Information about data management, legal requirements and cookie management for visitors and registered users of https://www.bariatria.hu and its subdomains.
Dr. Zsolt Baranyai, as the Owner of the Website (hereinafter “Service Provider”), acting as Controller during the operation of the Website bariatria.hu (hereinafter the “Website”), processes the personal data of the persons registered on the Website in order to provide its services in an appropriate manner.
The Service Provider intends to comply fully with the legal requirements regarding the processing of personal data, in particular with the contents of Regulation (EU) 2016/679 of the European Parliament and of the Council.
Name and contact details of Service Provider, Controller:
Name / company name:
Dr. Baranyai Zsolt, Baruzo Kft.
1147 Budapest, Kerékgyártó u. 36-38.
Name of Website (including subdomains):
The Privacy Statement can be consulted at:
GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;
processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
personal data: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;
consent of the Data Subject: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Recipient: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
third party: means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, processor and persons who, under the direct authority of the Controller or Processor, are authorised to process personal data;
PRINCIPLES RELATING TO PROCESSING OF DATA
- Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Personal data shall be collected for specified, explicit and legitimate purposes.
- Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data shall be accurate and up to date. Personal data that are inaccurate have to be erased without delay.
- Personal data shall be stored in a form which permits identification of Data Subjects for no longer than it is necessary; personal data may be stored for longer periods insofar as the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
- Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- The principles of data protection should be applied to any information concerning an identified or identifiable natural person.
By processing data, the Service Provider aims to provide additional services for the persons registered on the Website during the Website’s operation.
Data Subjects affected by data processing include registered users of the Website. The structure, design and all content (logo, image, text, graphics, data and information) displayed on the Website are subject to copyright and trademark protection. The unauthorised use thereof for business or commercial purposes is illegal. Any use of the above elements is subject to the prior written consent of the Service Provider and shall involve displaying the source.
The Website can be freely visited without having to supply any personal information. The Website provides information on the Service Provider’s health services. Content posted on the Website is for informational purposes only and it is in no way binding for the Service Provider. No communication on the Website shall be deemed a contractual offer or acceptance of a contractual offer. The declarations and statements on the Website do not constitute a commitment. By accessing the Website, you acknowledge that the use of information downloaded or obtained from the Website or through the Website is done voluntarily, at your own discretion and solely at your own risk.
According to Act CXII of 2011 on the right to self-determination as regards information and freedom of information (Infotv.) Article 5 (1) a), the legal basis for data processing on the Website is the Data Subject’s voluntary contribution. Consent for instances of data processing is given by the User by using the Website, registering or voluntarily entering the data in question.
Data processing is based on the voluntary, informed statement by the Users of the online content on the Website, which includes the express consent of the Users to the use of their personal data shared during the visit to the Website.
If you provide personal information (such as name, address, email address or telephone number) via the Website or using the email address provided on the Website, the Service Provider will process it.
The Controller will not and cannot use the personal data you provide for purposes other than those set forth in the sections of the present Privacy Statement. Disclosure of personal data to third parties or authorities – unless otherwise provided by law – is subject to the prior express consent of the user.
The Service Provider does not verify the provided personal data. The accuracy of the information provided is the sole responsibility of the person providing it. Any User entering his or her email address is also responsible for ensuring that only he or she uses the service from that email address. As a result, any liability in connection with using the specific email address for entering the Website shall be borne exclusively by the User who registered the email address.
The Service Provider makes every reasonable effort to ensure the accuracy and veracity of the content of the Website, selects the used sources with the utmost care and diligence, but assumes no responsibility for the accuracy, correctness and completeness thereof, and is not responsible for any damages resulting from the use of the information.
In line with the above, the prior written consent of the Service Provider is required for the inclusion, publication, reproduction, copying or distribution of any content or portion of the content from the Website in any publication or presentation. The information on the Website is for informational purposes only and shall only be used after consultation with and examination by appropriate professionals (doctors, pharmacists and other healthcare professionals). The Service Provider reserves the right to change the content of the Website.
The Service Provider shall not be liable for the uninterrupted and error-free operation of the Website, nor for any damage caused by unauthorised access to the content and data displayed on the Website by any unauthorised person.
The Website contains links to external websites as well. The Service Provider shall not be liable for the content of external sites linked on the Website and maintained by a third party.
Please note that the information we collect from you or that we receive from you may also be used to investigate and prevent unlawful activities that may endanger our network or the operation of our Website.
For further information on the use of Website content, please contact our Customer Service under the Contact section of our Website. The Service Provider reserves the right to object to being linked to inappropriate environments and to initiate the deletion of the link. In case of placing a link to the Website, please inform our Customer Service (providing your name, electronic contact details and preferred method of use).
This legal notice and the use of the Website are governed by Hungarian law.
As the operator of the Website, we declare that the information and contents published by us are in full compliance with applicable legal provisions. We further declare that when you sign up for our newsletter, we are not in the position to verify the accuracy of your contact information or to determine whether the information provided is connected to an individual or a company. Companies that contact us are treated as clients.
The purpose of data processing is to send electronic messages containing professional content, information and newsletters of which you can unsubscribe at any time without consequences. You can also unsubscribe without consequences if your business has since been dissolved, you have left the business, or your contact information has been shared with us by someone else.
Your consent is the legal basis for data processing. We inform you that the User may give prior and express permission to being contacted by the Service Provider with any promotional offers, notifications and other messages at the email address provided upon registration. As a result, the User may consent to the Service Provider’s processing the personal data required for this purpose. Please note that you must provide the necessary data if you wish to receive newsletters from us. If these data are not supplied, we will not be able to send you newsletters.
Duration of data processing: data processing will continue until the consent is revoked.
The data are erased when the consent is revoked. You can revoke your consent to the data processing at any time by sending a message to the contact email address provided.
Consent may also be revoked by clicking on the link included in the newsletter.
Data can be legally accessed by the Controller, the Data Manager and its employees.
Method of data storage: electronic.
Modification or erasure of data can be initiated by email, telephone or mail using the above contact details.
Please be informed that when you visit the website, you voluntarily provide us with your personal data.
The scope of Data Subjects affected by the data processing: all Users visiting the Website, irrespective of whether they use the services available on the Website or not.
Legal basis for data processing: User’s consent, in line with Article 5 (1) a) of the Infotv.. User gives his or her voluntary consent to data processing by accepting the information and pop-up prompts appearing at the start of the visit to the Website and by continuing the use of the Website.
The scope of data to be processed: Data processing by means of information technology concerns the data needed to operate the cookies required for the Website’s operation and to use the log files used by the web host.
Data processed to facilitate user-friendly browsing:
– the websites you visit during your visit to the Website and the order in which they are accessed
– The IP address of the device used by the User
The scope of data processed to measure website traffic:
– the websites you visit during your visit to the Website and the order in which they are accessed
– the frequency with which each page of the Website is viewed
– the website from which the User arrived to this Website (only in the case of a website that displays a link to this Website)
– the geographic location of the User visiting the Website (identified based on data from the Internet Service Provider; only approximate data about the location of the device used for browsing is collected)
– the time at which you start browsing the Website
– the time of leaving the Website (the time of finishing the browsing)
– duration of browsing the Website.
Data processed to verify access rights to the Website:
– username and password (may be stored at User’s discretion)
– the User’s email address
– the IP address of the device used by the User
The identification of the User’s device used to browse the Website and remembering identification data – for the duration of the visit – based on the IP address. This facilitates the smooth operation of the Website during the visit, as without such processing the User would have to identify him/herself or repeat certain processes upon visiting each page of the Website.
The data required for the below purposes are recorded anonymously and cannot be connected to persons:
Measuring Website traffic, the frequency of viewing each page of the Website and the period of visiting each page of the Website in order for the Data Controller to tailor the Website to the needs of the Users.
Determining the location of the user (i.e. the location of the device used for browsing) and mapping the degree of interest in the service provided by the Controller.
Identification of the website from which the User arrived to this Website in order to gather information about other topics of interest of Users interested in the services of the Controller as well as to measure the effectiveness of the promotional activities related to the Service.
To measure this data, the Controller’s IT system uses Google Analytics (Google Inc.). When viewing pages that use Google Analytics tools, Google cookies remember user-specified preferences and information, which is also necessary for mapping anonymous data processed to measure website traffic and browsing habits.
The above anonymous data is also accessed by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), the owner and operator of Google Analytics. In addition to performing the aforementioned analysis, Google Inc. uses the above data to deliver targeted advertising to the User of the Website. In doing so, Google Inc. uses anonymous data and the IP address of the device used for the browsing to determine the scope of interest of the User based on the browsing habits detected on the device, and then deliver targeted advertisements to that device. Apart from the anonymous information described in this section, Google Inc. does not have access to any additional information mentioned in this document.
Cookies facilitating access to the Controller’s Facebook page and the sharing and liking of this Website on social network platforms (Facebook button, Facebook “Share” button, Facebook “Like” button) are operated by Facebook Inc.; consequently, anonymous data processed by these cookies are also accessed by Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
Cookies facilitating access to the Controller’s Instagram social networking site (Instagram button) are operated by Instagram LLC. service; consequently, anonymous data managed by these cookies is also accessed by Instagram LLC. (1 Hacker Way, Menlo Park, CA 94025, USA). Instagram LLC. is owned by Facebook Inc. and Instagram service is operated by Facebook Inc., consequently, the data processing during the use of the service is performed jointly by Facebook Inc. and Instagram LLC..
Through these features, Facebook Inc. and Instagram LLC. have access to the anonymous data used to measure website traffic and browsing habits described above. In addition to performing the aforementioned analyses, Facebook Inc. and Instagram LLC. also use the above data to deliver targeted advertisements to the User browsing the Website. In doing so, Facebook Inc. and Instagram LLC. combines anonymous data and the IP address of the device used for the browsing to determine the User’s scope of interest based on the browsing habits detected on that device, and then deliver targeted advertisements to that device. Apart from the anonymous data mentioned in this section, Facebook Inc. and Instagram LLC. does not have access to any additional information mentioned in this document.
The data related to the following purposes are recorded in a way that they can be associated with the User, but may only be accessed by the Controller:
– potentially storing the username and password for easier login (at the User’s discretion)
– verification of User’s access rights (username, email address, password).
Duration of data processing: Controller processes some of the data for the duration of the browsing and stores some data for a variable period of up to 2 years.
The method of data storage: anonymously, in separate data processing lists of the Controller’s IT system. Information required to ensure the user-friendliness of the Website (IP address, sequence of pages visited on the Website during the visit) is not stored. Cookies used for collecting data are stored locally on the User’s device. Log files used by the web host are stored on the server of the host.
In accordance with laws on Data Protection, you have the right to request information about the processing of your personal data at any time and to have your personal information updated or erased.
The Controller shall be entitled to process the personal data provided by the User until the User – after logging in with the relevant username – deletes his or her registration. The date of erasure shall be no later than the 10th working day after the receipt of the User’s request for erasure. In the event of unlawful or deceptive use of personal data or if the User commits a crime or an attack on the system, the Controller shall have the right to delete the User’s data immediately and terminate the User’s registration, or – having regard to any criminal or civil liability – to retain personal data for the duration of the relevant ongoing proceedings.
Please be advised that if you do not wish the Service Provider to notify you by email and/or SMS of any information that you might consider important, the Service Provider also provides you with the opportunity to decline.
The Service Provider is not responsible for, among others, the accuracy, validity, veracity, completeness, suitability or reliability of any data, information or statement available through its Website.
Please note that when using the pages connected to registration, you are required to provide information that is true and correct.
We would like to emphasize that the User is not entitled to send any information, data or messages contrary to good morals, law, the contents of international conventions or any other Internet-related norm or custom when using the health service. The User further undertakes not to use any data obtained through the service in an unauthorised manner or to disclose it to any third party.
In order to facilitate the Company’s business activities, to ensure the continuous and proper operation of the Website and for the safe IT operation of the software used for sending the newsletter, the Data Manager may use the services of a Data Processor to process data by utilising technical operations necessary for the safe operation of the software.
SENDING ELECTRONIC NEWSLETTERS:
According to Article 5 (1) a) of the Infotv., the legal basis of data processing is the User’s consent. After consulting the information about data processing – in particular, the above sections on sending newsletters – the User voluntarily consents to the use of the Data Processor for the processing of his or her data required by the Controller for sending the newsletter.
The scope of data affected by the data processing: The data processing concerns all the data indicated in the statement’s section on sending newsletters.
Purpose of data processing: To ensure the technical operation of the Software used by the Controller for sending newsletters by means of technical operations necessary for the Software’s safe operation and used for data processing.
Duration of data processing: the data processing periods indicated in the section about sending newsletters.
Processing of data shall be limited to the technical operations necessary to operate the software used for sending newsletters.
RIGHTS RELATED TO DATA PROCESSING
Right to request information
You have the right to request information using the contact details provided about your data processed by our company, our legal basis and purposes for processing your data, the source thereof and the duration of the processing. Upon your request, we will send the information to your email address promptly, or within 30 days the latest.
Right to rectification
You have the right to request the modification of your data through the contact details provided. Upon your request, we will do so immediately, or within 30 days the latest, and we will send a notification to the email address you provided.
Right to erasure
You have the right to request the erasure of your data through the contact details provided. Upon your request, we will do so immediately, or within 30 days the latest, and we will send a notification to the email address you provided.
Right to blocking
You have the right to request the blocking of your data through the contact details provided. The blocking will be in effect until the purpose specified by you requires the data to be stored. Upon your request, we will do so immediately, or within 30 days the latest, and we will send a notification to the email address you provided.
Right to object
You have the right to object to the processing of your data through the contact details provided. We will investigate the objection as soon as possible after your request has been sent, or within 15 days the latest, decide whether it has a legal basis and notify you about the decision by email.
THE ENFORCEMENT OF YOUR RIGHTS RELATED TO DATA PROCESSING
In case of unauthorised processing of your data, please notify our company so that we can quickly restore compliance with legal requirements. For your convenience, we will do our best to resolve the issue in question.