(a) personal data
Personal data is information relating to a specific, identified or identifiable natural person (hereinafter "data subject"). A natural person is identifiable if he or she may be identified directly or indirectly, in particular on the basis of one or more factors relating to an identifier, such as a name, number, location, online identifier or the natural, physiological, genetic, mental, economic, cultural or social identity.
(b) data subject
The data subject is the identified or identifiable natural person whose personal data are processed by the data controller.
c) data handling
Data handling or data management is any operation or set of operations performed on personal data in an automated or non-automated manner, such as collecting, recording, organizing, segmenting, storing, transforming or changing, querying, viewing, using, reconciling or linking, restricting, deleting or destroying.
(d) restrictions on data processing
Restriction of data management is the designation of stored personal data in order to limit their future processing.
e) data controller
A natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by the European Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by the European Union or Member State law.
f) data processor
A data processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or any other body to whom or with which personal data are communicated, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with the law of a Member State shall not be considered as recipients.
h) third party
A third party is a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor.
The data subject's consent is a voluntary, specific and well-informed and clear statement of the will of the data subject, by which they indicate their consent to the processing of personal data concerning them by means of a statement or an act unequivocally confirming the contribution.
NATURE OF THE CONTROLLED PERSONAL DATA
We do not collect any personal data from the visitors of our website. In case a natural or legal person contacts us, the following personal data are collected and controlled: last name, first name, telephone number, mailing address, e-mail address, billing address (if it is different to the mailing address).
NAME AND ADDRESS OF THE DATA CONTROLLERS:
According to the General Data Protection Regulation and the national laws and other data protection provisions applicable in the Member States of the European Union, data controllers are:
Urosystem kft. Nagy Iván utca 19. Balassagyarmat 2660 Hungary 1123 Webpage: Tel.: +36 20/934-2674 E-mail:
Unless provided in these regulations otherwise, the processed data will not be transferred to third parties.
I. Name and contact details of the Data Processor used for the hosting service:
500 Tery A Francois Blvd Fl 6
San Francisco, CA 94158-2230
Activity related to data management: hosting service
II. Name and contact details of the Data Processor used to operate the website:
Urosystem kft. Nagy Iván utca 19. Balassagyarmat 2660 Hungary 1123 Webpage: Tel.: +36 20/934-2674 E-mail:
Activity related to data management: website development and operation
III. Name and contact of the Data processor used to operate analytical cookies:
500 Tery A Francois Blvd Fl 6
San Francisco, CA 94158-2230
Activity related to data management: production of statistical data through the use of analytical cookies
The Data Controller and the data processors shall treat the personal data provided by the Users as confidential and comply with the relevant data protection legislation, in particular Article CXII of 2011 on the right to information self-determination and freedom of information. Act VI of 1998 on the promulgation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981. and the provisions of EU Regulation 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46. In order to ensure secure data management, the Data Controller takes and ensures all measures promoting IT and other secure data management related to data storage, processing and data transmission. The Data Controller shall take the necessary measures in the manner expected of it to ensure the protection of the personal data processed by it against unauthorized access, alteration, disclosure, deletion, damage, destruction, and to guarantee the necessary technical conditions. Persons entitled to access the data: The personal data provided by the Users may be accessed only by the employees and agents of the Data Controller and the data processors who need to know this data in order to perform their duties.
By using cookies, Data Controllers can provide even more user-friendly services to website visitors, which would not be possible without cookie settings.
By changing the appropriate settings of the browser you are using, you can prevent and/or permanently prohibit our website from placing cookies at any time. In addition, cookies that have already been stored can be deleted at any time, either using a browser or other software. This option is available in any popular browser. If the data subject disables the placement of cookies in the browser he or she uses, some features of our website may not be fully available in certain circumstances.
Cookies used by WWW.UROSYSTEM.COM :
The website uses the analytical service of WIX.COM INC. which places cookies to analyze traffic to our website. The information obtained by cookies about the use of the website (including your IP address and the URLs of the websites visited) is provided to WIX.COM INC. who use it on our behalf to evaluate your usage habits on our website, to compile reports on website activities and to provide us with additional services related to the website and internet use. The anonymous IP address transmitted to WIX.COM INC. from your browser will not be merged with WIX.COM INC.’s other data. For more information about cookies in the analytics services of WIX.COM INC., please visit the link below: https://support.wix.com/en/article/cookies-and-your-wix-site
You may prevent the collection of cookie-generated information about your use of the Website (including your IP address) and its further processing by WIX.COM INC. by changing your browser settings.
CONTACT BY EMAIL
In order to comply with legal requirements, the Data Controllers' website also contains information (including an e-mail address) that allows the visitors to contact us quickly and electronically and to communicate directly. If a person contacts us by e-mail, telephone or otherwise, the personal data they provide will be recorded and stored. This personal data is transferred to the data controller by the data subject on a voluntary basis, and their purpose is to process and store the data subject's request or to contact the data subject. This personal data will not be passed on to third parties. Personal data provided in this way will be stored for 12 months after the last contact, after which it will be deleted.
AUTOMATIC DELETION AND LOCK OF PERSONAL DATA
The data controller is only entitled to store and process the personal data of the data subject for the period necessary to achieve the purpose of the data processing, e.g. for 12 months. If the purpose of storage and handling is not achievable or the period of storage provided for in the relevant European Union or other legislation has expired, the data concerned shall be automatically locked or deleted in accordance with the relevant regulations.
The data subject’s rights
a) The right to be informed
b) The right of access
Relevant EU law gives all data subjects the right to be informed by the controller of the scope of the personal data concerning them which are processed by the controller and to request a copy of that data at any time, free of charge. In addition, under the relevant EU legislation, the data subject has the right to access the following information:
the purpose of data management,
the categories of personal data processed,
the recipients or categories of recipients to whom or with whom the personal data have been or will be communicated, including especially third country recipients or international organizations,
where applicable, the intended period of storage of the personal data or, if this is not possible, the criteria for determining this period,
all available information on the source of the data, if the data were not obtained from the data subject,
the fact of the usage of automated decision-making or profiling referred to in Article 22, paragraph (1) and (4) of the GDPR, and at least in these cases the understandable logic used and the significance of such data processing and the expected consequences. In addition, the data subject has the right to be informed whether his or her personal data will be transferred to a third country or to an international organization. If personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate guarantees for the transfer.
If the data subject wishes to exercise this right of access, he / she may contact the Data Controller at any time for this purpose at one of the contact details provided in this Prospectus.
c) The right to rectification
Relevant EU law gives all data subjects the right to have inaccurate personal data concerning the data subject rectified by the controller without undue delay upon request. Taking into account the purpose of the data processing, the data subject has the right to request the incomplete personal data to be supplemented, inter alia, by means of a supplementary statement. If the data subject wishes to exercise his or her right to this rectification, they may contact the Data Controller at any time for this purpose.
d) The right for deletion
Relevant EU law gives all data subjects the right to have their personal data deleted without undue delay at the request of the controller. The controller is obliged to delete the data without undue delay, even if one of the following reasons exists and the data processing is no longer necessary:
Personal data is not required for the purpose for which the data processing was based.
The data subject withdraws his or her consent under Article 6 (1) (a) or Article 9 (2) (a) of the GDPR and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there is no overriding legitimate reason for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
Personal data has been processed unlawfully.
Personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the controller.
Personal data were collected in connection with the provision of information society services referred to in Article 8 (1) of the GDPR.
If any of the above reasons exist and the data subject requests the deletion of his or her personal data stored by the Data Controller, he or she may contact the Data Controller at any time for this purpose. The Data Controller is then obliged to make sure that the requested deletion has been carried out immediately. Where the controller has disclosed personal data and is required to delete it pursuant to Article 17 (1), it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the other data controllers that the data subject has requested them to delete the links to the personal data in question or a copy or duplicate of that personal data, provided that the processing of the data is no longer necessary. The controller is obliged to implement the necessary measures in the given case.
e) The right to restrict data processing
The relevant EU law gives all data subjects the right to request the controller to restrict the processing of his or her personal data if one of the following conditions is met:
The data subject disputes the accuracy of the personal data; in this case, the restriction applies to the period of time that allows the controller to verify the accuracy of the personal data.
The processing is illegal, but the data subject opposes the deletion of the data and instead asks to restrict its use.
The data controller no longer needs the personal data for the purpose of data processing, but the data subject requests it in order to submit, enforce or protect legal claims.
The data subject has objected to the processing in accordance with Article 21 (1) of the GDPR; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
If any of the above conditions apply and the data subject wishes to restrict the processing of his / her personal data stored by the Data Controller, he / she may contact the Data Controller at any time at one of the contact details provided in this Prospectus. The data controller is obliged to take measures to restrict data processing.
f) The right to data portability
The relevant EU legislation guarantees the right of all data subjects to receive personal data concerning them which they have made available to the controller in a structured, widely used, machine-readable format. In addition, the data subject shall have the right to transfer such data to another controller, without prejudice to the controller to whom the personal data have been made available, if the processing is in accordance with Article 6 (1) (a) or Article 9 of the GDPR, is based on a consent pursuant to Article 6 (2) (a) or a contract pursuant to Article 6 (1) (b) and the processing is carried out automatically, provided that the processing is in the public interest or in the exercise of a public authority conferred on the controller. Furthermore, in exercising the right to data portability under Article 20 (1) of the GDPR, the data subject has the right, if this is technically feasible and does not adversely affect the rights or freedoms of others, to request the direct transfer of personal data between controllers. In order to exercise the right to data portability, the data subject may contact the Data Controller at any time at any of the contact details provided in this Prospectus.
g) The right to object
h) The right to withdraw consent under data protection law
In case of violation of the above rights of the Data Subject, he/she may apply to a court or to the National Data Protection and Freedom of Information Authority. (Nemzeti Adatvédelmi és Információszabadság Hatóság) Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Phone +36 (1) 391-1400 Fax: +36 (1) 391-1410 www: HTTP://WWW.NAIH.HU email: UGYFELSZOLGALAT@NAIH.HU
LEGAL BASIS OF THE DATA MANAGEMENT
Article 6 (1) (a) of the GDPR is the legal basis for data processing in cases where the use of the data for a specific purpose is based on the consent of the data subject. Where the processing of personal data is necessary for the performance of a contract in which the party concerned (such as in the course of a data processing activity necessary for the sale of goods or the provision of services), the legal basis for data processing is Article 6 (1) (b) GDPR. The same provision applies to the processing of data required for pre-contractual measures (such as inquiries about our products and services). If our company processes data on the basis of a legal obligation (for example, in order to fulfill a tax obligation), the legal basis for data processing is Article 6 (1) (c) GDPR. In certain, rare cases, data processing may also be necessary to protect the vital interests of the data subject or another natural person.
Finally, data management may be based on Article 6 (1) (f) of the GDPR. This legal basis applies to cases where the processing is necessary to protect the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. This case of data processing is clearly permissible and cannot be objected to, as it is explicitly regulated in the relevant EU legislation. A legitimate interest may be presumed if the data subject's customer is concerned (GDPR recital 47, sentence 2).
LEGAL INTEREST OF THE DATA CONTROLLER OR A THIRD PARTY DURING DATA PROCESSING
If the data is processed pursuant to Article 6 (1) (f) of the GDPR, it is in the legitimate interest of our company to conduct our business in order to ensure the well-being of our employees and owners.
DURATION OF STORAGE OF PERSONAL DATA
The period of storage of personal data is 12 months. At the end of this period, the data concerned shall be deleted automatically, provided that they are no longer necessary for the performance of the contract or the initiation of the contract. In case of an order and a customer relationship, the service has to store the name and the address for 8 years (in accordance with the operative accounting and tax regulations; act C. of 2000)
PROVISION OF PERSONAL DATA IN THE EVENT OF A LEGAL OR CONTRACTUAL OBLIGATION;
PROVISION OF PERSONAL DATA AS A PRECONDITION FOR CONCLUDING A CONTRACT;
OBLIGATION OF THE PERSON CONCERNED TO PROVIDE PERSONAL DATA; POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE DATA
The provision of personal data is in some cases an obligation based on law (eg tax legislation) or a contractual provision (eg obtaining the data of the contracting partner). In some cases, the provision and processing of the data subject's personal data is mandatory for the purpose of concluding a contract. For example, if our company wishes to enter into a contract with a data subject, the data subject is obliged to provide us with his or her personal data. In this case, the consequence of the non-provision of data may be that the intended contract is not concluded with the data subject. Before providing data, the data subject is entitled to contact the Data Controller for further information. The data controller shall inform the data subject whether the provision of his or her personal data is required by law or contract, whether it is necessary for concluding the contract or whether the provision of data is mandatory on the part of the data subject, and shall provide information on the consequences of non-provision.
AUTOMATED DECISION MAKING
As a responsible company, we do not use automated decision-making or profiling.
The Data controllers reserve the right to unilaterally amend these data management regulations with prior notice to Users. By using the service after the change takes effect, the User accepts the amended data management policy.
DATA BREACH AND ITS HANDLING
In case of data breach of high risk, the data controller informs the persons who are involved (due to their rights and freedom) with no delay.
By doing so the data controller explains clearly and in a legible form
the nature of the breach
the probable consequences of the breach
the actions planned or performed to handle the breach, including the actions which are to lessen the possible negative consequences
provides the contact of a person who is able to give ample amount of information about the situation.
The data controller need not inform the persons who are involved if
the data collector performed actions which made the data affected by the breach incomprehensible (eg. by using encryption on the data)
informing the persons who are involved would require actions of unproportional effort (in this case information shall be provided in another form, e.g. publishing)
due to the actions performed by the data collector the high risk does not exist anymore.