type of personal data

    Purpose of data processing   
    Legal basis
    Video recording of the patient concerned
    Overviewing patients’ personal safety
    Protecting the interests of the data subject
  3. Finance, Accounting-related processing of personal data

    The Health Centre engages the services of an accounting firm for performing financial tasks such as bookkeeping, assignment and taxation. The management of the Clients’ invoices constitutes one such background task. Data processing is performed in accordance with the contractual legal basis. When the contractual relationship is terminated, the data will be preserved further on the basis of legal obligation. As a data processor, Correct Kft. that has a contractual relationship with Premier G. Med group, participates in the data processing as accountant.


    Type of personal data

    Purpose of data processing   Legal basis

    Patient’s payment data: Bank account number, billing name, billing address

    Providing clinical services
    Szerződéses + Jogi kötelezettség
V. How long do we process your personal data?
  1. Patient administration for private clinic procedure

    According to the contractual legal basis, the personal data will be stored until the contract expires and after that the data will be preserved for an obligatory period of 30-50 years in accordance with the applicable legislation (legal obligation legal basis). With regard to personal data concerning health, following the data processing specified in the contract and in the obligatory applicable legislation, the data of our Clients will be processed in a manner to ensure the protection of the interests of the data subject.

  2. Video-camera patient surveillance at the private clinic

    Under the GDPR regulation all unused recordings can be retained for a maximum period of 72 hours or 3 days.

  3. Finance, Accounting-related processing of personal data

    The period of data processing in accordance with contractual legal base is identical with the contractual period. Following this period the data shall be stored for an additional 5 years as provided by law (legal obligation). Once the 5-year storage period expires, the data will be erased.

VI. Who has access to your personal data?

In accordance with the joint data processing agreement between the Health Centre and the other companies of Premier G. Med group, the companies listed in Chapter I have access to your data as Data controllers. The other companies of the group have access to the personal data only to the extent in which they provide their services to the subject as it is explained in Chapter IX Information Security

The Health Centre engages the services of other external data processors as contributors in the data processing described in the present informative material. These are the following organizations:

The company providing IT support for the group:

  • SZTJ Kft., 2314 Halásztelek, Nap utca 8.
  • Invitech Megoldások Zrt., 2040 Budaörs, Edison utca 4.

 

The provider of the camera system:

  • HQ4 Kft., 1124 Budapest, Fodor utca 52. II.6.

 

Accounting firm:

  • Correct Kft., 1026 Budapest, Bimbó út 182. fszt. 3.

 

Provider of the Navision system:

  • FITS Magyarország Kft., 8600 Siófok, Szent László utca 89. A. épület  fszt. 3

 

Provider of the FőnixPro system:

  • Béker- Soft Informatikai Kft., 1184 Budapest, Hengersor utca 73.

 

Provider of the Sherpa system:

  • Progen Kft., 1118 Budapest, Homonna utca 8/A.

 

Histopathology service providers:

  • Archi-Med Bt., 1136 Budapest, Raoul Wallenberg utca 2. 3. emelet 1.
  • Medserv Egészségügyi Kft., 1112 Budapest, Süveg utca 10b.

 

In line with the relevant legislation we conclude data processing agreements with the data processors and we expect them to adhere to and to be bound by the procedures and guidelines laid down in the GDPR.

VII. The data protection officer of Data processor and the officer’s contact details

In order to handle the complaints of the Clients in connection with the data processing, the Health Centre has appointed a data protection officer in accordance with the provisions of the GDPR. The contact details of the data protection officer:

Name:Dr. Toronyi Tímea
Telephone number:06 30 950 78 99
Email:drtoronyi@euroweb.hu
Address:Premier G. Med Egészségügyi Kft., 1026 Budapest, Hidász utca 1.
VIII. Rights of the data subject

The data subjects can exercise their rights against Data controller via the contact provided below or by directly contacting the data protection officer:

Premier G. Med Egészségügyi Kft., 1026 Budapest, Hidász utca 1.

  1. Providing information

    All of our patients are entitled to request information about their data we process, in particular about the data source, the purpose, legal basis and period of the data processing; the data processor’s name, address and its activity performed in connection with the data processing; the circumstances of possible personal data breach, the effects of the breach and the measures taken to avert such effects; in the case of personal data transfer, the legal base and the recipients of the transferred data. Information may be requested via the contacts provided or directly by contacting the data protection officer.

    We provide the requested information as soon as possible, but not later than 15 days following the request. We refuse to provide information only in such cases when it is forbidden by law.

  2. Access

    The data subject has the right to access their processed personal data at any time, if they notified the Data controller in advance via any of the above contacts.

  3. Rectification

    If the personal data are inaccurate, the subject may request the rectification thereof via the above contacts of the Data processor. In the event that the accurate data are available, we shall rectify the personal data without undue delay.


  4. Erasure of data

    The Client is entitled to have their personal data erased upon his/her request by the Health Centre without undue delay, and the Health Centre shall be liable to erase all personal data concerning the data subject without undue delay if the request is justified on one or more of the following specific grounds:

    • the processing of data is unlawful;

    • The data subject requests the erasure of their data, with the exception of cases of mandatory processing;

    • the data are inaccurate or incomplete and the situation cannot be lawfully remedied, provided that the erasure is not forbidden by law;

    • the purpose of the data processing has terminated, the period laid down for the data storage has elapsed, except if the data carrier is to be handed over to the archives for preservation;

    • the erasure of the data has been ordered by the court or Authority.

  5. Blocking of data

    Rather that erasing the personal data, Data processor blocks those if the data subject requests so or, if based on the available information it is to be assumed that erasure of data would be against the interests of the data subject. The data thus blocked can only be processed as long as the purpose of the data processing that excludes the erasure of the data exists.

  6. Objection

    The Client may object to the processing of their data and may request Premier G. Med Egészségügyi Kft in writing to terminate the data processing or to erase the processed data.

IX. Data Security

We hereby inform our Clients that the Health Centre ensures the security of the processed data and takes the technical and organizational measures and adopts its own rules of procedure necessary to enforce the provisions of the GDPR and other rules concerning the protection of data and secrecy.

We shall process the personal data only when the subject’s consent is given and in accordance with the subject’s requirements; the processing of the data will be carried out with utmost care, in a strictly confidential manner and only to the extent necessary for the subject to use the services. We shall also ensure that the processed personal data shall be:

  • protected against unauthorized access (data confidentiality)
  • shall be accessible to the authorized persons (availability)
  • authentic and properly authenticated (authenticity of data processing)
  • protected against loss, destruction or damage (data integrity)

 

Register of data breaches

In order to control the measures taken in connection with data breaches and to inform our Clients, we maintain a register that contains the concerned personal data, the scope and number of the subjects affected by the breach, the time, date, circumstances and effects of the breach and the measures to prevent the breach and other data specified in the legislation concerning the data processing.

In accordance with the legislation we report the data breach to the supervisory authorities within 72 hours following our becoming aware of the breach and we also keep a register of the data breaches. In the cases specified by the legislation we shall also inform of the data subjects concerned.

X. Legal remedy

Legal remedy may be sought and complaints may be filed with the Hungarian National Authority for Data Protection and Freedom of Information.

 

Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1350 Budapest, PO box.: 5.

Telephone: +3613911400

Fax: +3613911400

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

 

Date of the present data processing policy and its coming into effect: May 25, 2018