Introdoction

Ms. Ágnes Tóth (hereinafter referred to as “Data Controller”), as the operator of the website https://buda-medical.com hereby publishes her data protection and data management principles and rules.

Details of the Data Controller

Name of the Data Controller: Ágnes Tóth
Data Controller’s registered office: 1149 Budapest, Egressy út 27-29. A2 6/4.
Phone number: +4745386954
E-mail address of the Data Controller: agitoth2002 at yahoo.com
Competent Data Protection Authority details
Name: National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, PO Box 5.

Description of data management services

The purpose of the data processing is to provide information to visitors of the Data Controller, to maintain contact with interested parties. The website uses cookies as described under Point 7 below.

The legal basis for the processing is the consent and legitimate interest of the data subjects. Duration of data storage: until consent is withdrawn or until the purpose of the processing ceases to exist, or as required by sectoral legislation. The Data Controller does not use automated decision-making or profiling.

Data subject rights

The natural person whose personal data is processed by the Controller (hereinafter referred to as “Data Subject”) may contact the Controller with any questions or comments regarding the processing and request information about the personal data relating to him or her processed by the Controller.

In the event of a legitimate request by the Data Subject, the Data Controller shall, within 30 days of the request, provide written information on the data relating to him/her processed by the Data Controller, the data processed by the Data Controller or by a data processor appointed by the Data Controller, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the data processor and the activities of the data processor in relation to the processing, and, in the event of the transfer of the Data Subject’s personal data, the legal basis and the recipient of the transfer.

The Data Controller shall establish an internal Data Protection Incident Policy and keep a Data Protection Incident Register for the purpose of monitoring the measures taken in relation to a possible data breach and informing the Data Subject, which shall include the scope of the Data Subject’s personal data, the number and scope of the Data Subjects affected by the data breach, the date, circumstances, effects and measures taken to remedy the data breach, as well as any other data specified in the law requiring the processing.

The data subject may request the erasure (“right to be forgotten”), rectification, restriction or blocking of his or her data.

The Data Subject may at any time request the rectification or erasure of his/her incorrectly recorded data. The Data Controller shall erase the data within 15 working days of receipt of the request, in which case the data shall not be recoverable. Erasure shall not apply to data processing required by law (e.g. accounting regulations), which shall be retained by the Data Controller for the necessary period of time as required by law.

The Data Subject may request the blocking of their data. The Data Controller shall block personal data if the Data Subject so requests or if, on the basis of the information available to it, it is likely that deletion would harm the Data Subject’s legitimate interests. Personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists.

The rectification, blocking and erasure must be notified to the Data Subject and to all those to whom the data were previously transferred for processing. The notification may be omitted if this does not harm the legitimate interests of the Data Subject in relation to the purposes of the processing. If the Data Controller does not comply with the Data Subject’s request for rectification, blocking or erasure, it shall, within 30 days of receipt of the request, communicate in writing the factual grounds and legal basis for refusing the request for rectification, blocking or erasure.

The Data Subject shall have the right to receive personal data relating to him or her in a
structured, commonly used, machine-readable format and the right to request the transfer of
such data to another controller.

You may object to the processing of your personal data. Data Subjects may object to the processing of their personal data. The Controller shall examine the objection within the shortest possible time from the date of its lodging, but not later than 15 days, decide whether it is justified and inform the Data Subject in writing of its decision.

Possible disputes, legal remedies:

If the above does not lead to a result, the Data Subject may contact the National Authority for Data Protection and Freedom of Information at the contact details indicated above or assert his/her rights before a court. The court will rule on the case out of turn, and the court will have
jurisdiction to hear the case.

Data Security

The Data Controller shall ensure the security of the data, and shall take technical and organisational measures and establish procedural rules to ensure that the data collected, stored or processed are protected or to prevent the unauthorised disclosure of such data, any possible
unauthorised use, unauthorised alteration or destruction.

The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons.

The Controller shall take all reasonable steps to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall require and enforce this commitment also for its employees involved in the data processing activities and for data processors acting on behalf of the Data Controller.

Cookie information

When you browse the Internet, almost any website sends small files (anonymous visitor identifiers or “cookies”) to your browsing device, including our buda-medical.com website. Cookies help us to give you the best possible experience when using our website. Cookies also
ensure the smooth and satisfactory operation of the website and may be used for traffic analysis
and advertising purposes.

Some cookies are strictly necessary for the smooth operation of the website. The validity period of these cookies is valid for the current visit. Performance monitoring or analytical cookies allow us to monitor and improve the performance of our site, track the number of visits, identify the source of traffic and the most popular parts of the site. Functional, usability cookies allow the site to remember your choices so that the site can be more personalised.

Cookies allow us to record the following information: your IP address as personal data; browser type, operating system characteristics of the device used to browse, the exact time of your visit, the address of the page you visited previously, the page, sub-page, function used and the time
spent on the page.

Please also note that our website may contain links from and to external servers (Facebook and Instagram) that are independent of us. The provider of these links may be able to collect user data (and possibly store it in third countries) due to the direct connection to its own server.

However, acceptance or authorisation of the use of cookies is not mandatory. You can opt out of cookies through the settings on your browsing device and the browser you use to access the website, and most modern browsers can be set to offer you the choice of whether to accept cookies each time you visit the website, rather than automatically accepting them. However, without the use of these cookies, you will not be able to fully use the features of our websites or enjoy the full functionality of the site.

Even after leaving our sites, you can delete cookies from your browsing device at any time,
either by using this feature of your browser or by using a dedicated software.

Final provisions

The Data Controller shall provide the Data Subjects with this Notice and its current version, consolidated with amendments, upon request.
The Data Controller shall review and amend this Privacy Notice from time to time in the light of new EU and national legislation and positions adopted in the context of the European data protection reform and shall communicate it to the Data Subjects by posting it on the website.
The Data Subject accepts the modification by his/her use of the website and by his/her referring conduct.