Brief data management information (date of review: as of 28 April, 2020)
The following briefing is intended to provide you with all important information regarding the handling and protection of your health and related personal data in the course of healthcare, as the processing of personal data must be fair, lawful and transparent.
The full Privacy and Data Management Policy is available for download on our website and on paper at all Dr. Rose Private Hospital receptions.
The principle of transparency requires that information and communication relating to the processing of personal data be easily accessible and comprehensible and that it be drafted in a clear and simple language. This principle applies in particular to informing data subjects about the identity of the controller and the purpose of the processing, as well as further information to ensure fair and transparent processing of the data subject's personal data, and to informing data subjects that they have the right to be confirmed and informed. about the data processed about them.
Personal data and personal data relating thereto shall be processed primarily for health purposes, closely related contact, billing and newsletter purposes in a manner that ensures their timely availability, adequate level of security and confidentiality, inter alia, in order to prevent unauthorized access to and use of personal data and the means used to process personal data.
We would like to inform you that the data controller reserves the right to change the data protection regulations, taking into account the provisions of the applicable legislation.
- Name of data controller:
Company name: Dr. Rose Magánkórház Kft.
Registered seat: 1051 Budapest, Széchenyi tér 7-8.
Represented by: Dr. Kornél Papik, Managing Director
Fax: +36 1 348 0486
Telephone: +36 1 377 6737 (on weekdays between 08.00am and 08.00pm)
- Legislation underlying data management
The following legislation applies in particular to data processing related to the use of a healthcare service:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (hereinafter : General Data Protection Regulation),
- Act CLIV of 1997 on Health (hereinafter: Eütv.)
- Act XLVII of 1997 on the processing and protection of health and related personal data (hereinafter: Eüaktv.)
- Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter: Infotv.)
- Legality of data processing
The processing of personal data is lawful if one of the following is met:
- the data subject has consented to the processing of his or her personal data for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to the conclusion of the contract;
- the data processing is necessary to fulfill the legal obligation of the data controller;
- the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- the processing is necessary for the performance of a task carried out in the public interest or in the exercise of a public authority conferred on the controller;
- the processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular if the child concerned.
- Consent to sending a health promotion newsletter includes:
- if the person concerned checks a box to do so when viewing the website (e.g. newsletter subscription)
- you can unsubscribe from the newsletter for free at any time, most easily by using the unsubscribe menu item at the end of the newsletter
- if you do not wish to receive a newsletter, you may withdraw your consent at any time by sending a resignation letter firstname.lastname@example.org.
- In some cases, our Hospital will send you a newsletter based on a legitimate interest. If the data subject objects, the newsletter will no longer be sent to him/her.
- Data management related to patient care and health purposes
5.1. Scope of managed data and purpose of data management: In order to identify in the interests of safe and personalized patient care, it is essential to record the personal data contained in the law (Eüak.tv.) and the known health data for the purpose related to the care event.
5.2. Legal basis for data processing: The legal basis for data processing is, on the one hand, your voluntaryism as a user of the service, as well as a contract (e.g. for an occupational medicine examination) or a mandatory provision of the law (Eüaktv.) for the mandatory processing of patient data. In addition, the requirements of the Accounting Act for billing, for example, in financing matters.
5.3. Duration of data processing: As a health care provider, Dr. Rose Magánkórház Kft. is obliged to process/store health and related personal data in accordance with the legal regulations (Eüak.tv.). Your consent cannot be revoked for this reason, and we will not be able to comply with any request for the permanent deletion of your health and related personal data stored with us. The medical records must be kept for at least 30 years from the date of data collection, while the final report for at least 50 years. The image taken by the imaging diagnostic procedure shall be kept for 10 years from the time it was taken, and the finding made from the image shall be kept for 30 years from the time the image was taken. Prescriptions have a storage time of 5 years.
- Enforcement of the processing of health and related personal data
If you have any questions about data management, please feel free to contact us at the contact details above. You can also contact our privacy officer if you require it.
Name and contact details of the data protection officer: Annamária Sillinger
Postal address: 1051 Budapest, Széchenyi tér 7-8.
You can request information about which personal data we process, but we can only provide this after prior personal identification, given the nature of the data processing, in order to protect your data. We also accept complaints about the lawfulness of data processing at the above contacts. In addition, you can lodge a request due to the illegal processing of personal data and the violation of rights related to the right to informational self-determination to the Metropolitan Court (1055 Budapest, Markó u. 27. Correspondence address: 1363 Bp. Pf. 16.), or to the court competent according to your place of residence, or you can apply to the National Authority for Data Protection and Freedom of Information (1135 Budapest, Szilágyi Erzsébet fasor 22c, www.naih.hu).
We would like to inform you that our data protection policy contains additional information on data management and patients' rights in detail (e.g. data management related to website use, access to the documentation, who can access the data, possibility to request a copy, data portability, etc.).
Wishing you good health, thank you for reading our brochure!
Dr. Kornél Papik
Information on the electronic surveillance system applied in the room!
Dear Visitors, Dear Patients,
We would like to inform you that at the headquarters of Dr. Rose Magánkórház Kft., (registered seat: 1051 Budapest, Széchenyi tér 7-8.) operates a video surveillance system in the Hospital as a data controller qualifying as personal processing in compliance with Regulation (EU) 2016/679 of the European Parliament and that of the Council /27 April 2016/ (hereinafter: GDPR). We provide a brief overview of this below. Our Hospital's Video Surveillance Policy contains additional detailed rules, which you can access in a downloadable form on our website at the privacy notice URL, as well as in a hard copy at our receptions.
The purpose of surveillance, recording and storage of personal data is to protect human life, physical integrity, property and significant cash, to prevent and prove violations, to identify unauthorized persons entering the area of Dr. Rose Private Hospital, and to record the fact of entry, to document the activities of unauthorized residents and investigating the circumstances of possible accidents at work and other accidents.
Legal basis for the operation of the system: In the case of visitors, the consent of the data subject by entering the camera-protected area,pursuant to Setion 11 of the Labour Code and Article 6(1f) of the GDPR, since Dr. Rose Private Hospital has a legitimate interest in property protection.
Storage of the recordings: it is carried out with the video recording system placed at the headquarters (1053 Budapest, Széchenyi tér 7-8.) of Dr. Rose Magánkórház Kft.
Duration of storage: The Company destroys or deletes the recorded image - in the absence of use - after 14 working days after the recording.
The designated employee of Dr. Rose Magánkórház Kft. is entitled to get acquainted with the images on the basis of the provisions of the Data Management and Data Protection Regulations. The Regulations are also available on the website and at the receptions. The holder is also able to request a lock and a copy on a form available at the reception.
Contact details of the person supervising the system: Orsolya Nagy, telephone: (+36 1) 377 6737; e-mail address: email@example.com.
By operating the system, the rights of the data subject and the possibilities of their enforcement:
- you can request the deletion or blocking of your personal data from Dr. Rose Magánkórház Kft. If it is refused, you can turn to a court or the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22 / C, postal address: 1530 Budapest, Pf. 5.),
- you can go to court against the decision of Dr. Rose Magánkórház Kft. to object to the processing of your personal data.
If Dr. Rose Magánkórház Kft. with the illegal data management or violation of data security requirements:
- causes damage to somebody, he must compensate it,
- if the data subject's personal rights are violated, the data subject may claim damages.
Dr. Kornél Papik