Privacy Notice

informing you, as a visitor to our website and as a user of our services, about the processing of personal data on our website.

Registrants (hereinafter: Registrant) who fill in the Consent form for subscribing to the newsletter or personalised marketing enquiry on paper, on the website, by e-mail, accept all the terms and conditions of this Policy, therefore please read this Privacy Policy (hereinafter: Policy) carefully before filling in the Consent form on paper/website or sending it by e-mail.

1. What principles do we follow in our data management?

Our Company follows the following principles in the processing of your data:

1. we process personal data lawfully and fairly and in a transparent manner for you.
2. personal data is collected only for specified, explicit and legitimate purposes and is not processed in a way incompatible with those purposes.
3. the personal data we collect and process is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
4. Our Company will take all reasonable steps to ensure that the data we process is accurate and, where necessary, kept up to date, and we will promptly delete or correct inaccurate personal data.
5. personal data are stored in a form which permits identification of you only for the time necessary to achieve the purposes for which the personal data are processed.
6. we use appropriate technical and organisational measures to ensure adequate security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.

Our Company will process your personal data

1. on the basis of your prior informed and voluntary consent and only to the extent necessary and in any event for the purposes for which it is collected, recorded, processed, stored and used.
2. in some cases, the processing of your data is based on legal requirements and is mandatory, in which case we will draw your attention to this fact.
3. or in certain cases, our Company or a third party has a legitimate interest in the processing of your personal data, such as the operation, development and security of our website.

2. Who are we?

The name of our Company: Endomedix Ltd.
The registered office of our Company is: 1139 Budapest, Esztergomi út 66. building A. fszt. 3.
The locations of our Company:
5700 Gyula, Nürnbergi utca 1/b.
8200 Veszprém, Egyetem utca 7.
9024 Győr, Bem József tér 14/b.
8600 Siófok, Semmelweis utca 1.
3527 Miskolc, Dózsa György út 12.
4025 Debrecen, Nyugati u. 28.
7200 Dombóvár, VI utca 49.
5000 Szolnok, Tófenék utca 1-3. fszt. 124.
Our Company website: https://endomedix.hu/
Staying in touch:
Postal address: 1139 Budapest, Esztergomi út 66. building A. fszt. 3.
Our phone number is (1) 413-2500
Our e-mail address: [email protected]
Our tax number: 14034372-2-41
Cégjegyzékszámunk: 01-09-885846

Our Data Protection Officer can be contacted at (1) 413-2500

Name, address and contact details of our hosting provider:

Our Company uses the following data processors for the processing of data in order to provide our customers with high quality service:

Name	Address	Activity
Adana Online Ltd.	1222 Budapest, Komáromi út 53/2.	hosting services, database maintenance

Data processors in connection with our direct marketing and/or newsletter services:

Name	Address	Activity
Adana Online Ltd.	1222 Budapest, Komáromi út 53/2.	send newsletter
The Rocket Science Group, LLC	675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA	send newsletter

Data processors for data processing related to booking

Name	Address	Activity
Adana Online Ltd.	1222 Budapest, Komáromi út 53/2.

Where we change the scope of our data processors, we will reflect the changes in this notice.

Description of certain data processing activities

Purpose of data processing	Booking an appointment
Legal basis for processing	Article 6(1)(b) - performance of contract, Article 6(1)(a) - consent
Data processed	Personal identification data, e-mail, telephone number, address
Duration of data processing	Until the end of care, or until withdrawal if consent is given

Purpose of data processing	Data processing in relation to the 'contact' section of the website
Legal basis for processing	Article 6(1)(a) - consent
Data processed	Name, e-mail address, telephone number and other unsolicited information provided by the user in the message.
Duration of data processing	It will be deleted within 30 days of contact.

Purpose of data processing	Visitor data management on the Company's website - cookie management
Legal basis for processing	Article 6(1)(a) - consent / session in the case of cookies Article 6(1)(c) - legal obligation Article 13/A(3) of Act CVIII of 2001 (Elkertv.)
Data processed	IP address used by the visitor, browser type, operating system characteristics of the browsing device (language set).
Duration of data processing	24 months

Purpose of data processing	Data processing for direct marketing purposes
Legal basis for processing	Article 6(1)(a) - consent
Data processed	Name, address, telephone number, e-mail address, online ID, date of birth (to prove that the natural person is 16 or 18 years old)
Duration of data processing	Until withdrawal of consent

We only ask our website visitors for personal information when they register, log in, book an appointment or send a message.

We cannot link the personal information you provide in connection with your registration or use of our marketing services and we do not generally seek to identify our visitors.

If you have any questions about data processing, please contact. [email protected] you can request further information by e-mail or postal address, and we will reply to you without delay within 7 days (but not later than 1 month) to the contact details you have provided.

3. What are cookies and how do we handle them?

Cookies are small data files (hereinafter "cookies") that are transferred to your computer through the use of the website by your website by being saved and stored by your internet browser. Most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow the download and use of cookies by default, but it is up to you to modify your browser settings to refuse or block them, or to delete cookies already stored on your computer. For more information on the use of cookies, please see the "help" section of each browser.

Some cookies do not require your prior consent. Our website will provide you with brief information about these when you first visit, such as authentication cookies, multimedia player cookies, load balancing cookies, session cookies to help you customise the user interface, and user-centric security cookies.

Our Company will inform you and ask for your consent about cookies that require your consent - if the processing starts when you visit the site - at the beginning of your first visit.

We do not use or allow cookies that allow third parties to collect data without your consent.

Acceptance of cookies is not mandatory, but our Company is not responsible if our website does not function as expected without cookies.

You can read more about third party cookies here https://www.google.com/policies/technologies/types/ and about data protection here https://www.google.com/analytics/learn/privacy.html?hl=hu

4. What else do you need to know about our data management on our website?

You provide us with personal data voluntarily when registering or contacting our Company, and we therefore ask you to gradually ensure the truthfulness, accuracy and correctness of the data you provide, as you are responsible for them. Incorrect, inaccurate or incomplete data may prevent you from using our services.
If you do not provide your own personal data but that of another person, we will assume that you have the necessary authorisation to do so.
You may withdraw your consent to data processing at any time, free of charge

• by deleting the registration,
• by withdrawing consent to the processing; or
• by withdrawing or requesting the blocking of any consent to the processing or use of data that must be completed during registration.

For technical reasons, we have a 7-day time limit for registering the withdrawal of consent, but please note that we may process certain data after the withdrawal of consent in order to comply with a legal obligation or to pursue our legitimate interests.

In the event of the use of misleading personal data, or if one of our visitors commits a crime or attacks our Company's system, we will delete your data immediately upon termination of your registration or, if necessary, retain it for the duration of the civil liability or criminal proceedings.

5. What do you need to know about our data management for direct marketing and newsletter purposes?

You can give your consent to us using your personal data for marketing purposes by making a declaration during registration or by subsequently modifying your personal data stored in the newsletter and/or direct marketing registration area (i.e. by clearly indicating your intention to consent). In this case, we will also process your data for the purposes of direct marketing and/or sending you newsletters and will send you advertising and other mailings, information and offers and/or newsletters (§ 6 of the Grtv) until your consent is withdrawn.

You can give your consent for direct marketing and newsletter separately or withdraw it/these free of charge and at any time.

In any case, the cancellation of the registration will be considered as a withdrawal of consent. Withdrawal of consent to data processing for direct marketing and/or newsletter purposes shall not be construed as withdrawal of consent to data processing in relation to our website. What and on what basis do we retain when newsletter consent is withdrawn? In the case of consents, each consent is for a specific purpose, so registering tomorrow and subscribing to the newsletter are two separate purposes, two separate databases, the two cannot be related.

For technical reasons, we have a 3-day deadline for the registration of the withdrawal or cancellation of individual consents.

6. Other data management issues

We may only transfer your data within the limits set by law and, in the case of our data processors, we ensure that they cannot use your personal data for purposes that are not in accordance with your consent by setting contractual conditions. For more information, see section 2.
Our company does not transfer data abroad.
The court, the prosecution and other authorities (e.g. police, tax authorities, National Authority for Data Protection and Freedom of Information) may contact our Company for information, data or documents. In such cases, we must comply with our obligation to provide information, but only to the extent strictly necessary to achieve the purpose of the request.
Our contractors and employees involved in the processing of your personal data are entitled to have access to your personal data to the extent specified in advance, subject to confidentiality obligations.
We will take appropriate technical and other measures to protect your personal data and to ensure its security, availability and to protect it from unauthorised access, alteration, damage or disclosure and any other unauthorised use.
As part of our organisational measures, we control physical access in our buildings, provide continuous training for our employees and keep paper documents locked away with appropriate protection. Technical measures include encryption, password protection and anti-virus software. Please note, however, that data transmission over the Internet cannot be considered a fully secure transmission. While we make every effort to ensure that our processes are as secure as possible, we cannot accept full responsibility for the transmission of data via our website, but we do maintain strict standards for the security of your data and the prevention of unlawful access to data received by us.
In relation to security issues, we ask for your help in carefully remembering your password to access our website and not to share this password with anyone.

7. What are your rights and remedies?

About data processing

• request information on,
• may request the rectification, modification or integration of their personal data processed by us,
• may object to the processing and request the erasure and blocking of their data (except for mandatory processing),
• have a right of appeal to a court,
• complain to the supervisory authority or initiate proceedings (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Authority for Data Protection and Freedom of Information

• Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
• Postal address: 1530 Budapest, Pf.: 5.
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• E-mail: [email protected]
• Website: https://naih.hu/

At your request, we will provide you with information about the personal data that we process about you or that we - or our data processors - process.

• about your data,
• their source,
• the purposes and legal basis of the processing,
• and, if this is not possible, the criteria for determining this period,
• the names and addresses of our data processors and their data processing activities,
• the circumstances and effects of data breaches and the steps we have taken to respond to and prevent them; and
• the legal basis and recipient of the transfer of your personal data.

We will provide you with information within 7 days (but not more than 1 month) of the request. The information will be provided free of charge unless you have already submitted a request for information on the same data in the current year. We will reimburse you for any charges you have already paid if we have processed the data unlawfully or if the request for information has led to a correction. We may only refuse to provide information in cases provided for by law, by indicating the legal position and by informing you of the possibility of judicial remedy or recourse to the Authority.

Our Company will notify you and all those to whom it has previously disclosed the data for processing purposes of the rectification, blocking, marking and erasure of personal data, unless the non-notification is not in your legitimate interest.

If we do not comply with your request for rectification, blocking or erasure, we will provide you with the reasons for our refusal in writing or, with your consent, by electronic means within 7 days (but not more than 1 month) of receipt of the request and inform you of the possibility of judicial remedy and of recourse to the Authority.

If you object to the processing of your personal data, we will consider your objection within 7 days (but not more than 1 month) of the date of your request and inform you in writing of our decision. If we decide that your objection is justified, we will stop the processing, including any further collection and transfer of data, and block the data, and notify the objection and any action taken in response to it to all those to whom we have previously disclosed the personal data to which the objection relates and who are under a duty to act in order to exercise the right to object.

We will refuse to comply with a request if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you do not agree with our decision or if we fail to comply with the time limit, you have 30 days from the date of notification of the decision or the last day of the time limit to take legal action.

Data protection litigation falls within the jurisdiction of the courts, which may, at the option of the data subject, be brought before the courts of the place of residence or domicile of the data subject. A foreign national may also lodge a complaint with the supervisory authority of his/her place of residence.

Please contact our Company before lodging a complaint with a supervisory authority or a court - to discuss and resolve the problem as quickly as possible.

8. What is the main legislation governing our activities?

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons (GDPR)
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info tv.)
• Act V of 2013 on the Civil Code (Civil Code Act)
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services - (Eker tv.)
• Act C of 2003 on electronic communications - (Ehtv)
• Act CLV of 1997 on Consumer Protection (Fogyv tv.)
• Act CLXV of 2013 on complaints and notifications of public interest (Pktv.)
• Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising (Grtv.)

9. Amendments to the Privacy Notice

Our Company reserves the right to modify this Privacy Notice and will inform the data subjects accordingly. The publication of information on data management on the https://endomedix.hu/adatkezeles/ website.

Last modified on 13 October 2021.