I. CONTROLLER, PROCESSOR AND CONTACT DETAILS
1. Zsuzsanna Kovács individual enterpreneur (EV) acts as a data controller (hereinafter referred to as the “Data Controller”) of the personal data of current, former and prospective customers and visitors to its website [hereinafter referred to as the “Data Subject(s)” or the “Data Subject(s)”].
2. Data Controller’s data:
Company name: Zsuzsanna Kovács individual entrepreneur
Address: 1111 Bp. Egry József street 19-21., 5th floor/26th door
Website: www.healzie.hu
E-mail: [email protected]
Phone number: +36 30 351 75 41
1.3. 1.3. Data processor
The Data Controller is entitled to use a data processor to carry out its activities. Processors do not take independent decisions, but are only entitled to act on behalf of the Controller in accordance with the contract concluded with the Controller and the instructions received. The Controller shall monitor the work of the processors.
Data of the processors (including service providers used for the operation of the IT system): name:
Name: Hidden Design Ltd.
Headquarters: 1095 Budapest Gát street 21. Ground floor/1
Contact: [email protected]
II. II. SCOPE OF MANAGED DATA, PURPOSE, LEGAL BASIS AND DURATION OF DATA MANAGEMENT
2.1. 2.1. Inquiring about a service on the website, in person, by phone or in another way
| Scope of processed data | Purpose of data management | Legal basis for data management | Retention time |
| Name of natural person provided for contact | Contact | GDPR Article 6 f) it is the Data Controller’s legitimate interest to be able to respond to received questions and inquiries. | In the first month of each year, the contact data received during the previous year are deleted, unless the purpose of data management changes. |
| E-mail address | Contact | GDPR Article 6 f) it is the Data Controller’s legitimate interest to be able to respond to received questions and inquiries. | In the first month of each year, the contact data received during the previous year are deleted, unless the purpose of data management changes. |
| Phone number | Contact | GDPR Article 6 f) it is the Data Controller’s legitimate interest to be able to respond to received questions and inquiries. | In the first month of each year, the contact data received during the previous year are deleted, unless the purpose of data management changes. |
| Request for indicated service | Serving customer needs | GDPR Article 6 f) it is the Data Controller’s legitimate interest to be able to respond to received questions and inquiries. | In the first month of each year, the contact data received during the previous year are deleted, unless the purpose of data management changes. |
| Description of health status | Request for | With regard to special data (e.g. health data), data management is governed by Article 9 of the GDPR. 2) (a) (express consent of the data subject) and (h) (provision of health care service) of the GDPR. | According to Act XLVII of 1997 on the management and protection of health and related personal data (hereinafter referred to as “Eüak“) all personal data must be processed for at least 30 years based on § 30 (1) of the Eüak (from the depending). With regard to electronic inquiries in which the personal data contained are not considered to be the health data of a patient (where the legal data management obligation does not apply), and after the inquiry no negotiation process for the provision of healthcare services takes place, the personal data contained therein will be processed by the data controller for 60 days. |
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
In the course of data management, personal data may be forwarded to the legal representative associated with the Data Controller.
Personal data may be forwarded to third parties in order to provide healthcare services. Non-employed professional staff contributing to the provision of healthcare services, as well as contributing independent economic companies (doctors, patient transporters, laboratories, diagnostic companies, etc.) are considered third parties. Patients will be informed separately about the transfer of data.
Does automated decision-making take place: It does not take place.
2.2. Individual Request for Proposal
| Scope of processed data | Purpose of data management | Legal basis for data management | Retention time |
| Name of natural person provided for contact | Contact regarding contract preparation | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline), unless a contract is concluded. In this case, the contact data received during the previous year will be deleted in the first month of each year, unless the purpose of data management changes. |
| E-mail address | Contact regarding contract preparation | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline), unless a contract is concluded. In this case, the contact data received during the previous year will be deleted in the first month of each year, unless the purpose of data management changes. |
| Phone number | Contact regarding contract preparation | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline), unless a contract is concluded. In this case, the contact data received during the previous year will be deleted in the first month of each year, unless the purpose of data management changes. |
| Request for indicated service | Serving customer needs | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline), unless a contract is concluded. In this case, the contact data received during the previous year will be deleted in the first month of each year, unless the purpose of data management changes. |
| Description of health status | Request for | With regard to special data (e.g. health data), data management is governed by Article 9 of the GDPR. 2) (a) (express consent of the data subject) and (h) (provision of health care service) of the GDPR. | According to Act XLVII of 1997 on the management and protection of health and related personal data (hereinafter referred to as “Eüak“) all personal data must be processed for at least 30 years based on § 30 (1) of the Eüak (from the depending). With regard to electronic inquiries in which the personal data contained are not considered to be the health data of a patient (where the legal data management obligation does not apply), and after the inquiry no negotiation process for the provision of healthcare services takes place, the personal data contained therein will be processed by the data controller for 60 days. |
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
In the course of data management, personal data may be forwarded to the legal representative associated with the Data Controller.
Does automated decision-making take place: It does not take place.
2.3. Admission of patients, conclusion of contract, fulfillment of contract
| Scope of processed data | Purpose of data management | Legal basis for data management | Retention time |
| Name of natural person provided for contact | Contact regarding the performance of the contract | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline) |
| E-mail address | Contact regarding the performance of the contract | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline) |
| Phone number | Contact regarding the performance of the contract | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline) |
| Data provided during patient admission (detailed below) | Patient care | GDPR 9. 2) (a) (express consent of the data subject) and (h) (provision of health care service) of the GDPR. | All personal data related to health documentation is provided by Eüak. for at least 30 years based on § 30 (1) of the Eüak (from the depending). |
Data provided during patient admission: CLIV of 1997 on health care. Act § 136. §. contains the mandatory content elements, which are as follows:
It must be stated in the medical documentation
a) * the personal identification data of the patient defined in the Act on the Management and Protection of Health and Related Personal Data,
b) * in the case of a patient who is capable of acting, the person to be notified and – if the patient requests – the name, address and contact information of the supporter according to the Act on Supported Decision-Making, and in the case of a minor or a patient under guardianship that partially or completely limits the ability to act, the name, address and contact information of the legal representative,
c) medical history,
d) the result of the first examination,
e) the examination results establishing the diagnosis and treatment plan, the date of the examinations,
f) the name of the disease justifying the treatment, the underlying disease, accompanying diseases and complications,
g) other diseases that do not directly justify care, or the name of the risk factors,
h) the time of the performed interventions and their results,
i) medicinal and other therapy and its results,
j) data on the patient’s drug hypersensitivity,
k) the name of the healthcare worker making the registration and the date of the registration,
l) recording the content of information provided to the patient or other person entitled to information,
m) the consent [15. § (3)] or the fact of refusal (§ 20-23), as well as their date, n) all other data and facts that may influence the patient’s recovery. (3) The following must be kept as part of the health documentation: a) the findings of each examination, b) documents generated during medical treatment and consultation, c) nursing documentation, d) recordings of imaging diagnostic procedures, as well as e) tissue samples taken from the patient’s body.
n) all other data and facts that may influence the patient’s recovery.
(3) The following must be kept as part of the health documentation:
a) the findings of each examination,
b) documents generated during medical treatment and consultation,
c) nursing documentation,
d) recordings of imaging diagnostic procedures, as well as
e) tissue samples taken from the patient’s body.
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
In the course of data management, personal data is forwarded to the legal representative, accountant, and auditor related to the Data Controller.
Does automated decision-making take place: It does not take place.
2.4. COMPLAINT HANDLING
The patient – as a patient of the data controller – is entitled to file a complaint with the health care provider in relation to health care based on § 29 of the Health Care Act. The healthcare provider or the maintainer is obliged to investigate the complaint and to inform the patient of the result in writing as soon as possible, but no later than thirty working days. Exercising the right to complain does not affect the patient’s right to contact the body employing the representative of patient rights, welfare rights and children’s rights and other bodies in order to investigate the complaint, as defined in separate legislation. The data controller is obliged to draw the patient’s attention to this circumstance.
The detailed rules for the investigation of the complaint are laid down in the internal regulations of the data controller.
| Scope of processed data | Purpose of data management | Legal basis for data management | Retention time |
| The name and contact information of the person concerned, the date of the complaint, description of the complaint. | Investigating the complaint and documenting the progress and findings of the investigation. | Fulfillment of the legal obligation according to Article 6 (1)(c) of the GDPR (legal basis is Article 29.§ /4/ of the GDPR). | The last day of the 5th year following the filing of the complaint |
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
During data management, personal data may be forwarded to the legal representative associated with the Data Controller.
Does automated decision-making take place: It does not take place.
2.5. Data management related to our website
| Scope of processed data | Purpose of data management | Legal basis for data management | Retention time |
| The name of a natural person provided on our website | Contact | GDPR Article 6 f) it is the legitimate interest of the Data Controller to be able to keep in touch with the sender of the message | The data is stored for a maximum of 270 days. |
| Your e-mail address provided on our website | contact | GDPR Article 6 f) it is the legitimate interest of the Data Controller to be able to keep in touch with the sender of the message | The data is stored for a maximum of 270 days. |
| Message provided on our website | contact | GDPR Article 6 f) it is the legitimate interest of the Data Controller to be able to keep in touch with the sender of the message | The data is stored for a maximum of 270 days. |
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
During data management, personal data may be forwarded to the legal representative associated with the Data Controller.
Does automated decision-making take place: It does not take place.
2.6. Cookies
A cookie is a small data file or set of data that is placed on your device (computer, phone, tablet) when you visit or browse a website. Cookies can serve many purposes. Most often, in order to increase the user experience and place targeted advertisements, they collect data on the use and attendance of the visited website.
Cookies are not suitable for the personal identification of a website visitor, only for recognizing the visitor’s device (computer, telephone, tablet). They are also not suitable for running programs or viruses.
Persistent cookies: in order to ensure a better experience for the Data Subject, the Data Controller also uses persistent cookies. This type of cookie remains in the cookie file of the Data Subject’s browser for a much longer time. This period depends on how the Data Subject has configured his/her Internet browser. Permanent cookies provide information to the web server whenever the Data Subject visits the website.
Session cookies: these are temporary cookies that remain in the browser’s cookie file until the Data Subject leaves the website, after which they are deleted. Certain applications of the website, or these cookies are essential for the functioning of its functions.
Marketing (advertising) cookies and tracking cookies: they help develop the process of personalized advertisements. Similar technologies, such as web beacons or pixel tags, are usually used together with cookies to allow the Data Subject’s activity and statistics to be tracked and measured on the website, in marketing emails and online advertisements. The Data Subject can prevent their operation by blocking the reception of cookies.
Essential and functional cookies: they serve the proper functioning of the site and tailoring it to the Data Subject from a technological point of view. Deactivating them endangers the safe and proper operation of the website.
Third-party cookies:
a) Facebook social sharing button: https://www.facebook.com/full_data_use_policy
b) Facebook Pixel: https://www.facebook.com/business/gdpr
c) Google Analytics: https://www.google.com/analytics/terms/
The Data Subject can find more information about third-party cookies at the links above, including their validity period.
Duration of data management
The validity period of the cookie may differ depending on its type and purpose.
Facebook social sharing button and Facebook Pixel: 180 days; Google Analytics, Google AdSense and Google Maps: 365 days.
Affected rights:
The person concerned has the right to delete the cookie from his computer or disable the use of cookies in his browser. Cookies can usually be managed in the Tools/Settings menu of browsers under the Data Protection/History/Personal Settings menu under the names cookie, cookie or tracking. If the Data Subject would like to learn more about what cookies his browser uses, please visit one of the following websites corresponding to his browser:
Google Chrome https://support.google.com/chrome/answer/95647?hl=hu
Mozilla Firefox https://support.mozilla.org/hu/kb/tovabbfejlesztett-kovetes-elleni-vedelem-az-asztal
Microsoft Edge https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy
Safari https://support.apple.com/hu-hu/guide/safari/manage-cookies-and-websitedata-sfri11471/mac
| Scope of managed data | Type of cookie | Legal basis for data management |
| SESSION | Necessary cookies, persistent cookies and necessary cookies | Fulfillment of the legal obligation according to Article 6, paragraph 1, point e) of the GDPR, with regard to Articles 24 and 32 of the GDPR, § 5 of Act L of 2013 on the electronic information security of state and local government bodies, and state and local government bodies 41/2015 on technological security defined in Act L. of 2013 on electronic information security, as well as on the requirements for secure information devices and products, as well as classification into security class and security level. (VII. 15.) for tasks required according to 27. annex 3 of the BM decree and the Ákr. to paragraph (2) of § 27. |
| SESSION | Marketing cookies | Data Subject Consent |
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
During data management, personal data may be forwarded to the legal representative associated with the Data Controller.
Does automated decision-making take place: It does not take place.
2.7. Online consultation
| Scope of processed data | Purpose of data management | Legal basis for data management | Retention time |
| Data required to set up an online consultation (username, profile image URL, platform used for the service, language, and any other data required for IT identification provided by the data subject) | Contact | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline) |
| E-mail address | Contact | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline) |
| Phone number | Contact | GDPR article (1) para. point b): data processing is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract; | Contract duration, plus 5 years after termination (general civil law claim enforcement deadline) |
| Online consultation (detailed below) | Patient care | GDPR 9. 2) (a) (express consent of the data subject) and (h) (provision of health care service) of the GDPR. | All personal data related to health documentation is provided by Eüak. for at least 30 years based on § 30 (1) of the Eüak (from the depending). |
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Data Controller or representatives of natural persons or legal entities in other legal relationships for work can access this data.
Recipients of personal data:
During data management, personal data may be forwarded to the legal representative associated with the Data Controller.
Does automated decision-making take place: It does not take place.
2.8. Management of the data of applicants for employment advertisements, as well as the data of persons employed by the Company or in other legal relationships for employment purposes
The Company processes the personal data contained in the CVs and other attached documents received for the purpose of notifying the data subject of the employment opportunities that best suit his or her education and interests, to arrange an appointment with the data subject, and to carry out the selection.
In the case of an individual already employed or in a contractual relationship, the purpose of data management is to establish and maintain the employment relationship, to fulfill the legal and/or contractual obligations arising from the employment relationship (in particular, e.g. payment of wages, leave, etc.) and to exercise legal and/or contractual rights. The Employer may use the employee’s personal data for statistical purposes and may pass it on for statistical use – without the employee’s consent and in a manner unsuitable for personal identification.
Scope of processed personal data:
1. In the case of the applicant, the personal data included in the CV sent by the person concerned, such as in particular name, telephone number, e-mail address;
2. In the case of an employee (name, address, tax identification number, social security number, data on children, certain health eligibility data).
Legal basis:
a) In the case of the applicant, on the basis of point a) of Article 6, paragraph (1) of the GDPR – the express consent of the data subject. When a candidate sends his/her CV and other accompanying documents to the Company, the person concerned consents to the processing of his/her personal data by sending his/her CV.
b) In the case of an employee, the provision of data based on GDPR Article 6 (1) c) is required by law 10. (Mt. § 10 (1)-(4)) for the Company
c) In the case of an employee, the registration of individual health data is carried out on the basis of GDPR Article 6 (1) c) and GDPR Article 9 (2) h.)
Scope of persons entitled to access personal data:
In the course of data management, the relevant employees of the Company or representatives of natural persons or legal entities in other legal relationships for employment may access this data.
Recipients of personal data:
In the course of data management, the Company may forward personal data to insurers and legal representatives related to the Company, and, where appropriate, to accountants and auditors contractually related to the Company.
Duration of storage of personal data:
In the case of applicants, it is stored until the consent of the concerned person. If the Data Subject withdraws his/her consent, the Company is obliged to delete the personal data. The data subject can withdraw his/her consent to the processing of personal data by e-mail at any time, either by telephone or in writing by e-mail.
In the case of an employee, the Company processes personal data for the period prescribed by law.
Does automated decision-making take place: It does not take place.
III. RIGHTS AFFECTED
3.1. Information and access to personal data
The data subject can request information from the Data Controller in writing via the contact details provided above, so that the Data Controller can inform:
• what personal data, • on what legal basis,
• for what purpose of data management,
• from what source,
• how long will it be treated.
The Data Controller provides the information to the Data Subject in a widely used electronic format, unless the Data Subject requests it in writing, on paper. The Data Controller does not provide verbal information over the phone. The Data Controller provides the Data Subject with a copy of the personal data (in person) free of charge for the first time. For additional copies requested by the Data Controller, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject requests a copy electronically, the information is provided to the Data Controller by email in a widely used electronic format.
3.2. The right to correct and supplement processed personal data
At the Data Controller’s written request, the Data Controller shall, without undue delay, correct inaccurate personal data indicated by the Data Subject in writing or in person at one of the Data Controller’s stores, or supplement the incomplete data with the content specified by the Data Controller. The data controller informs all recipients of the correction or addition to whom the personal data has been communicated, unless this proves to be impossible or requires a disproportionately large amount of effort.
3.3. Right to restriction of data processing
The Data Subject may, by means of a written request, ask the Data Controller to limit the processing of his/her data if
• the Data Subject disputes the accuracy of the personal data, in this case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data,
• the data management is illegal and the Data Subject opposes the deletion of the data and instead requests the restriction of its use,
• the Data Controller no longer needs the personal data for the purpose of data management, but the Data Subject requires them to present, enforce or defend legal claims,
• The Data Subject objects to data processing: in this case, the restriction applies to the period until it is determined whether the Data Controller’s legitimate reasons take precedence over the Data Subject’s legitimate reasons.
3.4. Right to deletion (forgetting).
At the request of the Data Subject, the Data Controller shall delete the personal data concerning the Data Subject without undue delay, if one of the specified reasons exists:
• the personal data are no longer needed for the purpose for which they were collected or otherwise managed by the Data Controller;
• the Data Subject withdraws his/her consent, which is the basis of the data management, and there is no other legal basis for the data management;
• the Data Subject objects to the data processing for reasons related to his own situation, and there is no legitimate reason for the data processing,
• the Data Subject objects to the processing of his/her personal data for the purpose of direct business acquisition, including profiling, if it is related to direct business acquisition,
• personal data is handled illegally by the Data Controller;
• the collection of personal data took place in connection with the offering of information society-related services offered directly to children.
3.5. 3.5. Right to data portability
The Data Subject has the right to request that the data provided by the Data Subject to the Data Controller be received in a machine-interpretable form. If it is technically feasible, you can request that the data be transferred to another data controller. In all cases, the authorization is limited to the data provided by the Data Subject, there is no possibility of portability of other data. (e.g. statistics, etc.) The data controller fulfills the request for data portability only on the basis of a written request sent by email or post. In order to fulfill the request, it is necessary for the Data Controller to make sure that the Data Subject who is entitled to it really wants to use this right. Exercising the right does not automatically result in the deletion of the data from the Data Controller’s systems, therefore the Data Subject will be registered in the Data Controller’s systems even after exercising this right, unless he also requests the deletion of his data.
3.6. 3.6. Deadline for completing the request
| The request of the concerned person | Deadline |
| Right to information | when the data is collected (if the data subject provides it) or within one month (if not handed over by the person concerned) |
| Right of access | one month |
| Right to erasure | without undue delay |
| Right to data portability | one month |
| Right to rectification | one month |
| Right to restriction of data processing | without undue delay |
| Right to protest | upon receipt of the protest |
IV. REMEDY
4.1. Due to a perceived or real violation of the data subject’s right to self-determination of information, the Data Controller can use the following contact details:
Company name: Zsuzsanna Kovács individual entrepreneur
E-mail: [email protected]
Phone number: +36 30 351 75 41
4.2. If the Data Subject does not agree with the Data Controller’s decision, or if the Data Controller misses the mentioned deadline, he/she has the right to appeal to the court within 30 days of its notification. In the case, the claim can be submitted to the court competent according to the registered office of the Data Controller or the place of residence of the person concerned. The court acts out of sequence in the case. The Data Controller is obliged to prove that the data management complies with the provisions of the law.
4.3. In the event of a violation of your right to self-determination of information, you can file a report or complaint: National Data Protection and Freedom of Information Authority Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Phone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 http:// www.naih.hu e-mail: [email protected]
V. DATA SECURITY REGULATIONS
The Data Controller undertakes to ensure the security of the personal data it manages. Taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data processing, as well as the variable probability and severity of the risk posed to the rights and freedoms of natural persons, it takes those technical and organizational measures and those procedural rules , which ensure that the recorded, stored and managed data are protected, and prevent their destruction, unauthorized use and unauthorized change.
The Data Controller also undertakes to call on all third parties to whom it forwards or transfers the data on any legal basis to comply with the data security requirement.
The Data Controller ensures that no unauthorized person can access, disclose, transmit, modify, or delete the managed data. The managed data can only be seen by the Data Controller, its employees, persons in a contractual relationship with the Data Controller, and the data processor(s) used by the Data Controller according to their authorization levels.
In order to ensure the security of the IT systems, the Data Controller protects the IT systems with a firewall, and in order to prevent external and internal data loss, it uses a virus scanner and anti-virus program.
Access protection: Access to managed data and data files is provided with a username and password. Network protection: Prevents unauthorized persons from accessing the network by using the available computer technology tools.
Paper-based data management
Fire and property protection: The Data Controller stores the documents in a well-locked room equipped with fire and property protection.
Access protection: Only competent employees can access the managed documents.
VI. DATA TRANSFER TO A THIRD COUNTRY OR PART OF AN INTERNATIONAL ORGANIZATION
The Company does not forward the personal data it manages to third countries or international organizations.
