Privacy policy and data protection for treatment in the clinic
Dentalklinik Dr. Tóka
PRIVACY POLICY AND DATA PROTECTION
- Legislation, that shall form a basis for this information, as well as data processing and health care services
Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: „GDPR“)
Act CXII of 2011 on the right to self-determination as regards information and freedom of information (hereinafter referred to as: “Info Act”),
Act XLVII of 1997 on the processing and protection of health and related personal data (hereinafter referred to as: “Privacy Act”),
Act CLIV of 1997 on Health Care (hereinafter referred to as: “Health law”), Government Regulation No 96/2003 (VII.15.) on the general conditions for the practice of the health care services and the operating authorization procedure,
Act LXXXIII of 1997 on the provision of compulsory sickness insurance (hereinafter referred to as: “Law on sickness insurance”)
Act No XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities.
- Data controller and activities they carry out
Company 1 /data controller 1
The data controller is DENTALKLINIK DR. TÓKA Egészségügyi Korlátolt Felelősségű Társaság (HU-9400 Sopron, Lackner Kristóf utca 62/B., Registry Court of Győr company registration number: 08-09-011297, tax number: 13059365-2-08, statistical code: 13059365-8623- 113-08, hereinafter referred to as: “Company 1 / data controller 1”).
Company 2 /data controller 2
The data controller is IMPLANTKLINIK DR. TÓKA Egészségügyi Korlátolt Felelősségű Társaság (HU-9400 Sopron, Lackner Kristóf utca 62/B., Registry Court of Győr company registration number: 08-09-035690, tax number: 32246445-1-08, statistical code: 32246445-8623- 113-08, hereinafter referred to as: “Company 2 / data controller 2”).
“Company 1 / data controller 1” and “Company 2 / data controller 2” hereinafter collectively referred to as “Company / data controller”
The e-mail address of the data controller to be contacted:
DENTALKLINIK DR. TÓKA Egészségügyi Korlátolt Felelősségű Társaság office@drtoka.com
Name and contact details of the data protection officer and the data management administrator appointed by the data controller:
Name: Dr. Stephan Tóka,
email address: office@drtoka.com
and
IMPLANTKLINIK DR. TÓKA Egészségügyi Korlátolt Felelősségű Társaság office@implantklinik.hu
Name and contact details of the data protection officer and the data management administrator appointed by the data controller:
Name: Dr. Stephan Tóka,
email address: office@implantklinik.hu
The website drtoka.com and implantklinik.hu all rights related to its operation belong to the Company. Please note that the details available on the Company’s website at drtoka.com and implantklinik.hu (hereinafter collectively referred to as: “Website”) are for information only. In order to use the services provided by the Company, certain personal data must be provided, processed and possibly transferred to third parties, for which the consent of the Data Subjects and the legislative provisions are mandatory in all cases.
The company provides health care services (dental practice activities) in accordance with Article 3 e) of Health law. According to the law, health care services are all health activities that can be carried out – in cases specified by law – in possession of operating license issued by the state health administration is aimed at the examination and treatment, care, nursing, medical rehabilitation of the patient, the reduction of pain and suffering, and a for those purposes, the processing of the patient’s test materials, including the activity in accordance with the special legislation related to medicines, medical aids, medical care, as well as the rescue and ambulance transport, obstetrical services, special procedures for human reproduction, surgical sterilization, medical research conducted on humans, as well as medical procedures related to autopsy and death–related medical procedures, including those related to the transfer of inert human bodies according to the special legislation activities as well, to ensure the maintaining human health and the prevention, early detection, diagnosis and treatment of diseases, the avert a life-threatening situation, the improvement of the condition caused by illness.
On the basis of this Data Processing Policy, the Data Subject is a person who uses the health care services provided by the Company or is interested in the services provided by the Company (patient, client), persons staying temporarily or for a longer period in the territory of the Company’s institution (especially with regard to the use of photographs and audio and video recordings in the territory of the Company’s institution).
- Legal basis for data processing
During the application of this information, data processing according to Article 3 (10) of the Info Act: shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organisation, storage, adaptation or alteration, use, retrieval, transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
Legal basis for the Company’s data processing:
relating to the health care service activity specified in point 2 of these regulations, the fulfilment of the mandatory data processing, data retention and data transmission obligations based on the legislation applicable to this activity, as well as the Data Subject’s consent,
in respect of the profiling activity generated by the use of the website or any marketing services available through it, and based on the data stored by the so-called cookies, the data processing takes place on the basis of the consent of the user of the service or the user of the website.
Photographs and audio and video recordings are made on the Company’s territory on the basis of the consent of the Data Subjects.
In all of the cases listed above, the legal basis for data processing is also the legitimate interest of the Company, furthermore, it may be based on a legitimate interest to conclude the existing debt, outstanding claims or legal disputes, to fulfil legal, tax, audit and accounting obligations, to prevent fraud, and to maintain the data security of users, clients and patients, in addition, the monitoring of dental treatments, interventions (surgeries, anaesthetics, etc.) and possible complications arising in connection with these, in order to clarify details.
- Scope of processed data
The Data Subjects are responsible for the correctness and completeness of the data they provide, including that any service involving data processing is used by the Data Subjects in their own name and, in the case of a private person, the Data Subject is over 18 or s/he has the consent of a legal representative.
The data processed by the Company in connection with the activities defined in point 2 and the legal bases defined in point 3 may be:
natural person identification data
address
place and date of birth
contact details (email address, phone number, mailing address)
tax code
social security number
health data
photographs and audio and video recordings
The website may also collect non-personal statistical data incapable of identification by so-called cookies for marketing purposes and for the website development.
- Duration of data processing
Except in cases of mandatory data processing, the duration of data processing lasts until the withdrawal of the consent of the Data Subject.
Photographs, audio and video recordings made on the Company’s territory are kept for a period of 2 weeks after the recording was made, after the expiry of this period, the recordings will be automatically deleted.
The Company stores the data generated during the performance of the health care service contained in point 2 of this information according to Article 30 of Privacy Act as follows:
Health records – with the exception of recordings made with medical imaging services, medical reports made from them, as well as printed and electronic prescriptions – must be kept for at least 30 years from the date of data collection, and the final report for at least 50
years. After the mandatory registration period, the data can still be registered for medical treatment or scientific research – where relevant. If the additional register is not justified, the register shall be destroyed.
Recordings made with medical imaging services must be kept for 10 years from the date of the recording, and the medical reports made from the recording must be kept for 30 years from the date the recording.
If the health records have scientific importance, they must be handed over to the competent archive after the mandatory registration period.
Based on the relevant legislation, the Data Controller and all of its employees are obliged to keep the medical confidentiality without any time limit. Related to the data processing, the rules on medical confidentiality should also apply to the person who contacts the Company for the purpose of using a health care service, but does not use this service.
- Purpose of data processing
The purpose of processing medical and identification data:
promoting the preservation, improvement and maintenance of health,
facilitating the effective medical-care activity of hospitals, including technical supervision, monitoring the health the person concerned,
taking the necessary measures in the interest of public health and epidemiology, enforcement of patient rights,
following the individual patient pathway.
The Company is entitled to handle medical and identification data in addition to those specified above – in the cases specified by law – for the following purposes: training of health care professionals,
medical-professional and epidemiological studies, analysis, planning and organization of health care, drawing up the budget,
statistical investigations,
anonymization for impact assessment purposes and scientific research, facilitating the work of organizations exercising professional supervision or legal review, professional or legality supervision of the body or person managing health data, if the purpose of the control cannot be achieved in any other way, as well as performing the tasks of organizations that finance healthcare services,
determination of social security and social benefits, if it is based on the state of health, as well as determination of law enforcement health care in accordance with the law on the service status of professional members of law enforcement agencies, as well as determination of health impairment benefits in accordance with the law on on the legal status of the personnel of Nemzeti Adó- és Vámhivatal (National Tax and Customs Office),
examination of the ordering and provision of services available to persons entitled to health care at the expense of compulsory health insurance, as well as compliance with the rules on the ordering of economical medicines, medical devices and medical care, financing of the benefits provided to the beneficiaries based on the contract according to the separate legislation, and accounting for price support, and for the establishment, payment of social security benefits and repayment and reimbursement of benefits paid,
for the continuous and safe supply and provision of prescribed medical devices, medical aids and medical care to persons entitled to health care,
investigation and registration of work accidents and occupational diseases – including cases of increased exposure – and the implementation of the necessary occupational safety measures,
ethical approach against healthcare workers;
establishing the effectiveness and support of medicines, medical devices and medical aids receiving effectiveness–based support and establishing the financing procedures for medical treatment of these medical products,
organization of patient pathway,
evaluation and development of the quality of health care services, regular review and development of the evaluation aspects of health care services,
monitoring, measuring and evaluating the performance of the health care system, promoting effective and safe medication for those entitled to health benefits and developing cost-effective drug therapy;
enforcement of rights related to cross-border health care within the European Union.
With the – voluntarily – consent of the Data Subject or his legal or authorized representative – based on adequate information, containing a clearly expressed will, and given in a way that credibly proves the making of the legal declaration – the Company is also entitled to manage health data for purposes other than those specified above, either in full or in the scope of certain data processing activities.
For purposes based not on a consent, the Company shall only process such medical and identification data that are necessary for the purpose of data processing.
In addition to the above, the Company processes data for the following purposes: direct contact with the client via phone and email;
performance of the contract for the service provided by the Company; direct marketing (information activities and ancillary services carried out by the method of direct contact, intended to transmit to the client advertising or direct mail related to the sale or provision of products or services);
sending other advertising material, electronic advertisements or other addressed content to the client by email;
sending newsletters and offers to the client
development of the website;
promoting the professional and personal development of employees of the Company; for quality assurance purposes.
The Company has carried out an impact assessment in accordance with Article 35 of GDPR related to the individual data processing operations it carries out, and reviews it annually or in the event of a circumstance that has a significant impact on the risks. As a result of the investigation, it has been established that data processing is carried out on the basis of the requests of the Data Subjects, in the interest of the patients and on the basis of their consent, the purpose of which is to provide the patients with a full dental service, to determine the underlying procedures, and the data used are always determined in relation to the necessary and specific medical intervention.
- Data transfer
The Company does not transfer data to contractual partners in the context of its health care service activities in a way that can be used to determine the identity of the Data Subject. The Data Subject’s data may be transferred to third parties in the form of aggregated data that cannot be linked to a person.
For the purposes of Article 4 (1)-(3) of Privacy Act, the Company is entitled to transfer and link medical and identification data within the health care network. In order to fulfil the task of the health insurance body defined in Article 81 of the Law on sickness insurance, health data and social security numbers (hereinafter the Hungarian acronym: TAJ number) can be transmitted and connected between the health care network and the health insurance body, to the extent necessary
for the performance of the task. Medical and identification data from different sources can only be connected until the time and to the extent that it is absolutely necessary for prevention, medical treatment, public health and epidemiological measures.
In the case of any mandatory transfer of data required by the health legislation applicable to the Company, the recipient of the data is the organization specified in the relevant health legislation (e. g. Országos Egészségbiztosítási Pénztár – National Health Insurance Fund), which acts as an independent data controller, the data transfer is required by law, therefore the consent of the Data Subjects is not required.
In the course of data processing, any health data related to the illness of the Data Subject may be transmitted which is important for the purpose of the treatment according to the decision of the attending physician, unless the Data Subject prohibits this in writing or in a self–determination registered statement. In spite of the Data Subject’s prohibition, medical and, if required by law, identification data must be forwarded in the cases provided for in Article 13 of Privacy Act, or for public health, epidemiological or occupational health purposes in accordance with the provisions of Article 15 of Privacy Act.
In the case of data transfer in accordance with the above, the Even in the case of data transfer according to the above, the Company – with the exception specified in the law – does not transfer health data related to previous illness unrelated to the illness at the time of transfer without the consent of the Data Subject.
The Company (employees of the Company) and any data processors entrusted by the Company with the collection, management and performance of quality assurance tasks may see the client’s personal data provided orally, in writing or electronically in connection with the interest in the health care service. If the Company uses a data processor during a given procedure, the Company will inform the Data Subjects.
In addition to the third parties named or referred to in this Policy, the personal data of the Data Subject will not be transferred to third parties, except for mandatory data transfer based on law, in particular, but not exclusively, including judicial or administrative requests based on law.
- Data processors
The Company also acts as a data processor in connection with all data processing. 9. Newsletter registration
The client may withdraw his/her consent to the processing and transfer of his/her personal data at any time, without limitation or justification, in writing at any of the following contact details:
FOR DENTALKLINIK DR. TÓKA KFT.
Email: office@drtoka.com
Postal address: DENTALKLINIK DR. TÓKA Egészségügyi Korlátolt Felelősségű Társaság – HU 9400 Sopron, Lackner Kristóf utca 62/B
FOR IMPLANTKLINIK DR. TÓKA KFT.
Email: office@implantklinik.com
Postal address: IMPLANTKLINIK DR. TÓKA Egészségügyi Korlátolt Felelősségű Társaság – HU-9400 Sopron, Lackner Kristóf utca 62/B
- Rights of Data Subjects
If not limited by applicable law, the following rights are granted to individuals based on GDPR:
Right of access – to receive information about the personal data processed and access to such data;
Right to rectification – to request the modification or the updating of personal data if the data are inaccurate or incomplete;
Right to erasure – to request the deletion of the personal data, if it is not medical secret and the data processing is not based on a legal obligation;
Right to restriction – to request that the processing of personal data is suspended temporarily or permanently related to all or part of the personal data, if it is not medical secret and the data processing is not based on a legal obligation;
Right to object – an objection can be raised at any time against the processing of personal data or processing for direct sales purposes, unless it is a medical secret or a legal obligation; The right to data portability – an electronic copy of personal data and the transfer of personal data to third parties may be requested;
Right to exemption from automated decisions – upon request, the Data Subject is exempted from a decision made solely on the basis of automated decision, including profiling during which the decision made would have a legal effect on the Data Subject or have a significant impact.
The Data Controller examines the Data Subject’s request for the exercise of the above rights as soon as possible, but no later than 15 days after the submission of the request, makes a decision on the validity of the request, or gives an answer, and informs him/her of his decision or answers in writing. In case of deletion, restriction or objection, if the Data Controller determines that the request is justified, the data processing – including further data collection and data transfer – will be terminated and the data will be blocked. The Data Controller shall inform all those to whom the personal data concerned has been previously transferred and who are obliged to take action to enforce the right contained in the request. If the Data Subject does not agree with the decision of the Data Controller, or if the Data Controller fails to meet the above deadline, s/he may lodge a complaint or go to court within 30 days of the notification of the decision or the last day of the deadline.
Rights and obligations related to data processing and data protection, and information on how to exercise them can be requested in a request sent to the email address of the Data Controller to be contacted.
The Data Controller does not transfer personal data outside the territory of the European Union. The Data Controller may transfer data that cannot be linked to a person outside the territory of the EU to a country or to a service provider that meets the requirements of GDPR. In the agreements concluded with its contracted partners, as well as their agents, collaborators and employees, the Data Controller ensures compliance with the requirements contained in these regulations and related internal regulations.
The Data Controller takes appropriate technical and organizational measures to protect personal data, however, no IT system can provide full protection. In the event of an unlawful attack on the it system used by the Company, the Company cannot assume responsibility for the protection of personal data.
The authority which is authorized to monitor the Data Controller’s activities related to data processing:
Nemzeti Adatvédelmi és Információszabadság Hatóság (the national authority for data protection and freedom of information; “the Hungarian data protection authority”) Address: HU-1055 Budapest, Falk Miksa utca 9-11.
Postal address: HU-1374 Budapest, POB: 603.
Phone numbers:
+36 (30) 683-5969
+36 (30) 549-6838
+36 (1) 391-1400
Email address: ugyfelszolgalat@naih.hu
This Privacy Policy can be unilaterally amended by the Data Controller at any time. This Data Processing Policy enters into effect on 1 April 2023.
DENTALKLINIK DR. TÓKA Kft.
represented by Dr. Stephan Tóka, managing director
and
IMPLANTKLINIK DR. TÓKA Kft.
represented by Dr. Stephan Tóka, managing director
Contact Us
Healing is not just our job, but our life and our profession.
Our clinic in Hungary is nowadays one of the the best equipped private dental clinic, where we use the most advanced technologies for operations, conservative treatments and dental technology.