The protection of your data

Privacy Policy

Below, we inform our esteemed Clients and Partners, as well as other persons affected by data processing by the Company (hereinafter: Data Subjects), about the details related to the processing of their personal data. The Data Controller recognizes the contents of this legal notice as binding upon itself. It undertakes to ensure that all data processing related to its activities meets the requirements set out in these regulations and in the applicable national and European Union legislation.

The Company, as the operator of the website available under the domain name https://artdent.hu (hereinafter: Website), hereby publishes information regarding the data processing carried out within the framework of the Website, the services related to the Website, and other services provided by the Data Controller as defined in this Notice.

By starting to use the Website and by using the Data Controller’s services, users visiting the Website or using the Data Controller’s services (hereinafter: User) accept all the conditions contained in this Privacy Notice (hereinafter: Notice); therefore, please read this Notice carefully before using the Website or the service.

Personal scope

The scope of the Regulations extends to (1) persons performing data processing or data management activities carried out by https://artdent.hu (employees or persons in other work-related legal relationships with https://carswap.hu) and (2) natural persons in connection with whom https://carswap.hu processes or manages personal data (data subjects), or (3) in the case regulated by Section 25 of Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information („Privacy Act”), the person authorized by the deceased data subject or a close relative of the deceased data subject.

Material scope

The scope of the Regulations extends to personal data processed or managed by https://artdent.hu as a data controller or data processor.

The most important details of the data controller and data processors:

DATA CONTROLLER

• Company name: ARTDENTIST Korlátolt Felelősségű Társaság
• Tax number: 25460559-2-42
• Company registration number: 01-09-276465
• Registered office: 1165 Budapest, Nógrádverőce út 31.
• Phone number: +36 20 218 5343
• E-mail address: artdent@artdent.hu
• Website: artdent.hu
• Data Protection Officer: Dr. Artúr Lajos Varajti

Contact details of the Data Protection Officer: +36 20 218 5343

DATA PROCESSORS

Dental Laboratory

• Company name: Dent Guide Fogászati Kft.
• Tax number: 25488892-1-13
• Registered office: 2000 Szentendre Erdész köz 14.

Hosting Provider

• Company name: Netdoor Kft.
• Address: 1055 Budapest, Nyugati tér 8. 1st floor, Door 5
• Tax number: 22635813-2-41
• Company registration number: 01-09-936833
• Email address: info@serverkraft.hu

Marketing Software

• Company name: MailerLite Limited
• Registered office: Ground Floor, 71 Lower Baggot Street, Dublin
• Website: https://www.mailerlite.com/legal/privacy-policy

This privacy notice is published on our Company’s website, the www.artdent.hu website, and is also available at our Company’s clinic open for customer relations located at 1027 Budapest, Margit körút 1.

The REGULATION lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data; the regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.

The regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

The regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
2. the monitoring of their behaviour as far as their behaviour takes place within the Union.

The regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law. The Company declares that it does not transfer data falling under the scope of this regulation to third countries.

The REGULATION stipulates that the Controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and that the Controller shall facilitate the exercise of data subject rights.

The Data Controller is committed to the protection of the personal data of its customers and partners and considers it of paramount importance to respect its customers’ right to informational self-determination.

Basis for data processing

Relevant legislation:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: „GDPR”) (http://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32016R0679&from=EN)
• Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information (hereinafter: „Privacy Act”) ( https://net.jogtar.hu/jogszabaly?docid=A1100112.TV)
• Act V of 2013 on the Civil Code (hereinafter: „Civil Code”) (https://net.jogtar.hu/jogszabaly?docid=A1300005.TV)
• Act CXXX of 2016 on the Code of Civil Procedure (hereinafter: „CCP”) (https://net.jogtar.hu/jogszabaly?docid=A1600130.TV)
• Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (hereinafter: „AML”) (https://net.jogtar.hu/jogszabaly?docid=A1700053.TV)

I. DEFINITIONS:

„personal data”: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

„processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

„restriction of processing”: means the marking of stored personal data with the aim of limiting their processing in the future;

„profiling”: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

„pseudonymisation”: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

„filing system”: means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

„controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

„processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

„recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

„third party”: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

„consent of the data subject”: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

„personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

„genetic data”: means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

„biometric data”: means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

„data concerning health”: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

,,main establishment”:

1. as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
2. as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;

„representative”: means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;

„enterprise”: means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

„group of undertakings”: means a controlling undertaking and its controlled undertakings;

„binding corporate rules”: means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;

„supervisory authority”: means an independent public authority which is established by a Member State pursuant to Article 51;

„supervisory authority concerned”: means a supervisory authority which is concerned by the processing of personal data because:

1. the controller or processor is established on the territory of the Member State of that supervisory authority;
2. data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
3. a complaint has been lodged with that supervisory authority;

„cross-border processing”:

1. processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
2. processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

„relevant and reasoned objection”: means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;

„information society service”: means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19) ;

„international organisation”: means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

II. PRINCIPLES

Personal data shall be:

1. processed lawfully, fairly and in a transparent manner in relation to the data subject („lawfulness, fairness and transparency”);
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or
3. statistical purposes shall not be considered to be incompatible with the initial purposes („purpose limitation”); adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed („data minimisation”);
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay („accuracy”);
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject („storage limitation”);
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures („integrity and confidentiality”).
7. The controller shall be responsible for, and be able to demonstrate compliance with the above („accountability”).

III. RIGHTS OF THE DATA SUBJECT

The controller shall take appropriate measures to provide any information referred to in the regulation relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

1. information at the start of data processing: The Data Subject may request information on the processing of their personal data and may request the rectification of their personal data or – with the exception of mandatory data processing – its erasure, withdrawal, restriction of processing, and may exercise their right to data portability and right to object in the manner indicated at the time of data collection. Information may be requested regarding: the name and contact details of the controller and its representative, the contact details of the data protection officer (if any), the purpose and legal basis of the data processing, the legal consequences of failure to provide data, the designation of the legitimate interest in the case of a legal basis based on balancing of interests, the categories of personal data and their source at data collection, information regarding automated decision-making and profiling, recipients or categories of recipients in case of data transfer, information regarding data transfer to a third country, guarantees, duration and criteria of storage, rights of the data subject, the right to lodge a complaint with an authority,
2. right of access by the data subject: The Data Subject – through the provided contact details of the Data Controller – is entitled to receive access to the personal data and the following information: copy of personal data, purpose of processing, categories of data, data regarding automated decision-making and profiling, information regarding the source at data collection, recipients to whom the data have been or will be disclosed, information regarding data transfer to a third country, guarantees, duration and criteria of storage, rights of the data subject, the right to lodge a complaint with an authority.

In order to fulfill data security requirements and protect the rights of the data subject, the Data Controller is obliged to verify the identity of the data subject and the person wishing to exercise their right of access; therefore, providing information is subject to the identification of the data subject’s person.

1. right to rectification: The Data Subject – through the provided contact details of the Data Controller – may request in writing that the Data Controller modify any of their personal data. The Data Controller shall fulfill the request within a maximum of one month and notify the data subject via the contact details provided by them.
2. right to erasure (right to be forgotten): The Data Subject – through the provided contact details of the Data Controller – may request in writing the erasure of their personal data from the Data Controller’s records. The Data Controller shall reject the erasure request if it still has a legal basis for the further storage or use of the data. For example, if the deadline for archiving has not expired. However, if no such obligation exists, the Data Controller shall fulfill the request within a maximum of 10 days and notify the data subject via the contact details provided by them. The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
   1. the personal data are no longer necessary in relation to the purposes for which they were collected
   2. or otherwise processed;
   3. the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
   4. the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
   5. the personal data have been unlawfully processed;
   6. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
   7. the personal data have been collected in relation to the offer of information society services.

If the controller has made the data public and is obliged to erase it, it shall take reasonable steps to inform other controllers regarding the erasure of the links to, or copies or replications of, those personal data.

1. right to restriction of processing: The Data Subject – through the provided contact details of the Data Controller – may request in writing that the controller restrict processing at the request of the data subject if the data subject contests the accuracy of the personal data, the processing is unlawful and the data subject opposes the erasure of the data, the controller no longer needs the personal data but the data subject requires them for the establishment, exercise or defense of legal claims, or the data subject has objected to the processing and the controller is still investigating. The data subject may request the blocking of data, for example, in cases where it is necessary for the Data Controller not to erase the data in the interest of an administrative or judicial proceeding initiated by the data subject. In this case, the Data Controller shall continue to store the personal data until the request from the authority or court, after which it shall be erased.
2. right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, and may request the direct transmission of data to another controller, where technically feasible.
3. rights related to automated decision-making and profiling: the data subject shall have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning him or her or similarly significantly affects him or her, unless it is necessary for entering into, or performance of, a contract between the data subject and a data controller, is authorized by law, or the data subject has given explicit consent.
4. right to object: The Data Subject – through the provided contact details of the Data Controller – may object to the processing of their data in the case of a legal basis for public authority, public interest, or balancing of interests, for direct marketing purposes, and for profiling for direct marketing purposes. Processing must be terminated except for compelling legitimate grounds and the exercise of legal claims. The Data Subject – through the provided contact details of the Data Controller – may object at any time to the processing on grounds relating to his or her particular situation if, in their view, the Data Controller would process their personal data incorrectly in connection with the purpose indicated in this privacy notice. In this case, the Data Controller must demonstrate that the processing of personal data is justified by legitimate grounds which override the interests, rights, and freedoms of the data subject, or which relate to the establishment, exercise, or defense of legal claims.

IV. DATA STORAGE, SECURITY OF PROCESSING

The Data Controller guarantees that the collection, storage, and any other data processing activity adapted to the purpose of the data processing will be carried out strictly in such a way that unauthorized persons cannot access the data.

The computing systems and other data retention locations of the Data Controller’s partner used for data storage are located at its registered office in paper and electronic form.

The Data Controller declares and undertakes to apply physical, technical, and organizational measures that prevent unauthorized access to these data, their alteration or transmission, and their intentional or accidental erasure or destruction. In doing so, electronically collected data is stored on a data carrier equipped with protection appropriate to the state of the art (firewall, password), and access to individual data is also protected by multiple passwords. Recorded personal data is write-protected, and the Data Controller regularly creates backups of it. This excludes data stored at the Data Controller’s data processors, the storage location of which is at the data processors’ registered offices.

The Data Controller uses an IT system for its operations that ensures that the data’s:

1. integrity can be verified (data integrity);
2. authenticity is ensured (authenticity of processing);
3. availability to those authorized (availability);
4. and protection against unauthorized access (data confidentiality).

Within the Data Controller’s organization, personal data can only be accessed by the aforementioned persons and only if it is necessary for the performance of their tasks.

It maintains a record of any potential personal data breaches (a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed) and, if necessary, informs the Data Subject of the incidents that occur, as well as the National Authority for Data Protection and Freedom of Information (NAIH) if required.

During data processing, the Data Controller maintains

1. confidentiality: protects information so that only those authorized can access it;
2. integrity: protects the accuracy and completeness of the information and the processing method;
3. availability: ensures that when the authorized user needs it, they can indeed access the desired information and that the related tools are available.

The Company does not make decisions based on automated processing and does not perform profiling. The Company does not transfer personal data to Member States outside the EEA, except when such data transfer is necessary due to the nature of the assignment. In such cases, the data transfer takes place under appropriate guarantees.

V. DATA PROCESSING ACTIVITIES

Our company is a health service provider business association. Examinations of Data Subjects are carried out within the framework of private care as a non-funded provider. Data Subjects visit our Company voluntarily and choose the care they wish to use themselves. (3) Data Subjects coming into contact with our Company – whichever care they utilize – may encounter the same data processing practice. Our Company collects natural identity data from the Data Subject. Our staff examines documents solely for the purpose of verifying the correctness of the data, but no copies are made of them in any case.

1/ data processing related to the website

If you wish to contact us through our website, it is necessary to provide the following data, which qualifies as personal data based on the REGULATION, the processing of which is necessary for making contact and for maintaining communication. I inform you that your aforementioned personal data will be stored only until the purpose of the contact initiated by the data subject is concluded, after which your aforementioned data will be destroyed. If processing takes place later, the further storage of your data will occur as specified in the contract necessary for starting the treatment.

I inform you that the data processing as described above is based on your consent; without providing the above data, making contact through our website will be unsuccessful, and we will not be able to provide information.

personal data: name, email address, phone number, IP address

purpose of data processing: necessary for making contact and maintaining communication; in the case of the IP address, it is absolutely necessary for performing technical operations

duration of data processing: when the purpose of the contact is concluded

legal basis for data processing: consent of the data subject

I inform you that our website uses security cookies, which, however, do not process personal data, thus consent from the data subject is not required, given that their exclusive purpose is the transmission of communication over an electronic communications network. I inform you that under the Tools/Settings menu point, you have the option to delete cookies under the Privacy settings.

I inform you that the website is operated by the data controller itself. I inform you that the website uses a hosting provider, which qualifies as a data processor based on the REGULATION:

• Company name: Netdoor Kft.
• Address: 1055 Budapest, Nyugati tér 8. 1st floor, Door 5
• Tax number: 22635813-2-41
• Company registration number: 01-09-936833
• Email address: info@serverkraft.hu

The hosting provider is entitled to process all personal data provided by the data subject in relation to all data subjects, the purpose of which is the proper operation of the website and making it available to the data subjects. I inform you that the data processing lasts until the termination of the agreement with the provider or until the data subject submits an erasure request to the data controller or the data processor. The legal basis for the data processing is the data subject’s consent, as well as the relevant provisions of the Privacy Act and the Act on Certain Issues of Electronic Commerce Services and Information Society Services.

personal data: all personal data provided on the website

purpose of data processing: absolutely necessary for the operation of the website

duration of data processing: termination of the contract with the provider

legal basis for data processing: consent of the data subject

Your rights related to data processing are contained in points V. and VI. of this notice.

Cookies

What are „cookies”?

When a visitor visits the pages of https://artdent.hu, a tiny file, a so-called „cookie” (hereinafter: „cookie”), is placed on their computer, which can serve several purposes.

Some cookies used by us are essential for the proper functioning of the site („session cookies”), others collect information related to the use of the website (statistics) to make the site even more convenient and useful. Some cookies are only temporary and disappear upon closing the browser, while permanent versions also exist, which remain on the computer for a longer period.

Purpose of cookies

• To facilitate navigation on the site and thus the use of the website by recording the visitor’s settings and usage habits,
• to improve the user experience by collecting information on how the visitor uses the website and which pages they visit or use most often. Thus, we can learn how to provide an even better user experience when they visit our site again,
• to collect statistics, the analysis of which helps to understand how visitors use other online services in addition to the website, which can thereby be further developed,
• to further develop the website and make it transparent according to visitor needs,
• where appropriate, to place targeted advertisements to display the most relevant offers for the visitor.

Types of cookies

1. “session cookies”

“Session cookies” are necessary for browsing the website and using its functions; among other things, they allow for the remembering of operations performed by the visitor on a given page, function, or service. Without the use of “session cookies,” the smooth use of the website cannot be guaranteed. Their validity period extends for the duration of the given visit; the cookies are automatically deleted at the end of the session or upon closing the browser.

Ensuring the proper session of the website takes place in accordance with the provisions of current legislation.

1. “preference cookies”

These “cookies” allow our website to remember which operating mode you have chosen (e.g., whether you use the Hungarian or English version of the website, whether you choose the accessibility version, how many results should appear at once in the search result list, etc.). This is done so that you do not have to provide these again during the next visit. Without the information in the “cookies” storing preferences, our website may function less smoothly.

1. “advertising cookies”

The purpose of using “advertising cookies” is to select advertisements that most interest our visitors or seem important to them and display these on our website. Furthermore, we can also measure the performance of our campaigns with these.

The website uses “targeting and advertising cookies” from the following providers:

• Google-Adwords: https://www.google.com/intl/hu/policies/privacy
• Facebook: https://www.facebook.com/help/cookies/)

1. “performance cookies”

With the help of „performance cookies,” we collect information on how our visitors use our website (e.g., which pages the visitor viewed, how many pages they visited, which part of the page they clicked on, how long each session was, what error messages they received, etc.). This is done so that we can further develop our website (available services, functions, etc.) according to our visitors’ needs and provide them with a high-quality, user-friendly experience.

For performance measurement purposes, our website uses third-party „cookies” during every visit. Using „cookies,” we track how many people visit the website and what content they are interested in. All information is stored anonymously and used for the anonymous analysis of visitor behavior to provide users with a high-quality experience.

1. „analytical cookies”

The website uses analytical cookies from the following provider:

• Google Analytics

The Website uses Google Analytics, which is a web analysis service provided by Google Inc. („Google”). Google Analytics uses „cookies,” i.e., text files saved on your computer, which allow for the analysis of the use of the website. The information generated by the cookies regarding your use of the website is generally sent to and stored on Google’s servers in the USA. However, in the case of activation of IP address anonymization on the website, Google shortens your IP address within European Union Member States or other countries outside the European Economic Area that have joined the agreement before sending it to the USA. Only in exceptional cases is the full IP address sent to and stored on a Google server in the USA. Google uses this information on behalf of the website operator for the purpose of evaluating the use of the website, compiling reports on activities on the website, and providing further services to the website operator related to the use of the website and the internet. The IP addresses transmitted by our browser within the framework of Google Analytics are not combined or aggregated with other Google data.

By appropriately setting your browser software, you can prevent cookies from being saved on your device. However, we hereby draw your attention to the fact that in this case, you may not be able to fully utilize all the functions of the website.

In addition, you have the opportunity to prevent the recording and transmission of data generated by cookies regarding the use of the website (including the IP address) to Google, as well as the processing of such data by Google, if you download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

You can prevent data collection by Google Analytics through Google’s site. This activates an „opt-out” cookie, which prevents the collection of your data during future visits to the website. For further information on the terms of use and the processing of personal data, please visit one of the following websites: http://www.google.com/analytics/terms/us.html http://www.google.com/intl/en/analytics/privacyoverview.html

Controlling “cookie settings,” disabling “cookies”

Modern browsers allow for the modification of “cookie settings.” Some browsers automatically accept “cookies” as a default, but this setting can also be changed to prevent the visitor from automatic acceptance in the future. In the event of a change, the browser will offer the choice of “cookie settings” every time from then on.

Even if “cookies” are enabled, the Data Controller does not remember any identifier or password. Even if “cookies” are accepted, the visitor can use the services in full security.

We draw our visitors’ attention to the fact that since the purpose of “cookies” is to support and facilitate the usability and processes of the website, in the event of disabling “cookies,” we cannot guarantee that the visitor will be able to use all the functions of the website in their entirety. In this case, the website may function differently in the browser than intended.

Further detailed information on “cookie settings” for the following browsers

• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Safari

Legal background, legal basis for data processing

According to the General Data Protection Regulation (GDPR, 2016/679/EU) and Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information (Privacy Act), the voluntary consent of visitors,

as well as the data processing authorization provided by Section 13/A of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (E-commerce Act), according to which the natural identification data of visitors (name, birth name, mother’s birth name, place and date of birth) and address can be processed without the visitor’s consent for the purpose of creating, determining the content of, modifying, monitoring the fulfillment of a contract for the provision of an information society service, billing the fees arising therefrom, and asserting claims related thereto; furthermore, the visitor’s natural identification data, address, and data related to the time, duration, and place of using the service can be processed without the visitor’s consent for the purpose of billing fees arising from the contract for the provision of the information society service.

2/ camera use

The purpose of the data processing is the asset protection of equipment, furniture, and dental tools located in the clinic operated by the Company at its site, and the quality assurance of medical treatments. The Data Controller informs the data subjects that it does not perform video and audio recording with the camera system. ARTDENTIST Kft. only creates recordings of the rooms in the clinic to the extent and in the manner that is not contrary to the recommendations of the NAIH and the provisions of the relevant law. Only Dr. Artúr Lajos Varajti has access to the recordings; he does not transfer them to third parties and does not provide access to others. The data processing is based on the explicit consent of the data subject.

During camera monitoring, ARTDENTIST Kft. processes the facial image and voice of the data subjects. The installed cameras are capable of producing recordings of a quality that allows for the unique identification of participants. The legal basis for the data processing is the statutory authorization of Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information. The circumstances and conditions of the data processing are determined by the provisions of the Privacy Act.

ARTDENTIST Kft. declares that it has taken appropriate security measures to protect the personal data on recordings made by cameras against unauthorized access, alteration, transmission, recording, disclosure, erasure or destruction, as well as against accidental destruction and damage, and against becoming inaccessible due to changes in applied technology.

ARTDENTIST Kft. has ensured that employees accessing data have been appropriately informed about data protection requirements.

personal data: the image and voice of the data subject

purpose of data processing: asset protection purpose, quality assurance

duration of data processing: no recording of footage takes place

legal basis for data processing: consent of the data subject

Data Controller:

• Company name: ARTDENTIST Korlátolt Felelősségű Társaság
• Tax number: 25460559-2-42
• Company registration number: 01-09-276465
• Registered office: 1165 Budapest, Nógrádverőce út 31.
• Phone number: +36 20 218 5343
• E-mail address: artdent@artdent.hu
• Website: artdent.hu

Your rights related to data processing are contained in points V. and VI. of this notice.

3/ processing of personal and special data

I inform you that in the sense of the REGULATION, the data controller processes data qualifying as personal and special data when it processes your health data in order to perform its dental activities. Within this framework, it processes all your personal data, as well as your medical history that can be associated with dental treatment.

The legal basis for the data processing is Act XLVII of 1997 on the Processing and Protection of Health Care and Related Personal Data, as well as the statutory authorization of the Privacy Act and NM Decree 62/1997. (XII. 21.) on certain issues of processing healthcare and related personal data, as well as the consent of the data subject.

In order for the data subject to be entitled to use health services in our clinic, it is essential for the protection of their life and physical integrity that the data controller processes and records their health data. The treatment sheet, which must be filled out by the data subject before the start of treatment, serves to allow the treating physician to verify all health data – which, in addition to special data, includes the processing of personal data for the patient’s identifiability – necessary for the given treatment, and to ensure that the risk of treatment can be reduced or eliminated (allergic reactions, etc.).

The Data Controller declares that it processes these data in paper form and in the form of a separate electronic system, providing access only to the designated data processor working as an employee of the Company. The Data Controller informs the data subject that it will transfer data qualifying as special data to third parties if the use of a dental technician is required during the treatment.

personal and special data: all personal data of the data subject, as well as health data absolutely necessary in connection with treatments (name, birth name, TAJ (social security number), address, place and date of birth, data related to the care)

Duration of data processing: The Company must preserve a recording made with a diagnostic imaging procedure, i.e., a CT image taken of the patient, for 10 years from its creation, the findings made from the recording and the health documentation for 30 years from the creation of the recording, while the final report must be preserved for at least 50 years. Following the mandatory recording period, the data may continue to be recorded for medical treatment, scientific research, or public interest if justified. If further recording is not justified, the records must be destroyed.

purpose of data processing: The purpose of data processing is to promote the preservation, improvement, and maintenance of health, to facilitate effective healing activity, including professional supervisory activity. A further goal is the monitoring of the Data Subject’s health status and the enforcement of patient rights.

legal basis for data processing: consent of the data subject

Recipient: EESZT (Electronic Health Service Space)

Data Processor:

• Company name: ARTDENTIST Korlátolt Felelősségű Társaság
• Tax number: 25460559-2-42
• Company registration number: 01-09-276465
• Registered office: 1165 Budapest, Nógrádverőce út 31.
• Phone number: +36 20 218 5343
• E-mail address: artdent@artdent.hu
• Website: artdent.hu

The Data Controller informs the data subject that if it detects an infectious disease, it will transfer the health and identity data of the data subject to state administrative bodies based on statutory authorization and obligation.

Your rights related to data processing are contained in points V. and VI. of this notice.

4/ fulfillment of accounting obligations issued regarding a contract-based economic event

I inform you that our Company is a business association obliged to double-entry bookkeeping based on relevant legislation. Accordingly, it is obliged to commission an accountant or business association licensed to perform accounting activities to provide bookkeeping activities. In order for our Company to fulfill its invoice issuance obligation for a given economic event according to the Act on Accounting, as well as the Act on Value Added Tax and the Act on the Rules of Taxation, and its tax return obligation according to the law, it is obliged to transfer personal data according to the REGULATION to the business association commissioned with the accounting, which in this case qualifies as a data processor.

personal data: all personal data of the data subject that current legislation requires to be included on the document named „invoice” subject to strict accountability (name, address)

purpose of data processing: fulfillment of legal obligations

duration of data processing: 8 years

legal basis for data processing: consent of the data subject, statutory authorization

5/ Data related to the Newsletter

The Data Controller sends letters containing advertisements or commercials (newsletter) to electronic mail addresses provided during registration – even by post – only with the user’s explicit consent, in cases and manners meeting legal requirements. The user may unsubscribe from the newsletter at any time using:

• the link located at the bottom of the newsletter or
• send an email to the artdent@artdent.hu email address or
• send a letter to the address 1165 Budapest, Nógrádverőce út 31.

6/ Data processing in case of online contact and contract offer (appointment booking)

The purpose of data processing: Acceptance of the contract offer made by the Patient by submitting the contact form on the website, identification of the Patient, and appointment coordination for the purpose of finalization of the contract. Furthermore, the purpose of processing data is the fulfillment of obligations arising from the concluded contract, as well as the enforcement of the Provider’s legitimate claims (especially the invoicing and collection of the Availability Fee in case of violation of cancellation conditions).

Scope of processed data:

• Name: essential for identification and entering into the contract.
• E-mail address: for sending confirmations (acceptance and finalization email) and for email-based appointment coordination.
• Phone number: for telephone appointment coordination and for maintaining contact with the Patient.
• Address: for the exact identification of the parties to the contract, for issuing a regular accounting document (invoice/request for payment), and for the enforceability of claims in case of breach of contract (sending a notice).

Legal basis for data processing: Contractual legal basis (GDPR Article 6 (1) (b)): data processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract, in which the Patient is one of the parties. According to the GTC, the submission of the form qualifies as a contract offer.

• Legitimate interest (GDPR Article 6 (1) (f)): The Provider’s legitimate interest is to mitigate revenue loss due to appointments booked but not canceled by the Patient (enforcement of the Availability Fee).
• Legal obligation (GDPR Article 6 (1) (c)): The obligation to issue documents according to accounting and tax legislation (providing an address for invoicing).

Duration of data processing: If treatment is realized: The statutory retention period for health documentation (30 years according to the Eüak.).

• If the Patient does not appear and a debt (Availability Fee) arises: Until the debt is settled or until the claim expires (5 years according to the Civil Code).
• If the contract is not established: Data will be deleted after [e.g., 1 year] has elapsed since the last contact.

7/ Processing of data related to photo documentation for publication purposes connected to healthcare

With the help of this photo documentation, we wish to accompany and document the treatment process, which provides our Dental clinic with the opportunity to use the photos thus prepared at scientific presentations and on the dental clinic’s website. The published photo documentation as „before-after” cases helps to introduce visitors to the website to the treatments performed at the Dental clinic.

• Purpose of the planned processing of personal data: Photo documentation of the healthcare provision.
• Legal basis for data processing: Your consent as the Patient.
• Categories of data subjects: Patients initiating the use of care.
• Processed personal data: Name, photos of care (in a manner unsuitable for identification).
• Data Processor: ARTDENTIST KFT.
• Planned duration of data processing: Until withdrawal by the Patient concerned.

8/ Photo documentation connected to healthcare for scientific purposes

With the help of this photo documentation, we wish to accompany and document the treatment process, which provides our Dental clinic with the opportunity to present the photos thus prepared at scientific presentations.

• Purpose of the planned processing of personal data: Photo documentation of the healthcare provision.
• Legal basis for data processing: Your consent as the Patient.
• Categories of data subjects: Patients initiating the use of care.
• Processed personal data: Name, photos of care (in a manner unsuitable for identification).
• Planned duration of data processing: Until withdrawal by the Patient concerned.

9/ Expression of opinion and portrait connected to healthcare and their use for publication purposes

• Purpose of the planned processing of personal data: Online clinic publication.
• Legal basis for data processing: Your consent as the Patient.
• Categories of data subjects: Patients initiating the use of care.
• Processed personal data: Patient’s opinion, name (even anonymously, in a manner unsuitable for identification).
• Data Processor: ARTDENTIST KFT.
• Planned duration of data processing: Until withdrawal by the Patient concerned.

10/ Data processing for public opinion and market research purposes

• Purpose of the planned processing of personal data: Quality assurance.
• Legal basis for data processing: Your consent as the Patient.
• Categories of data subjects: Patients.
• Processed personal data: Name, phone number, opinions expressed during conversation.
• Planned duration of data processing: Until withdrawal by the Patient concerned.

11/ Data processing related to data used for measuring patient satisfaction – indicated in a questionnaire

• Purpose of the planned processing of personal data: Quality assurance.
• Legal basis for data processing: Your consent as the Patient.
• Categories of data subjects: Patients.
• Processed personal data: Name, phone number (even anonymously, in a manner unsuitable for identification).
• Planned duration of data processing: Until withdrawal by the Patient concerned.

VI. INFORMATION ON DATA PROCESSING, COMPLAINT HANDLING

The controller shall take appropriate measures to provide any information and guidance relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

The controller shall facilitate the exercise of data subject rights. The controller shall not refuse to act on the request of the data subject for exercising his or her rights, unless the controller demonstrates that it is not in a position to identify the data subject.

The controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Information and actions shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either, taking into account the administrative costs of providing the information or communication or taking the action requested:

1. charge a reasonable fee, or
2. refuse to act on the request.

The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

Where the controller has reasonable doubts concerning the identity of the natural person making the request, the controller may request the provision of additional information necessary to confirm the identity of the data subject.

The information to be provided to data subjects may be provided in combination with standardised icons in order to give in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing. Where the icons are presented electronically they shall be machine-readable.

In its founding resolution No. 3/2018. (05.24.), the Company designated Dr. Artúr Lajos Varajti (phone number: +36 20 218 5343) as the data controller for maintaining contact with data subjects.

For our complaint handling, it is necessary for the data subject to provide the following data, which serve exclusively for the identification of the data subject and for maintaining contact.

• name, address, phone number, email address, description of the complaint

Our Company informs you that if you experience unlawful data processing by our Company, you may lodge a complaint with the competent Authority in the following way:

• National Authority for Data Protection and Freedom of Information (NAIH)
• 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
• 1530 Budapest, Pf.: 5.
• +36-1-391-1400

Our Company informs you that in case of unlawfulness of data processing, you also have the right to turn to the Court.

VII. PERSONAL DATA BREACH

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

The controller shall notify the personal data breach to the supervisory authority competent without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay. The communication to the data subject shall not be required if any of the following conditions are met:

1. the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
2. the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph (1) is no longer likely to materialise;
3. it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.

Our Company informs you that if you experience unlawful data processing by our Company, you may lodge a complaint with the competent Authority in the following way:

• National Authority for Data Protection and Freedom of Information
• 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
• 1530 Budapest, Pf.: 5.
• +36-1-391-1400

In its founding resolution No. 3/2018. (05.24.), the Company designated Dr. Artúr Lajos Varajti (phone number: +36 20 218 5343) as the data controller for maintaining contact with data subjects.

Our Company informs you that in case of unlawfulness of data processing, you also have the right to turn to the Court.

VIII. FINAL PROVISIONS

The Data Controller undertakes to ensure the security of the personal data processed by it, takes technical measures that ensure that the recorded, stored, and processed data are protected, and does everything in its power to prevent their destruction, unauthorized use, and unauthorized alteration.

The Data Controller reserves the right to unilaterally modify this declaration while notifying users. The Data Controller shall publish information about modifications to this privacy policy on the Website. Following the entry into force of the modification, the user acknowledges the contents of the modified declaration by using the service, through implied behavior.

IX. CONTACT

We welcome your questions, comments, and requests related to our Privacy Statement at the following address:

• ARTDENTIST KFT. (registered office: 1165 Budapest, Nógrádverőce út 31.)
• E-mail: artdent@artdent.hu
• Phone: +36 20 218 5343

X. CHANGES TO THE NOTICE

The Company reserves the right to modify or update this Notice at any time without prior notification and to publish the updated version. Any modification is valid only for personal data collected following the publication of the modified version. Please check our Notice regularly to track changes and stay informed about how changes affect you! The date of entry into force of the Notice is: March 20, 2026.