Megtekintés magyarul

General dispositions

Persentimus Kft. (registered seat: 1041 Budapest, Deák Ferenc utca 85. 9. em. 29.; company registry number: 01-09-173443; competent court of registration: Fővárosi Törvényszék Cégbírósága (Budapest-Capital Regional Court), hereinafter: Company)

The purpose of this policy is to allow users who register in the application (hereinafter: Application) available at the https://idopontom.eu/ website (hereinafter: Website) and who schedule appointments and share their personal data to obtain the necessary information prior to the registration about the terms, period and safeguards of the data processing performed by the Company.

The data processing concerning the activities of the Company is performed based on freely given consent or on legal obligation.

The processing of personal data performed by the Company is in compliance with applicable laws, and in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR)

• Act CXII of 2011 on Informational Self-Determination and Freedom of Information

• Act XLVII of 1997 on the processing and protection of health care data and associated personal data

The company information and contact details of the Company:

  • Corporate name: Persentimus Kft.
  • Registered seat: 1041 Budapest, Deák Ferenc utca 85. 9. em. 29.
  • Telephone number:+36-70-938-6462
  • E-mail: hello@idopontom.eu

The Company does not use the personal data of the users registered in the Application for direct marketing purposes.

The Company transfers personal data to the following third-country recipients:

Recipient of data transfer Registered seat Purpose of data transfer Level of protection of the third country concerned by the transfer
Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States In connection with the operation of the Website, the data required for the use of the services of the Google Firebase Cloud Functions for Firebase, Cloud Storage for Firebase, Firebase Authentication, Firebase Hosting, Firebase Realtime Database (as described below) shall be transmitted to the Data Processing Recipient. The appropriate level of protection is ensured by the EU-U.S. Privacy Shield. The recipient's registration is available at the following link:https://www.privacyshield.gov/participant?id=a2zt0000000TNDzAAO&status=Active The data protection policy is available at the following link:https://sentry.io/privacy/
Functional Software Inc. (Sentry) 1 Baker Street, Suite 5B, San Francisco, CA 94117, United States Forwarding personal data (specified below) to the data processor that are necessary for the simplification of the management of Sentry Error Reporting. The appropriate level of protection is ensured by the EU-U.S. Privacy Shield. The recipient's registration is available at the following link:https://www.privacyshield.gov/participant?id=a2zt0000000TNDzAAO&status=Active The data protection policy is available at the following link:https://sentry.io/privacy/

Further information about the data processing:

The Company shall take all necessary technical and organizational measures to ensure that its data management complies with legal requirements. The Company operates under strict internal data protection and data security rules and takes great care to prevent data protection incidents and if necessary manage them lawfully and with the required transparency.

Registration by the user

The condition of using the Application is the registration. The purpose of the registration is simplifying the use of the Application and scheduling.

The description of the data processing concerning registration:

  • The controller of the data processing is: the Company.
  • The purpose of the data processing: making possible the use of the Application and the management of the appointments.
  • The legal bases of the data processing: the consent of the data subject – GDPR article 6. paragraph (1) point a).
  • The types of processed personal data: first and last name, telephone number, e-mail address, IP address, the type and version number of the web browser and operating system, the language preference set up in the browser, in case of an error, the data indicated in the error log.
  • Transfer of the data: the data is not forwarded to third parties.
  • The duration of the date processing: until the deletion of the registered account, or in case of inactivity – if the user does not give its consent for further maintaining the account – for two years until the last activity or consent. For the purpose of ensuring to be able to restore the Application a backup is made of the personal data and kept for 30 (thirty) days. The backup is only available to the system administrator of the Company. After this period the backup is permanently deleted.
  • The use of data processor: for the management of the registrations and for error tracking and errors solving the Company uses the following service provider(s):
Name of data processor Registered seat The description of the data processing The availability of the data protection policy
Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States Provision of an IT platform for wide-ranging purposes, including hosting, backend services and database management. https://policies.google.com/privacy?hl=en
Functional Software Inc. (Sentry) 1 Baker Street, Suite 5B, San Francisco, CA 94117, United States Management of error tracking https://sentry.io/privacy/

The possible consequences of failure to provide the personal data: the registration will be unsuccessful without the necessary personal data and the user account shall not be created.

The rights of the data subject:

  • may request access to its personal data,
  • may request the rectification of its personal data
  • may request the erasure of its personal data
  • may request the restriction of processing in case the conditions set out in article 18 of GDPR apply (ie. may request that the data is not erased, but processed only for the purposes set out in article 18 of GDPR)
  • if it would be necessary for the data to be processed on the basis of the legitimate interest of the Company or a third party, then the data subject may object to the processing of personal data;
  • may practice the right to data portability. According to this the data subject is entitled to receive the personal data concerning it in MS Word or Excel formats, further it is entitled to request that the Company forward these data to another data controller.

Registration by the administrator

Some user accounts are created for the user by the administrator (s) acting on behalf of the Application Service Provider. The purpose of the registration is to simplify the use of the Application and the management of time reservations. In such a case, the Company acts as a data processor with respect to the data recorded during registration.

The description of the data processing concerning registration:

  • The controller of the data processing is: the service provider that registers the user.
  • The purpose of the data processing: making possible the use of the Application and the management of the appointments.
  • The legal bases of the data processing: the consent of the data subject – GDPR article 6. paragraph (1) point a).
  • The types of processed personal data: first and last name, telephone number, e-mail address, IP address, the type and version number of the web browser and operating system, the language preference set up in the browser, in case of an error, the data indicated in the error log.
  • Transfer of the data: the data is not forwarded to third parties. The company proceeds as data processor concerning the personal data received from the service providers;
  • The duration of the date processing: until the deletion of the registered account, or in case of inactivity – if the user does not give its consent for further maintaining the account – for two years until the last activity or consent. For the purpose of ensuring to be able to restore the Application a backup is made of the personal data and kept for 30 (thirty) days. The backup is only available to the system administrator of the Company. After this period the backup is permanently deleted.
  • The use of data processor: for the management of the registrations and for error tracking and errors solving the Company uses the following service provider(s):
Name of data processor Registered seat The description of the data processing The availability of the data protection policy
Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States Provision of an IT platform for wide-ranging purposes, including hosting, backend services and database management. https://policies.google.com/privacy?hl=en
Functional Software Inc. (Sentry) 1 Baker Street, Suite 5B, San Francisco, CA 94117, United States Management of error tracking https://sentry.io/privacy/

The possible consequences of failure to provide the personal data: the registration will be unsuccessful without the necessary personal data and the user account shall not be created.

The rights of the data subject:

  • may request access to its personal data,
  • may request the rectification of its personal data
  • may request the erasure of its personal data
  • may request the restriction of processing in case the conditions set out in article 18 of GDPR apply (i.e. may request that the data is not erased, but processed only for the purposes set out in article 18 of GDPR)
  • if it would be necessary for the data to be processed on the basis of the legitimate interest of the service provider, the Company or a third party, then the data subject may object to the processing of personal data;
  • may practice the right to data portability. According to this the data subject is entitled to receive the personal data concerning it in MS Word or Excel formats, further it is entitled to request that the Company forward these data to another data controller.

Scheduling appointments

The registered user can schedule appointments with the help of the Application to one or more service providers that are registered in the Application. In case of scheduling appointments to health care providers, certain personal data processed in connection with the appointment shall be considered data concerning health (typically: the appointment concerning the type of the healthcare provider in case of scheduling an appointment at a healthcare provider)

The description of the data processing concerning registration:

  • The controller of the data processing is: the Company or the service provider depending on whether the appointment was made by the user of the service provider.
  • The purpose of the data processing: making possible the use of the Application and the management of the appointments.
  • The legal bases of the data processing: the consent of the data subject – GDPR article 6. paragraph (1) point a) and article 9. paragraph (2) point a).
  • The types of processed personal data: first and last name, telephone number, e-mail address, IP address, the type and version number of the web browser and operating system, the language preference set up in the browser, in case of an error, the data indicated in the error log, number of cancelled, attended or unattended appointments.
  • Transfer of the data: the data is not forwarded to third parties except for the concerned service providers. The Company may proceeds as data processor concerning the personal data received from the service providers;
  • The duration of the date processing: until the end of the day of the appointment, after this the personal data concerning the appointment shall only be processed for statistical purposes, without the possibility of identifying the data subject, except for the number of cancelled, attended or unattended appointments which are processed for 6 (six) months. For the purpose of ensuring to be able to restore the Application a backup is made of the personal data and kept for 30 (thirty) days. The backup is only available to the system administrator of the Company. After this period the backup is permanently deleted.
  • The use of data processor (other then the Company): for the management of the registrations and for error tracking and errors solving the Company uses the following service provider(s):
Name of data processor Registered seat The description of the data processing The availability of the data protection policy
Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States Provision of an IT platform for wide-ranging purposes, including hosting, backend services and database management. https://policies.google.com/privacy?hl=en
Functional Software Inc. (Sentry) 1 Baker Street, Suite 5B, San Francisco, CA 94117, United States Management of error tracking https://sentry.io/privacy/

The possible consequences of failure to provide the personal data: the scheduling of the appointment is unsuccessful without providing the required personal data and the appointment shall not be registered in the Application.

The rights of the data subject:

  • may request access to its personal data,
  • may request the rectification of its personal data
  • may request the erasure of its personal data
  • may request the restriction of processing in case the conditions set out in article 18 of GDPR apply (i.e. may request that the data is not erased, but processed only for the purposes set out in article 18 of GDPR)
  • if it would be necessary for the data to be processed on the basis of the legitimate interest of the service provider, the Company or a third party, then the data subject may object to the processing of personal data;
  • may practice the right to data portability. According to this the data subject is entitled to receive the personal data concerning it in MS Word or Excel formats, further it is entitled to request that the Company forward these data to another data controller.

Other data processing

Certain authorities, public bodies or courts may contact the Company for the purpose of communicating personal data. If the organization precisely specifies the purpose and scope of the required personal data, the Company shall only disclose personal data to the extent strictly necessary for the purpose of the request and if the fulfillment of the request is prescribed by law.

The data subject may request information on the management of its personal data, may request access to the data and may request rectification of its personal data or, with the exception of mandatory data processing prescribed by the GDPR or other acts of law, cancellation, revocation, and storage of data and object in the manner indicated in the Application or by the above contact details of the data controller.

At the request of the data subject, the information will be provided electronically without delay, but no later than one month. The Company fulfills the requests concerning practicing the rights of the data subjects free of charge.

The right to information:

The Company shall take appropriate measures to ensure that all the information referred to in Articles 13, 14 and 15 of the GDPR and the information referred to in Articles 15-22 and 34. are provided to the data subjects shall be provided in a concise, transparent, comprehensible, precise and easily accessible form, in a clear and comprehensible manner.

Right of access by the data subject

The data subject is entitled to access its personal information (receive copies) and to receive confirmation from the Company whether the data processing is still underway. In case it is, then the data subject is entitled to access the following information concerning the personal data:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries (countries that are not members of the EU) or international organizations;
  • the envisaged period for which the personal data will be stored
  • the right to rectify, erase personal data, the right of restriction of processing and objection,
  • the right to lodge a complaint with a supervisory authority;
  • the source of the personal data,
  • the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification:

The data subject may request to rectify the personal data that are processed by the Company and to complete incomplete personal data.

Right to erasure:

The data subject is entitled in case on the below grounds to request that the requested personal data be erased without undue delay:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services.

The erasure of the personal data may not be requested if the purpose the data processing is one of the following:

  • exercising the right of freedom of expression and information;
  • compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • r the establishment, exercise or defense of legal claims.

Right to restriction of processing:

The data subject shall have the right to obtain from the controller restriction of processing where one of the conditions set out in article 18 of the GDPR applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The data subject shall be informed prior to the lifting of the restriction.

Right to data portability:

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. The Company is able to fulfil such request in MS Word or Excel formats. The condition of the right to data portability is that the data processing is automated and its legal ground is either consent or an agreement.

Right to object:

If the data processing is performed for the purpose of direct marketing, the data subject is entitled to object against the data processing concerning its personal data, including profiling if it is related to direct marketing. In case of objection against data processing related to direct marketing, the personal data may not be used for such purpose. The data subject is also entitled to the right to object in case the legal ground of the data processing is the legitimate interest of the data controller or third parties, but in this case the fulfilment of the request is subject to consideration depending on which party's rights may supersede the other. Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right to withdraw consent:

The data subject is entitled to withdraw its consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Procedural rules:

The data controller shall inform the data subject with no undue delay, but not later than one month from the receipt of the request about the measures taken concerning the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by two further months. The controller shall inform the data subject of the extension of the deadline by indicating the reasons for the delay within one month of receiving the request.

If the data subject submits the request via electronic means, then the information shall be provided electronically, except if the data subject requests otherwise.

If the controller does not take action on the request of the data subject, it shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking the action and of submitting the complaint to the supervisory authority and having recourse to a judicial remedy.

The controller shall inform all recipients of any rectification, erasure or data management restriction it has made with whom or with whom the personal data have been communicated, unless this proves impossible or requires a disproportionate effort. At the request of the data subject, the controller shall inform those addressees.

If the Company has violated the information rights of the data subject, the data subject may lodge a complaint at the National Authority for Data Protection and Freedom of Information or initiate legal proceedings before the competent court.

Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

Correspondence address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Telephone number: +36 (1) 391-1400

E-mail: ugyfelszolgalat@naih.hu

Homepage: https://naih.hu

Budapest, 2019.03.01.