Privacy Policy
PRIVACY POLICY FOR PATIENTS OF KOVÁCS SAROLTA ORTHODONTIC STUDIO
At KOVÁCS SAROLTA ORTHODONTIC STUDIO, we are committed to protecting the personal data of natural persons contacting us and providing adequate information to data subjects about the key aspects of data processing, including:
(1) who processes your personal data,
(2) the purpose of data processing and how data is processed,
(3) what data we process about you and the legal basis for processing your data,
(4) how long we retain your data,
(5) to whom and for what purpose we disclose the data,
(6) your rights during data processing, and
(7) available remedies.
We fulfill our obligation to inform as required by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or "GDPR").
Table of Contents
1. Who is the data controller processing your personal data?
2. What is the purpose of data processing and how is the data processed?
3. What data do we process about you?
3.1. Data processing during initial contact
3.1.1. Legal basis for data processing
3.1.2. What data do we process about you?
3.1.3. How long do we retain your personal data?
3.1.4. To whom and for what purpose do we disclose your personal data?
3.1.5. Who has access to your data?
3.2. Data processing for information and direct marketing purposes
3.2.1. Legal basis for data processing
3.2.2. What data do we process about you?
3.2.3. How long do we retain your personal data?
3.2.4. To whom and for what purpose do we disclose your personal data?
3.2.5. Who has access to your data?
3.3. Data processing during the provision of services
3.3.1. Legal basis for data processing
3.3.2. What data do we process about you?
3.3.3. How long do we retain your personal data?
3.3.4. To whom and for what purpose do we disclose your personal data?
3.3.5. Who has access to your data?
3.4. Data processing for invoicing purposes
3.4.1. Legal basis for data processing
3.4.2. What data do we process about you?
3.4.3. How long do we retain your personal data?
3.4.4. To whom and for what purpose do we disclose your personal data?
3.4.5. Who has access to your data?
3.5. Capture and use of photographs during treatment
3.5.1. Legal basis for data processing
3.5.2. What data do we process about you?
3.5.3. How long do we retain your personal data?
3.5.4. To whom and for what purpose do we disclose your personal data?
3.5.5. Who has access to your data?
4. What rights do you have during data processing?
4.1. Right of access
4.2. Right to rectification
4.3. Right to erasure ("right to be forgotten")
4.4. Right to restriction of processing
4.5. Right to object
5. What remedies do you have regarding data processing?
6. Our activities related to data security
6.1. Security and protection of data files and information systems
6.2. Protection of paper-based records
1. Who is the data controller processing your personal data?
Your personal data is processed by Kovács Sarolta E.V. (registered office: 1063 Budapest, Szondi utca 72/13, tax number: 67948334-1-42; represented by: Dr. Kovács Sarolta; hereinafter referred to as the "Data Controller").
If you have any questions or concerns regarding data processing, please feel free to contact us using the following contact information:
Email: [email protected]
Phone number: +36 1678644
2. What is the purpose of data processing and how is the data processed?
We process your personal data primarily because you are interested in our services or wish to use our services, and the processing of your personal data is essential for the provision of our services.
Knowing various personal details about you is necessary to provide our services safely and efficiently. Therefore, we may need to handle sensitive data or health data about you, and in all data processing operations, especially in the case of health data, we ensure that we only process data that is absolutely necessary for the provision of services and only for as long as necessary.
3. What data do we process about you?
3.1. Data processing during initial contact
3.1.1. Legal basis for data processing
If you contact us and express interest in our services, we process the personal data provided by you to prepare the contract with you (GDPR Article 6(1)(b)).
3.1.2. What data do we process about you?
Personal data processed by us
Purpose of data processing
Your name
Identification of you
Your contact details
Responding to your questions and requests
Other personal data provided by you in the request
Responding to your questions and requests
3.1.3. How long do we retain your personal data?
Duration of personal data processing
Why we process the data
Until sending the information or until consent is withdrawn.
This ensures that you always receive the information you requested.
3.1.4. To whom and for what purpose do we disclose your personal data?
The IT background of our activities, including the necessary hosting services, is provided by EZIT KFT. This service provider qualifies as a data processor, as it processes your data by storing it.
Your personal data will not be forwarded to third parties either within or outside the EEA.
We do not employ data processors in our activities.
The transfer of data may only occur in special cases, based on legal authorization, to authorities such as courts or other agencies.
3.1.5. Who has access to your data?
Employees authorized by their duties have access to your personal data. Each employee involved in data processing is only entitled to access the data necessary for their duties and only to the extent necessary to perform their tasks.
All cooperating personnel are obliged to treat the information as confidential.
3.2. Data processing for information and direct marketing purposes
3.2.1. Legal basis for data processing
If you indicate during your inquiry, we will send you informational materials or marketing requests via email, and your email address will be processed based on your consent (GDPR Article 6(1)(a)).
You can withdraw your consent at any time without providing a reason, and we will interpret this as you no longer having an interest in our products or services, in which case we will delete your data from our marketing database.
3.2.2. What data do we process about you?
Personal data processed by us
Purpose of data processing
Your name
Identification of you
Your email address
Sending informational and/or marketing requests
3.2.3. How long do we retain your personal data?
Designation of data processing
Duration of personal data processing
Why we process the data
Data processing for sending information about our service
Until sending the information or until consent is withdrawn.
This ensures that you always receive the information you requested.
Data processing for direct marketing messages
Until consent is withdrawn, objection to processing,
or as long as we provide such a service.
This ensures that you always receive the messages you requested. If our service for sending direct marketing messages were to cease, we would also delete our newsletter database along with your data.
3.2.4. To whom and for what purpose do we disclose your personal data?
In order to send you marketing information of interest via email based on your consent, we use the services of Brandmakers Group Kft. (brandmakers.hu; headquarters: 23 Csapás Street, 2011 Budakalász). This service provider acts as a data processor during our work, handling the processing of your data by storing your name and email address and sending out the emails.
For our newsletters, we use the services of Mailchimp (https://mailchimp.com). This service provider also acts as a data processor during our work, handling the processing of your data by storing your email address and sending out the emails.
We do not transfer your personal data to third parties within or outside the European Economic Area (EEA). We do not use data processors in our activities.
The transfer of data may only occur in special cases, based on legal authorization, to authorities such as courts or other agencies.
3.2.5. Who has access to your data?
Employees authorized by their duties have access to your personal data. Each employee involved in data processing is only entitled to access the data necessary for their duties and only to the extent necessary to perform their tasks.
All cooperating personnel are obliged to treat the information as confidential.
3.3. Data processing during the provision of services
3.3.1. Legal basis for data processing
If you use our services, we are obliged to process certain personal data according to applicable laws (Section 136(2) of Act CLIV of 1997) to fulfill our legal obligations (GDPR Article 6(1)(c)), and regarding health data, GDPR Article 9(2)(h).
3.3.2. What data do we process about you?
For the provision of our services, we process the following personal data:
Personal data processed by us
Purpose of data processing
Your family and given name, place and date of birth, address, place of residence, mother's name, social security number, gender
Identification of you
Name of legal representative (in the case of a minor patient)
Identification of legal representative
Information about current illnesses and their treatment (if any).
Determination of safe treatment, compilation of health documentation.
Names of medications you are taking (if any)
Determination of safe treatment, compilation of health documentation
Information about your allergies (if any)
Determination of safe treatment, compilation of health documentation
Data about your previous illnesses and surgeries (if any)
Determination of safe treatment, compilation of health documentation
Name and contact information of your dentist (if any)
Determination of safe treatment, compilation of health documentation
Information about your current dental treatment (if any)
Determination of safe treatment, compilation of health documentation
Data about your health issues (infectious diseases, blood clotting disorders, heart rhythm disorders, liver, gallbladder complaints, jaundice, immunodeficiency, or other diseases) (if any)
Determination of safe treatment, compilation of health documentation
Information regarding pregnancy (if you are pregnant)
Determination of safe treatment, compilation of health documentation
Information about whether you have had orthodontic treatment before, and if so, what type and when, and how long you used it
Determination of safe treatment, compilation of health documentation
In addition to the above, to maintain contact with you during the provision of our service, based on the legal basis of contract performance (GDPR Article 6(1)(b)), we process your contact information provided, such as your email address and/or phone number.
3.3.3. How long do we retain your personal data?
Duration of processing personal data
Why we process the data so far
Until the expiration of any claim related to the service (typically 5 years from the end of the service, except when the limitation period rests, interrupts, or restarts according to the relevant laws)
It is in our interest to have information about the service available for as long as you come to us for treatment.
3.3.4. To whom and for what purpose do we disclose your personal data?
To keep track of appointments with you, we store your name, phone number, and email address in the Flexi-dent (https://www.flexi-dent.hu) application. This service provider acts as a data processor during our work, handling the processing of your data by storing your data.
During the provision of our service, we may enlist the services of external professionals. If this occurs, we will always coordinate with you. These service providers act as data processors during our work, handling the processing of your data for the time necessary to perform the task (typically the time required for preparing the dental device). Currently, regarding invisible orthodontics, we have contractual relationships with the following two service providers: Pro-Dent2000 Bt. (https://happysmile.hu/; headquarters: 78 Fiskális Street, 8000 Székesfehérvár).
Our packages are delivered by the GLS General Logistics Hungary Kft. (https://gls-group.eu/HU/hu/home; headquarters: 2 GLS Európa Street, 2351 Alsónémedi). When using these service providers, they act as data processors during our work, handling the processing of your data for the time necessary to perform the task (typically the time it takes to deliver the package).
We do not transfer your personal data to third parties within or outside the European Economic Area (EEA). We do not use data processors in our activities.
The transfer of data may only occur in special cases, based on legal authorization, to authorities such as courts or other agencies.
3.3.5. Who has access to your data?
Employees authorized by their duties have access to your personal data. Each employee involved in data processing is only entitled to access the data necessary for their duties and only to the extent necessary to perform their tasks.
All cooperating personnel are obliged to treat the information as confidential.
3.4. Data processing for invoicing purposes
3.4.1. Legal basis for data processing
During the provision of our service, we issue invoices that include personal data of the concerned individuals. The processing of these data is prescribed by the Act C of 2000 on Accounting, and the legal basis for this data processing is the fulfillment of legal obligations applicable to the Data Controller (GDPR Article 6(1)(c)).
3.4.2. What data do we process about you?
For invoicing purposes, we process the following data about you:
Personal data processed by us
Purpose of data processing
Your name and address
Issuing invoices, retention according to legal requirements, supporting the annual financial report.
3.4.3. How long do we retain your personal data?
Duration of personal data processing
Why we process the data
For 8 years from the preparation of the annual financial report
according to the Accounting Act 169(2) paragraph.
3.4.4. To whom and for what purpose do we disclose your personal data?
During our activities, we use the following data processors:
Name of data controller and contact details
Designation of data processing activity
Scope of personal data handed over
• Szedlák Anita self-emloyed
• Budapest, Násznagy Street 26 C
• 1131, Hungary
Bookkeeping, payroll accounting
Name and address of the invoice payer, type of the performed service, its counter-value, date
The transmission of data beyond the above is only possible in special cases, based on legal authorization, typically upon the request of a legal authority such as a court or other agency.
3.4.5. Who has access to your data?
Employees authorized by their duties have access to your personal data. Each employee involved in data processing is only entitled to access the data necessary for their duties and only to the extent necessary to perform their tasks.
The information obtained must be treated confidentially by all collaborating parties.
3.5. Capture and use of photographs during treatment
3.5.1. Legal basis for data processing
If you expressly consent to it before the start of processing, we take photographs for the purpose of using them on social media platforms, presentations, demonstrations, or conferences. The legal basis for data processing is your consent (GDPR Article 6(1)(a)). Of course, you have the right to individually consent to specific uses. To ensure the voluntary nature of your consent, we request your consent again after the processing of the images.
You can withdraw your consent at any time, without providing a reason, which we will interpret as no longer maintaining your interest in our products or services, and we will delete your data from our systems.
Please note that withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.
3.5.2. What data do we process about you?
In this context, we process the following data about you:
Personal data processed by us
Purpose of data processing
Your image
Use of the images for diagnostic purposes and promotion of our activities.
3.5.3. How long do we retain your personal data?
Duration of personal data processing
Why we process the data
Until withdrawal of consent, objection to processing.
The use of images is for demonstration purposes and the promotion of our company. The time limit for processing images is based on achieving these goals. If we no longer use an image, we delete it.
3.5.4. To whom and for what purpose do we disclose your personal data?
We use the images taken during educational events and provide them in printed or electronic form as part of our presentation materials to participants in conferences.
To publish our presentation materials on social media platforms, we share the images with data processors producing educational materials and media content. The contractual obligations outlined in our contracts with data processors guarantee the proper security and protection of your data.
3.5.5. Who has access to your data?
Employees authorized by their duties, as well as the data processors detailed in the previous section, have access to your personal data. All employees involved in data processing are only entitled to know the data necessary for the performance of their duties and only to the extent necessary.
The information obtained must be treated confidentially by all collaborating parties.
4. What rights do you have during data processing?
4.1. Right of access
If you are curious about the data we hold about you, contact us, and upon your request, we will provide information on whether your personal data is being processed, and if so, we will inform you about:
a) the purposes of the data processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, including particularly recipients in third countries or international organizations;
d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) your right to request rectification, erasure, or restriction of processing of your personal data, and to object to such processing;
f) your right to lodge a complaint with the National Data Protection and Freedom of Information Authority;
g) if the data were not collected from you, any available information as to their source;
h) the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
A copy of the personal data that is the subject of data management will be provided to you free of charge. If additional copies are required, please let us know, however, we will charge a reasonable fee based on administrative costs for these copies. If you have submitted your application electronically, we will provide you with the information in a widely used electronic format (e.g. .doc, .pdf, .jpeg formats), unless you request otherwise.
4.2. Right to rectification
Our aim is to handle your accurate data at all times. If you notice that the data we hold about you is inaccurate or incomplete, please inform us. We will rectify, amend, or supplement the data without undue delay.
Upon rectification and/or amendment of the data, we will promptly inform those to whom we have disclosed the data unless this is impossible or involves a disproportionate effort on our part.
4.3. Right to erasure ("right to be forgotten")
You have the right to request the erasure of personal data concerning you if:
a) your personal data is no longer needed for the purposes for which it was collected or otherwise processed;
b) you withdraw your consent on which the processing is based, and there is no other legal ground for the processing;
c) you object to the processing, and there are no overriding legitimate grounds for the processing;
d) your personal data has been unlawfully processed;
e) your personal data must be erased to comply with a legal obligation under Union or Member State law to which we are subject.
After the erasure of data, we will promptly inform those to whom we have disclosed the data unless this is impossible or involves a disproportionate effort on our part.
We may refuse to fulfill a request for erasure based on the following grounds:
• the exercise of the right of freedom of expression and information;
• compliance with a legal obligation that requires processing by Union or Member State law to which we are subject or the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• reasons of public interest in the area of public health;
• archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
• the establishment, exercise, or defense of legal claims.
4.4. Right to restriction of processing
You have the right to request the restriction of processing if one of the following applies:
a) you contest the accuracy of the personal data; in such cases, the restriction will be for a period enabling us to verify the accuracy of the personal data;
b) the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
c) we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims;
d) you have objected to processing pending the verification of whether our legitimate grounds override yours.
If processing is restricted based on the above, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If we lift the restriction on processing, we will inform you accordingly.
After the restriction of processing, we will promptly inform those to whom we have disclosed the data unless this is impossible or involves a disproportionate effort on our part.
4.5. Right to object
IMPORTANT! You are entitled to object at any time to the processing of your personal data based on legitimate interests for reasons related to your particular situation. If we cannot demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims, we will cease the processing of personal data.
You may also object at any time to the processing of personal data for direct marketing purposes. In such cases, we will promptly cease the processing without undue delay.
5. What remedies do you have regarding data processing?
If you have any questions, observations, or complaints regarding the processing of your personal data, please contact us using the following contact information:
Phone: +36-30 1678644
Email: [email protected]
If you believe that your rights have been violated concerning the processing of your personal data, you may file a complaint with the National Authority for Data Protection and Freedom of Information to investigate your claim:
Name: National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest Szilágyi Erzsébet fasor 22/c
Mailing address: 1530 Budapest, Pf.: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: [email protected]
In case of a breach of your right to informational self-determination, you may, at your choice, initiate proceedings before the court having jurisdiction over your residence or habitual residence. The court will proceed out of turn during the proceedings.
6. Our activities related to data security
During the processing of your personal data, we take all necessary security, technical, and organizational measures to ensure the security of your data.
We carefully choose and operate our information technology tools to ensure the following conditions regarding the processed data:
• accessibility to those authorized (availability);
• accuracy and certification (data integrity);
• verifiability of unchanged data (data integrity);
• protection against unauthorized access (data confidentiality).
6.1. Security and protection of data files and information systems
We implement the following technical, organizational, and organizational measures to ensure the security of data processing according to the appropriate level of protection against the risks associated with data processing.
• Measures ensuring protection against unauthorized access, including the protection of our software and hardware tools and physical protection (access protection, network protection).
• Measures ensuring the possibility of data file recovery, including regular security backups and separate, secure handling of copies
• (mirroring, security backup).
• Protection of data files against viruses (virus protection).
• Physical protection of data files or the devices carrying them, including fire protection,
water damage protection, lightning protection, and protection against other elemental damage, as well as the recoverability of damage resulting from such events (archiving, fire protection).
6.2. Protection of Paper-Based Records
The location of storage for paper-based documents is our workplace.
To protect paper-based records, we take necessary measures, especially concerning physical security and fire protection.
Our employees and other individuals acting on behalf of our company are obliged to securely keep and protect personal data-containing data carriers they use or possess, regardless of the method of recording data, against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental loss and damage. Paper-based documents are stored in a locked cabinet or safe, under security surveillance at our company's headquarters, ensuring that unauthorized persons cannot access them.
