Data Processing Policy
The purpose of this short information is to enable the patients to become familiar with the processing and protection of all health data and the relating personal data provided in the course of medical treatment, since processing of personal data shall be fair, lawful and transparent.
It should be transparent to natural persons (i.e. persons, the data subjects) how personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed.
The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used. That principle concerns, in particular, information to the data subjects on the identity of the controller and the purposes of the processing and further information to ensure fair and transparent processing in respect of the natural persons concerned and their right to obtain confirmation and communication of personal data concerning them which are being processed.
We process personal data in a manner that ensures appropriate availability in due time, security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing. Hereby, we inform you that the data processor maintains the right to change the data protection regulations in line with the effective legal regulations.
- Information on the Data Controller
Name: Dr. Rose Magánkórház Kft.
Registered Seat: 1051 Budapest, Széchenyi tér 7-8.
Fax: +36 1348 486
Phone: +36 1 377 6737 (from 8.00 a.m. to 20.00 p.m. on working days)
- Legislation underlying data processing
In particular, the following acts are relevant to data processing in the course of using health service:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Hereinafter referred to as General Data Protection Regulation https://www.adatvedelmirendelet.hu/wp-content/uploads/2016/07/CELEX3A32016R06793AHU3ATXT.pdf
- Act CLIV of 1997 on Healthcare (hereinafter referred to as Healthcare Act): https://net.jogtar.hu/jogszabaly?docid=99700154.TV
- Act XLVII of 1997 on the processing and protection of health care data and associated personal data (hereinafter referred to as Health Care Data Act): https://net.jogtar.hu/jogszabaly?docid=99700047.TV
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as Info Act): http://net.jogtar.hu/jr/gen/hjegy_doc.cgi?docid=A1100112.TV
- Lawfulness of processing
Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Data processing related to medical care
4.1. Scope of data processed and purpose of data processing: In order to provide secure and personalised medical care it is essential to record personal data stipulated in the legislation (Health Care Data Act) and also the known medical data with the aim to provide medical care.
4.2 Legal base of data processing: On the one hand, the legal base of data processing is your consent as the user of services, furthermore the mandatory provision of a contract or a legal regulation, e.g. in relation to financing cases.
4.3. Duration of data processing: DR ROSE Private Hospital Kft. as healthcare provider shall process/store health data and relating personal data in line with the legal provisions (Health Care Data Act). For this reason, your consent cannot be withdrawn, requests for ultimate cancellation of health data and relating personal data cannot be fulfilled. Health documentation shall be kept minimum for 30 years from the recording of the data, while a hospital discharge summary shall be kept minimum for 50 years. Images taken during imaging diagnostic procedures shall be kept for 10 years from the date of recording and the findings made on the image shall be kept for 30 years from the date of recording the image. Retention period for prescriptions shall be 5 years.
- Law enforcement in relation to the processing of health data and relating personal data
In the event of having any questions regarding data processing, please turn to our data protection officer. Contact details of the data protection officer Name: Dr. Tündik Henrietta attorney, healthcare lawyer, E-mail:iroda(kukac)tundikhenrietta.hu, firstname.lastname@example.org, Mailing address: 1051 Budapest, Széchenyi tér 7-8.
You may require information which personal data of yours we process, however - given the particular nature of data processing and due to the protection of your data -, this opportunity is provided only following identity verification. Complaints regarding lawfulness of data processing shall be sent to the above contact addresses. Furthermore, upon unlawful processing of your personal data or infringement of your rights of informational self-determination provided in Info Act, you can turn to the Budapest Capital Regional Court (1055 Budapest, Markó u. 27. Mailing address: 1363 Bp. P. O. Box 16) or you can file a claim with the court having jurisdiction based on your domicile or you can turn to the National Authority for Data Protection and Freedom of Information (1135 Budapest, Szilágyi Erzsébet fasor 22c, www.naih.hu).
- Data Protection Regulation
Hereby we inform you that our data protection regulations contain further, detailed information on data processing and patients’ rights (e.g. data processing related to the use of the website, access to documentation, who can have access, possibility to require copies, data mobility etc.) The data protection regulation is available on our website at www.drrose.hu/hu, and in a paper-based format the regulation is available at all the receptions of Dr. Rose Private Hospital, upon request a copy is provided.
Dated in Budapest on the 1st day of December 2018.
Dr. Rose Magánkórház Kft.