Privacy policy
The purpose of this data management information (hereinafter: Information) is that EV Olosz József. (1113 Budapest, Bocskai út 31.; hereinafter: Service or Data Controller) concerned persons who use the health services - i.e. various therapies applied to musculoskeletal problems - (hereinafter: < strong>Respondent) to handle their personal data in a legal, fair and transparent manner, and also CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information. Act (hereinafter: Infotv.) and the European Union's General Data Protection Regulation (GDPR) should be provided on the basis of appropriate information. Accordingly, this Notice includes the "Sherlock Rehab" clinic operated by the Service Provider (1113 Budapest, Bocskai út 31.; hereinafter: Dispensary) and the https://sherlockrehab.hu website (hereinafter: Website) purpose, legal basis, duration of storage of personal data, as well as the processing of the Data Subject's personal data related rights and remedies.
CLIV of 1997 on health care is applicable to certain data treatments specified in this Notice. Act (hereinafter: Eütv.), XLVII of 1997 on the protection of health and related personal data. Act (hereinafter: Eüak.), CLV of 1997 on consumer protection. Act (hereinafter: Accounting Act), as well as the provisions of Act C of 2000 on accounting (hereinafter: Accounting Act) shall also be applied as specified for individual data management.
The Service Provider specifically draws the Data Subject's attention to the fact that, if they have given their consent to any of the data processing included in this Notice, they are entitled to withdraw it at any time as detailed in this Notice.
1. MANAGEMENT OF PERSONAL DATA WHILE USING THE WEBSITE
1.1. Website logging
1.1.1. Web server logging
When visiting the Website, the web server automatically logs the Data Subject's activity in order to ensure the functioning of the services. In this process, the following data will be processed: IP address, device and browser data, which are not suitable for identifying the Data Subject by themselves, but combined with other data (e.g. provided in the online appointment booking form) are suitable for drawing conclusions about the Data Subject. The Service Provider does not link the data generated during the analysis of the log files with other information, and does not seek to identify the person concerned.
The data management implemented by the recording of website visitor data by a web server is the data management common on the Internet, so the Data Subject accepts them by using the Internet and visiting web pages.
1.1.2. Data management related to logging by external service providers
The server of the external service providers is directly connected to the Data Subject's computer, and the external service providers affect data due to the direct connection to their server, direct communication with the Data Subject's browser (for example, IP address, browser, operating system data, mouse pointer movement, address of the page visited and the time of the visit) are able to collect.
The website's visitor and other web analytics data are independently measured and audited by Google Analytics. Data controllers can provide detailed information on the management of measurement data to the Data Subject at the following address: http://www.google.com/analytics/
For the availability of Facebook services, the website is directly connected to the server of the service provider available at facebook.com.
The data controllers refer to https://www.facebook.com/privacy/explanation; Detailed information is provided at http://www.google.com/intl/hu/policies.
In the case of links to other websites, the Service Provider has no influence on their data management rules. If the Data Subject leaves the Website by using these links, the data management rules of the operator of the website visited in this way already apply to the handling of personal data.
1.2. Website cookie management
A cookie is a small file that is placed on the computer when the Data Subject visits a website. Cookies have countless functions, including collecting information, remembering the Data Subject's individual settings, and generally making it easier for Data Subjects to use a website.
The Service Provider uses cookies to identify the Data Subjects, to identify the current session of the Data Subjects, to store the data provided during that session and to prevent data loss.
1.2.1. Session cookies are absolutely necessary
These cookies are necessary so that Data Subjects can browse our Website and use its functions, e.g. among other things, a note of the operations carried out by the Data Subject on the given page during a visit. The validity period of these cookies applies only to the Data Subject's current visit, this type of cookie is automatically deleted from the Data Subject's computer at the end of the session or by closing the browser. Without the use of these cookies, we cannot guarantee the use of our Website.
1.2.2. Cookies facilitating use
These cookies enable the Service Provider to remember the Data Subject's choices regarding the Website or the information provided by him. With the help of these, the Service Provider can best adapt the Website to the needs of the Data Subjects. These (permanent) cookies with an exact validity period are stored on the computer until they are deleted, but at the latest until their validity period expires.
1.2.3. Cookie management of external service providers on the Website:
The following external service providers placed cookies on the Website:
Provider | Detailed information on about cookies |
google.com/analytics | https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage |
1.2.4. Embedded content from other websites
Posts available on the Website may use embedded content from external sources (e.g. videos, images, articles, etc.). Embedded content from an external source behaves exactly as if you had visited another website. These websites may collect data about visitors, use cookies or third-party tracking codes, monitor user behavior related to embedded content if the Data Subject has a user account and is logged in to the site.
1.2.5. Enable or disable cookies
The legal basis for handling cookies is the Data Subject's consent. The Data Subject gives his consent by pressing the "I accept" / "OK" button on the Website.
All modern browsers allow changing the cookie settings. Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and offer you the choice each time whether you want to allow cookies or not.
We draw the Data Subject's attention to the fact that since the purpose of cookies is to facilitate or enable the usability and processes of the Website, by preventing or deleting the use of cookies, it may be possible that the Data Subject will not be able to fully use the functions of our Website, or that the Website it will work differently in your browser than planned.
You can find information about the cookie settings of the most popular browsers and the implementation of restrictions at the following links: Google Chrome | Firefox | Microsoft Internet Explorer 11 | Microsoft Internet Explorer 10 | Microsoft Internet Explorer 9 | Microsoft Internet Explorer 8 | Safari
If you need help with setting up or deleting cookies, please let us know via the contact information provided in point 5 of this information sheet.
2. Data handled during contact
2.1. Content of data management
If the Data Subject has questions, problems, wishes to leave a message, consult, or sign up for treatment, he can initiate contact with the Service Provider on the Website via the "Appointment booking" menu item in the "Online appointment booking form" ” by filling in. Personal data must be entered on the online appointment booking form.
Registration for the Service Provider's healthcare services can be done by phone or e-mail at the contact details provided in this Information Sheet or on the Website. In this case, the name, e-mail address and telephone number must be entered for the purpose of contact.
Purpose of Data Management | Legal Basis of Data Management | Scope of Managed Data | Duration of Data Management |
Informing the person concerned about the questions and comments asked during contact; traceability of information exchanged during contact; appointment booking | Consent of the person concerned | name, e-mail address, phone number, date of treatment, subject of registration and other information specified in the message personal data | until the consent of the Data Subject is revoked, but no more than 5 years from the date of data disclosure |
From the data provided by the Data Subject, the Service Provider records data relevant to booking an appointment - such as the Data Subject's name, phone number, treatment date - in the "Sherlock CRM calendar".
The Data Subject has the right to request the withdrawal of consent to the processing of personal data provided during contact at any time via the contact details provided in point 8.
2.2. Shared data management
Data provided when filling in the "Online appointment booking form" to the e-mail address info@sherlockrehab.hu (hereinafter: E-Mail Address) are automatically forwarded. Contact with the Service Provider can also be initiated directly via the E-Mail Address. The e-mail address is in the joint data management of the following organizations (hereinafter collectively: Joint Data Controllers):
Név | Elérhetőség |
| Józsa Beáta EV. | 1116 Budapest Fehérvári út 201. 7./73. |
| Olosz József EV. | 1126 Budapest, Böszörményi út 13-15. 3./8. |
| Szabó Klára EV. | 1087 Budapest, Berzsenyi 2/B., 3./31. |
| Szabó Réka EV. | 6100 Kiskunfélegyháza, Fűzfa utca 11. |
| Meszéna Erzsébet EV. | 1126 Budapest, Németvölgyi út 22. |
| Horváth Noémi EV. | 1141 Budapest, Paskál utca 52/B. |
| Zsemler Tibor EV. | 2750 Nagykőrös, Kecskeméti út 75. F/11. |
| Vaski Sára EV. | 8900 Zalaegerszeg, Ebergényi utca 40. |
| Kemény Botond EV. | 2000 Szentendre, Kondor Béla utca 13. 3.em 7.a |
| Tiba Fanni EV. | 3580 Tiszaújváros, József Attila utca 25. 1/1. |
Also, the Sherlock CRM calendar is jointly managed by the Joint Data Controllers.
Each of the Joint Data Controllers is authorized to perform data management in connection with the contact, thus processing messages received at the E-Mail Address and recording personal data and the date in the online booking calendar. Accordingly, any of the Joint Data Controllers is entitled to access the personal data contained in the E-Mail and the online booking calendar.
If the recipient of the e-mail message is specifically one of the Joint Data Controllers, or the date recorded in the booking calendar is specifically related to the person of one of the Joint Data Controllers, then this Joint Data Controller will be considered exclusive in relation to the Data Subject's personal data during the provision of the healthcare service. data manager.
2.3. Claimed data processors
Name | Availability | Data Processing Task |
Ferenc Krix EV. | Budapest, 1116, Kisköre utca 2. 2.em / 9. | Providing website and email storage, Operation of Sherlock CRM and appointment booking system |
3. HANDLING OF PERSONAL DATA WHEN RECEIVING REQUESTS FOR HEALTHCARE SERVICES
3.1. Contents of data management
In order to use the healthcare services of the Service Provider in the Clinic, it is necessary to provide the Data Subject's personal data, which data is processed under the following conditions:
Purpose of data management |
Legal Basis of Data Management |
Managed Data Scope | Duration of Data Management |
contact | voluntary contribution | name, e-mail address, telephone number | 5 years |
fulfilling the service (treatment), promoting the preservation, improvement and maintenance of health, monitoring the health status of the person concerned | Eüak. § 4 | medical history, complaint of the person concerned, service used, treatments performed and related findings, TAJ number | 30 years [Eüak. § 30] |
issuing the invoice and fulfilling the accounting obligation | Account. | name, address, name of service used, fee, invoice ID number, invoice date, payment deadline | 8 years [Act. § 169. (2)] |
We draw the attention of the interested parties that the failure to provide the above-mentioned data required for the provision of the service and the issuing of an invoice in this case, the Service Provider is unable to provide services to the Data Subject.
3.3. Claimed data processors
Name | Availability | Data Processor Task |
Billingo Technologies Zrt. | 1133 Budapest, Árbóc utca 6. I. floor | invoicing services |
4. OTHER DATA MANAGEMENT
4.1. Complaint handling
Should the Data Subject have any objections to the Service Provider's services, the following conditions apply to the related data processing:
Purpose of Data Management | Legal Basis of Data Management | Scope of Managed Data | Duration of Data Management |
Management of quality objections arising in connection with the services provided by the service provider | Contract. 17/A. Section (7) | name, address, name of service used, fee, date of service use and notification of objection, description of objection | for copies of records of complaints and responses to written complaints: 5 years |
We would like to draw the attention of the interested parties to the fact that in the event of failure to provide the above-mentioned data, the Service Provider will not be able to handle complaints.
4.2. Application for job advertisements
The Service Provider stores the applications received.
Purpose of Data Management | Legal Basis of Data Management | Scope of Managed Data | Duration of Data Management |
Application for a position at the service provider, participation in the selection procedure | Consent of the person concerned | cover letters, CVs, applications, as well as other personal data provided in them | 6 months from the submission of the application |
4. OTHER DATA MANAGEMENT
4.1. Complaint handling
Should the Data Subject have any objections to the Service Provider's services, the following conditions apply to the related data processing:
Purpose of Data Management | Legal Basis of Data Management | Scope of Managed Data | Duration of Data Management |
Management of quality objections arising in connection with the services provided by the service provider | Contract. 17/A. Section (7) | name, address, name of service used, fee, date of service use and notification of objection, description of objection | for copies of records of complaints and responses to written complaints: 5 years |
We would like to draw the attention of the interested parties to the fact that in the event of failure to provide the above-mentioned data, the Service Provider will not be able to handle complaints.
4.2. Application for job advertisements
The Service Provider stores the applications received.
Purpose of Data Management | Legal Basis of Data Management | Scope of Managed Data | Duration of Data Management |
Application for a position at the service provider, participation in the selection procedure | Consent of the person concerned | cover letters, CVs, applications, as well as other personal data provided in them | 6 months from the submission of the application |
We would like to draw the attention of the Data Subjects to the fact that if the data specified above is not provided, the Data Subject will not be able to apply electronically for job offers published by the Service Provider.
4.3. Other
We will provide information on data processing not listed in this Notice when the data is collected.
The court, the prosecutor, the investigative authority, the authority, the public administrative authority, the National Data Protection and Freedom of Information Authority (hereinafter: NAIH), or other bodies based on the authorization of the law, may contact the Service Provider in order to provide information, communicate and transfer data, or make documents available. The Service Provider only discloses personal data to the authorities - if the authority has specified the exact purpose and the scope of the data - to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request.
5. METHOD OF STORING PERSONAL DATA, SECURITY OF DATA MANAGEMENT
The safe storage of health and personal data related to the use of the health service is the so-called on a control panel, with paper-based documentation and the Service Provider stores these in a lockable filing cabinet. Only the Service Provider has access to this range of data.
The Service Provider stores personal data related to written contact and booking an appointment online. The Joint Data Controllers have access to the data.
The Service Provider also stores on its server a copy of the invoices issued to the Data Subjects, to which only the Service Provider has access.
The Service Provider takes appropriate technical and organizational measures implements in order to guarantee a level of data security appropriate to the level of risks arising in relation to data management, including, among others, where applicable: (i) pseudonymization and encryption of personal data; (ii) ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data; (iii) in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner; (iv) a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.
6. CONTACT INFORMATION OF THE DATA CONTROLLER
József Olosz EV.
address: 1113 Budapest, Bocskai út 31.
tax number: 68976703-1- 43
registration number: 52519884
contact name: József Olosz
e-mail address: olosz.jozsef@sherlockrehab.hu
telephone: 06302575291
7. THE RIGHTS OF THE SUBJECT
7.1. General provisions
This Notice contains information about the Data Subject's personal data. Verbal information can also be provided at the request of the Data Subject, provided that he has verified his identity. The Service Provider may not refuse to fulfill the Data Subject's request to exercise the rights described below, unless it proves that the Data Subject cannot be identified. If the Service Provider has well-founded doubts about the identity of the natural person who submitted the request, it may request the provision of additional information necessary to confirm the Data Subject's identity.
The Service Provider shall inform the Data Subject without undue delay, but in any case within 1 month of receipt of the request. about the measures taken following your request. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another 2 months. The Service Provider informs the Data Subject of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request. If the Data Subject submitted the request electronically, the information must be provided electronically, if possible, unless the Data Subject requests otherwise.
If the Service Provider does not take measures following the Data Subject's request, without delay, but within 1 month from the receipt of the request at the latest, informs the Data Subject of the reasons for the failure to take action, as well as the Data Subject's legal remedies provided in point 9 of this Notice. The Service Provider does not charge a fee for the provision of information and information, or for the measures taken as a result. If the Data Subject's request is clearly unfounded or - especially due to its repeated nature - excessive, the Service Provider may charge a reasonable fee or refuse to take action based on the request, taking into account the administrative costs associated with providing the requested information or information or taking the requested action.
7.2. Your data subject's rights in relation to data management
7.2.1. Right of access
The Data Subject has the right to receive feedback from the Service Provider as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive information about his personal data and the information contained in this Information about the processing of his personal data. get access.
The Service Provider provides the Data Subject with a copy of the personal data that is the subject of data management. For additional copies requested by the Data Subject, the Service Provider may charge a reasonable fee based on administrative costs. If the Data Subject submitted the request electronically, the information must be provided in a widely used electronic format, unless the Data Subject requests otherwise.
7.2.2. Right to rectification
The Data Subject has the right to request that the Service Provider correct inaccurate personal data relating to him or her without undue delay, or - taking into account the purpose of the data management - to request their addition.
7.2.3. Right to erasure
The Data Subject has the right to have the Service Provider delete the personal data relating to him/her without undue delay upon request, and the Service Provider is obliged to delete the personal data relating to the Data Subject without undue delay , if one of the following reasons exists:
(i) the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
(ii) the Data Subject revokes the consent, and there is no other legal basis for the data processing; (iii) the Data Subject objects to the data processing and there is no overriding legal reason for the data processing, or the Data Subject objects to data processing for direct business acquisition;
(iv) the personal data has been processed unlawfully;
(v) the personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Service Provider;
(vi) the the information partner to collect personal data took place in connection with the offering of ad-related services to children.
If the Service Provider has disclosed personal data and is obliged to delete it in accordance with this Notice, it will take the reasonably expected steps, taking into account the available technology and the costs of the implementation, including technical measures - in order to inform the data controllers handling the data that the Data Subject has requested from them the deletion of the links to the personal data in question or the copy or duplicate of this personal data.
The Service Provider is not obliged to delete the data, if the data management is (i) for the purpose of exercising the right to freedom of expression and information; (ii) for the purpose of fulfilling a legal obligation or performing a task of public interest; and (iii) it is necessary for the submission, enforcement and defense of legal claims.
7.2.4. The right to restrict data processing
The data subject has the right to request that the Service Provider restrict data processing if
(i) the data subject disputes the accuracy of the personal data (in this case the limitation applies to the period that allows the Service Provider to check the accuracy of personal data); or
(ii) the data processing is illegal and the Data Subject opposes the deletion of the data and instead requests the restriction of its use; or
(iii) the Service Provider no longer needs the personal data for the purpose of data management, but the Data Subject requires them to submit, enforce or defend legal claims; or
(iv) the data processing is necessary for the execution of a task of public interest or the data processing is necessary to assert the legitimate interests of the Service Provider or a third party, and the Data Subject objected to data processing for these purposes (in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the Service Provider take precedence over the legitimate reasons of the Data Subject). for the presentation, enforcement or protection, or for the protection of the rights of other natural or legal persons, or it can be handled in the important public interest. The Service Provider informs the Data Subject at whose request the data processing was restricted in advance of the lifting of the restriction on data processing.
7.2.5. Obligation to notify
The Service Provider informs all recipients of the correction, deletion or limitation of data processing of personal data to whom or to whom the personal data was disclosed, unless this proves to be impossible or requires a disproportionately large effort need. At the request of the Data Subject, the Service Provider will inform about these recipients.
7.2.6. The right to object
The Data Subject has the right to object to the processing of his personal data at any time for reasons related to his own situation, if the data processing is necessary to perform a task of public interest or to assert the legitimate interests of the Service Provider or a third party. In this case, the Service Provider may no longer process the personal data, unless the Service Provider proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the Data Subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected.
If personal data is processed for the purpose of direct business acquisition, the Data Subject is entitled to object at any time to the processing of his personal data for this purpose. If the Data Subject objects to the processing of personal data for direct business acquisition, then the personal data may no longer be processed for this purpose.
If the processing of personal data takes place for statistical purposes, the Data Subject is entitled to have his/her for reasons related to his situation, he may object to the processing of his personal data, unless the data processing is necessary for the performance of a task carried out for reasons of public interest.
7.2.7. The right to data portability
The data subject has the right to receive the personal data concerning him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the data manager to whom you have made the personal data available, if:
a) the data management is based on consent or a contract; and
b) data management is performed in an automated manner.
When exercising the right to data portability, the Data Subject is entitled to - if this is technically feasible - request the direct transfer of personal data between data controllers , but it cannot adversely affect the rights and freedoms of others.
7.2.8. Automated decision-making in individual cases, including profiling
The data subject has the right not to be covered by a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent, unless the decision (i) Necessary for the conclusion or fulfillment of the contract between the Data Subject and the Service Provider; (ii) it is made possible by legislation applicable to the Service Provider, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the Data Subject; or (iii) is based on the Data Subject's express consent.
In order to enforce the Data Subject's rights, the Data Subject has the right to request human intervention on the part of the Service Provider, to express his position and to submit an objection to the decision.
The Service Provider does not perform automatic decision-making or profiling.
7.2.9. Data protection incident
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled. .
If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Service Provider shall inform the Data Subject of the data protection incident without undue delay. In the information, the nature of the data protection incident must be described in a clear and understandable manner, and the following information and measures must be provided: (i) the name and contact information of the contact person who provided the information; (ii) probable consequences resulting from the data protection incident; (iii) measures taken or planned by the Service Provider to remedy the data protection incident.
The Data Subject need not be informed if any of the following conditions are met: (i) the Service Provider has implemented appropriate technical and organizational protection measures, and these measures were applied to the data affected by the data protection incident; (ii) after the data protection incident, the Service Provider has taken additional measures to ensure that the high risk to the Data Subject's rights and freedoms is unlikely to materialize in the future; (iii) information would require a disproportionate effort.
In such cases, the Data Subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the Data Subjects.
8. LIABILITY, INDEMNIFICATION AND REMEDIES
All persons who Infotv. suffered material or non-material damage as a result of its violation, is entitled to compensation for the damage suffered from the Service Provider or from other data controllers or data processors specified in this Information.
All data controllers involved in data management are responsible for any damage caused by Infotv.- t caused by abusive data management. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specifically imposed on data processors specified in Infotv., or if it has ignored or acted contrary to the legal instructions of the Service Provider.
The Service Provider or the data processor is exempt from liability if it proves that it is not responsible in any way for the event that caused the damage. If several data managers or data processors, or both the data manager and the data processor are involved in the same data management and are liable for the damages caused by the data management, each data manager or data processor shall be jointly and severally liable for the total damage in order to ensure effective compensation of the Data Subject.
If you have any questions, comments or problems regarding the Service Provider's data management, please contact the Service Provider at the contact details indicated in point 8.
If the Data Subject does not agree with the decision made by the Service Provider, he/she may object to it - from the date of notification Within 30 days - you can go to court. The Service Provider is obliged to prove that the data management complies with the provisions of the law. Adjudication of the lawsuit falls within the jurisdiction of the court. At the option of the Data Subject, the lawsuit can also be initiated before the court of the Data Subject's residence or place of residence. initiate an investigation at the following contact details:
National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone: 06.1.391.1400 Fax: 06.1.391.1410
E-mail: ugyfelszolgalat@naih .hu
Website: http://www.naih.hu
9. INCIDENT MANAGEMENT
The Service Provider's system administrator constantly monitors warnings and alerts about critical network security incidents and vulnerabilities. In the event of an incident, the system administrator informs the Service Provider and together they classify the incident based on the circumstances. Knowing the severity of the incident, the Service Provider decides on the consequences, the handling of the incident, and the correction of errors. becomes aware of a possible data protection incident, without undue delay, and if possible, no later than 72 hours after becoming aware of the data protection incident, he must report it to the competent supervisory authority, unless he can prove in accordance with the principle of accountability that the data protection incident is likely there is no risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the reason for the delay must be indicated, and the required information can be provided in detail - without further undue delay. Authority (NAIH) contact point at any time (http://naih.hu/uegyfelszolgalat,--kapclost.html) must be delivered.
The Service Provider keeps a record of data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.
If the data protection incident is likely to involve a high risk for natural persons rights and freedoms, the Service Provider informs the Data Subject of the data protection incident without undue delay.
The Data Subject does not need to be informed if any of the following conditions are met:
- The Service Provider complies technical ical and organizational protection measures have been implemented and these measures have been applied to the data affected by the data breach, in particular those measures - such as the use of encryption - that make the data unintelligible to persons not authorized to access personal data;< /li>
- after the data protection incident, the Service Provider has taken additional measures to ensure that the aforementioned high risk to the Data Subject's rights and freedoms is unlikely to materialize in the future;
- information requires a disproportionate effort would make it necessary. In such cases, the Data Subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the Data Subjects.
10. AMENDMENT OF THE NOTICE
This Notice was published by the Service Provider on the Website and placed in the Clinic, where the current Notice is always available. The Service Provider is entitled to unilaterally amend this Notice.
Dated: Budapest, March 2023 8.