Information on Data Protection

The data processing activities carried out by BesteZahnImplantate (hereinafter: Data Controller) for the data subjects during the provision of healthcare services are regulated by this document.

BesteZahnImplantate Dental Service Provider, as Data Controller (represented by: Szörtsey Ágnes, registered office: Hungary, Budapest 1061, Király Street 30., tax number: HU 57528241, email: info@bestezahnimplantate.de, info@bestezahnimplantate.ch, info@bestezahnimplantate.at, phone: +49 89 628 291 05; +36 20 468 2804)

online contact details (and the relevant actual data processing websites):

  • https://bestezahnimplantate.de/kontakt/
  • https://bestezahnimplantate.ch/kontakt/
  • https://bestezahnimplantate.at/kontakt/
  • https://cheapdentalimplants.co.uk/contact/
  • https://cheapdentalimplants.ie/contact/
  • https://dentalimplantsabroad.us/contact/
  • https://bestdentalimplantsonline.com/contact/

considers it of utmost importance to respect and enforce the rights of its clients and all other affected natural persons (hereinafter: data subjects) related to data processing. Therefore, this notice informs the data subjects that in all areas of the healthcare services provided by the Data Controller, every data subject shall be ensured that their rights and fundamental freedoms, particularly the right to privacy, are respected during the processing of personal data.

The Data Controller draws the attention of the persons affected by the data processing activities listed in this notice to the fact that the Data Controller does not verify whether the personal data provided by the data subjects to the Data Controller correspond to reality. Every data subject who provides personal data to the Data Controller in accordance with this notice assumes responsibility for ensuring that only their own personal data are disclosed to the Data Controller, and that they are authorized to dispose of such data. If the data subject acts contrary to the above, all liability in this regard shall rest solely with the data subject.

This notice is a brief extract of the Data Controller’s Data Protection Policy (hereinafter: Policy), created to inform data subjects concisely about certain data processing activities and rules of the Data Controller. This document shall be considered an annex to the Policy, and for matters not covered in this notice, the provisions of the Policy and the relevant legislation shall be authoritative and shall be interpreted in conjunction with them.

Data Subjects and Their Rights

The data subject may request the Data Controller to access their personal data, rectify them, delete them, and in certain cases, may also request the restriction of processing and object to the processing of their personal data. The data subject is also entitled to data portability, to lodge a complaint with a supervisory authority, and to seek legal remedies, as well as the right to human intervention in cases of automated decision-making. In the case of data processing based on consent, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

A) Right of Access

The data subject is entitled to request information at any time about whether their personal data are being processed by the Data Controller and how, including the purposes of processing, the recipients with whom the data have been shared, the source of the data, the retention period, any rights related to data processing, as well as information about automated decision-making and profiling, and in case of transfer to a third country or international organization, information about the related safeguards. When exercising the right of access, the data subject is also entitled to request a copy of the data, and in the case of an electronically submitted request, the Data Controller shall provide the requested information electronically unless otherwise requested. If the exercise of the right of access adversely affects the rights and freedoms of others, particularly the business secrets or intellectual property of others, the Data Controller is entitled to refuse the request to the necessary and proportionate extent.

B) Right to Rectification

The Data Controller shall rectify or complete the personal data of the data subject upon their request. If there is doubt about the rectified data, the Data Controller may ask the data subject to provide appropriate proof of the corrected data. If the personal data affected by this right have been disclosed by the Data Controller to another person, the Data Controller shall inform such persons of the rectification without undue delay, provided that this is not impossible or does not require disproportionate effort from the Data Controller.

C) Right to Erasure

If the data subject requests the erasure of some or all of their personal data, the Data Controller shall erase them without undue delay if:

  • the Data Controller no longer needs the personal data for the purposes for which they were collected or otherwise processed;
  • the processing is based on the data subject’s consent, which has been withdrawn, and there is no other legal basis for the processing;
  • the processing is based on the legitimate interest of the Data Controller or a third party, but the data subject has objected to the processing, and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed, or the erasure is required to fulfill a legal obligation.

If the personal data affected by this right have been disclosed by the Data Controller to another person, the Data Controller shall inform such persons of the erasure without undue delay, provided that this is not impossible or does not require disproportionate effort. Upon the data subject’s request, the Data Controller shall inform them about these recipients. The Data Controller is not always obliged to erase personal data, particularly if the processing is necessary for the establishment, exercise, or defense of legal claims.

D) Right to Object

If the processing of the data subject’s personal data is based on the legitimate interest of the Data Controller or a third party, the data subject is entitled to object to the processing. The Data Controller is not obliged to comply with the objection if the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or if the processing is related to the establishment, exercise, or defense of legal claims.

E) Right to Restriction of Processing

The data subject may request the restriction of processing of their personal data in the following cases:

  • the data subject contests the accuracy of the personal data – in this case, the restriction applies for the period enabling the Data Controller to verify the accuracy of the data;
  • the processing is unlawful, but the data subject opposes the erasure and requests the restriction of use instead;
  • the Data Controller no longer needs the personal data for processing, but the data subject requires them for the establishment, exercise, or defense of legal claims.

Personal data subject to restriction shall not be processed by the Data Controller, except for storage, or shall only be processed to the extent consented to by the data subject, or in the absence of such consent, the Data Controller may still process the data for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or a member state. If the personal data have been disclosed by the Data Controller to another person, the Data Controller shall inform such persons of the restriction without undue delay, provided that this is not impossible or does not require disproportionate effort. The Data Controller shall inform the data subject about these recipients upon request.

F) Right to Lodge a Complaint and Right to Legal Remedy

If the data subject considers that the processing of their personal data by the Data Controller violates the applicable data protection laws, particularly the provisions of the General Data Protection Regulation, they have the right to lodge a complaint with the competent data protection supervisory authority in their habitual residence, place of work, or the place of the alleged infringement. Independently of the right to lodge a complaint, the data subject may also turn to a court in case of the above-mentioned violation of rights. The data subject is also entitled to appeal to a court against a legally binding decision of the supervisory authority concerning them. Furthermore, the data subject is entitled to seek judicial remedy if the supervisory authority does not handle the complaint or does not inform the data subject within three months about the procedural developments or the outcome of the complaint.

Legal Forum

As a general principle, the Data Controller is obliged to prove that the data processing complies with the law. If the Data Controller does not remedy or inadequately or untimely remedies a violation of rights concerning the data subject’s personal data, the data subject may primarily contact the National Authority for Data Protection and Freedom of Information by mail. The authority’s contact details:
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Website: http://www.naih.hu
Email: ugyfelszolgalat@naih.hu

The data subject may also turn to a court in case of a violation of their rights. The court shall handle the case out of turn. If the Data Controller violates the data subject’s right to privacy by unlawfully processing their data or breaching data security requirements, the data subject may claim compensation from the Data Controller.

Data Security

The Data Controller ensures the security of data processing. The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, damage, or loss. When applying measures to ensure data security, the Data Controller uses solutions according to the highest available technical standards. The Data Controller ensures that the IT and service environment used for processing personal data during service provision is such that:

a. the personal data provided by the data subject are only and exclusively linked with the data and in the manner specified in the Policy.

b. Only those employees of the Data Controller have access to the stored data whose job responsibilities make it indispensable.

c. Any modification of the data is marked with the time of modification, and backups are made of the data.

Data transmission is carried out with the appropriate IT system in place. The Data Controller ensures:

a. access protection: measures to prevent unauthorized access, protection of software and hardware;

b. software protection: protection of data files against viruses and other malicious programs, firewall application, regular backups, and their documentation;

c. hardware protection: physical protection of data files and storage devices, high-level data archiving security (protection against physical intrusion), physical protection against natural damage (fire, lightning protection).

Data Processing

The processing of personal data is primarily carried out by the Data Controller, or if outsourced, it is performed by the data processor specified in the annex to the Data Processing Policy. In this case, the Data Controller transfers data to the data processors and is responsible for their activities. The Data Controller may transfer personal data if the legal basis for processing is clear and the data are necessary for processing. The Data Controller does not transfer data or entire datasets to third parties without prior consent of the data subject, except for mandatory data transfers or disclosures required by law, and takes all security measures to prevent unauthorized access to the data.

Other Provisions

All data processing activities and services provided by the Data Controller are primarily based on voluntary consent, with the general purpose of ensuring service provision and maintaining contact.

This general rule is supplemented by data processing based on other legal grounds, such as data processing required by law, about which the Data Controller informs the data subjects when defining the specific data processing activities.

For certain services, additional data may be provided to help fully understand the data subject’s needs, but these are not prerequisites for using the services provided by the Data Controller. The provision of data required for specific data processing activities is a condition for using the services provided by the Data Controller.

-