The website https://hgabiomed.hu (hereinafter: „Website”) is operated by the HGA Biomed Pharmaceuticals Limited Liability Company (hereinafter: „Data Controller”).
The purpose of the contents and data displayed on the Website is to inform the users visiting the Website about the activities, services, and references of the Data Controller. This Privacy Policy (hereinafter: „Policy”) contains all information about the handling of the personal information that are provided by the visitors on the Website, for the purpose that the users are fully aware of the purpose and conditions of the data controlling of the Website, the risks and guarantees associated with it, and the rights of the users before providing personal data and consents. The visitor understands and accepts the content of this Policy by using the Website.
For the visitors is not necessary to register to use the Website. In addition to the data controlling described in this Policy, we do not collect personal data from visitors in any form during the visit on the Website.
1. THE DATA CONTROLLER
The Data Controller is a legal person, who defines the purpose and tools of the data controlling alone or with others.
Name: HGA Biomed Gyógyszergyártó Korlátolt Felelősségű Társaság
Site: 7400 Kaposvár, Jutai út 50.
Company registration number: 14-09-304112
Tax number: 11982960-2-14
E-mail: [email protected]
Website: https://hgabiomed.hu
Phone number: +36 82 526057
Contact person and contact details: Bence Krümmer, +36 82 526057
2. Privacy Policy laws
For the purposes of this Policy, personal data is an information relating to an identified or identifiable natural person (the “Data Subject“). The natural person is identifiable, who is identifiable by especially an identifier directly or indirectly (for example name, number, location data, online ID, or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.
The following laws apply to the controlling of a users personal data:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
EUR-Lex – 32016R0679 – EN – EUR-Lex (europa.eu)
- Act CXII. of 2011 on the right to information self-determination and freedom of information. Act (“Information law”), the current text of which is available at the following link:
http://net.jogtar.hu/jr/gen/hjegy_doc.cgi?docid=A1100112.TV
3. DATA CONTROLLING ON THE WEBSITE
- Data controlling regarding to contacting the Data Controller
Personal data is accessed by The Data Controller through the website, if the Data Subject wishes to contact with the Controller, has question or wishes to request an offer, and therefor voluntarily fills in and sends the contact form on the website.
The data controlling is based on the consent of the Data Subject, who fills in and sends the form. Personal data is used by the Data Controller only for the purpose indicated by the Data Subject, such as answering a question, informing about the products and services distributed by the Data Controller, sending a personal offer, unless the Data Controller receives permission from the Data Subject, for other uses or it is required by law or professional standards. For example, if the Data Subject requests information from us, we will use the information so provided to respond to the request.
The aim of data controlling: Responding the messages, and requests send by Data Subject.
Legal basis for data controlling: The legal basis for our data controlling is the consent of the Data Subject in accordance with Article 6 (1) (a) of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council.
Scope and source of managed data:
The following personal data to be provided by the visitor on the contact form and will be fall into the data management of the Data Controller:
- name
- e-mail address
- phone number (optional)
- employer company name, title,
- text message written by the visitor
- selected contact mode
Source of data: directly the message sender, the Data Subject
Duration of data controlling:
After sending the reply, if no further data controlling takes place between the visitor and the Data Controller for other purposes and on an appropriate legal basis (e.g., concluding a contract), the Data Controller shall delete the data within 1 month. Prior to this, the Data Subject may also request the deletion of his / her personal data at any time.
Unless otherwise requested by the Data Subject, the processed personal data will be deleted immediately, if the data processing was not carried out for the purpose specified in the legislation, or the purpose of the data processing has ceased.
Data security:
The personal data provided will be send per e-mail to the Data Controller’s dedicated contact via an encrypted channel. The Data Controller stores the personal data provided by the visitor on the personal computer of the contact person and uses the hosting service of GoDaddy.com LLC for the data provided via the Website.
List of data managers, data transfers:
Personal data sent through the Website for the purpose of contacting us is accessed only by the employee of the Data Controller designated to reply to the messages as a contact person and we do not share this personal data with other external data controllers.
Data processors:
During the data management, the Data Controller uses the following data processors, to which personal data is forwarded
- Name: GoDaddy.com LLC
Head office: 14455 North Hayden Road Suite 219 Scottsdale, AZ 85260, United States
Technical operation performed by the data processor: Website hosting service.
- Name: Microsoft Corporation
Head office: 1 Microsoft Way Redmond , WA, 98052-8300 , United States
Technical operation performed by the data processor: e-mail system (Microsoft Outlook)
The Data Controller may only transfer personal data received from visitors in this way to third parties if required to do so by law. For example, if the Data Controller receives a court or police request.
If personal data is transferred to a third country or international organization during the processing, such transfer (s) may only take place in compliance with the provisions of the General Data Protection Regulation and with the level of protection guaranteed by the General Data Protection Regulation.
- Cookies used on the Website
Cookies are small data files, data packets, which are placed on the visitor’s computer by the operator of a website during the use of the interface and which are saved and stored by the visitor’s internet browser downloaded from the website. In the event of a later visit, the operator can use these cookies to know e.g., identify the visitor or differentiate from other users, or even send customized information in the browser window.
If you do not consent to the placement of the cookie, you can do so by making settings (disabling, revoking) in your own browser, this may restrict or prevent the use of certain services. All modern browsers allow you to change your cookie settings.
Prohibiting the use of cookies by the user does not normally prevent you from visiting or browsing the website. However, some cookies are absolutely necessary for certain services to work properly, so disabling or rejection to use them or deleting cookies that have already been stored may result in the website not working fully and certain features not could being used properly by the visitor concerned.
Types of Cookies used by Data Controller on the Website
- Absolutely necessary Cookies for the operation of the Website: These are absolutely necessary for the visitor to be able to navigate on the Website so that certain basic functions of the Website can work, such as searching, reading content, etc.
- Cookies for statistical purposes: To improve the website, these functional cookies are used to improve the user experience in order to increase the performance of online services. Usually, these type of cookies used by anonym statistical data collection systems, when processing the collected data, the service provider sees which functions need to be improved and accelerated.
- Convenience cookies: With these cookies can be performed more detailed analysis of the activities during the visits performed on the Website, which makes it possible to display personalized content and advertisements.
The target of data controlling: collecting information on the use the Website, controlling the user data related to the use of the Website of the Data Controller.
The legal basis for data controlling:
- in the case of necessary and statistical cookies that also handle personal data for the operation of the Website, Article 6 (1) (f) of the GDPR, ie legitimate interests pursued by the Controller, while
- the legal basis for the processing of other convenience cookies is Article 6 (1) (a) of the GDPR, according to which the Data Subject has consented to the processing of his or her personal data for one or more specific purposes.
If the legal basis for data processing is your consent, you may voluntarily withdraw it at any time by disabling cookies, however, the withdrawal of consent does not affect the lawfulness of data processing prior to withdrawal.
The Data Controller itself and third parties may use cookies on the Website. The following table describes the list of self-developed and third-party cookies set by the Data Controller on the Website:
Cookie name | Duration of data storage | Owner | Type | Aim |
_ga | 2 years | Google Analytics | Statistical | A cookie required to manage data in a statistical system for measuring anonymous website traffic, used to differentiate between individual browsers. |
gtm | 1 day | Google LLC | Statistical | A cookie used by Google Tag Manager to manage the proper loading of Google Tag Manager code. |
Data processors:
During data controlling, the Data Controller uses the following data processors:
- Name: Google LLC
Head office: 1600 Amphitheatre Pkwy Mountain View , CA, 94043-1351, United States
Activity of the data processor: use of cookies for anonymous statistical purposes.
If personal data is transferred to a third country or international organization during the processing, such transfer (s) may only take place in compliance with the provisions of the General Data Protection Regulation and with the level of protection guaranteed by the General Data Protection Regulation.
4. PRIVACY POLICY RIGHTS
The parties may request from the Data Controller the following, regarding their personal data managed by the Data Controller:
(a) information on the processing of their personal data before and during the data controlling (” the right to information”);
(b) access to their personal data (making their personal data available to the controller) (“right of access”);
- c) the rectification or supplementation of their personal data (“right to rectification”),
- d) the restriction (blocking) of the processing of their personal data, with the exception of mandatory data controlling (“right to restriction “)
- e) their personal data, with the exception of mandatory data controlling, shall be deleted by the Data Controller (“right of erasure”)
(f) has a right to data portability (“right to data portability”);
(g) object to the controlling of his or her personal data (“right to object”)
Data subjects may submit their requests to the Data Controller in writing in accordance with point V. The Data Controller shall execute the Data Subject’s lawful request no later than within the time prescribed by the relevant legislation (which is currently 1 month) and shall notify of this in a letter sent to the contact details provided by the user.
- The right to information (based on the Article 13-14. of General Data Protection Regulation)
The user may request information from the Data Controller in writing as to whether the Data Controller is in the process of processing the personal data. If such data processing is in progress, the user has the right to request information from the Data Controller about what personal data, on what legal basis, for what purpose, from what source and for how long, and to whom, when, under what law, which personal data was granted or to whom the user has transmitted the personal data, including in particular to recipients in third countries or international organizations, and on the circumstances, effects and measures taken to remedy a possible data protection incident.
- Right of access by the Data Subject (based on the Article 15. of General Data Protection Regulation)
The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and this from the Data Controller may request in writing in accordance with IV.
The Controller shall provide a copy of the personal data undergoing processing to the Data Subject, if this does not conflict with other legal obstacles. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form.
- Right to rectification (based on the Article 18. of General Data Protection Regulation)
The Data Subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to restriction of processing (based on the Article 18. of General Data Protection Regulation)
You may request, in writing or by e-mail, that the Data Controller blocks your personal data or restricts the data processing via the contact details of the Data Controller provided above, if any of the following is met:
(a) the accuracy of the personal data is contested by you, for a period enabling the Data Controller to verify the accuracy of the personal data;
(b) the data processing is unlawful and you subject oppose the erasure of the personal data and requests the restriction of their use instead;
(c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise, or defense of legal claims;
(d) The user objected to the data processing; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Data Subject.
In the event of blocking/restriction of data, such personal data may be processed, with the exception of storage, only with your consent, or for the submission, enforcement or protection of legal claims, or for the protection of the rights of other natural or legal persons, or in the public interest. The blocking/restriction lasts as long as the reason you specify requires the data to be stored.
- Right to erasure (based on the Article 17. of General Data Protection Regulation)
The Data Subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- the Data Subject withdraws consent on which the processing and where there is no other legal ground for the processing.
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed.
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
The Data Subject’s request for deletion may only concern the deletion of data processed on the basis of the Data Subject’s consent and shall not affect the scope of Data Subject to mandatory data processing ordered by law. The Data Controller is entitled to process the personal data of the Data Subject even after the Data Subject’s request for cancellation, if the processing of the Data Subject’s data is necessary for the fulfillment of the Data Controller’s legal obligations or the enforcement of its legitimate interests.
- Right to data portability (based on the Article 20. of General Data Protection Regulation)
The Data Subject shall have the right to request and get in writing the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or Article 9(2)of the General Data Protection Regulation or
- based on a contract pursuant to point (b) of Article 6(1); and
- the data processing is carried out by automated means.
- Right to object (based on the Article 21. of General Data Protection Regulation )
The Data Subject may object in writing to the processing of his or her personal data in accordance with Article 6 (1) (f) of the General Data Protection Regulation against the data controlling for the legitimate interests of the Data Controller or a third party, including profiling based on those provisions. In this case, the Data Controller shall not further process the personal data, unless the Data Controller demonstrates that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights, and freedom of the Data Subject or are related to the submission, enforcement or defense of legal claims.
Where personal data are controlled for the purpose of direct business acquisition, the Data Subject shall have the right to object at any time to the controlling of his / her personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition. If the Data Subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be controlled for this purpose.
5. ENFORCEMENT AND REMEDIES RELATED TO DATA PROCESSING
It is recommended, that before initiating legal or regulatory proceedings, the Data Controller should send his / her complaint regarding the controlling of his / her personal data in writing by regular mail or e-mail to the Data Controller’s contact details specified in point I. so that we can investigate the problem, if we are justified, we can fulfill any of your requests, demand.
The Data Controller will investigate the Data Subject’s requests without undue delay, within the time prescribed by the relevant legislation (which is currently 1 month), take action on the request and provide information on the matter to the Data Subject. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by 2 months as provided by law.
If the Data Controller does not take action on the basis of the Data Subject’s request without delay, but no later than within the term specified by law, he / she shall inform the Data Subject of the reasons for not taking action, refusing to comply with the request, and that the Data Subject may institute legal or administrative proceedings in its case as follows.
Initiation of legal proceedings
The Data Subject may initiate a lawsuit against the Data Controller or the data processor – in connection with data processing operations within the scope of the Data Processor’s activities – if, in its opinion, acting the Data Processor acting on the Data Controller’s behalf or acting on its instructions in breach of the rules laid down in a binding act of the Union about controlling the personal data.
The lawsuit falls within the jurisdiction of the tribunal. The lawsuit may also be instituted before the competent court of the Data Subject’s place of residence or stay, at the choice of the Data Subject. You can view the list and contact details of the courts via the following link:
http://birosag.hu/torvenyszekek.
Initiation of an official procedure
In order to enforce his rights, the Data Subject may initiate an investigation or conduct an official procedure with a statement (complaint) submitted to the supervisory authority, claiming that he or she has been infringed or is in imminent danger in connection with the controlling of his or her personal data, in particular,
- if in his opinion the Data Controller restricts with Section 10.1. restrict the exercise of the Data Subject’s rights as set out in point 1 or reject his / her request to exercise those rights (initiation of an investigation), and
- – if, in its opinion, the Data Controller or the data processor entrusted by him or her acting on his or her behalf violates the provisions on the processing of personal data laid down in law or a binding legal act of the European Union (requesting for conduction of official procedure).
The name and contact details of the supervisory authority are as follows:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Head office: 1055 Budapest, Falk Miksa u. 9-11.
Post address: 1363 Budapest, Pf.: 9.
E-mail: [email protected]
Phone number: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: www.naih.hu
6. DATA SAFETY
The Data Controller shall take appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data processing and the variable likelihood and severity of risks to the rights and freedoms of natural persons, in order to: guarantees a level of data security commensurate with the degree of risk:
- pseudonymization and encryption of personal data
- ensuring the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;
- in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
- a procedure for regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures taken to ensure the security of data processing.
In determining the appropriate level of security, explicit account shall be taken of the risks arising from the processing, in particular arising from the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.
The Data Controller also undertakes to call on all third parties to whom the data is transmitted or transferred on any legal basis to comply with the data security requirement.
7. EXCLUSION OF RESPONSIBILITY
Despite the careful processing of the Data Controller, the Website may not contain the most up to date information, so the information found cannot in any way be considered as a service provided by the Data Controller.
The Website may contain links to cooperating partners that are not covered by this privacy policy, and we are not responsible for the content of external links.
The Data Controller shall not be responsible for any misspellings, content errors and omissions on the Website, and shall exclude the possibility of enforcing any claim for damages or warranties arising from this incorrect information service.
8. REWIEV AND CHANGES OF THE POLICY
The conditions of data controlling may change from time to time, and the Data Controller may at any time decide to add a new data controlling purpose to its ongoing data controlling, therefore the Data Controller reserves the right to amend this policy at any time. The Data Controller is obliged to inform the Data Subjects about the changes in such a way that the Data Controller publishes the amendment to the Policy on the Website immediately after its acceptance.