top of page

Privacy Notice (GDPR) of
Visegrádi40 Private Practice

This notice contains the principles of processing personal data provided by patients on the website of Visegrádi40 Private Clinic.

In drafting this Notice, Visegrádi40 Private Clinic has considered the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation", hereinafter: "GDPR"), Act CXII of 2011 on informational self-determination and freedom of information ("Infotv."), Act V of 2013 on the Civil Code ("Ptk."), and Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities ("Grtv.").

1. GENERAL TERMS

"Personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified directly or indirectly, especially by reference to an identifier such as a name, number, location data, online identifier, or one or more factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

"Data processing": any operation or set of operations which is performed on personal data or data sets, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration or modification, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Data record system": a collection of personal data organized in any way – centralized, decentralized, or according to functional or geographical criteria – that is accessible according to specific criteria.

"Data controller": a natural or legal person, public authority, agency, or any other body that determines the purposes and means of the processing of personal data, whether alone or jointly with others; if the purposes and means of processing are determined by Union or Member State law, the controller or specific criteria for its designation may also be specified by Union or Member State law.

"Processor": a natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the controller.

"Third party": a natural or legal person, public authority, agency, or any other body that is not the data subject, the controller, the processor, or persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

2. GDPR ROLES

The Data Controller, Visegrádi40 Private Clinic, does not operate its own server and uses the Microsoft Windows operating system for daily administrative tasks. For processing information systems, including email, administration, and healthcare data management, external companies are commissioned as data processors under individual service contracts and data processing agreements. (The GDPR data processing notice from Microsoft is available at: https://www.microsoft.com/en-us/trust-center/privacy/gdpr-overview).

 

The email system is managed by S+H Informatikai Zrt. (1132 Budapest Visegrádi u. 40.). In addition to its various tasks, the IT company ensures secure email services for the data controller.

Regarding healthcare and patient data, the Data Processor, KARDI-SOFT Ltd. (9024 Győr, Csokonai street 29.), operates the Dokirex.net software and provides high-level protection for patient record services, ensuring GDPR and Infotv. data security requirements.

For scheduling purposes, the Data Processor, MediCorp Hungary Zrt. (1095 Budapest Lechner Ödön Fasor 2. 7th floor 13.), operates the myMedio software and provides high-level protection for calendar management services, ensuring GDPR and Infotv. data security compliance.

Since the personal data of patients stored on the remote access point (cloud) provided by the Data Processor is not processed or accessed by the Data Processor, the responsibility for the management and protection of healthcare and related personal data lies solely with the Data Controller as stipulated by Act XLVII of 1997 (Eüak.).

3. DATA SECURITY

Data security, in this context, refers to ensuring that the User can always access the data they manage and the service (remote software) through which their data is processed, and that no data loss or significant data corruption occurs that would endanger their work.

The Data Controller has implemented various measures to guarantee high-level data security:

  • Data is stored and processed using a database server. The Data Processor (e.g., Kardi-Soft Ltd.) uses an SQL database server, one of the most reliable database servers in use today.

4. DATA PROTECTION – GDPR COMPLIANCE

Data protection, in this case, refers to ensuring that the data under the Data Controller’s commission is fully protected from unauthorized access, and the personal rights of the data subjects (patients) are not violated in any way. The principles and rules of data protection are defined by the GDPR starting from May 25, 2018.

The Data Controller has considered various aspects and measures in the software development process to ensure that the software complies with these requirements.

This Data Processing and Privacy Notice is valid from April 1, 2023, Version number: 8.0.

Contact

Thanks for submitting your message. We will get back to you soon.

Consultation Hours

You can find the consultation hours on the pages of the specific specialist services and diagnostic services, as well as next to the names of our specialists.

1132 Budapest, Visegrádi u. 40.

+36 20 344 3733

rendelo@visegradi40.hu

  • Facebook
  • Instagram
  • Youtube

© 2023 by PrivátDoktor Zrt.

Visegrádi 40 orvosi rendelő

Data Protection

Terms and Conditions

Legal Notice

bottom of page