en_GB GB
en_GB GB hu_HU HU ro_RO RO
Contact
Booking by phone

Privacy notice

Data Controller

Dr. Szemerédi Medical Ltd.
Seats: 6725 Szeged, Korda u. 18
tax number: 10603721-1-06
register of Companies Court: Szeged Regional Court
company registration number: 06-09-001245
telephone: +36 30 099 3379
e-mail: kapcsolat@kordaklinika.hu

Dr. Szemerédi Medical Ltd. pays special attention to the observance of the right to self-determination. In connection with the website, in accordance with EU legislation, we process only the data strictly necessary for the economic operation and functionality of the website.

Data Protection Officer:

name: Andrea Tompáné Kádár
postal address: 6725 Szeged, Korda u. 18.
telephone: +36 70 373 5057
e-mail: ugyvezeto@kordaklinika.hu

Purpose of the processing:

To secure the necessary rights and settle claims relating to our services in the interests of both parties.

Legal basis for processing:

Article 6(1)(a); (b); (c); (f) of the GDPR, legitimate interest in health care, performance of a legal obligation, assertion of a claim, etc.

Scope of the data processed:

The Data Controller may use the following https://kordaklinika.hu/ no personal data is required to view the information published on the website for the public. The Data Controller uses Google Analytics cookies to analyse visitors' preferences in order to ensure the user-friendliness of the website.

For example, it uses cookies to record the following information: the number of visitors to the website and subpages, the duration of the visit, the order in which pages are viewed, the search terms used to access the website, the type of browser used to access the website, the location of the computer used to access the website. The Data Controller does not collect personal data about visitors to the website. The cookies used on the website only record the anonymous IP address of the visitor's computer and do not collect any personal data or information that would allow the identification of a real person.

The Data Controller does not process any personal data in connection with this activity other than the visitor's anonymised IP address.

Customer/Patient data management

Data processing takes place in order to use the private health services provided by Dr. Szemerédi Medical Ltd.

To do this, you will need to provide the following information about your customers:

  • name (birth name),
  • permanent address (notification address),
  • place and date of birth.

E-mail address and telephone number are also required:

  • to book an appointment, or
  • for notification of completed findings.

Dr. Szemerédi Medical Ltd. only processes personal data that is necessary for the provision of health care services or is suitable for the purpose.

Personal data are processed to the extent and for the duration necessary for the purpose. Dr. Szemerédi Medical Ltd. will process the personal data provided by the client until the service is provided or until it becomes impossible to provide the service, or, except in the case of mandatory data processing, until the date of deletion initiated by the data subject.

Dr. Szemerédi Medical Ltd. ensures that only the treating physician, the head of the institution and the data protection officer are authorized to handle medical and personal data.

Purpose of processing:

The purpose of the processing of health and personal data is to promote the preservation, improvement and maintenance of health, to promote the effective medical treatment activities of Dr. Szemerédi Medical Ltd., including the professional supervision activities, and to monitor the health of the data subject [ Article 4 (1) (a)-(c)].

Legal basis for processing:

The legal basis for the processing is the data subject's consent [Articles 6(1)(a) and 9(1) and 9(2)(a) GDPR].

Duration of data processing:

The duration of data management is 8 (eight) years after the performance of the contract in respect of the invoice issued to the patient, according to the legal provisions on the retention of supporting documents under the Szvt., at least 30 (thirty) years from the date of data recording in respect of medical records, and at least 50 (fifty) years in respect of the final report, after which Dr. Szemerédi Medical Ltd. shall destroy them. The imaging diagnostic procedure record shall be kept for 10 (ten) years from the date of its creation, and the diagnostic report of the record for 30 (thirty) years from the date of its creation.

Data management of business and cooperation partners

Dr. Szemerédi Medical Ltd. is entitled to process the personal data of its suppliers, business and cooperation partners, which are related to the offer and contract between the partner and the Data Controller, including its establishment, registration and performance.

Scope of the data processed:

the data provided in the request for quotation, order, contract,

contact information, and

the data required for the issue of supporting documents.

Purpose of processing:

The purpose of the processing is solely related to the conclusion, performance, modification or termination of the contract.

Legal basis for processing:

The legal basis for the processing is the consent of the data subject [Article 6(1)(a) GDPR] and the conclusion of a contract between the partner and the Data Controller [Article 6(1)(b) GDPR].

Duration of data processing:

The duration of data processing is 8 (eight) years after the performance of the contract, in accordance with the legal provisions on the retention of supporting documents under the Szvt.

Processing of job applicants' data

Dr. Szemerédi Medical Ltd. processes the personal data contained in the "incoming" and targeted CVs and other attached documents received directly or through a recruitment agency.

Scope of the data processed:

the personal data provided by the data subject in CVs and other attached documents.

Purpose of processing:

The purpose of the processing is to inform the data subject about job vacancies that best match his/her qualifications and interests, to arrange an appointment with the data subject and to carry out the selection procedure.

Legal basis for processing:

The legal basis for the processing is the data subject's voluntary consent [Article 6(1)(a) GDPR], which is given by the data subject by sending his or her CV and related documents.

Duration of data processing:

The duration of the data processing is the duration of the employment relationship in case of a successful application, in case of an unsuccessful application, the application file of the unsuccessful applicants will be deleted after the selection.

Social networking sites (Facebook, Instagram):

Scope of the data processed:

The name of the user registered on Facebook, Instagram social networking sites and the user's public profile picture, including any posts that may contain personal data.

Stakeholders:

All stakeholders who have registered on Facebook, Instagram and "liked" the Korda Clinic page.

The purpose of the data collection:

On social networking sites, sharing or "liking" certain content, services, promotions or the website itself.

The duration of the processing, the time limit for erasure of the data, the identity of the potential controllers who have access to the data and the rights of the data subjects with regard to the processing:

The data subject can find out about the source of the data, how it is processed, and the method and legal basis of the transfer on the relevant Community site. The processing of data takes place on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.

Legal basis for processing:

the data subject's voluntary consent to the processing of his or her personal data, which he or she gives by registering on social networking sites.

Rights of Data Subjects:

Medical confidentiality

Korda Klinik, its employees and other persons having an employment or other legal relationship with Korda Klinik are bound to confidentiality with regard to all data and other facts relating to the patient's health condition and which they have learned in the course of providing health care services, without time limitation, regardless of whether the data were obtained directly from the patient, during the examination or treatment, or indirectly from medical records or in any other way. Dr. Szemerédi Medical Ltd. and its data processor are obliged to maintain medical confidentiality. Dr. Szemerédi Medical Ltd. shall be exempt from the obligation of confidentiality in the following cases

the patient or his or her legal representative has consented in writing to the transfer of the health and personal data, within the limits set out in the consent; and

the transmission of health and personal identification data is required by law.

Dr. Szemerédi Medical Ltd. is also bound by confidentiality obligations to other patient care providers who did not cooperate in the medical examination, diagnosis, treatment or surgery. This obligation does not apply where the disclosure of the data is necessary for the establishment of the pathology or for the further treatment of the person concerned, such as the transmission of samples taken from the patient for laboratory examination.

Data subject/patient rights

The patient has the right to be informed about the processing of data in the context of their treatment,

have access to health and personal identification data relating to them,

 have access to your medical records and receive copies (at your own expense). These rights are granted to the person authorised in writing by the person concerned during the period of care and to the person authorised by a private document with full probative value after the end of care.

During the patient's lifetime or after the patient's death, the spouse, relative, sibling or life partner of the patient (upon written request) is entitled to exercise the above rights even if the health data is necessary for the purpose of discovering a cause affecting the life or health of the spouse, relative, sibling or life partner and their descendants, or for the purpose of providing health care to those persons, and it is not possible to obtain or infer the health data in any other way.

The recording of health data is part of the treatment. It is up to the treating doctor to decide which health data (in addition to the mandatory data) should be recorded in accordance with the professional rules. Other persons carrying out activities related to the treatment of the person concerned (patient) may record health data in accordance with the instructions of the treating doctor and to the extent necessary for the performance of his/her tasks.

The treating doctor shall directly inform the data subject of the medical data concerning the data subject which he or she has established and (unless the data subject has explicitly refused) shall transmit them to the general practitioner of the data subject's choice. The general practitioner shall inform the data subject (if he or she so requests) of the medical data available to him or her. The doctor treating the data subject (unless the data subject has objected in writing) is entitled to obtain information on the data subject's healthcare under the compulsory health insurance scheme by means of an electronic consultation of the data by the health insurance body. The doctor providing the treatment shall inform the data subject in writing or orally of the possibility to object. The data subject shall send his objection to the health insurance body in person, by post or by electronic means. The aforementioned individual authorisation to consult or process data does not give the treating doctor the right to pass on the data or to use them for any other purpose. The provision of health and personal data by the data subject (personal data required for access to healthcare) is voluntary. In the event that the data subject voluntarily contacts the Korda Klinik, his/her consent to the processing of his/her health and personal data in connection with the treatment shall be deemed to have been given (unless otherwise stated) and the data subject (legal representative) shall be informed thereof. In cases of urgent need and of lack of discernment on the part of the person concerned, there is a presumption of voluntariness, and there are cases where the patient is obliged to provide the data (e.g. in the case of certain infectious diseases, poisoning, etc.). In the latter cases, the treating doctor will inform the patient. During the treatment, apart from the treating doctor and other carers, only those persons whose presence is authorised by the person concerned may be present. Persons who have previously treated the data subject for the illness in question and persons authorised by the head of the institution or the person responsible for data protection for professional and scientific purposes may be present without the data subject's consent, unless the data subject has expressly objected.

It must be indicated on the prescription issued by your doctor:

  • the patient's name,
  • your address,
  • your date of birth,
  • your social security number,
  • the code of the International Classification of Diseases (BNO code), and
  • the number of the public health insurance card.

Duty to provide information

The attending physician informs the patient of his/her state of health on a regular basis, as appropriate to the patient's condition, to the best of his/her knowledge (if the patient is an incapacitated minor, a minor with limited capacity or a minor with partial capacity to exercise rights related to health care, the attending physician also informs the legal representatives).

The treating doctor will provide information to the patient carefully, gradually as necessary, taking into account the patient's condition and circumstances. When informing the patient, particular attention shall be paid to the generally known significant side-effects of the treatment, possible complications and possible consequences of the interventions and their frequency. It should be ensured that the patient understands the information and, if necessary, that he/she is provided with psychological care.

Records of health and identity data

The medical and personal data recorded about the patient, necessary for the purposes of medical treatment, as well as their transmission, are recorded by Dr. Szemerédi Medical Ltd.

The transfer note shall contain

  • the recipient of the transfer,
  • how to,
  • the date and
  • the scope of the data transmitted.

The treating doctor about the medical data recorded by him or her or by the other health care provider and about his or her own activities and actions in relation to them notemakes.

The record forms part of the register.

It must be indicated in the medical documentation:

  • the patient's personal identification data as defined in the Act on the processing and protection of health and related personal data,
  • in the case of a patient with capacity, the name, address and contact details of the person to be notified and (if the patient so requests) the name, address and contact details of the sponsor under the Assisted Decision Making Act, and in the case of a minor or a patient under partial or full guardianship, the name, address and contact details of the legal representative,
  • the medical history, the medical history,
  • the result of the first test,
  • the results of the tests used as the basis for the diagnosis and treatment plan, and the date when the tests were carried out,
  • the name of the disease that justifies the treatment, the underlying disease, concomitant diseases and complications,
  • any other illness not directly justifying the treatment or the risk factors,
  • the time and results of the interventions carried out,
  • drug and other therapies and their results,
  • data on the patient's drug hypersensitivity,
  • the name of the health professional making the entry and the date of the entry,
  • recording the content of the information provided to the patient or other person entitled to receive the information,
  • the fact and date of the consent or refusal,
  • any other data and facts that may influence the patient's recovery.

It should be kept as part of the medical record:

  • the findings from each study,
  • documents generated during treatment and consultation,
  • the care documentation,
  • records of diagnostic imaging procedures, and
  • tissue samples taken from the patient's body.

The erroneous health data in the medical records (after the data has been recorded) will be corrected or deleted by Dr. Szemerédi Medical Ltd. in such a way that the data originally recorded can be ascertained. The Data Controller shall make a certified copy of the recorded data, of the medical records, if this is necessary for data security or the physical protection of the stored data or if the data communication obligation provided for in this Act so requires.

Participation in the Electronic Health Service Space (EESZT)

The Electronic Health Service Space (EESZT) is a communication platform connecting healthcare institutions and service providers, an eHealth service system with features that make patient care safer, more efficient and convenient. A modern and unified IT environment, a communication space using cloud-based technology that connects healthcare providers (including hospital, outpatient, GP and pharmacy services) with each other, with the highest level of data and cyber security available today.

The EESZT system allows the attending physicians to retrieve the patient's health care data (patient history) and patient documents generated during the course of care (final reports, outpatient records, laboratory reports, diagnostic imaging findings, e-prescriptions, e-referrals). Dr. Szemerédi Medical Ltd. participates in the EESZT system in order to comply with the legal requirements.

Who is entitled to access the data

Personal data may be accessed by the employees of Dr. Szemerédi Medical Ltd. with access rights related to the relevant data management purpose, or by persons or organisations performing data processing or outsourced activities for the Data Controller on the basis of service contracts, to the extent and to the extent necessary for the performance of their activities as determined by Dr. Szemerédi Medical Ltd.

The persons involved in the provision of the Data Controller's services perform their activities in the framework of the following legal relationships:

  • employment relationship;
  • subcontracting.

The employees, subcontractors of the Data Controller, as well as subcontractors and cooperating partners involved in the services provided by the Data Controller, all record the personal and health data of patients in the system used by Dr. Szemerédi Medical Ltd., with the understanding that subcontractors and cooperating partners may also record these data. Patients will be informed of this by the treating physician at the beginning of the consultation, and the information will be provided to the patient at the time of admission by filling in the patient information form. If the communication of data to third party companies is necessary for the diagnosis of a disease or for the further treatment of the person concerned (for example, the transmission of samples taken from the patient for laboratory testing), Dr. Szemerédi Medical Ltd. will transmit a certain part of the personal and medical data collected from the patient to the companies carrying out the tests. The transmission of data is necessary for the purpose of making a professional and accurate diagnosis, since the personal and, in particular, medical data of the patient can have a significant impact on the diagnosis made when analysing a sample. In this case, both the medical and the general confidentiality obligations apply to the companies cooperating with the Clinic and their employees.

Dr. Szemerédi Medical Ltd. also applies strict security measures in the transmission and handling of patients' personal and health data. The Data Controller is entitled and obliged to transfer personal data processed about its employees and other data subjects (patients) to other health care institutions, authorities and courts acting within their competence, upon their request, in order to conduct proceedings.

In the course of data processing, Dr. Szemerédi Medical Ltd. uses the services of the following data processors in the framework of service contracts:

Anna Hudák is a self-employed entrepreneur,

(registered office: 6771 Szeged, Makai út 142., tax number: 59401410-1-26)

vevomagnes.webdesign@gmail.com

Developer of the www.kordaklinika.hu website.

Sybell Informatika Kft. is the hosting provider of this website.

Registered office: 1158 Budapest, Késmárk u. 7/b. 2. floor 206 Company registration number: 01-09-293034 Tax number: 25859502-2-42 Phone number: +36 1 707 6726 E-mail: info@sybell.hu

Other rights related to data

Right to request information, right of access:

At the request of the Data Subjects, the Data Controller shall provide information about the data processed by the Data Controller or by a processor on its behalf, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, as well as the persons who have received or received the data and the source from which the data came to the knowledge of the Data Controller, if the data did not originate from the Data Subject. The Data Subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data.

Right to erasure (right to be forgotten):

The Data Subject shall have the right, upon request, to obtain from the Controller the erasure of personal data concerning him or her without undue delay on any of the following grounds:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for the processing,
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject,
  • personal data are collected in connection with the provision of information society services.

The erasure of data cannot be initiated if the processing is necessary:

  • for the purposes of complying with an obligation under Union or Member State law to which the controller is subject to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • necessary for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

At the request of the Data Subject, the Controller shall restrict processing if one of the following conditions is met:

  • the Data Subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the accuracy of the personal data to be verified,
  • the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use,
  • the controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims,
  • the Data Subject has objected to the processing, in which case the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over those of the Data Subject.
  • If the processing is restricted, personal data other than storage may be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

Right to rectification of data:

The Data Subject may request the correction of inaccurate personal data concerning him or her processed by the Controller and the completion of incomplete data.

Right to object to processing:

The Data Subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party. In the event of an objection, the Controller shall no longer process the personal data unless it is justified by compelling legitimate grounds which override the interests, rights and freedoms of the Data Subject or are necessary for the establishment, exercise or defence of legal claims.

Right to data portability:

The Data Subject has the right to receive the personal data concerning him or her that he or she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit these data to another data controller.

In the event of a request to this effect by the Data Subject, the Data Controller shall provide a response in writing in an intelligible form within the shortest possible period of time from the date of the request, but not later than one month.

The right to legal redress

Dispute resolution with the controller

Data subjects may lodge their objections or requests concerning the processing of their personal data with the Clinic orally (in person) or in writing (in person or by means of a document delivered by another person, or by post or e-mail) using the contact details indicated in the Data Controller's designation.

Right to complain

If your objection, complaint or request regarding your personal data has not been resolved with Dr. Szemerédi Medical Ltd in a satisfactory manner, or if you consider at any time that a violation of rights has occurred or is imminent in relation to the processing of your personal data, you have the right to file a complaint with the National Authority for Data Protection and Freedom of Information.

Contact details of the National Authority for Data Protection and Freedom of Information :

Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Postal address: 1530 Budapest, Pf. 5

Phone: +36(1)3911400 Fax: +36(1)3911410

E-mail: ugyfelszolgalat@naih.hu

Web: naih.hu

Right to apply to the courts (right to bring an action)

Irrespective of their right to lodge a complaint, the Data Subject may take legal action if their rights under the GDPR or the Infotv. have been violated in the processing of their personal data. The Clinic, as a data controller with a domestic place of business, may be sued before a Hungarian court. The data subject may also bring the action before the court of the place of residence.

In Hungary, the courts can be found at the following link: http://birosag.hu/torvenyszekek.

Other information

Within five years of the death of the Data Subject, the rights of the deceased during his or her lifetime may be exercised by a person authorised by the Data Subject by means of an administrative order or a declaration made to the Data Controller (in a public or private document with full probative value). If the Data Subject has not made such a declaration, the rights of the deceased during his or her lifetime may be exercised by his or her close relative within the meaning of the Civil Code within five years of the death of the Data Subject (in the case of more than one close relative, the first to exercise such rights shall be the first to exercise such rights).

What to do if you have a question:

If you have any questions or would like further information, please contact our Data Protection Officer using the contact details above.

Szeged, May 2022

General concepts

  1. concerned (patient): a natural person identified or identifiable from any information (a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person);
  2. personal data: an identified or identifiable natural person (concerned), any information (such data which can be associated with the data subject are in particular the name, the identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and the inference which can be drawn from the data concerning the data subject);
  3. special data: any data that fall within special categories of personal data, namely personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons;
  4. health data: personal data concerning the physical or mental health of a natural person, including data relating to health services provided to a natural person which contain information about the health of the natural person;
  5. data controller: a natural or legal person, or an entity without legal personality, who or which - within the limits set by law or by a legally binding act of the European Union - determines, alone or jointly with others, the purposes for which the data are processed, the processing (including the device used) or have the processor implement them;
  6. data management: irrespective of the procedure used, any operation or set of operations which is performed upon the data, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, sound recordings or images and physical features which permit identification of a person ( finger or palm print, DNA sample, iris image);
  7. data processor: a natural or legal person, or an entity without legal personality, who or which - within the limits and under the conditions laid down by law or by a legally binding act of the European Union - processes personal data on behalf of or by order of the controller;
  8. privacy incidents: a breach of data security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or transmission of, or access to, personal data transmitted, stored or otherwise processed.

Other legislation cited:

Eszt.: Act XLVII of 1997 on the processing and protection of health and related personal data Act C of 2000 on accounting