Healhop Privacy Policy

Please read this Privacy Policy carefully before using Healhop. This Privacy Policy contains all information relating to Healhop Kft.'s data processing in connection with the collection, use, storage, disclosure and erasure of data.

1. Introductory Provisions

1.1 Healhop Kft. (hereafter: „Data Controller”) is an economic entity registered and operating in Hungary, whose main area of activities is providing miscellaneous complementary business services.

1.2 The Data Controller develops and provides an exclusively owned online user platform developed and operated by it (hereinafter: „Healhop”) where the Healthcare Providers can advertise and promote Healthcare Services and establish Service Agreements with the Payers registered on Healhop who intend to use these healthcare services. In the course of this activity (hereinafter: „Service”), using Healhop, personal data may be provided to the Data Controller by the Payers and the representatives of Healthcare Providers (hereafter jointly referred to as: „User” or „Data Subject”), therefore, in order to properly communicate the relevant data privacy legislation, the Data Controller creates this Privacy Policy governing external data processing.

1.3 The Data Controller corresponds to Healhop Kft. as defined in the General Conditions of Use. Capitalized words and concepts in this Privacy Policy have the same meaning as the concepts defined in Healhop's General Conditions of Use (hereinafter: „GCU”).

1.4 In this Privacy Policy, „us”, „for us” etc. always refers to the Data Controller.

1.5 This Privacy Policy must be explicitly accepted by the User and the consent can be withdrawn at any time.

1.6 The Data Controller is responsible for elaborating this Privacy Policy, for enforcing it with the persons falling within its remit, for its monitoring and for implementing necessary changes to it. The Data Controller can change this Privacy Policy unilaterally at any time. Certain business processes and developments make it indispensable to later expand certain data processing purposes. The Data Controller commits to proceeding in accordance with the European Union's General Data Protection Regulation every time personal data need to be processed. This Privacy Policy comes into effect at the time of publication.

1.7 This Privacy Policy is available at the following address: https://healhop.com/en/privacy-policy

2. The Controller's data

Controller's name

Healhop Korlátolt Felelősségű Társaság

Controller's shortened name

Healhop Kft.

Controller's registered seat

H-4025 Debrecen, Simonffy út 4-6.123.

The Data Controller can be reached at its electronic mailing address used regularly for corresponding with the Users

hello@healhop.com

Company registration number

09-09-029778

VAT number

26349192-2-09

Name of registering authority

Debrecen Court of Registration

Phone number

+36 30 954 9682

Website

www.healhop.com

Language of the contract

Hungarian

3. Applicable laws

3.1 This Privacy Policy contains the data processing rules regarding the processing of the personal data, defined in this Privacy Policy, of the users of the website available at https://www.healhop.com (hereinafter: „Website”) and operated by Healhop Kft. in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information and the General Data Protection Regulation put in place by the European Union on the 25th of May 2018 along with a Privacy Notice for Users.

3.2 The Data Controller declares that it processes the personal data of all subjects that it has no contractual relationship with (yet) and those of the Users that it has a contract with or which have registered on Healhop in accordance with relevant legislation, in particular as far as the following is concerned:

3.2.1 EU regulation: Regulation (EU) 2016/679 of the European Parliament on General Data Protection Regulation (General Data Protection Regulation, „GDPR”)

3.2.2 Hungary's Basic Law, Article VI

3.2.2 Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information

3.2.4 Act V of 2013 on the Civil Code

3.2.5 Act CLV of 1997 on the Protection of Consumers

3.2.6 Act C of 2003 on Electronic Communications

3.3 The Data Controller's registered seat is located in Hungary, therefore, the guarantor of protection regarding the processing of the personal data regulated by this Privacy Policy is the authority with national competence in this area, the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: „NAIH”).

4. The basic principles and the legal basis of data processing

4.1 The Data Controller grants all Data Subjects the right to be informed of the purpose of processing personal data and, if possible, the duration of such, the recipients of the personal data, the logic the automated processing of personal data is based on and the possible consequences of the data processing along with the types of information the Data Subject has access to. This right may not adversely affect others' rights and freedoms, including business secrets or intellectual property and particularly copyright intended to protect software. However, these considerations may not result in the Data Controller denying all information to Data Subject.

4.2 The Data Controller is committed to protecting the Users' personal data and considers respecting their right to informational self-determination as paramount, as a result, the Data Controller treats the Users' personal data confidentially and takes the security, technical and organizational measures that ensure data protection.

4.3 The Data Controller processes personal data lawfully and with integrity, in a way that is transparent to the Data Subject, its potential collection is only done for well-defined, clear and lawful purposes, which are appropriate and relevant to its goals and limited to what is necessary.

4.4 In the course of handling personal data, the Data Controller strives for accuracy, making sure that they are up to date, taking all reasonable measures to ensure that all data that are inaccurate from the point of view of the data processing will be immediately erased or rectified.

4.5 The processing of personal data is based on the User's voluntary consent given based on the present notice (point a) of paragraph (1) of article 6 of the GDPR).

4.6 The Data Controller has the right to process data relating to the User based on the agreement made between it and the User in accordance with the provisions of the agreement for the performance of a contract (point b) of paragraph (1) of article 6 of the GDPR).

4.7 Processing of personal data may be necessary in order to comply with legal obligations applying to the Controller, including for accounting and bookkeeping obligations (point c) of paragraph (1) of article 6 of the GDPR).

4.8 Processing of personal data may be necessary for the purposes of pursuing the legitimate interests of the Data Controller or of a third party (point f) of paragraph (1) of article 6 of the GDPR).

4.9 In order for personal data to be used for advertising purposes, the User has to give his or her explicit written consent.

5. Terms

5.1Recipient”: the legal person with whom Healhop previously established an agreement with or a representative thereof registered on Healhop, to whom personal data are communicated by using the Healhop platform.

5.2Booking”: electronic initiative by the Payer to use a Healthcare Service.

5.3Personal data”: any information that can be used to identify a person in any way.

5.4Data processing”: any operation performed on the personal data.

5.5Data controller”: the natural or legal person defining individually or jointly with others the purposes and means of the processing of personal data, which as regards data processing in the present document is Healhop Kft.

5.6Data processor”: the natural or legal person processing personal data on behalf or at the behest of the data controller.

5.7Limitation of data processing”: marking the stored personal data to limit their future processing.

5.8Consent of the data subject”: a voluntary, specific, informed and clear declaration of the data subject, whereby the data subject makes it clear via a written statement or an act unequivocally expressing confirmation that s/he consents to the processing of his/her personal data.

5.9Personal data breach”: a breach of security resulting in the accidental or unlawful destruction, loss, modification, unlawful disclosure or unauthorized access to transferred, stored or otherwise processed personal data.

6. Data processed by us

6.1 In order for the User to be able to use the Service, the User discloses to the Data Controller personal data through its website or by other means. When the Data Controller requests personal data from the User, the User has the right to deny it, in this case, however, the Data Controller has the right to deny providing the Service, therefore, it is possible that the User would not be able to use the Service provided by the Data Controller.

6.2 In the course of data processing, the Data Controller can, in particular, perform the following actions relating to the data: collection, recording, saving, organization, storage, use in accordance with the data processing purposes, retrieval, locking, erasure and destruction along with blocking further use of the data.

6.3Data that the User must obligatorily provide

6.3.1The Data Controller can process the following personal data relating to the User and provided by the User, which need to be provided in order to register on the Website:

Data subject

Category of data

Purpose of data processing

The User registered on website

First and last name

Establishment, modification, performance of contract,

Maintaining and developing service,

operation and development, identifying users and ensuring communication,

establishing and maintaining a reliable and secure environment, pursuing claims and interests, preventing and handling fraud,

advertising, marketing activities,

e-mail address

Establishment, modification, performance of contract,

Maintaining and developing service,

operation and development, identifying users and ensuring communication,

establishing and maintaining a reliable and secure environment, pursuing claims and interests, preventing and handling fraud,

advertising, marketing activities,

phone number

Operation and development, identifying users and ensuring communication

establishing and maintaining a reliable and secure environment, pursuing claims and interests, preventing and handling fraud,

password

Operation and development, identifying users and ensuring communication

6.3.2 The User can at any time and free of charge exercise his or her right to have the data processing activities relating to the data listed above in point 6.3.1. limited, the data rectified or erased and to protest. In accordance with this, the Data Controller takes requests at the following e-mail address: hello@healhop.com. In such cases, the Data Controller must reply without undue delay and within one month to the User and must justify any request it does not comply with.

6.4 Data provided optionally by the Payers

6.4.1 The Data Controller can process the following data provided by the Payer and relating to the Payer and the Patient, which are not required to be provided for registration but without which the comprehensive use of the Service may not be ensured:

Data subject

Category of data

Purpose of data processing

Payer registered on website

First and last name

Establishment, modification, performance of contract,

Establishment of service provision agreement

Maintaining and developing service,

Operation and development, identifying users and ensuring communication,

establishing and maintaining a reliable and secure environment, pursuing claims and interests, preventing and handling fraud,

advertising, marketing activities,

Date of birth

Establishment, modification, performance of contract,

Establishment of service provision agreement

Maintaining and developing service,

Operation and development, identifying users and ensuring communication,

establishing and maintaining a reliable and secure environment, pursuing claims and interests, preventing and handling fraud,

advertising, marketing activities,

sex

Operation and development and ensuring communication

Maintaining and developing service,

Establishment of service provision agreement

advertising, marketing activities,

country of origin

Operation and development and ensuring communication

Maintaining and developing service,

Establishment of service provision agreement

advertising, marketing activities,

preferred language

Operation and development and ensuring communication

Maintaining and developing service,

Establishment of service provision agreement

advertising, marketing activities,

6.5.2 The Payer can at any time and free of charge exercise his or her right to have the data processing activities relating to the data listed above in point 6.4.1. limited, the data rectified or erased and to protest. In accordance with this, the Data Controller takes requests at the following e-mail address: hello@healhop.com. In such cases, the Data Controller must reply without undue delay and within one month to the Payer and must justify any request it does not comply with.

6.6 Data collected automatically on the Website

6.6.1 If the User explicitly does not provide any data and information relating to him or herself as described in this Privacy Policy, the Data Controller collects or processes no personal data relating to the User based on which the User could be personally identified.

6.6.2 The scope of information collected automatically by the Data Controller, relating to the Service, whose collection is necessary to perform and further develop the Service:

Data subject

Category of data

Purpose of data processing

the User registered on website

Date of registration

Maintaining and developing service,

advertising, marketing activities

Data consulted on website

Maintaining and developing service,

advertising, marketing activities

Logging data and device information

Maintaining and developing service,

advertising, marketing activities

Booked Healthcare Services in the case of the Payers

Maintaining and developing service,

advertising, marketing activities

billing of service fee

appointments sent by Healthcare Provider representatives to the Payer, necessary for the Booking

Maintaining and developing service,

Language preference

Operation, maintaining and developing the service

6.7 Cookies used by the Data Controller

6.7.1 If the User explicitly does not provide any data and information relating to him or herself as described in this Privacy Policy, the Data Controller collects or processes no personal data relating to the User based on which the User could be personally identified.

6.7.2 Cookies are short text files sent by the browser to the hard drive of the User's computer of mobile device and contain information relating to the User. Such information includes the data of the computer or device used by the User to log in that are generated during the use of the Website and which are recorded automatically by the cookies used as a result of technical processes. Automatically recorded data are logged automatically – without a separate statement or act by the User – when visiting or exiting a website or application.

6.7.3 By using Healhop, all Users consent to the Data Controller using session cookies, which it deems necessary, in relation with the website or application in such cases where session cookies are indispensable for the visitors to browse the website and use its functions, e.g. to remember the operations of a visitor on specific pages during a visit. These cookies only remain valid for the duration of the visitor's visit and when the session ends or the browser is closed, they are deleted from the computer automatically.

6.7.4 The Data Controller only uses cookies handled by external providers (e.g. Google).

6.7.5 The Data Controller's advertisements are displayed on websites by external providers (Google, Facebook).These external providers (Google, Facebook) use cookies to store information about whether the User had visited the Data Controller's website previously and based on this they provide – customized – advertisements for the User (that is, they are engaging in remarketing activity).

6.7.6 The data processing by these external providers is governed by the privacy guidelines defined by them, the Data Controller takes no responsibility with regard to this data processing.

6.7.7 Use of the technology mentioned above: the data collected with the technology mentioned above cannot be used to identify the User and the Data Controller does not connect these data to any other data that can potentially be used for identification.

6.7.8 The primary goal of using such data is for the Data Controller to be able to operate the Website properly, which requires in particular the tracking of traffic data and filtering out potential abuses relating to use.

6.7.9 Apart from the above, the Data Controller can use this information to analyse trends, to improve and develop the Website's functions and to obtain overall traffic information about their comprehensive use. The Data Controller can use the information thus obtained to establish relevant statistics, to make analyses and to transfer statistical data that cannot be used for identification (e.g. visitor count, most visited contents) to a third party or to publish as an anonymous aggregate.

6.7.10 Option to turn off cookies: if the User does not want the Data Controller to collect the information listed above about him or her in relation with the use of the website or the application, s/he can partially or fully turn off the use of cookies or change the settings of cookie messages, acknowledging that this may make using the Website more difficult.

6.8 Newsletter, DM activity

6.8.1 In accordance with section 6 of Act XLVIII of 2008 on the basic conditions of economic advertising activity and its limits, the User can give his or her prior and written consent to have Healhop contact him or her with its promotional offers and other materials using the contact information specified when registering.

6.8.2 Healhop does not send unsolicited promotional messages and the User can, without limitation and justification, unsubscribe from these offers being sent out free of charge. In this case, the Data Controller deletes all personal data – required for sending out the promotional messages – from its records and will not contact the User with further promotional offers. The User can unsubscribe from advertisements by clicking on the link in the message.

7. How do we use the data we collect and for how long?

7.1 The Data Controller only processes personal data that are indispensable for the performance of the data processing's objective and only for the duration and to the extent that is appropriate and necessary to achieve the objective.

7.2 In the lack of relevant legal obligations, the Data Controller will not publish, synchronize or connect the personal data available to it.

Purpose of data processing

Stated reason for purpose

Duration of data processing

Establishment, modification, performance of contract

The Data Controller uses the data it collects for the purposes of establishing, modifying and performing the contract. The personal data acquired in the course of using the Service are used to facilitate and enable the transaction requested by the User. The Data Controller uses the User's personal data to enable establishing a Service Provision Agreement between the Payer and the Healthcare Provider.

The Data Controller processes the data relating to Users during and after their contractual relationship until such time that the User requests that they be erased at an e-mail sent to hello@healhop.com. To allow for use as legal evidence in the event of a dispute, the data of the User concerned are processed until the end of the general statute of limitations period or within 5 years of the definitive end of any legal dispute.

Maintaining and developing the Service

The Data Controller uses the data it has collected to maintain and develop the Service. The personal data acquired in the course of using the Service are used to facilitate and enable the transaction requested by the User through the Website and to keep it up-to-date. The Data Controller uses the User's personal data to enable the User to have access to a Service that is continuously improved and developed.

Operation and development, identifying users and ensuring communication

The Data Controller can use the User's personal data to provide an efficient Service, carry out analytical activities and assess the User's satisfaction via the contact information provided by the User. As a part of this, it can perform the following activities: Access to and use of the Website, ensuring its operation, protection, improvement, development and optimalization, sending out support, update and security information.

Creating a reliable and secure environment, pursuing claims and interests, preventing and handling fraud

The Data Controller can also use the User's personal data to ensure the Users' legitimate interests are respected in the course of using the Service and to comply with the GCU rules explicitly agreed to by the user and with legislation in place. As a part of this, it can perform the following activities: preventing and ending fraud, spam, abuses and other adverse activities, security analyses and risk assessment, verifying and authenticating data provided by the user.

Advertisement, marketing activity

The Data Controller only uses the User's personal information for data processing relating to the following advertising and marketing activities: promotional messages, advertisements, newsletters, sending out other information promoting the Service via e-mail, advertisements displayed based on personal preferences, displaying advertisements through the Website and through both the Facebook and Instagram accounts. Displaying prize games, surveys, promotional activities and events sponsored by the Data Controller and its partners.

You can unsubscribe from advertisements at any time via hello@healhop.com or directly in the case of newsletters, by clicking on the relevant part.

8. Who has access to these data?

8.1 Healhop's operations may require transferring some data to third parties, of which Data Subjects will be informed in all cases as described below. In accordance with the legislation in place, personal data can be accessed by the Data Controller and its employees and collaborators.

8.2 The Data Controller can only transfer the User's personal data within the company to the Recipients required to properly perform the Service, to the extent necessary to perform the Service. The User explicitly consents to such transfer of data by accepting this Privacy Policy.

8.3 If data are transferred, the Data Controller maintains data transfer records containing the time, legal grounds and recipient of the personal data it processes, the scope of the personal data transferred as well as other data defined in the law governing data processing.

8.4 Transfer of data may occur in the following cases:

Recipient of the transfer

Scope of transferrable data

Sharing of data with Recipients

When the Service is used, the Data Controller sends to the Recipient the personal data indispensable for using the Service. These data are the following: the Payer's name, sex, date of birth, country of origin, language of communication, phone number and e-mail address.

Sharing with employees

The Service Provider can access the personal data listed in point 5 above, which includes employees of the Service Provider, but only in cases where data processing is absolutely necessary in order to achieve the data processing purpose relevant to the data group.

Information that may be displayed publicly

The Data Controller only discloses such information publicly that Data Subject has consented to, which the Data Controller is authorized to display on its social media/public platforms. Such information may include: opinions expressed in comments on the Websites or other public forums.

Compliance with legislation

Other than for the purposes stated in point 7, the Data Controller does not transfer data it has been provided to third parties, except when ordered to based on legislative obligations by some authority, government or administrative body or court and when it is legally not authorized to deny such requests.

8.5 The Data Controller is not, under any circumstances, responsible for data processing by third parties (e.g. Google, Facebook), which is governed in all cases by the service providers' own data processing rules.

8.6 In order to perform the Service seamlessly, the Service Provider uses the services of various third party service providers. These service providers are restricted to the following:

Service provided by the data processor

Name, address and contact information of data processor

The data processor's privacy notice

Company having a contractual relationship with the Data Controller and a Data Hosting Provider performing system operations

Name: Versanus Informatikai és Szolgáltató Kft.

Address: 1023 Budapest, Bécsi út 3-5.5. em. 56.

Phone number:+36 1 430 1168

Email address: support@versanus.eu

Website: www.versanus.eu

Versanus Informatikai és Szolgáltató Kft. Privacy Notice

Handling cookies, data storage

Name: Google, Inc.

Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Phone number:+1 650 253-0000

Website: www.google.com

Google Privacy Notice; Appropriate protection in accordance with relevant legislation is provided by EU-U.S. Privacy Shield. Google Privacy Shield's registration can be found here

Handling cookies, data storage

Name: Facebook, Inc.

Address: 1 Hacker Way, Menlo Park, CA 94025, USA

Phone number:+1 844-735-4595

Website: www.facebook.com

Facebook Privacy Notice; Appropriate protection in accordance with relevant legislation is provided by EU-U.S. Privacy Shield. A Facebook's Privacy Shield registration  can be found here .

Handling cookies, data storage

Name: Statcounter

Address: Guinness Enterprise Centre

Taylor’s Lane

Dublin 8, Ireland

Website: www.statcounter.com

Hotjar Privacy Notice

Handling cookies, sending electronic messages, data storage

Name: Habla, Inc.

Address: 76 South Park Street

San Francisco, CA 94107, USA

Phone number:+1 888-959-4408

Website: www.olark.com

Olark Privacy Notes; appropriate protection in accordance with relevant legislation is provided by EU-U.S. Privacy Shield. Olark's Privacy Shield registration can be found here .

Assessing customer satisfaction, DM activity

Name: SurveyMonkey, Inc.

Address: One Curiosity Way, San Mateo, CA 94403, USA

Phone number:+1 650 543-8400

Website: www.surveymonkey.com

SurveyMonkey Privacy Notice; appropriate protection in accordance with relevant legislation is provided by EU-U.S. Privacy Shield. A SurveyMonkey's Privacy Shield registration can be found here .

Newsletter, DM activity

Name: The Rocket Science GroupLLC.

Address: 675 Ponce de Leon Avenue NE

Suite 5000

Atlanta, GA 30308, USA

Phone number: +1 (404) 806-5843.

Website: www.mailchimp.com

MailChimp Privacy Notice; appropriate protection in accordance with relevant legislation is provided by EU-U.S. Privacy Shield. MailChimp's Privacy Shield registration can be found here .

Emails, data storage

Name: Microsoft Corporation

Address: One Microsoft Way

Redmond, Washington 98052, USA

Phone number: +353017063117

Website: www.microsoft.com

Microsoft Privacy Notice appropriate protection in accordance with relevant legislation is provided by EU-U.S. Privacy Shield. Microsoft Privacy Shield registration can be found here .

8.7 The data processors store for the Data Controller the data provided in the course of the activities of the Data Controller. The Data Controller explicitly states that it bears no direct or indirect responsibility for the data processing and data security of the third party service providers listed in point 8.6., which are governed exclusively by the data processors' own data privacy guidelines and regulations.

8.8 The Data Controller reserves the right to involve further data processors in the data processing later on, of which it will inform the Users by modifying this Policy.

8.9 The Users' personal data will not be disclosed to any other parties by the Data Controller in other cases.

9. Additional important information

9.1 Maintaining records of data processing activities

In our estimation, the Service Provider is not obliged to comply with the obligation relating to maintaining records of data processing activities given that the Data Controller is a company with fewer than 250 employees and the data processing carried out by it presumably carries no risk to the rights and freedoms of Data Subjects, as data processing is occasional.

9.2 Data Protection Officer

In our estimation, Healhop Kft. does not have to comply with the obligation to appoint a data protection officer given that the Data Controller's primary activities do not include data processing operations that enable extensive, regular and systematic tracking of Data Subjects and the Data Controller, in the course of its activity, does not process special categories of personal data or data relevant to crimes and criminal law.

9.3 Supervisory and other authorities

The territorial validity of this Privacy Policy may extend to foreign authorities if the User is affected on account of having a registered seat or place of business outside of Hungary.

9.4 Automatic decision-making, profiling

The Data Controller declares that it engages in no decision-making process based exclusively on automatic data processing – including profiling – that could have a legal effect on the User or affect him or her to a similarly significant extent. If the Data Controller should engage in such processes at a later time, the data subjects will be informed in a timely manner and their consent will be requested.

9.5 Processing sensitive data

9.5.1 The Data Controller declares not to process data that are particularly sensitive personal data by their nature from the point of view of fundamental rights and freedoms and that require unique protection on account of the circumstances of their processing carrying significant risk. If the Data Controller should process such particularly sensitive data, it will proceed with increased caution and limit the processing to the necessary extent.

9.5.2 The Data Controller declares not to process any personal data referring to racial or ethnic origins, political views, religious or ideological convictions or union membership or genetic and biometric data intended to identify natural persons and not to handle healthcare data and personal data referring to the sex life or sexual orientation of natural persons.

10. The User's rights and obligations

10.1 Processing data concerning the User

10.1.1 The Data Subject has the right to access data relating to him or her that have been collected and to exercise this right simply and at reasonable intervals in order to determine and verify the lawfulness of the data processing. The Data Controller strives to ensure that the personal data are accurate and up to date, however, Data Subject must let the Service Provider know if these have changed at the following e-mail address: hello@healhop.com. The Data Subject is responsible for keeping the personal data up to date.

10.1.2 The Data Controller takes appropriate measures to ensure that all information related to processing personal data is provided to the Data Subject in a clear, transparent, comprehensible and easily accessible format, phrased clearly and in an easily understandable manner. It provides information upon request primarily electronically via hello@healhop.com or in speech at +36 30 954 9682, along with in-person requests that can be made at the registered seat of the Data Controller. For information to be provided, the identity of Data Subject must in all cases be verified.

10.1.3 The Data Controller informs the Data Subject about the measures taken as a result of his or her requests without undue delay and no later than one month within receiving the request. If necessary, taking into account the complexity of the request and the number of requests, this deadline can be extended by another two months. The Data Controller informs the Data Subject about the extension of the deadline within one month of receiving the request, stating the reason for the delay.

10.1.4 If the Data Controller takes no measures as a result of the Data Subject's request, it must inform the Data Subject without undue delay and no later than within one month of receiving the request of the reason for failing to take the measures and of the Data Subject's option to lodge a complaint with a supervisory authority and make use of his or her legal redress.

10.1.5 The Data Controller ensures this right of the Data Subject free of charge, but if the request is unfounded or exaggerated, meaning repeated lodgings of requests for instance, on account of the administrative costs of providing the information or measures requested, the Data Controller can deny the measure or charge a fee.

10.1.6 If the Data Controller processes a large amount of information relating to the Data Subject, it can ask the Data Subject to specify which information or data processing activity his or her request applies to prior to lodging it.

10.2 Access

10.2.1 The Data Controller takes all reasonable measures to ascertain the identity of the person requesting access, especially as it relates to online services and online identifiers. The Data Controller may not keep personal data for the sole purpose of being able to respond to potential requests.

10.3 Rectification and erasure of data

10.3.1 The Data Subject has the right to request that data relating to him or her be rectified and has the „right to be forgotten” if keeping the data in question violates the provisions of some legislation.

10.3.2 The Data Subject has the right to have his or her personal data erased at his or her request and not to have it processed if collecting or otherwise processing the personal data is no longer necessary in connection with the original purposes of data processing.

10.4 Withdrawing consent and limiting processing

10.4.1 The Data Subject has the right to withdraw the consent s/he gave previously to having his or her personal data processed.

10.4.2 However, keeping these personal data is considered lawful if they are necessary for exercising the right to the freedom of expression and of information, complying with a legal obligation or performing a task of public interest etc. Processing relevant personal data is however paramount until the contractual relationship between the Data Controller and the User has duly come to an end by due execution of the contract.

10.5 Right to protest/object

10.5.1 The Data Subject is granted the right to protest the processing of data in his or her particular situation if the personal data can be processed lawfully, because the processing of data is necessary for reasons of public interest or to perform a task based on public powers vested in the Data Controller or to pursue to legitimate interests of the Data Controller or of a third party.

10.6 The User's obligation

10.6.1 The User can only specify his or her own personal data when using the service and makes a statement of the lawfulness, veracity and correct nature thereof, fully aware of his or her criminal liability. If the person provides someone else's personal data, s/he is responsible for obtaining the data subject's consent. If the Data Controller has doubts about the quality of the data to be specified, it can ask the User to verify them. If the User does not wish to comply with this or the Data Controller, within its own remit, deems them unlawful, untrue or incorrect, the User's data may no longer be processed and the Data Controller has the right to deny providing the service.

10.6.2 The Data Controller bears no direct or indirect responsibility for any legal consequences arising from the User communicating someone else's personal data or if the data are not real, even if it asks for their verification because of doubts.

11. Data Security

11.1 The Data Controller plans and performs data processing operations in such a way that ensures the protection of the data of Data Subjects. The Data Controller ensures the security of data (with a password and antivirus software), taking the technical and organizational measures and setting up the procedural rules required from a data security standpoint.

11.2 Data are protected with appropriate measures by the Data Controller in particular against:

11.3 The Data Controller uses an appropriate technological solution to ensure that the data kept in its records cannot be connected and assigned to the Data Subject.

11.4 In order to prevent unauthorized access to the personal data, changes to and publication of the data and denying use of the data, the Data Controller provides for:

11.5 The IT system of the Data Controller and its Data Hosting Provider protects, amongst others, against

12. Personal Data Breach

12.1 In the event of a personal data breach, in accordance with legislation, we report the personal data breach to the supervisory authority within 72 hours of becoming aware of it and maintain records of personal data breaches. In the cases defined by legislation, the affected users are also informed.

13. Handling complaints

13.1 In the event of the impairment of a right, the Data Subject has the right to lodge a complaint with the relevant supervisory authority:

13.2 Beyond what has been described above, lawsuits against the Data Controller can be addressed to the Debrecen Regional Court of Appeals if the protection of personal data has been violated.

14. Changes to the Privacy Policy

14.1 The Service Provider reserves the right to change the present Privacy Policy at any time. In the event of a change, it is published without delay at  https://www.healhop.com/en/privacy-policy .

14.2 In the event of a change, we notify the Data Subject no later than 30 days before it comes into effect via e-mail.

14.3 If the Data Subject does not agree with any of the changes, it can object to them via e-mail at hello@healhop.com and request to have his or her data erased.