MEDISMILE - Privacy policy

The Medismile limited liability company

(Company registration number: 01-09-392078, registered office: 1053 Budapest, Henszlmann Imre utca 7. 2nd floor. Door 11A)

DATA MANAGEMENT GUIDELINES FOR THE WEBSITE OPERATED THROUGH THE WEBSITE

Medismile Ltd. as data controller has prepared this privacy policy in accordance with the requirements of Articles 12 and 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”) and in accordance with the provisions of the preamble to the GDPR and makes it available to data subjects. The controller shall take appropriate technical and organizational measures to ensure the protection and lawful processing of personal data and compliance with legal requirements, taking into account paragraph 78 of the preamble to the GDPR Regulation and Article 24 thereof.

Name and contact details of the controller and its representative

Name of the controller: Medismile Korlátolt Felelősségű Társaság

Contact information of the controller:

Registered office. Door 11A.

Telephone number: +36 80 200 700

E-mail address: info@medi-smile.com

Access to the website operated by the controller

https://medi-smile.com/

Scope of the processing covered by this notice

– Contact / Request a quote

– Marketing activities

– Management of curricula vitae

– Processing of data about visitors to the website (“cookie”/browser processing)

1. Contact us / Request a quote

Purpose of the processing of personal data

The controller processes the personal data of the data subject for the purpose of contacting the data subject and making him or her an offer in relation to the service provided by the controller.

Legal basis for processing

The legal basis for the processing is Article 6(1)(a) of the GDPR, i.e. the consent of the data subject. By contacting the controller or by requesting an offer from the controller (as a medical practice), the data subject consents to the processing of the personal data that they have provided to the controller.

Categories of personal data concerned

The name and e-mail address and/or telephone number of the data subject are necessarily disclosed when contacting us. Other personal data may also be provided during the application process. Since the controller cannot determine in advance the content of the personal data transmitted by the data subject in connection with the call for proposals, the personal data typically collected in this context are listed in this notice and in the data protection register. These are usually: first and last name, country of residence, e-mail address, telephone number, type of treatment, dental problem, additional details of the recipient.

Recipients of personal data, categories of recipients, data transfer

First and foremost, this personal data is processed by the designated employees of the controller.

The personal data of the data subject are recorded electronically and stored in the “Flexi Dent” medical system operated by Flexi Medical Hungary Zrt.

The Data Processor performs its activities at the express request of the Data Controller to the extent, for the time and for the purposes specified in the application, and for this reason has limited access to the personal data. The Data Processor guarantees the security of the personal data on its own website in a specific privacy policy at the following electronic contact address: https://www.flexi-dent.hu/page/adatvedelem.

Transfer of personal data to third countries.

The controller does not transfer personal data to third countries.

Term of storage of personal data.

The controller shall process the data until the withdrawal of the data subject’s consent, but no later than 30 (i.e. thirty) calendar days after sending the offer, without prejudice to the lawfulness of the processing prior to the withdrawal. If the data subject withdraws their consent, all their data will be deleted. If the data subject subsequently accepts the controller’s offer for a healthcare service, the controller will become the data subject’s contractual partner and will process their data on a different legal basis, which will be expressly communicated to the data subject.

Rights of the data subject

The data subject has the right to withdraw their consent to the processing at any time on the basis of Article 7(3) of the GDPR. However, the withdrawal of consent does not affect the lawfulness of the previous processing.

In accordance with Article 15 of the GDPR, the data subject may request information from the controller about the personal data concerning them (right of access). The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the following information

• the purposes of the processing,
• categories of personal data concerned,
• the purposes of the transfer and the recipients (including third countries)
• the envisaged period for which the data will be stored,
• the right of the data subject to request the rectification, erasure or restriction of processing of personal data or to object to the processing of such personal data,
• the right to lodge a complaint with a supervisory authority,
• information about the origin of the data if it was not collected from the data subject,
• the fact of automated decision-making

The controller shall provide the data subject with a copy of the personal data undergoing processing. Where the data subject makes such a request by electronic means, by sending an e-mail to the e-mail address specified in this notice, the controller shall also comply with its obligation to provide the data by electronic means, unless the data subject requests otherwise. In exercising this right, the controller shall also respect the rights of others.

2. MARKETING ACTIVITY

Purpose of the processing of personal data

The data controller sends electronic newsletters to the data subjects who have voluntarily subscribed to its mailing list, i.e. it can inform the registered users in general or personalized form about the latest promotions, events, news, changes or cancellations of services of the data controller.

Legal basis for processing

The legal basis for the processing is Article 6(1)(a) of the GDPR, i.e. the consent of the data subject. The data subject gives their unambiguous, explicit and prior consent by ticking the box next to the text “Consent to marketing request” on the controller’s website after being informed about the processing of their data.

Categories of personal data concerned

Email address of the subscriber.

Recipients of the personal data, categories of recipients, data transfer

Personal data may only be passed on to the responsible employees of the controller. Data processing is carried out manually and newsletters are sent manually to the email addresses previously provided.

Transfer of personal data to third countries

The controller does not transfer personal data to third countries.

Term of storage of personal data.

The controller shall process the data until the data subject withdraws consent, which shall not affect the lawfulness of processing based on consent before its withdrawal. If the data subject withdraws their consent, all their data will be deleted. The data subject can unsubscribe from the newsletter with effect for the future by following the link in the newsletter sent or by contacting the controller directly, either by email or telephone, to request erasure.

3. Subscriptions

Purpose of the processing of personal data

The controller checks, stores and processes the CVs of applicants and the personal data contained therein after they have been sent. The purpose of the processing is to assess the candidates’ competence and suitability for the position to be filled.

Legal basis for the processing

The legal basis for the processing is Article 6(1)(a) of the GDPR, i.e. the consent of the data subject. By sending the CV to the controller, the data subject gives their consent to the processing.

Categories of personal data concerned

As the data content of applicants’ CVs cannot be determined by the controller, the personal data typically contained in CVs is listed in this notice and in the data protection register. These are usually: Name, place and date of birth, address, telephone number, email address, name of schools attended and qualifications obtained, details of previous employment (title, duration, position), language skills, other skills.

Recipients of personal data, categories of recipients, transfer of data

Personal data will not be transferred by the controller and may only be disclosed to responsible employees of the controller.

Transfer of sensitive data to third countries

The controller does not transfer personal data to third countries.

Term of storage of sensitive data.

In the case of unsuccessful applicants, the controller destroys the CVs sent to it immediately after the position has been filled. The data subject will be notified separately of the processing of the data of the employee hired upon receipt.

4. COOKIE / COOKIE DATA MANAGEMENT

Purpose of the processing of personal data

In order to improve the quality of the services of the website operated by the Data Controller, to facilitate the use of the website (so that the user can communicate and interact with the website more easily) and to adequately manage security and privacy risks, the Data Controller uses cookies. The exact names and types of cookies used by the Controller are listed in Appendix 1 to this Notice.

What is a “cookie”?

When a visitor visits the website, a small data file known as a cookie (hereinafter referred to as a “cookie”) is stored on their computer for various purposes. Only cookies that are strictly necessary for the functioning of the website and to support the session, to identify individual user sessions and to facilitate more convenient use of the website are used. Some of the cookies used by the data controller are temporary and disappear when you close your browser, while there are convenience cookies that are stored on your computer for up to one month, so that your browser remembers your previous settings when you visit our website regularly and you do not have to accept our cookie notice on each visit or regularly adjust your filter criteria to your needs.

Types of “cookies”

1. Session cookies

Session cookies are necessary for browsing the website and using its features, including the ability to note the actions a visitor has taken on a particular page, feature or service. Smooth use of the website cannot be guaranteed without the use of “session cookies”. They are valid for the duration of the visit and are automatically deleted at the end of the session or when the browser is closed.

2. User-friendliness cookies

These cookies allow the website to remember which functionality you have selected (e.g.: accepting the cookie hint and the order of the results in the search results list) so that you do not have to accept the cookie hint again and again on your next visit or select the ordering principle according to which you want to view the content displayed on the website. Without the information contained in the cookies that store your preferences, our website could function less smoothly.

No personal information is stored in the preference cookies, only an identification number that tells the website that the cookie policy has previously been accepted. A convenience cookie is stored on the customer’s computer browser and expires after 1 month.

Categories of personal data concerned

Cookies are used by the controller for administrative purposes, e.g. to measure the number of visits to the website and to facilitate browsing by storing previously visited pages on the website. No cookie contains personal data that would make it possible to contact the visitor by e-mail, telephone or post. Cookies are not in themselves able to identify the user, but only serve to recognize the visitor’s computer. If the visitor does not wish to accept the use of cookies on the website, they can set the web browser they are using so that they are informed about the setting of cookies or so that the setting of cookies is prevented.

Legal basis for processing

The legal basis for the processing is the voluntary, specific, informed and unambiguous expression of the visitor’s will, with which he signals his consent to the processing of his personal data through a clear act of declaration or confirmation. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. The visitor can change or withdraw the consent given in the cookie declaration on the website at any time; they can delete or block cookies, in which case the website may not function properly.

Term of processing

The period until the end of the respective visitor session.

Recipients of the personal data, categories of recipients, disclosure of data

This personal data is processed by designated employees of the controller or otherwise in the context of a legal relationship with the controller and is not transferred by the controller.

The controller uses the web analytics service Google Analytics, which is provided by Google LLC, 1600 Amphitheatre Parkway Mountain View CA 94043, an EU-U.S. Privacy Shield member. Web analysis services also use cookies to analyze the use of online interfaces. By expressly consenting to the use of the online interfaces, the data subject authorizes Google Analytics to transfer the information generated by the cookies about the use of the online interface to Google servers in the United States of America. The other cookies processed are stored on servers within the European Union. By giving their express consent on the website, the user consents to the collection and analysis of their data in the manner and for the purposes described above. The above-mentioned service providers use this information to evaluate and analyze the use of the online interfaces by the data subject, to compile reports on the activities carried out on the online interfaces and to provide other services related to the activities carried out on these interfaces and the use of the Internet. It is important to emphasize, however, that the cookies used on the website do not store any personally identifiable information, i.e. personal data.

Transfer of personal data to third countries

The controller does not transfer personal data to third countries.

Consent to “cookies”

The controller places cookies on your device (computer, phone or tablet) that you use to visit its website. When you visit the website, a pop-up window will appear when the main page loads. If the visitor continues to browse the website after the pop-up window appears, they agree to cookies being stored on their computer, phone or tablet in the manner and for the purposes described in this policy. If the visitor does not want cookies to be placed on their computer, phone or tablet, they should not use the website. Even if the visitor initially agrees to the use of cookies, he can deactivate and delete cookies at any time in the settings of his internet browser. However, without the use of cookies, you will not be able to access many of the features that make your browsing experience easier, or certain services will not work properly.

Managing your “cookie” settings

Visitors can change their cookie settings via their browser. You can disable the use of cookies by activating a setting on your browser that allows you to refuse the setting of all or some cookies. These settings are usually available in the “Settings” or “Preferences” menu of your browser.

Use the following links to find out more:

Chrome: https://support.google.com/chrome/answer/95647?hl=hu

Firefox:https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak- sami?redirectlocale=en-US&redirectslug=Cookies

Internet Explorer: Go to https://support.microsoft.com and enter “cookies” in the search field.

Safari: Go to https://support.apple.com/hu-hu and enter “cookies” in the search field

Opera: http://help.opera.com/Windows/10.50/hu/cookies.html

5. RIGHTS OF SENSITIVES

The data subject may request the rectification of their personal data in accordance with Article 16 of the GDPR (right to rectification), which the controller must comply with without undue delay. The data subject also has the right to request the completion of incomplete personal data.

In accordance with Article 17 of the GDPR, the data subject may request the erasure of personal data processed by the controller (right to erasure, “right to be forgotten”), which the controller must comply with immediately if one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were collected and processed,
• the data subject objects to the processing,
• the personal data have been unlawfully processed,
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

The data subject may request the restriction of the processing of personal data (right to restriction of processing) on the basis of Article 18 of the GDPR. The controller is obliged to do so if

• the data subject contests the accuracy of the personal data, or
• the processing is unlawful and the data subject opposes the erasure of the data, or
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject, or
• the data subject has objected to processing

The data subject has the right to exercise the right to data portability under Article 20 of the GDPR, i.e. the right to receive the personal data concerning him or her from the controller in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller, as defined in the GDPR.

The data subject shall have no right to object to the processing in question, as the processing is not based on Article 6(1)(e) or (f) of the GDPR.

Right of access to a supervisory authority (lodging a complaint)

The data subject may lodge a complaint about the processing with the National Authority for Data Protection and Freedom of Information as the supervisory authority (registered office).

Information on the obligation to provide personal data.

The data subject is not obliged to provide personal data.

Budapest, 11.09.2023

Medismile Ltd.