Euromed Ambulance Ltd. (Hereinafter: the Data Controller), which operates the mentosok.com website, hereby publishes information on the data processing performed on the website www.mentosok.com (hereinafter: the Website) and the additional services provided by the Data Controller.
Details of Data Controller:
Data Contorller is the Euromed Ambulance Ltd.
Office: 1185 Budapest, Pósa Lajos utca 9. A. ép.
E-mail: euro.m.ambulance@gmail.com
Phone: +36-1/234-5012
Users visiting the Website (hereinafter: the User) accept all the terms and conditions contained in this Privacy Policy (hereinafter: the Prospectus), therefore please read this Prospectus carefully before using the Website.
Information on each data management
Contact
Scope of data managed:
On the Website, the User has the opportunity to enter his / her data in order to be able to contact the Data Controller, to receive information about the Data Controller's products and services, and to receive help in connection with the order. The following personal data can be entered during the contact (data marked with * is mandatory):
full name*;
e-mail address*;
message*;
mobile phone number.
The purpose of data management: To provide information related to the Data Controller's products, services and activities, to contact and keep in touch with the User interested in the Data Controller's products, the services provided by him, to inform Users and to handle remarks related to the Data Controller's activities.
Duration of data management: The Data Controller handles personal data for a maximum of 30 days from the end of the bilateral communication between the Data Controller and the User, or until the User requests the deletion of his data or withdraws his consent to the processing of his personal data.
Legal basis for data processing: User's consent pursuant to Article 6 (1) (a) of the GDPR.
Consultation
Scope of data managed:
On the Website, the User has the opportunity to enter his / her details in order to make an appointment for a consultation. The following personal data can be entered during the contact (data marked with * is mandatory):
full name*;
e-mail address*;
message*;
mobile phone number*.
The purpose of data management: To request the opportunity to consult and book an appointment with the persons designated by the Data Controller at a time and subject.
Duration of data management: The Data Controller will process the personal data for a maximum of 30 days from the date of the consultation, or until the User requests the deletion of his data or withdraws his consent to the processing of his personal data.
Legal basis for data processing: User's consent pursuant to Article 6 (1) (a) of the GDPR.
Ordering a service
Scope of data managed:
In order for the User to be able to use the services of the Data Controller, he / she must enter the following data in the interface provided for this (data marked with * are considered personal data):
company name,
Name of the contact person*,
Contact email address *,
Contact phone number *,
tax number,
billing address,
comment.
It is also possible to enter the following information during the purchase:
payment method*;
method of receipt *.
Purpose of data management: The Data Controller may use the contact details indicated by the User for the purpose of the order only to make the ordered services available, to register and fulfill the contract concluded for the fulfillment of the order, to enforce the rights and obligations arising from the contract and to contact the User. handles and uses. The Data Controller sends the information related to the order to the User to the e-mail address of the designated Contact Person.
The Data Controller draws the User's attention to the fact that in all cases the User, as the employer, has the obligation and responsibility to inform the Contact Person designated by him about the processing of his personal data for the purpose and under the conditions specified in this Prospectus.
Duration of data management: The Data Controller handles the data of the Contact Person only for 5 years after the termination of the contract concluded in order to fulfill the order or the Contact Person status of the Contact Person 6:22 of Act V of 2013 on the Civil Code. In accordance with the limitation period laid down in It is the duty and responsibility of the User to inform the Data Controller if there is a change in the person of the Contact Person by modifying the appropriate fields.
Legal basis for data processing: The legal basis for the processing of Contact Data by the Data Controller is Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter : GDPR) pursuant to Article 6 (1) (f), the data controller has a legitimate interest in the contract concluded between the User and the Data Controller and in the performance of the order. In the opinion of the Data Controller, the order cannot be fulfilled without processing the data of the Contact. In order to ensure the right of the Contact to the protection of personal data, the Data Controller uses the Contact's personal data only for the purpose of contacting the User, provides him with adequate information on the circumstances of data processing and guarantees the rights set forth in Section 4 of this Prospectus.
The data controller declares that in the case of payment by credit card, it does not manage, collect or store any card data required for the payment transaction, and does not have access to this data in any way. The data controller declares that the transaction data is paid by PayPal (Europe) S.à.r.l., which provides the possibility to pay by credit card. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg .; hereinafter referred to as the “Service Provider”) shall not be liable for the legality of its handling. The User can get information about the data management of the Service Provider on the Service Provider's website or at other contact details: www.paypal.com;
Sign up for newsletter
Scope of data managed:
The User has the opportunity to subscribe to the Data Controller's newsletter, during which the following personal data must be provided:
full name*;
e-mail address*.
The purpose of data management: to send an electronic newsletter and an advertising message about the offers, services, products, promotions, promotions and sweepstakes related to the Data Controller and its activities to the e-mail address provided by the User.
Duration of data management: Until the User requests the deletion of his data or withdraws his consent to the processing of his personal data. The User may unsubscribe from the newsletter at any time by using the "Unsubscribe" option of the newsletter or by making a written or e-mail statement, which means the withdrawal of the consent. In such a case, the Data Controller shall immediately delete all data of the unsubscribed User.
Legal basis for data management: the User's express consent (given by ticking the box available for acceptance of this Prospectus) pursuant to Article 6 (1) (a) of the GDPR.
Push messages
Scope of data managed:
After opening the Website, the Data Controller will request permission to send Push Messages. In doing so, the Data Controller manages the following data:
Browser ID hash code
Purpose of data management: The purpose of displaying Push messages is to search for Users for marketing purposes and to display individual offers based on the User's special consent.
Duration of data management: Until the User requests the deletion of his data or withdraws his consent to the processing of his personal data.
Legal basis for data processing: explicit consent of the User under Article 6 (1) (a) of the GDPR.
The range of persons entitled to access personal data, data processing
The Data Controller and the Data Processors used by it are entitled to get acquainted with the personal data in accordance with the applicable legal regulations.
The processing of data is performed by the following data processors acting on behalf of the Data Controller:
Facebook
Address: 1 Hacker Way # 15, Menlo Park (HQ), CA, USA
Purpose of data processing: online marketing advertisements
Google (Alphabet)
Address: 1600 Amphitheater Pkwy, Mountain View (HQ), CA, USA
Purpose of data processing: analysis of online marketing advertisements, website visits
DotRoll Kft.
Address: 1148 Budapest, Fogarasi út 3-5.
Purpose of data processing: domain and hosting service
Ranktracker, Linkassistant
Address: Avangate BV, Prins Hendriklaan 26 II, 1075 BD, Amsterdam, The Netherlands
Purpose of data processing: search engine optimization data
Unbounce
Address: # 400 - 401 West Georgia Street, Vancouver, BC V6B5A1, Canada
The purpose of data processing: online marketing, creation of landing pages
OneSignal
Address: 2850 S Delaware St # 201, San Mateo, CA 94403, USA
Purpose of data processing: to send a push message via a browser
Sendgrid
Address: 889 Winslow St, Redwood City, CA 94063, USA
Purpose of data processing: online marketing and emailing
The Data Controller reserves the right to involve an additional data processor in the data management in the future, of which it informs the Users by amending this Prospectus.
In the absence of an express legal provision, the Data Controller shall only transfer data suitable for personal identification to third parties with the express consent of the given User.
Access to personal data
At the request of the User, the Data Controller shall provide information on whether the Data Controller conducts data processing in relation to his / her personal data and, if so, shall grant him / her access to the personal data and inform him / her of the following information:
- purpose (s) of data processing;
- the types of personal data involved in the processing;
- in case of transfer of the User's personal data, the legal basis and recipient (s) of the transfer;
- the planned duration of the data processing;
- the rights of the User in connection with the rectification, deletion and restriction of the processing of personal data, as well as the protest against the processing of personal data;
- the possibility to apply to the Authority;
- source of data;
- relevant information on profiling;
- the names, addresses and data processing activities of the data processors.
The Data Controller shall provide the User with a copy of the personal data subject to data management free of charge. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the User. If the User has submitted the request electronically, the information shall be provided in a widely used electronic format, unless otherwise requested by the data subject.
The Data Controller is obliged to provide the information at the request of the User in an intelligible form without undue delay, but no later than within one month from the submission of the request. The user may submit a request for access at the contact details specified in point 1.
Correction of managed data
The User may request the Data Controller to correct his inaccurate personal data or to supplement the incomplete data, taking into account the purpose of the data management. The data controller shall carry out the correction without undue delay.
Delete managed data (right to forget), lock
The User may request that the Data Controller delete the personal data concerning him / her without undue delay, and the Data Controller shall be obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:
- personal data are no longer required for the purpose for which they were collected or otherwise processed;
- the User withdraws his consent and there is no other legal basis for data management;
- the User objects to the processing of his / her personal data;
- personal data has been processed unlawfully;
- personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;
- the collection of personal data on a consensual basis has taken place in connection with the provision of information society services to children.
If the Data Controller has disclosed (made available to a third party) personal data and is obliged to delete it in accordance with the above, taking into account the available technology and the costs of implementation, it must take reasonable steps and measures to inform the personal data concerned. data controllers that the User has requested the deletion of the links to the personal data in question or of a copy or duplicate of such personal data.
Personal data need not be deleted if data processing is necessary:
- for the purpose of exercising the right to freedom of expression and information;
- to fulfill an obligation under Union or Member State law applicable to the controller to process personal data or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- on grounds of public interest in the field of public health;
- for the purposes of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; obsession
- to submit, enforce or defend legal claims.
Restrictions on data management
The User is entitled to restrict the data processing at the request of the Data Controller instead of correcting or deleting the personal data, if one of the following is met:
- the User disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the data controller to check the accuracy of the personal data;
- the data processing is illegal and the User objects to the deletion of the data and instead requests a restriction on their use;
- the Data Controller no longer needs the personal data for the purpose of data management, but the User requests them in order to submit, enforce or protect legal claims; obsession
- the User protested against the data management; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
Where data processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the User or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.
The Data Controller shall inform the User, at whose request the data management has been restricted, in advance of the lifting of the data management restriction.
Obligation to notify in connection with the rectification or erasure of personal data or restrictions on data processing
The Data Controller shall inform all recipients to whom or with whom the personal data have been communicated of the rectification, erasure or restriction of the processing of personal data, unless this proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the User of these recipients.
Right to data portability
The User is entitled to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine - readable format and to transmit this data to another data controller. If requested by the User, the Data Controller will export the managed data in PDF and / or CSV format.
Right to protest
The User may object to the processing of his / her personal data if the data processing
- necessary for the performance of a task in the public interest or in the exercise of a public authority conferred on the Data Controller;
- necessary to enforce the legitimate interests of the Data Controller or a third party;
- based on profiling.
In the event of a User's objection, the Data Controller may not further process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons which take precedence over the User's interests, rights and freedoms or related to the submission, enforcement or protection of legal claims. .
If the personal data is processed for the purpose of direct business acquisition or related profiling, the User has the right to object at any time to the processing of personal data relating to him for this purpose. If the User objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.
Action of the data controller in connection with the User's request
The Data Controller shall inform the User without undue delay, but no later than within one month from the receipt of the request, of the measures taken following the request for access, rectification, deletion, restriction, protest and data portability. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the User about the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. If the User has submitted the request electronically, the information shall, if possible, be provided electronically, unless the data subject requests otherwise.
If the Data Controller fails to take action at the request of the User, it shall inform the User without delay, but no later than within one month from the receipt of the request, of the reasons for non-action and that the User may file a complaint with a supervisory authority and have legal remedies.
At the request of the User, the information, information and the action taken on his request shall be provided free of charge. If the User's request is clearly unfounded or, in particular due to its repetitive nature, excessive, the Data Controller may charge a reasonable fee or refuse to act on the request, taking into account the administrative costs of providing the requested information or action or taking the requested action. The burden of proving that the request is manifestly unfounded or excessive is on the Data Controller.
Data security
The Data Controller undertakes to ensure the security of the data, to take the technical and organizational measures and to establish the procedural rules that ensure that the recorded, stored and processed data are protected, and to prevent their destruction and unauthorized use. and unauthorized alteration. It also undertakes to call on all third parties to whom the data is transmitted or transferred with the consent of the Users to comply with the data security requirement.
The data controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. The processed data may only be disclosed to the Data Controller and its employees, as well as to the Data Processor used by it, and the Data Controller shall not transfer them to a third party who is not entitled to disclose the data.
The data controller will do everything in its power to ensure that the data is not accidentally damaged or destroyed. The above commitment is imposed by the Data Controller on the employees participating in the data management activity.
The User acknowledges and accepts that the protection of data on the Internet cannot be fully guaranteed in the event of providing personal data on the Website, despite the fact that the Data Controller has state-of-the-art security measures to prevent unauthorized access to or retrieval of data. In the event of unauthorized access or disclosure of data despite our efforts, the Data Controller shall not be liable for such acquisition or unauthorized access of data or for any damage caused to the User due to these reasons. In addition, the User may disclose his / her personal data to third parties, who may use it for illegal purposes or in any way.
Under no circumstances shall the controller collect specific data, ie data relating to racial origin, membership of a national or ethnic minority, political opinion or party affiliation, religious or other worldview, membership of an advocacy organization, health status, pathological passion, sex life, and a criminal record.
Delete managed data (right to forget), lock
The User may request that the Data Controller delete the personal data concerning him / her without undue delay, and the Data Controller shall be obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:
- personal data are no longer required for the purpose for which they were collected or otherwise processed;
- the User withdraws his consent and there is no other legal basis for data management;
- the User objects to the processing of his / her personal data;
- personal data has been processed unlawfully;
- personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;
- the collection of personal data on a consensual basis has taken place in connection with the provision of information society services to children.
If the Data Controller has disclosed (made available to a third party) personal data and is obliged to delete it in accordance with the above, taking into account the available technology and the costs of implementation, it must take reasonable steps and measures to inform the personal data concerned. data controllers that the User has requested the deletion of the links to the personal data in question or of a copy or duplicate of such personal data.
Personal data need not be deleted if data processing is necessary:
- for the purpose of exercising the right to freedom of expression and information;
- to fulfill an obligation under Union or Member State law applicable to the controller to process personal data or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- on grounds of public interest in the field of public health;
- for the purposes of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; obsession
- to submit, enforce or defend legal claims.
Management and reporting of privacy incidents
A data protection incident is any event that involves the unlawful handling or processing of personal data, in particular unauthorized or accidental access, alteration, communication, deletion, loss or destruction, and accidental destruction of personal data managed, transmitted, stored or processed by the Data Controller. resulting in injury.
The Data Controller shall, without undue delay, but no later than 72 hours after becoming aware of the data protection incident, notify the NAIH of the data protection incident, unless the Data Controller can demonstrate that the data protection incident is not likely to jeopardize the rights and freedoms of individuals. viewed. If the notification cannot be made within 72 hours, it shall state the reason for the delay and the required information may be provided in detail without further undue delay. The notification to the NAIH shall contain at least the following information:
- the nature of the data protection incident, the number and category of data subjects and personal data;
- Name and contact details of the data controller;
- the likely consequences of the data protection incident;
- the measures taken or planned to deal with, prevent or remedy the data protection incident.
The Data Controller shall inform the data subjects about the data protection incident via the Data Controller's website within 72 hours after the detection of the data protection incident. The information shall contain at least the information specified in this point.
The Data Controller keeps a record of data protection incidents in order to monitor the measures related to the data protection incident and to inform the data subjects. The register shall contain the following information:
- the scope of the personal data concerned;
- scope and number of stakeholders;
- the date of the data protection incident;
- the circumstances and effects of the data protection incident;
- measures taken to deal with the data protection incident.
The data contained in the register shall be kept by the Data Controller for 5 years from the detection of the data protection incident.
Enforcement options
The Data Controller makes every effort to ensure that the personal data is processed in accordance with the law, however, if the User feels that this has not been complied with, he / she has the opportunity to write to the contact details specified in point 1.
If the User feels that his / her right to the protection of personal data has been violated, he / she may seek legal redress from the competent bodies in accordance with the applicable legislation.
- at the National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11 .; ugyfelszolgalat@naih.hu; www.naih.hu)
- in court.
Other provisions
Hungarian Law, in particular Act CXII of 2011 on the right to information self-determination and freedom of information, applies to this Prospectus. Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. and Regulation 2016/679 of the European Parliament and of the Council of April 2006 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 27.) governing.
Budapest, 1st February 2021.
powered by profiweb
We will contact you after filling out the form.