Data protection statement

During the browsing you are simultaneously providing data. The data provision takes place partly automatically and partly by completing the forms placed in the site or eventually by subscribing to a newsletter.

By visiting the website you give your consent to provide data to the website host, and acknowledge that the visiting of certain sites is conditioned by voluntarily providing personal data that correspond to the content of the pages. We hereby inform you that if you decide not to provide the requested personal information then it is possible that you won’t have access to certain parts of the site.

We inform you that if you are opting for the electronic payment service then the following personal data stored by the Róbert Magánkórház Zrt. (1136 Budapest, Lehel u. 59/c) data manager in the  „Róbert” private hospital’s users’ database will be transferred to the OTP Mobil Kft. (1093 Budapest, Közraktár u. 30-32.) as the data processor. The data going to be forwarded by the data manager are as follows:

  • Name
  • E-mail address
  • Billing details (Name, ZIP code, City / Town / Village, Address)

The kind and purpose of the data processing activity performed by the data processor is found in the SimplePay data management information at the following link: http://simplepay.hu/vasarlo-aff

The Róbert Károly Magánkórház Zrt. declares that he is handling the personal data and information supplied by the portal’s users solely and through the assigned data processor according to the data protection rules.

The Róbert Károly Magánkórház Zrt. will keep, handle, store your personal data as long as it corresponds to the referred legal provisions. During the data management activity the data provided by you can be accessed only by the employees of the Róbert Károly Magánkórház Zrt. who have the task to do so. The Róbert Károly Magánkórház Zrt. is not disclosing your personal data to third parties or unauthorised people – except for the cases specified in the data protection regulation – and he can use freely the data that are not considered personal.

In harmony with the data protection law you may ask for information about the handling of your personal data. You are entitled to update, modify your personal data and you can also ask for their deletion.

The Róbert Magánkórház Zrt. intends to sustain the possibility to notify you by e-mail / SMS about the information considered important for you and simultaneously to provide you the possibility to refuse.

In addition You acknowledge that the Róbert Károly Magánkórház Zrt. respectively the creators of the website, the parties participating in the operation are not liable for any errors, disadvantages, damages caused by or related to the visiting, using of the website or the unauthorised access to the personal and other data, their destruction or publishing.

Reserves the right to alter the content of the website without restriction and notification, and terminate or suspend all its services.

We hereby inform you that we can also use the data collected about or received from you in order to investigate and prevent the activities that are illegal or endanger the operation of our network or the website.

The Róbert Károly Magánkórház Zrt. is not liable for the acts committed by a domestic or foreign legal or natural person or organisation with no legal personality either directly or directly based on the data, information existing on the website or accessed through the website, regardless of who provides these data and information. None of the information, data existing on the website can be handled as suggestions or recommendations, respectively the website can’t serve as base for any decision or measures.

The Róbert Károly Magánkórház Zrt. does not assume liability in connection with the website content, the data, information, statements achievable there or through it, in this way among others but not limited to their accuracy, timeliness, validity, completeness, their suitability for certain purpose, their reliability, well-foundedness, etc. The statements and declarations on the website do not qualify assumptions of obligations. By visiting the website you agree that the utilisation of the information downloaded and obtained from or through the website takes place voluntarily, at one’s own discretion and at one’s own risk.

The Róbert Károly Magánkórház Zrt. will not connect in any way the personal data created during its services with the personal data handled by him.

The Róbert Károly Magánkórház Zrt. collects data that are suitable to reach the users only if the kind of the certain service makes this indispensable. It is using the data only for the purpose approved in advance by the user, and he will not disclose them to third parties in any circumstances – except for the cases specified by law.

The services of the Róbert Károly Magánkórház Zrt. contain several connection points (links) that lead to the sites of other service providers. The Róbert Károly Magánkórház Zrt does not assume liability for these links, the data found there, respectively for the damages caused because of visiting or using those pages.

In certain situations there might be need to complete registration forms in order to use the services. On these pages the Róbert Károly Magánkórház Zrt. is asking for personal data required for the contacting (name, address, phone number, mobile phone number, e-mail address).

The Róbert Károly Magánkórház Zrt. is handling confidentially the personal data provided during the registration, and no unathorised people can have access to them.

The purpose of the registration consists of making accessible certain information and documents for the health care services only.

During the registration the visitors of the registration-related pages of the Róbert Károly Magánkórház Zrt. must provide data that are real and true. In connection with the unauthorised use of the personal data during the registration the Róbert Károly Magánkórház Zrt. is not liable at all.

The Róbert Károly Magánkórház Zrt. reserves the right to check the personal data and if the user does not clarify the inaccurate data by a certain deadline then the Róbert Károly Magánkórház Zrt. is entitled to delete the concerned user’s registration.

The user undertakes that when using the services he/she will not send data, messages that are contrary to

a) any law, international treaty,

b) the contents of the directive on the network abuse of the Internet service provider,

c) any generally accepted Internet rule,

d) ethical requirements.

The user undertakes that he will not disclose to unauthorised third parties the personal or health-related data obtained when using the service. The user acknowledges that he/she is liable for the damages caused by breaching these obligations.

Data management information about the electronic surveillance system operating at the „Róbert” private hospital:

Hereby we are informing you that we are operating an electronic surveillance system in the „C2 building of the „Róbert Károly” private hospital (1135 Budapest, Lehel u. 59.).

The surveillance system is operated by the hospital personnel.

We inform you that the rules of recording of images and sound, the use and storing are governed by the provisions of the 2005/CXXXIII act on the rules of personal and property protection and the private investigation activity (Szvtv.), and the provisions of the 2011/CXII act on information self-determination right and freedom of information (Info tv.). The operation of the electronic surveillance system takes place according to the section 30. § (2) of the Szvtv., based exclusively on consent, specified as below, in order to protect human life, body integrity and property, with the purpose of preventing and perceiving the legal breaches and accidents, the catching of the perpetrator and in order to prove the legal breach. We draw your attention to the fact that entering the monitored premises by knowing the present information is considered express consent to manage the data.

The group of handled data: the face on the footage and personal data of the person in the monitored area.

The positions of the cameras:

There are security cameras at the hospital’s reception, cash-desks, admin. entry and in the surroundings of the second floor’s reception desk.

The range of the cameras covers only the above-mentioned areas, no public areas are covered:

1: cash-desk

2: cash-desk

3: cash-desk, customer

4: cash-desk, customer

5: wind-catcher

6: reception, panorama picture

7: reception, panorama picture

8: reception, panorama picture

9: reception, area before the lift

10: outer door, admin. entry

11: second floor’s reception desk

12: inner door, admin. entry

13: second floor’s copy machine

14: second floor’s copy machine, panorama picture

15: second floor’s reception desk, customer

The cameras operate with the purpose to protect the business, payment, bank and security secrets as well as the property protection.

The legal grounds of having footage is the legitimate interest of the data manager, done based on informing the concerned parties in advance.

The footage of the cameras is handled by the Róbert Károly Magánkórház Zrt. The footage gets stored in a closed system within the building, no unauthorised person or third party can have access to it.

The live footage of the cameras can be seen by the hospital’s personnel and guards who have the proper licenses.

The recorded footage of the cameras can be seen by the Janitor, the Technical and operation director and the Operative director or the people designated by them.

There is a password to access the footage.

We keep the records for 3 calendar days, then they get deleted automatically.

The footage can be seen retroactively based only on written request, exclusively with the purpose to prove the legal breaches committed against human life, body integrity and property intactness as well as to identify the perpetrator respectively to reveal the events, accidents that relate to life or body integrity with the permission of the technical and operations director and the operative director, respectively instructed by the authorities and a protocol must be taken, too.

The hospital hands over the recorded footage to third parties only in the situations specified by law (e.g. police, authorities). The recorded footage can be seen retroactively only in the case of suspected infraction or crime respectively in the case of workplace accident.

REGISTRATION NUMBER OF DATA MANAGEMENT: NAIH - 143314/2018.

The data protection officer of the „Róbert” private hospital

Róbert Bodnár
+36 20 257 7390
gdpr@robertkorhaz.hu

Operating the chatbot service

The purpose of the present data management information is to provide a concise and short summary about the protection and free flow of the data handed by the Róbert Károly Magánkórház Zrt., the TVC Investment Kft. and the Advantage Med First Kft. (further on: Data manager) in regards of the handling of personal data, and the data management and data processing activity performed in compliance with the provisions of the 2016/679 decree of April 27, 2016 on the waiving of the 95/46/EC directive of the European Parliament and Council (further on: Decree or GDPR), and the data processing activity and practice related to the data manager’s chatbot service performed based on the provisions of the 2011/CXII act on the right of information self-determination and the freedom of information (further on: Info tv.

The data manager’s special purpose is to respect the basic rights and liberties of the concerned natural persons, especially the rights to the protection of their personal data and their information self-determination rights. Data manager shall confidentially handle the personal data and shall take every security, technical or organisational measure that guarantees the safety of the data.

The Data manager accepts the principles and provisions of the present Data Management Information as compulsory, and simultaneously undertakes that his data management activity complies with the requirements defined in the law in force.

The present Information is effective from November 18, 2020. Data manager reserves the right to alter the content of the present Information, and he shall make it available in due time for the concerned parties. The concerned parties in regards of the chatbot service and the chatbot end-users in using the present Information (further on: End-user) who are using the Chatbot functions through the automatised communication.

The chatbot service can be reached through the following platforms and applications: Viber, Microsoft Teams, Facebook Messenger (https://www.facebook.com/robertmagankorhaz), tritonlife.hu website

Detailed rules of data management

Name of data manager: Róbert Károly Magánkórház Zrt., TVC Investment Kft., Advantage Med First Kft.

Contact details of the data manager: 1135 Budapest, Lehel utca 59/C.
Pursuant to the article 37 of the Decree the data manager is appointing a data protection officer, the contact details are as follows:

Mr Róbert Bodnár
+36 20 257 7390
gdpr@robertkorhaz.hu

Purpose of data management:  based on the individual consent and needs of the concerned people / answering the frequent questions of the chatting people who are contacting through chatbot / in an interactive way on a digital platform in order to satisfy the E-customer service enquiries, bidirectional automated communication between the population of the settlement / the Data manager’s employees, subcontractors, as End-user and data manager, targeted content supply.

Legal grounds of data management: the article 6. (1) a) of the GDPR – the concerned party gave his/her consent to handle his/her personal data for one or more concrete purposes. The concerned party can any time withdraw the consent but this does not affect the legitimacy of the data management performed based on the consent prior to the withdrawal.

Group of handled (personal) data: The data required definitely for the operation of the chatbot and available based on the Platform’s standard settings: App (Viber, Messenger) user ID (identifier generated for the chatbot), user’s name, profile picture URL, data provided by the Data manager for the chatbot service and for the data processor (e.g. name, e-mail address, site, department, position, phone number, address, TAJ (Social Security Number) number and tax number (certain digits, Emd-user profile created in connection with the chatbot, business account, that is possessed by the Data  manager). The platform used for the service, the language, date of registration, and any data provided by the End-user during the chat talk (text, button utilisation, picture) in the chatbot interaction; the data shared with the platform. The group of processed data may vary with the all-time functions of the chatbot.
We are kindly asking the End-user to proceed with care when using the chatbot and providing the personal data and he/she should not provide any other personal information in the chatbot besides the above-referred ones. Should the user use the chatbot with a social network profile then depending on the concerned party’s own settings his/her certain data of the social network profile become accessible for others in the various social network media platforms in such a way that the devices assured by such third parties enable the concerned party to choose how he/she intend to share his/her personal data on the community platforms. In function of the platform the Platforms are subject to – besides their own regulations - the data protection practices and policies of the Platforms, external service providers and other third parties. Data manager is not liable for the verity of the personal data provided by the End-user, only the End-user shall be liable for them. The End-user undertakes that only he will have access to the social network profile, the user’s account and he won’t grant access for others. The End-user will cover every liability that is related to the logging-in through the End-user’s user account.

Duration of data management and data storing: till the withdrawal of the concerned party’s consent (if the request for deletion is made through chatbot), but for maximum one year considered from the End-user’s last activity (if the End-user does not use again the chatbot service in one year considered from the last activity): becomes anonymised (the ID gets separated), then after five years considered from the last activity the data of the chatbot talks get deleted.
The data processor is storing and using the data collected during the use of the Chatbot service even beyond one year of the referred storing time in an anonymised way meaning a way that is not suitable to identify the End-user, on condition that after five years the entire chat talk will be deleted.]

Data processor: the data manager is using as the external data processor the Talk-A-Bot Kft (LLC) (seat: 1025 Budapest, Pusztaszeri út 5. 2. em. 1.; Company reg. number: 01-09-286391; tax number: 25735967-2-41).

The data processor is recording and storing the data in order to fulfil the contract as per the chatbot service; and he is storing and using the anonymised data (collected during the use of the chatbot service that are not suitable to identify the End-user) even beyond one year considered from the last activity) in order to develop his own know-how. During the anonymisation the personal data are losing their personal kind, the data transformed as such can’t be connected to the End-user.

Data storing and data safety measures

In regards of the managed personal data the storing and processing take place partly at the data manager’s seat and in the server room operated by the following storage providers: cloud-based storage provided by Microsoft Azure (Microsoft Ireland Operations Limited; Seat: 70 Sir Rogerson's Quay, Dublin 2, Ireland; contact: https://azure.microsoft.com/hu-hu/).

In regards of the handling and storing of the personal data the data manager proceeds with greatest care. In the IT safety area the Data manager is applying the most efficient and up-to-date tools and procedures that are reasonably available.

When designing, establishing and operating the used IT infrastructure the Data manager makes definitely sure the personal data used by him are protected, in this regards he will especially make sure the data are not accessed by unauthorised people, they are not altered, forwarded and disclosed, deleted or destroyed as well as they do not become inaccessible because of the accidental destruction and damaging and the changes of applied technique.

During the automated processing of the personal data the Data manager and the Data processors apply supplementary measures to prevent the unauthorised data entry; to prevent the unauthorised use of the automatic data processing systems with data-transmitting systems; the controllability of and ability to determine to which organs the personal data were or can be forwarded and with what data transmission equipment; the controllability of and ability to determine which personal data and when and by whom were introduced into the automatic data processing systems; the restorability of the installed systems in case of operational failure and whether reports can be mad about the errors that occur during the automated processing.

Data forwarding

The Data manager can forward the personal data to third parties with the End-user’s preliminary and informed consent only. This does not refer to the eventual data forwarding required by law respectively to the forwarding to the data processors specified in the present document.

The Data manager is entitled and obliged to forward to the competent authorities all the data that are available and stored duly by him where he has to do so according to the law or a legally binding official obligation. The Data manager can’t be held liable for such data forwarding and the related consequences. The Data manager can be contacted by the court, the prosecutor, the investigating authority, the authorities related to breach of rules, the public administration authorities, the data protection commissioner respectively pursuant to law other organs, too, in order to inform them or supply them with the required documents. The Data manager can supply the authorities – if the authority has specified the exact purpose and the scope of data – with personal data and at such an extent that is definitely necessary to meet the objective of contacting.

The personal data can be known by the members and top officials of the Data manager, and the natural persons being in working relationship or other legal relationship aiming to work for the Data manager, as well as the members and top officials of the Data processor, and the natural persons being in working relationship or other legal relationship aiming to work for the Data processor.

Data manager shall not forward personal data to third countries or to international organisations.

Concerned rights

The concerned person can any time initiate the following steps in the chat service window and through the data manager’s contact details specified in the present Information. The data manager provides electronically the answer given to the enquiry that was submitted electronically, except when the concerned person asks otherwise.

The access right of the concerned person
The concerned person can ask the data manager for information regarding whether the management of his/her data is in progress, and if such data management is in progress, then he /she is entitled to know what personal data the Data manager is handling, on what grounds, for what data management purpose, from what source, for how much time, who and why has access to his/her personal data and exactly what personal data and to whom were the personal data forwarded, and he/she can be informed about his right to submit a complaint to the supervisory authority. Data manager supplies the copy of the personal data (that are subject of the data management) to the concerned person free of charge on the first occasion, and when asking for more data he/she is entitled to charge an administrative fee. 
Right to correction
The concerned party can ask the Data manager to modify, correct his/her (inaccurate) personal data, can ask for the completion of the incomplete personal data and the Data manager shall notify the concerned party when fulfilling the request.

Right to deletion
The concerned person can ask for the deletion of the personal data, and the Data manager will fulfil the deletion request in maximum  30 days, and he shall notify the concerned person in writing (through the provided contact details) so that the Data manager can refuse to delete the personal data in the following situations: if the personal data are still required for the purpose for which they were collected or handled; if the data manager is obliged to handle respectively store them, respectively it is required to meet the legal obligation; and in regards of the data management based on the concerned person’s consent the Data manager has another legal ground to further handling of the personal data. In the case of refusal the Data manager provides information in 30 days about the refusal to delete, simultaneously specifying the exact reason.

Right to object
The concerned person can object against the handling of his / her personal data collected for direct business acquiring, public opinion polling or scientific research purpose or when the data management takes place in order to enforce the legitimate rights of the data manager or a third party (except when if it is required to meet an obligation specified by law). In such situation the data manager can’t further handle the personal data. There are exceptions when it is justified by legitimate reasons that have priority over the concerned person’s interests, rights and freedoms, or that are related to the submission, enforcement or protection or legal needs.

Right enforcement possibilities
In the case of illegitimate data management, or when he / she does not agree upon the data manager’s decision or in the case of other legal damage the concerned person – pursuant to the Infotv., the 2013/V act on the Civil Code can contact the competent authority and can submit his/her complaint to the National Data Protection and Freedom of Liberty Authority as the supervisory authority (mailing address: 1530 Budapest, Pf.: 5.; address: 1125  Budapest Szilágyi Erzsébet fasor 22/c; phone: +36-1-391-1400, telefax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu).

 

 

During the browsing you are simultaneously providing data. The data provision takes place partly automatically and partly by completing the forms placed in the site or eventually by subscribing to a newsletter.

By visiting the website you give your consent to provide data to the website host, and acknowledge that the visiting of certain sites is conditioned by voluntarily providing personal data that correspond to the content of the pages. We hereby inform you that if you decide not to provide the requested personal information then it is possible that you won’t have access to certain parts of the site.

We inform you that if you are opting for the electronic payment service then the following personal data stored by the Róbert Magánkórház Zrt. (1136 Budapest, Lehel u. 59/c) data manager in the  „Róbert” private hospital’s users’ database will be transferred to the OTP Mobil Kft. (1093 Budapest, Közraktár u. 30-32.) as the data processor. The data going to be forwarded by the data manager are as follows:

  • Name
  • E-mail address
  • Billing details (Name, ZIP code, City / Town / Village, Address)

The kind and purpose of the data processing activity performed by the data processor is found in the SimplePay data management information at the following link: http://simplepay.hu/vasarlo-aff

The Róbert Károly Magánkórház Zrt. declares that he is handling the personal data and information supplied by the portal’s users solely and through the assigned data processor according to the data protection rules.

The Róbert Károly Magánkórház Zrt. will keep, handle, store your personal data as long as it corresponds to the referred legal provisions. During the data management activity the data provided by you can be accessed only by the employees of the Róbert Károly Magánkórház Zrt. who have the task to do so. The Róbert Károly Magánkórház Zrt. is not disclosing your personal data to third parties or unauthorised people – except for the cases specified in the data protection regulation – and he can use freely the data that are not considered personal.

In harmony with the data protection law you may ask for information about the handling of your personal data. You are entitled to update, modify your personal data and you can also ask for their deletion.

The Róbert Magánkórház Zrt. intends to sustain the possibility to notify you by e-mail / SMS about the information considered important for you and simultaneously to provide you the possibility to refuse.

In addition You acknowledge that the Róbert Károly Magánkórház Zrt. respectively the creators of the website, the parties participating in the operation are not liable for any errors, disadvantages, damages caused by or related to the visiting, using of the website or the unauthorised access to the personal and other data, their destruction or publishing.

Reserves the right to alter the content of the website without restriction and notification, and terminate or suspend all its services.

We hereby inform you that we can also use the data collected about or received from you in order to investigate and prevent the activities that are illegal or endanger the operation of our network or the website.

The Róbert Károly Magánkórház Zrt. is not liable for the acts committed by a domestic or foreign legal or natural person or organisation with no legal personality either directly or directly based on the data, information existing on the website or accessed through the website, regardless of who provides these data and information. None of the information, data existing on the website can be handled as suggestions or recommendations, respectively the website can’t serve as base for any decision or measures.

The Róbert Károly Magánkórház Zrt. does not assume liability in connection with the website content, the data, information, statements achievable there or through it, in this way among others but not limited to their accuracy, timeliness, validity, completeness, their suitability for certain purpose, their reliability, well-foundedness, etc. The statements and declarations on the website do not qualify assumptions of obligations. By visiting the website you agree that the utilisation of the information downloaded and obtained from or through the website takes place voluntarily, at one’s own discretion and at one’s own risk.

The Róbert Károly Magánkórház Zrt. will not connect in any way the personal data created during its services with the personal data handled by him.

The Róbert Károly Magánkórház Zrt. collects data that are suitable to reach the users only if the kind of the certain service makes this indispensable. It is using the data only for the purpose approved in advance by the user, and he will not disclose them to third parties in any circumstances – except for the cases specified by law.

The services of the Róbert Károly Magánkórház Zrt. contain several connection points (links) that lead to the sites of other service providers. The Róbert Károly Magánkórház Zrt does not assume liability for these links, the data found there, respectively for the damages caused because of visiting or using those pages.

In certain situations there might be need to complete registration forms in order to use the services. On these pages the Róbert Károly Magánkórház Zrt. is asking for personal data required for the contacting (name, address, phone number, mobile phone number, e-mail address).

The Róbert Károly Magánkórház Zrt. is handling confidentially the personal data provided during the registration, and no unathorised people can have access to them.

The purpose of the registration consists of making accessible certain information and documents for the health care services only.

During the registration the visitors of the registration-related pages of the Róbert Károly Magánkórház Zrt. must provide data that are real and true. In connection with the unauthorised use of the personal data during the registration the Róbert Károly Magánkórház Zrt. is not liable at all.

The Róbert Károly Magánkórház Zrt. reserves the right to check the personal data and if the user does not clarify the inaccurate data by a certain deadline then the Róbert Károly Magánkórház Zrt. is entitled to delete the concerned user’s registration.

The user undertakes that when using the services he/she will not send data, messages that are contrary to

a) any law, international treaty,

b) the contents of the directive on the network abuse of the Internet service provider,

c) any generally accepted Internet rule,

d) ethical requirements.

The user undertakes that he will not disclose to unauthorised third parties the personal or health-related data obtained when using the service. The user acknowledges that he/she is liable for the damages caused by breaching these obligations.

Data management information about the electronic surveillance system operating at the „Róbert” private hospital:

Hereby we are informing you that we are operating an electronic surveillance system in the „C2 building of the „Róbert Károly” private hospital (1135 Budapest, Lehel u. 59.).

The surveillance system is operated by the hospital personnel.

We inform you that the rules of recording of images and sound, the use and storing are governed by the provisions of the 2005/CXXXIII act on the rules of personal and property protection and the private investigation activity (Szvtv.), and the provisions of the 2011/CXII act on information self-determination right and freedom of information (Info tv.). The operation of the electronic surveillance system takes place according to the section 30. § (2) of the Szvtv., based exclusively on consent, specified as below, in order to protect human life, body integrity and property, with the purpose of preventing and perceiving the legal breaches and accidents, the catching of the perpetrator and in order to prove the legal breach. We draw your attention to the fact that entering the monitored premises by knowing the present information is considered express consent to manage the data.

The group of handled data: the face on the footage and personal data of the person in the monitored area.

The positions of the cameras:

There are security cameras at the hospital’s reception, cash-desks, admin. entry and in the surroundings of the second floor’s reception desk.

The range of the cameras covers only the above-mentioned areas, no public areas are covered:

1: cash-desk

2: cash-desk

3: cash-desk, customer

4: cash-desk, customer

5: wind-catcher

6: reception, panorama picture

7: reception, panorama picture

8: reception, panorama picture

9: reception, area before the lift

10: outer door, admin. entry

11: second floor’s reception desk

12: inner door, admin. entry

13: second floor’s copy machine

14: second floor’s copy machine, panorama picture

15: second floor’s reception desk, customer

The cameras operate with the purpose to protect the business, payment, bank and security secrets as well as the property protection.

The legal grounds of having footage is the legitimate interest of the data manager, done based on informing the concerned parties in advance.

The footage of the cameras is handled by the Róbert Károly Magánkórház Zrt. The footage gets stored in a closed system within the building, no unauthorised person or third party can have access to it.

The live footage of the cameras can be seen by the hospital’s personnel and guards who have the proper licenses.

The recorded footage of the cameras can be seen by the Janitor, the Technical and operation director and the Operative director or the people designated by them.

There is a password to access the footage.

We keep the records for 3 calendar days, then they get deleted automatically.

The footage can be seen retroactively based only on written request, exclusively with the purpose to prove the legal breaches committed against human life, body integrity and property intactness as well as to identify the perpetrator respectively to reveal the events, accidents that relate to life or body integrity with the permission of the technical and operations director and the operative director, respectively instructed by the authorities and a protocol must be taken, too.

The hospital hands over the recorded footage to third parties only in the situations specified by law (e.g. police, authorities). The recorded footage can be seen retroactively only in the case of suspected infraction or crime respectively in the case of workplace accident.

REGISTRATION NUMBER OF DATA MANAGEMENT: NAIH - 143314/2018.

The data protection officer of the „Róbert” private hospital

Róbert Bodnár
+36 20 257 7390
gdpr@tritonlife.hu

Operating the chatbot service

The purpose of the present data management information is to provide a concise and short summary about the protection and free flow of the data handed by the Róbert Károly Magánkórház Zrt., the TVC Investment Kft. and the Advantage Med First Kft. (further on: Data manager) in regards of the handling of personal data, and the data management and data processing activity performed in compliance with the provisions of the 2016/679 decree of April 27, 2016 on the waiving of the 95/46/EC directive of the European Parliament and Council (further on: Decree or GDPR), and the data processing activity and practice related to the data manager’s chatbot service performed based on the provisions of the 2011/CXII act on the right of information self-determination and the freedom of information (further on: Info tv.

The data manager’s special purpose is to respect the basic rights and liberties of the concerned natural persons, especially the rights to the protection of their personal data and their information self-determination rights. Data manager shall confidentially handle the personal data and shall take every security, technical or organisational measure that guarantees the safety of the data.

The Data manager accepts the principles and provisions of the present Data Management Information as compulsory, and simultaneously undertakes that his data management activity complies with the requirements defined in the law in force.

The present Information is effective from November 18, 2020. Data manager reserves the right to alter the content of the present Information, and he shall make it available in due time for the concerned parties. The concerned parties in regards of the chatbot service and the chatbot end-users in using the present Information (further on: End-user) who are using the Chatbot functions through the automatised communication.

The chatbot service can be reached through the following platforms and applications: Viber, Microsoft Teams, Facebook Messenger (https://www.facebook.com/robertmagankorhaz), tritonlife.hu website

Detailed rules of data management

Name of data manager: Róbert Károly Magánkórház Zrt., TVC Investment Kft., Advantage Med First Kft.

Contact details of the data manager: 1135 Budapest, Lehel utca 59/C.
Pursuant to the article 37 of the Decree the data manager is appointing a data protection officer, the contact details are as follows:

Mr Róbert Bodnár
+36 20 257 7390
gdpr@tritonlife.hu

Purpose of data management:  based on the individual consent and needs of the concerned people / answering the frequent questions of the chatting people who are contacting through chatbot / in an interactive way on a digital platform in order to satisfy the E-customer service enquiries, bidirectional automated communication between the population of the settlement / the Data manager’s employees, subcontractors, as End-user and data manager, targeted content supply.

Legal grounds of data management: the article 6. (1) a) of the GDPR – the concerned party gave his/her consent to handle his/her personal data for one or more concrete purposes. The concerned party can any time withdraw the consent but this does not affect the legitimacy of the data management performed based on the consent prior to the withdrawal.

Group of handled (personal) data: The data required definitely for the operation of the chatbot and available based on the Platform’s standard settings: App (Viber, Messenger) user ID (identifier generated for the chatbot), user’s name, profile picture URL, data provided by the Data manager for the chatbot service and for the data processor (e.g. name, e-mail address, site, department, position, phone number, address, TAJ (Social Security Number) number and tax number (certain digits, Emd-user profile created in connection with the chatbot, business account, that is possessed by the Data  manager). The platform used for the service, the language, date of registration, and any data provided by the End-user during the chat talk (text, button utilisation, picture) in the chatbot interaction; the data shared with the platform. The group of processed data may vary with the all-time functions of the chatbot.
We are kindly asking the End-user to proceed with care when using the chatbot and providing the personal data and he/she should not provide any other personal information in the chatbot besides the above-referred ones. Should the user use the chatbot with a social network profile then depending on the concerned party’s own settings his/her certain data of the social network profile become accessible for others in the various social network media platforms in such a way that the devices assured by such third parties enable the concerned party to choose how he/she intend to share his/her personal data on the community platforms. In function of the platform the Platforms are subject to – besides their own regulations - the data protection practices and policies of the Platforms, external service providers and other third parties. Data manager is not liable for the verity of the personal data provided by the End-user, only the End-user shall be liable for them. The End-user undertakes that only he will have access to the social network profile, the user’s account and he won’t grant access for others. The End-user will cover every liability that is related to the logging-in through the End-user’s user account.

Duration of data management and data storing: till the withdrawal of the concerned party’s consent (if the request for deletion is made through chatbot), but for maximum one year considered from the End-user’s last activity (if the End-user does not use again the chatbot service in one year considered from the last activity): becomes anonymised (the ID gets separated), then after five years considered from the last activity the data of the chatbot talks get deleted.
The data processor is storing and using the data collected during the use of the Chatbot service even beyond one year of the referred storing time in an anonymised way meaning a way that is not suitable to identify the End-user, on condition that after five years the entire chat talk will be deleted.]

Data processor: the data manager is using as the external data processor the Talk-A-Bot Kft (LLC) (seat: 1025 Budapest, Pusztaszeri út 5. 2. em. 1.; Company reg. number: 01-09-286391; tax number: 25735967-2-41).

The data processor is recording and storing the data in order to fulfil the contract as per the chatbot service; and he is storing and using the anonymised data (collected during the use of the chatbot service that are not suitable to identify the End-user) even beyond one year considered from the last activity) in order to develop his own know-how. During the anonymisation the personal data are losing their personal kind, the data transformed as such can’t be connected to the End-user.

Data storing and data safety measures

In regards of the managed personal data the storing and processing take place partly at the data manager’s seat and in the server room operated by the following storage providers: cloud-based storage provided by Microsoft Azure (Microsoft Ireland Operations Limited; Seat: 70 Sir Rogerson's Quay, Dublin 2, Ireland; contact: https://azure.microsoft.com/hu-hu/).

In regards of the handling and storing of the personal data the data manager proceeds with greatest care. In the IT safety area the Data manager is applying the most efficient and up-to-date tools and procedures that are reasonably available.

When designing, establishing and operating the used IT infrastructure the Data manager makes definitely sure the personal data used by him are protected, in this regards he will especially make sure the data are not accessed by unauthorised people, they are not altered, forwarded and disclosed, deleted or destroyed as well as they do not become inaccessible because of the accidental destruction and damaging and the changes of applied technique.

During the automated processing of the personal data the Data manager and the Data processors apply supplementary measures to prevent the unauthorised data entry; to prevent the unauthorised use of the automatic data processing systems with data-transmitting systems; the controllability of and ability to determine to which organs the personal data were or can be forwarded and with what data transmission equipment; the controllability of and ability to determine which personal data and when and by whom were introduced into the automatic data processing systems; the restorability of the installed systems in case of operational failure and whether reports can be mad about the errors that occur during the automated processing.

Data forwarding

The Data manager can forward the personal data to third parties with the End-user’s preliminary and informed consent only. This does not refer to the eventual data forwarding required by law respectively to the forwarding to the data processors specified in the present document.

The Data manager is entitled and obliged to forward to the competent authorities all the data that are available and stored duly by him where he has to do so according to the law or a legally binding official obligation. The Data manager can’t be held liable for such data forwarding and the related consequences. The Data manager can be contacted by the court, the prosecutor, the investigating authority, the authorities related to breach of rules, the public administration authorities, the data protection commissioner respectively pursuant to law other organs, too, in order to inform them or supply them with the required documents. The Data manager can supply the authorities – if the authority has specified the exact purpose and the scope of data – with personal data and at such an extent that is definitely necessary to meet the objective of contacting.

The personal data can be known by the members and top officials of the Data manager, and the natural persons being in working relationship or other legal relationship aiming to work for the Data manager, as well as the members and top officials of the Data processor, and the natural persons being in working relationship or other legal relationship aiming to work for the Data processor.

Data manager shall not forward personal data to third countries or to international organisations.

Concerned rights

The concerned person can any time initiate the following steps in the chat service window and through the data manager’s contact details specified in the present Information. The data manager provides electronically the answer given to the enquiry that was submitted electronically, except when the concerned person asks otherwise.

The access right of the concerned person
The concerned person can ask the data manager for information regarding whether the management of his/her data is in progress, and if such data management is in progress, then he /she is entitled to know what personal data the Data manager is handling, on what grounds, for what data management purpose, from what source, for how much time, who and why has access to his/her personal data and exactly what personal data and to whom were the personal data forwarded, and he/she can be informed about his right to submit a complaint to the supervisory authority. Data manager supplies the copy of the personal data (that are subject of the data management) to the concerned person free of charge on the first occasion, and when asking for more data he/she is entitled to charge an administrative fee. 
Right to correction
The concerned party can ask the Data manager to modify, correct his/her (inaccurate) personal data, can ask for the completion of the incomplete personal data and the Data manager shall notify the concerned party when fulfilling the request.

Right to deletion
The concerned person can ask for the deletion of the personal data, and the Data manager will fulfil the deletion request in maximum  30 days, and he shall notify the concerned person in writing (through the provided contact details) so that the Data manager can refuse to delete the personal data in the following situations: if the personal data are still required for the purpose for which they were collected or handled; if the data manager is obliged to handle respectively store them, respectively it is required to meet the legal obligation; and in regards of the data management based on the concerned person’s consent the Data manager has another legal ground to further handling of the personal data. In the case of refusal the Data manager provides information in 30 days about the refusal to delete, simultaneously specifying the exact reason.

Right to object
The concerned person can object against the handling of his / her personal data collected for direct business acquiring, public opinion polling or scientific research purpose or when the data management takes place in order to enforce the legitimate rights of the data manager or a third party (except when if it is required to meet an obligation specified by law). In such situation the data manager can’t further handle the personal data. There are exceptions when it is justified by legitimate reasons that have priority over the concerned person’s interests, rights and freedoms, or that are related to the submission, enforcement or protection or legal needs.

Right enforcement possibilities
In the case of illegitimate data management, or when he / she does not agree upon the data manager’s decision or in the case of other legal damage the concerned person – pursuant to the Infotv., the 2013/V act on the Civil Code can contact the competent authority and can submit his/her complaint to the National Data Protection and Freedom of Liberty Authority as the supervisory authority (mailing address: 1530 Budapest, Pf.: 5.; address: 1125  Budapest Szilágyi Erzsébet fasor 22/c; phone: +36-1-391-1400, telefax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu).