Data Processing and Terms of Use

Privacy Policy of the Operator of the Aerodoc Private Medical Practice Website

Dr. Krisztina Szabó, managing director, ZSOLCA-MED Bt (registered office: 4026 Debrecen, Bethlen u. 6-8/E 3/19, debrecen@aerodoc.hu, phone: +36705577535, tax number: 21313417-1-09, hereinafter referred to as Service Provider), as data controller, acknowledges the content of this legal notice as binding upon herself.

The purpose of this information is to record the data protection and data processing principles applied by the Service Provider, as well as its data protection and data processing policy.

The Service Provider undertakes that all data processing related to its activities complies with the expectations set out in this notice and in the applicable legal regulations.

The Service Provider reserves the right to unilaterally modify this notice at any time. Any potential changes will be communicated to the users of the website in a timely manner.

If you have any questions related to this notice, please write to us at: debrecen@aerodoc.hu

The Service Provider is committed to protecting the personal data of users of the website and considers it especially important to respect users’ right to informational self-determination. The Service Provider handles users’ personal data confidentially and takes all security, technical, and organizational measures necessary to ensure the security of the data.

 

Definitions

For the purposes of this Privacy Policy, the terms below shall have the following meanings as defined by the General Data Protection Regulation (EU) 2016/679 (“GDPR”):

  • Personal Data: Any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means. This includes, but is not limited to, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Restriction of Processing: The marking of stored Personal Data with the aim of limiting their processing in the future.
  • Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
  • Data Processor: A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
  • Profiling: Any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
  • Pseudonymisation: The processing of Personal Data in such a manner that the data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
  • Filing System: Any structured set of Personal Data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
  • Recipient: A natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • Third Party: A natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, Data Processor, and persons who, under the direct authority of the Data Controller or Data Processor, are authorised to process Personal Data.
  • Consent: Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.
  • Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

 

Data Controller Information

Name: Dr. Krisztina Szabó, acting as managing director of ZSOLCA-MED Bt. (hereinafter referred to as the “Service Provider”)

Address: 4026 Debrecen, Bethlen u. 6-8/E 3/19, Hungary

Company Registration Number: 0906016277

Tax Number: 21313417-1-09

Contact: +36 70 557 7535

 

Name of the Data Processing

Database of visitors and patients who have booked appointments via the Aerodoc private medical practice website.

 

Scope of Processed Data

1. Data collected from all website visitors

  1. Technical data collected automatically: When visiting the website, the portal may retrieve information regarding the time and location of the visit, as well as technical parameters such as browser type, screen resolution, and operating system. These data are monitored automatically by the system but are not logged or linked to other personal data. This information is used solely for optimizing the user interface during the session.
  2. Cookies: To provide a personalized user experience, the website places small data files (cookies) on the user’s device, which it may read during future visits. Cookies improve usability, enhance user experience, remember individual settings, and provide technical and statistical information about the user and their device. Users can disable or delete cookies through their browser settings at any time.
    • Session cookies: These are used to ensure smooth browsing and the functionality of the appointment booking system. They are valid only for the duration of the session and are automatically deleted once the browser is closed.

2. Data collected from users using the appointment booking function

The following personal data are required when booking an appointment:

  • full name,
  • email address.

Technical Measures

The Service Provider selects and operates the IT tools used for the processing of personal data in such a way that ensures:

  • Availability: Data is accessible only to authorized individuals;
  • Integrity and authenticity: The accuracy and authenticity of data is maintained;
  • Data integrity: Changes to data are verifiable;
  • Confidentiality: Protection against unauthorized access is ensured.

The Service Provider implements appropriate technical and organizational measures to safeguard personal data from unauthorized access, alteration, transmission, disclosure, deletion, destruction, or accidental loss.

Such measures are designed to provide a level of security appropriate to the risk associated with the data processing.

The Service Provider ensures:

  • Confidentiality: Information is protected so that only authorized individuals may access it;
  • Integrity: Accuracy and completeness of both the data and the processing methods are preserved;
  • Availability: Authorized users can access the data when needed, and the systems required to do so are maintained in working order.

3. Data Stored by Third Parties

  • The website uses Google Analytics, a web analytics service for statistical purposes. The Service Provider collects information on how users interact with the website. The data collected is anonymized and only available in aggregated form, which cannot be linked to any individual by the Service Provider.

 

Legal Basis for Data Processing

The legal basis for data processing is Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR), which states that processing is lawful if the data subject has given consent to the processing of their personal data for one or more specific purposes.

In cases where technical data from the visit (e.g. IP address) is recorded, the legal basis for processing is the fulfillment of a legal obligation imposed on the Service Provider pursuant to Article 6(1)(c) of the GDPR.

 

Purpose of Data Processing

The purpose of data processing is to allow users to book medical consultations via the website, to display the booked appointment, and to send confirmation via email to the email address provided.

In the case of data recorded in log files during website use, storage of such data serves purely technical and statistical purposes. The anonymous visitor identifier (e.g. cookie string) in itself does not enable identification of the client (i.e. visitor), but only the recognition of the visitor’s device. Users have the option to configure their browsers to block cookies from being placed on their device, or to delete any previously stored cookies.

 

Duration of Data Processing

In the case of appointment bookings, the provided name and email address are retained until the data subject withdraws their consent or for five (5) years following the date of the last booked appointment, whichever occurs first. After this period, the data is automatically deleted.

 

Rights of the Data Subject and Legal Remedies

The data subject may request information about the processing of their personal data and may request the rectification or—except for mandatory processing—deletion or withdrawal of their personal data. They may also exercise their right to data portability and their right to object, in the manner indicated at the time of data collection or via the contact details provided above.

1. Right to Information

The Service Provider shall take appropriate measures to provide the data subject with all information referred to in Articles 13 and 14 of the GDPR and all notifications under Articles 15–22 and 34, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.

2. Right of Access

The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed. If such processing is taking place, the data subject has the right to access the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations;
  • the envisaged period for which the personal data will be stored;
  • the existence of the right to request rectification or erasure of personal data or restriction of processing or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • information on the source of the data;
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

The data controller shall provide the information within one (1) month of receiving the request.

3. Right to Rectification

The data subject has the right to obtain the rectification of inaccurate personal data concerning them and to have incomplete personal data completed.

4. Right to Erasure (“Right to be Forgotten”)

The data subject shall have the right to obtain the erasure of personal data concerning them without undue delay where one of the following grounds applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • the data subject withdraws consent and there is no other legal basis for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data has been unlawfully processed;
  • the personal data must be erased to comply with a legal obligation in Union or Member State law to which the data controller is subject;
  • the personal data has been collected in relation to the offer of information society services.

Erasure shall not be carried out where processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation requiring processing by Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority;
  • for public health, archiving, scientific or historical research, or statistical purposes in the public interest;
  • for the establishment, exercise, or defense of legal claims.

5. Right to Restriction of Processing

The data subject has the right to request restriction of processing if any of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling verification;
  • the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of use instead;
  • the controller no longer needs the personal data, but the data subject requires it for the establishment, exercise, or defense of legal claims;
  • the data subject has objected to processing, pending the verification of whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such data shall, with the exception of storage, only be processed with the data subject’s consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

6. Right to Data Portability

The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller.

7. Right to Object

The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which is based on tasks carried out in the public interest, the exercise of official authority, or legitimate interests pursued by the controller or a third party, including profiling based on those provisions.

In such cases, the controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

8. Right not to be Subject to Automated Decision-Making, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

9. Right to Withdraw Consent

The data subject has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

10. Legal Remedies

If the User believes their rights have been violated in the course of data processing, they may take the following actions:

    • Contact the Data Controller directly via postal mail (4026 Debrecen, Bethlen u. 6-8 /E, 3/19) or by email at: debrecen@aerodoc.hu
    • Initiate legal proceedings before a court in the event of unlawful data processing or breach of data security requirements. According to applicable laws, they may be entitled to compensation or damages. Information on competent courts is available at: www.birosagok.hu
    • Submit a complaint to the competent supervisory authority, the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
      • Address: H-1055 Budapest, Falk Miksa u. 9-11
      • Phone: +36-1-391-1400
      • Email: ugyfelszolgalat@naih.hu
      • Website: http://www.naih.hu

 

Data Processors and Their Roles

  • PHARMAPROMO Kft.
    Address: 4026 Debrecen, Csemete utca 20.
    Type of processing: IT services (development, support)
  • Hetzner Online GmbH
    Address: Industriestr. 25, 91710 Gunzenhausen, Germany
    Type of processing: Server hosting
  • NOOP IT Services Kft.
    Address: 4060 Balmazújváros, Oncsa utca 37.
    Type of processing: System administration tasks

 

Nature of Data Processing

The performance of technical tasks related to the operation of the website and the appointment booking system.

 

Right to Modify the Privacy Policy

The Service Provider reserves the right to unilaterally amend this privacy policy with prior notice to users. By using the service after the amendment becomes effective, you accept the amended privacy policy

(Published 26 May 2025)

Enter your
text here
Powered by  GDPR Cookie Compliance
Overview

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.