Keresés
Close this search box.

Privacy Policy

(I) DATA CONTROLLER

The purpose of this policy is to document the data processing policy of VARTID Innovative Limited Liability Company (henceforth “Data Controller”).

Name of Data Controller:

VARTID Innovative Limited Liability Company

Business registration number of Data Controller:

01-09-377273

Headquarters of Data Controller:

Vörösmarty utca 67. 2. em., Budapest 1064 HUNGARY

E-mail address of Data Controller:

info@vartid.com

Representative of Data Controller:

Executive Lajos Juhász

Data Controller shall manage the personal data in compliance with the provisions of all current legislation and the requirements imposed by the data protection authorities, in particular the following legislation:

  • Act CXII of the Hungarian Parliament of 2011 on the Right to Informational Self-Determination (henceforth “Information Act”) and Freedom of Information Article 6 of Regulation No. 2016/679 of the European Parliament and of the Council, superseding the 95/46/EC directive (Data Protection Directive) (henceforth: “Regulation” or “GDPR”).

The Data Controller shall treat personal data confidentially, and shall take all technical and organisational measures related to data storage and management, and other technical and organisational measures to ensure the security of the data.

Terms and concepts

The terminology of this Privacy Policy document is identical to the interpretative definitions set out in Article (4) of the Regulation and, supplemented at certain points, to the interpretative provisions of Article (3) of the Information Act. 

When this document refers to data or processing, it means personal data or the processing thereof.

*****

(II) SPECIFIC OBJECTIVES OF DATA MANAGEMENT

(1) Use of cookies on the website

Data Controller uses “cookies” on its webpage https://vartid.com/ (henceforth “website”) to maintain and develop the services of the webpage and to enhance user experience.

What is a cookie?

Cookies are small text files placed on the user’s device by the browser to identify and collect information. A cookie consists of a unique set of numbers and is primarily used to distinguish computers and other devices that download the website. Cookies have a variety of functions, including collecting information, remembering user preferences, allowing the website owner to learn about user habits to enhance the user experience. 

Why does the website use cookies?

Data Controller uses cookies on the website for the following purposes:

  • to ensure the proper and high quality operation of the website,
  • to count visitors,
  • to provide web analytics and to analyze how visitors use the website,
  • to monitor and improve the quality of the services provided by the website,
  • to improve user experience, and
  • to make it easier to manage our sites.

This website uses Google Analytics, a web analytics service provided by Google Inc. („Google”). Google Analytics uses „cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also disclose this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By choosing the appropriate settings of the browser, the user may refuse to use cookies, but in this case the user may not fully use all the functions of the website. Using this website, user accepts Google’s processing of data collected according to the manner and purpose described above.

For more information about the data protection policies of Google Inc., see the following reference:https://policies.google.com/privacy?hl=en-US 

What cookies does the website use?

Data Controller provides detailed information about the cookies used by the website through the website’s cookie manager.

The information collected by the cookies will not be sold or rented by the website to third parties, except to the extent necessary to provide the services for which the data subject has previously and voluntarily provided this information.

Legal basis for the processing of data by cookies?

The legal basis for the processing is Article 6 (1) (f) of the GDPR, which means that the processing of personal data is based on the consent of the data subject, provided through the cookie manager.

How can you verify and control cookies?

In addition to the website cookie manager, all modern browsers allow you to change the cookie setting. Most browsers automatically accept cookies by default, but these settings can usually be changed to prevent automatic acceptance and each time will offer you the choice of whether or not to allow cookies.

As cookies are intended to facilitate or enable the usability and processes of the website, by preventing or deleting the use of cookies, users may not be able to fully use the website’s functions or the website may not function as intended in their browser.

You can find out about cookie settings for the most popular browsers by following the links below:

Google Chrome: 

https://support.google.com/accounts/answer/61416?hl=en

Firefox:

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Microsoft Edge:

https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd

Microsoft Internet Explorer:

https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Opera:

https://help.opera.com/en/latest/web-preferences/#cookies

Safari:

https://support.apple.com/en-euro/guide/safari/sfri11471/mac

*****

(2) Communication-related data processing

In today’s fast-paced world, Data Controller keeps in touch with interested parties, customers and partners primarily by electronic means, but anyone can also contact Data Controller by letter with questions. Anyone may contact the Data Controller by direct e-mail or by sending a message directly to the Data Controller via the website https://vartid.com/contact/, whether it is a request for information, a request for a quote, a request for information, a technical question or any other matter, or by post.

In today’s fast-paced world, the Data Controller keeps in touch with interested parties, customers and partners primarily by electronic means, but anyone can also contact Data Controller by letter with questions. Anyone may contact the Data Controller by post or by direct e-mail info@vartid.com and send a message to the Data Controller, whether it is a request for information, a request for a quote, a request for information, a technical question or any other matter.

When communicating with the data subject in relation to any matter, the Data Controller will handle emails and letters as described in this document.

Purposes of data processing

Communication and reply to information requests. The data provided by the data subject is processed by Data Controller solely for the purposes of communication with the data subject and for the administration of the message. 

Data Controller shall only contact any data subject in connection with the performance of a contract already in force or on other legitimate grounds, in compliance with the rules on data protection.

Personal data processed

Personal data includes name, e-mail address, postal address in the case of postal mail, and any other information which the data subject considers relevant to the matter initiated by the data subject. 

If the data subject contacts Data Controller directly on the website https://vartid.com/contact/:

  • name,
  • e-mail,
  • home address/headquarters (including the city and the country),
  • phone (optional),
  • the name of the company/institution represented by the data subject contacting the Data Controller (optional),
  • the activities of the company/institution represented by the data subject (optional),
  • medical specialization (optional).

Legal basis for data processing

The legal basis for the processing of personal data is Article 6 (1) (b) of the Regulation, i.e. processing is necessary for the performance of a contract (obligation) to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into a contract. The Data Controller considers the communication with the data subject as preliminary processing in relation to a contract (agreement) to be signed at a later stage or processing in relation to a contract already signed. 

In addition, Article 6 (1) (f) of the Regulation (legitimate interest) also provides a legal basis for Data Controller to process the data. It is in the legitimate interest of Data Controller to process personal data necessary to respond to a request for information.

Source of personal data

The data subject. As the data subject is the source of the personal data, the Data Controller will inform him or her directly of any changes to the scope of the data processed when the data are collected.

Recipients of personal data made available

Personal data may be processed by the Data Controller only by its employees who have been authorised to make suggestions or decisions in relation to the message sent by the data subject or the management of the case required on the basis of the message.

Transfer of personal data to a third country or international organisation

Data Controller shall not transfer personal data to a third country or to an international organization. 

Time limit of processing of personal data

In the event of any kind of contract (obligation) between Data Controller and the data subject, Data Controller will process the personal data obtained in the course of the communication in relation to the contract in question, in accordance with the relevant privacy document.

If no contract is signed between the Data Controller and the data subject following the pre-contractual processing, or if the communication is not related to a contract and the communication cannot have any future legal effect, the Data Controller will process the personal data obtained during the communication until the communication is finally terminated.

Automated decision-making and profiling

Neither automated decision-making nor profiling is done during data processing.

Providing personal data

Providing personal data is a condition for replying to the message and thus for communication between the data subject and the Data Controller. 

*****

(3) Data processing for marketing purposes

Purposes of data processing

The purpose of data processing is to contact interested parties and potential business partners for marketing purposes in order to inform them about medical technology products, innovative solutions and related services developed by the Data Controller and to send newsletters. 

Personal data processed

E-mail and name. In case of subscribing to a newsletter, the Data Controller also processes data relating to the period of subscription and the granting of consent.

The information letters are sent via the Freshworks system, which also allows the Data Controller to access the following data of the sent letters:

  • the type of newsletter sent and the time of sending (day, hour, minute),
  • whether the newsletter was opened and if so, when (day, hour, minute),
  • whether the addressee clicked on the link in the newsletter and if so, when (day, hour, minute),

Legal basis for data processing

The legal basis for the processing is Article 6 (1) (a) of the GDPR, which means that the processing of personal data is based on the consent of the data subject. 

Source of personal data

The data subject. As the data subject is the source of the personal data, the Data Controller will inform him or her directly of any changes to the scope of the data processed when the data are collected.

Recipients of personal data made available

Personal data are processed only by the Data Controller’s employees whose job it is.

Transfer of personal data to a third country or international organisation

Data Controller shall not transfer personal data to a third country or to an international organization.

Time limit of processing of personal data

The data are processed until the data subject’s consent is withdrawn. You can unsubscribe from the newsletter automatically at any time by clicking on the unsubscribe link in the newsletters, or you can send an unsubscribe request to info@vartid.com email address.

Automated decision-making and profiling

Neither automated decision-making nor profiling is done during data processing.

*****

(III) THE DATA PROCESSORS EMPLOYED BY THE DATA CONTROLLER 

Data Controller uses the services of the following service providers:  

  • Tárhely.Eu Limited Liability Company (Ormánság utca 4. X. em. 241, Budapest 1144 HUNGARY) – the hosting provider of the website. 
  • MorphoCom Limited Liability Company (Seregély utca 12., Budapest 1037 HUNGARY) – designer and operator of the website. 
  • Online Service Selector Limited Liability Company (Szőlő u 39., Pilisszentiván 2084 HUNGARY) – designer and operator of the website.
  • Tárhely.Eu Limited Liability Company (Ormánság utca 4. X. em. 241, Budapest 1144 HUNGARY) the email provider of Data Controller.
  • In order to be able to interact with the user, Data Controller also uses services provided and operated by third parties (Freshworks Inc.) on the website and other online applications. Freshworks, a data processor acting on behalf of the Data Controller, automatically receives and records information that can be linked to the user, such as device model, IP address, browser type and usage pattern through cookies and browser settings. Freshworks analyzes this data, which helps the Data Controller to improve its service. Find out more about cookie settings and privacy policy of Freshworks on their website .

Data processors may process the personal data of the data subject only for the purposes specified by the Data Controller and contractually agreed upon, in accordance with the instructions of the Data Controller, and they have no autonomous decision-making rights with regard to data processing. Processors are bound by confidentiality obligations and contractual guarantees regarding the retention of personal data obtained in the course of their duties.

*****

(IV) RIGHTS OF THE DATA SUBJECT

Information on processing of data

The data subject has the right to receive information on processing his or her data, provided by Data Controller by way of the present document.

Data processing based on consent

Where the legal basis for a processing operation is the data subject’s consent, he or she has the right to withdraw his or her consent at any time. However, it is important to note that the withdrawal of consent can only apply to data for which there is no other legal basis for processing. If there is no other legal basis for the processing of the personal data concerned, Data Controller shall permanently and irreversibly delete the personal data following the withdrawal of consent. Withdrawal of consent under the Regulation shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

Access

At the data subject’s request, Data Controller shall at any time inform the data subject whether or not his or her personal data are being processed and, if so, provide access to the personal data and the following information:

  1. purposes of data processing;
  2. categories of the data subject’s personal data;
  3. the recipients or categories of recipients to whom or with whom Data Controller has disclosed or will disclose the personal data, including in particular recipients in third countries or international organisations;
  4. the expected time limit of storage of the personal data or, if this is not possible, the criteria for determining that time limit;
  5. the data subject shall also be informed of his or her right to obtain from Data Controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
  6. the right to lodge a complaint with a supervisory authority or to take legal action;
  7. if the data have not been collected directly from the data subject by the Data Controller, any available information on the source of the data;
  8. where automated decision-making is carried out, the fact of such processing, including profiling, and, at least in these cases, the logic used, i.e. the significance of such processing and the likely consequences for the data subject.

Right of rectification

The data subject shall at any time have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her by the Data Controller. Taking into account the purposes of the processing, the data subject also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

In the event of a request for rectification (amendment) of the data, the data subject must substantiate the accuracy of the data requested to be amended and must also certify that the person entitled to the amendment is the person who requests the amendment. This is the only way for Data Controller to assess whether the new data is real and, if so, whether it can modify the previous data.

Data Controller also draws the attention to the fact that the data subject should notify Data Controller about any changes to his/her personal data as soon as possible, thus facilitating lawful processing and the exercise of his/her rights.

Right of erasure

At the request of the data subject, the Data Controller shall delete personal data relating to the data subject without undue delay where one of the following grounds applies:

  1. Data Controller no longer needs the personal data for the purposes for which they were collected or otherwise processed;
  2. where processing is based on consent, the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing or objects to processing for direct marketing purposes;
  4. the personal data are unlawfully processed by Data Controller;
  5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which Data Controller is subject;
  6. personal data are collected in connection with the provision of information society services.

Right to restriction of data processing

The data subject shall have the right to obtain, at his or her request, the restriction of data processing by Data Controller if one of the following conditions is met:

  1. contests the accuracy of the personal data; in this case, the restriction applies for a period of time which allows Data Controller to verify the accuracy of the personal data;
  2. data processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
  3. Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
  4. the data subject has objected to data processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of Data Controller prevail over the legitimate grounds of the data subject.

Right to object

Where the processing of personal data is based on the legitimate interests of the controller (Article 6 (1) (f) of the Regulation) or is necessary for the performance of a task carried out in the exercise of official authority vested in the controller (Article 6 (1) (e) of the Regulation), the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data, including profiling based on those provisions.

If the data subject’s personal data are processed by Data Controller for the purposes of direct marketing (e.g. sending information letters), the data subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the data subject objects to data processing with the purpose of direct marketing, then the personal data of the data subject shall not be used for this purpose.

Legitimate interest

Where the legal basis for the processing of personal data is the legitimate interest of the Data Controller or of a third party within the meaning of Article 6 (1) (f) of the Regulation, we will prepare a written „balancing of interests test” pursuant to preamble paragraph 47 and Article 5 (2), which the data subject can request by sending an email to info@vartid.com.

Right to data transfer

The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to the Data Controller in a structured, commonly used, machine-readable format and the right to have those data transmitted by Data Controller to another data controller if:

  1. the processing is based on the data subject’s consent or on a contract within the meaning of Article 6 (1) (b) of the Regulation; and
  2. data processing is automated.

THE PROCEDURES FOR ENFORCING THE RIGHTS OF THE DATA SUBJECT

The data subject can enforce his or her rights by sending an e-mail to the Data Controller info@vartid.com, by post to the Data Controller’s headquarters or in person at the Data Controller’s headquarters. The Data Controller shall start the examination and execution of the data subject’s request without undue delay upon receipt. Data Controller shall inform the data subject of the measures taken on the basis of the request within 30 days of receipt. If Data Controller is unable to comply with the request, it shall inform the data subject within 30 days of the reasons for the refusal and of his or her rights of redress.

Within five years of the death of the data subject, the rights of the deceased as set out in this document, which the data subject enjoyed during his or her lifetime, may be exercised by a person authorisd by the data subject by means of an administrative arrangement or a declaration in a public or private document of full probative value made to Data Controller or, if the data subject made several declarations to a data controller, by a declaration made at a later date. If the data subject has not made a corresponding declaration of rights, his or her close relatives within the meaning of the Hungarian Civil Code shall still be entitled to exercise the rights under Articles 16 (right of rectification) and 21 (right to object) of the Regulation and, if the processing was unlawful during the data subject’s lifetime or the purpose of the processing ceased to exist upon the death of the data subject, under Article 17 (right to erasure) and 18 (right to restriction of processing) of the Regulation within five years of the death of the data subject. The right to exercise the rights of the data subject under this paragraph shall be exercised by the close relative who first exercises that right.

*****

(V) REMEDIES IN RELATION TO DATA PROCESSING

In order to exercise his or her right to judicial remedy, the data subject may take legal action against Data Controller if he or she considers that Data Controller or a processor acting on his or her behalf or under his or her instructions is processing his or her personal data in breach of the provisions of the law on the processing of personal data or of binding legal acts of the European Union. The court gives priority to such cases. The tribunal has jurisdiction to hear the case. The action may also be brought, at the discretion of the data subject, before the court of the place of residence or domicile of the data subject or the court of the seat of the Data Controller (Metropolitan Court).

Anyone may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) against Data Controller, alleging that the processing of personal data has resulted in a violation of rights or an imminent threat thereof, or that Data Controller is restricting the exercise of rights related to the processing of personal data or is refusing to exercise such rights. You may lodge your complaint at the following contact options:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

Mailing address: Pf. 9., Budapest 1363 HUNGARY

Address: Falk Miksa utca 9-11., Budapest 1055, HUNGARY 

E-mail: ugyfelszolgalat@naih.hu

URL: https://naih.hu/about-the-authority 

Budapest, 28 June 2022

______________________

VARTID LLC 

Represented by: Executive Lajos Juhász