Data Privacy for Patients

Affidea is a medical services provider with high ethical standards. “Affidea” (“we” or “us” or “our”) refers to Affidea Magyarország Kft. (registered address: H-1083 Budapest, Bókay János utca 44-46. 8th floor) and its co-controller(s), namely Affidea BV (registered address: Vijzelstraat 68 1017HL Amsterdam, Netherlands,). Your contact point is our Hungarian Data Protection Officer. Contact details can be found in clause 9.

1. Legal basis for processing your personal data

We are committed to protecting your personal data when processing it and we are also required to do so by law. Our medical professionals are subject to both a professional and a contractual duty of confidentiality.

1.1. It is necessary for us to use your personal and health data so that we can provide you the requested medical service.

Processing of your basic personal data (e.g. name and contact details) is necessary for scheduling your appointment and for the delivery of the medical services you need. The medical service agreement constitutes the legal basis for processing your basic personal data.
Your health data covers information related to your health (e.g. information about a requested diagnosis/treatment and our health assessment). Providing you with a medical diagnosis and/or medical treatment forms the legal basis for processing your health data. Affidea is subject to a legal obligation to process (specially to retain) your health data (see clause 3 and Annex 1 for further information).
If you are in an extreme or life-threatening condition while present at one of our clinics, we will use your health data in order to preserve your health and well-being, and on the basis of protecting your vital interests.

1.2. We are constantly improving our services.

At Affidea we are always looking for better ways to provide our services.

A) Patient survey

We think that feedback about your patient experience is essential to understand how to best serve our patients. You are therefore invited to take part in our satisfaction survey and we thank you in advance for your input. The participation is optional and will not affect our service to you. If you prefer, we will abstain from contacting you.

B) Statistical analysis of aggregated data

We intend to analyse some of your personal data in an aggregated way, to derive valuable statistical information for our sales and marketing teams, for example to understand which services are of most interest in specific regions. If you prefer, we will exclude your data from our analysis.

C) Quality assurance

We consider crucial to learn from unintended events occurring in our clinics. We record and analyse near misses (incidents prevented) and events that may result in a harm on any kind to assure health and safety. We limit such processing of patient data to the necessary extent, and typically do not use directly identifiable personal data for this purpose.

D) Log entries in our IT systems

We log the activity of our users and automated processes in our IT systems. They help us track what events have occurred in our systems and serve for security and troubleshooting purposes. Logged user activities typically include login and out, data download and upload, and other data modification operations.

E) Call centre

We intend to record your call to our call centres for the purposes of worker training and quality monitoring of the service provided by us. We monitor the calls and train our workers based on their performance during the call with you. If any connection problem occurs during the call or a complain were submitted to Affidea regarding the contact made, we will be able to listen to the recording and give you our best response to the situation described.

F) Website

Certain parts of our Website may ask you to provide personal information voluntarily, for example, we may ask you to direct your enquiries to us through a contact form or “I would like a callback!”.
We do the above for our legitimate interest of understanding how to improve our service and its quality. See clause 7.6. about your right to object.

1.3. You can consent to the following additional processing activities of Affidea, if you wish.

By ticking the relevant box in the “your data protection statement” part you can consent to the following with no extra cost. If you do not want to give your consent, this will not have any impact on the medical services provided to you.

A) De-identifying a copy of your data

We are committed to continuously improving medical science and to contribute to research and development efforts, whether those are led by Affidea and/or third parties (including but not limited to hospitals, universities and health insurers). Research and development refer to work for the innovation, introduction and improvement of products, procedures and cost-effective health care provision. It includes a series of investigative activities to improve existing products and procedures or to lead to the development of new products and procedures.
We kindly ask for your support by allowing us to de-identify a copy of your personal data during the retention period determined by laws (see clause 3.). The data set subject to the de-identification includes the health data we collect(ed) when providing you with our medical service. The data set covers both your personal data we collected in the past and the personal data we collect of you in the future if you make use of our medical services. Pursuant to clause 7.1, you have the right to request access to your personal data.
De-identification of personal data consists of a process applied to personal data (or a set of personal data) that makes it impossible to the person using the de-identified data to identify the person to whom the personal data originally related. In this way, you remain anonymous when your de-identified data is used.
We would like to use your de-identified data for research and development, educational, statistical and commercial purposes ourselves or to share it with others for or without any consideration for us. We duly select our partners and the method of de-identification to minimize the risks associated to the use of your de-identified data.

B) Contacting you for marketing purposes

We would like to keep you informed of our latest offering in medical services and would like to be able to contact you for that purpose (e-marketing). In addition, if you wish and consent, we can send you personalised promotions, including screening reminders when a repeat examination is due, that you will hopefully find interesting. The use of your personal data for the purposes of sending you personalised promotions is considered to be profiling (see clause 8 for further information).
If you change your mind later, you can withdraw your consent(s) at any time and free of charge, and this will not have any impact on the medical service you receive from us. You can withdraw your consent by contacting our Data Protection Officer (you can see the contact details in clause 9 below). Please note, that the withdrawal of your consent will not affect the lawfulness of processing based on your consent before its withdrawal.

2. Data we process

During your relationship with Affidea, we obtain your personal data from three sources: (1) from you, (2) from others and (3) from our medical activity.
(1) In order to provide you with our medical service, we ask you to provide us with your basic personal data (especially your personal identification data), your payment and insurance data (data necessary in order to pay for our service) and your health data (particularly information about your health condition). If you decide to share previous images and medical reports for us to use, we will store and process these on our systems for the purposes of your medical diagnosis and/or medical treatment. If you voluntarily supply contact information of your next of kin or family, this data will only be used when we are unable to contact you, or in the event of an emergency.
(2) We collect personal data from others in the following instances:
a) If you are referred to our clinic by a medical provider (referring doctor or hospital) we consult this person about your health condition and/or treatment, if necessary to identify the most appropriate medical service for you.
b) If the medical service we provide you with, is paid for by a medical insurer (either public or private) we need to gather information about coverage from this insurer in order to provide the medical service to you.
(3) When providing medical services to you, we create health data about you. As a medical services provider, Affidea is required by law to carefully document these services.
For further information about the data we process, please see the Annex of this notice or ask one of our receptionists.

3. How long we retain your data

Affidea retains your personal data as long as necessary to provide our medical services and to comply with applicable medical, tax, accounting or other legislative requirements. If our legal obligation to retain your data expires, we will delete your data or de-identify it. Affidea will not delete your data if an alternative processing purpose for keeping said data exists. For example, in case of legal action or defence against the same. If this is the case, we will retain the data as long as needed for this alternative processing purpose. In case of claims, this will be until the handling of the claim has been completed.
For further information about how long we keep your data, please see the Annex of this notice or ask one of our receptionists.

4. With whom we share your data

During your relationship with Affidea, we share your personal data with three different types of recipients: (1) with providers instructed by us, (2) with providers independent from us and (3) with people you request us to share your data with.
(1) We use service providers (so-called data processors) to assist us in processing the personal information we receive and create (for example medical and financial software vendors and contracted medical professionals). The data processors act on behalf of Affidea based on our written instructions. We only share your data to the extent it is absolutely necessary.
(2) We share your personal data with third parties (meaning recipients independent from us) in the following instances:
a) If we are required by law.
b) If required by a contract to which you are a party (e.g. your health insurance contract).
c) If the protection of your vital interest (e.g. an emergency) so requires, we will share your health data with other medical professionals.
We only share your data to the extent it is absolutely necessary.
(3) You may request that we send your health data to third-party recipients. The processing activities of third-party recipients are outside our control and responsibility. We therefore recommend that you first ask this third party how they will process your personal data. If you want us to share your health data with other medical professionals, we will ask you to fill a dedicated consent form available from our receptionist.
For further information about the recipients of your personal data, please see the Annex of this notice or ask one of our receptionists.

5. International data transfers

We might have to share your personal data with recipients located outside the European Economic Area (“EEA”). Some countries are considered as Adequate Countries by the European Commission and therefore treated as those belonging to the EEA. Before transferring your data outside the EEA (or outside of an Adequate Country), your data is de-identified or safeguarded, typically by using the Standard Contractual Clauses as approved by the European Commission. The Annex of this notice contains information about the actual data transfers and the measures we use, if any data is transferred in an identifiable format. You can find more information on the Standard Contractual Clause here. You can find more information on the adequate countries here.

6. Keeping your data safe

Keeping your data safe is our priority. Your personal data is stored securely by us, or by our carefully selected service providers. When our service providers process health data on our behalf, we require a high level of security, stipulated also in a written agreement with them. We make sure that very strict protection measures are in place to keep your personal data safe against loss and misuse, as well as unauthorized access or transfer.

7. Your rights

Under the data protection legislation, you have the following rights.
7.1. Right to request access to your personal data: This means that you are entitled to know that your data is processed by Affidea, that you are entitled to access this data and to be informed about what Affidea does with your personal data.
7.2. Right to request rectification of your personal data: This means that you are entitled to have your personal data corrected or completed if it is inaccurate or incomplete.
7.3. Right to request erasure of your personal data: This means that you are entitled to have your personal data deleted in specific circumstances if Affidea has no lawful reason to continue its processing.
7.4. Right to request restriction of processing: This means that you may request, in specific circumstances, to ‘block’ the processing of your personal data by Affidea. Your request will mean that we will be allowed to store your personal data, but not to process it further.
7.5. Right to data portability: It allows you to access and reuse the personal data that you have provided to Affidea so that you can further make use of this data for your own purposes, with different service providers. You are entitled to receive an electronic copy of your personal data and to ask us to transfer it to another controller.
7.6. Right to object to the processing of your personal data. You are entitled to object, on grounds relating to your particular situation, at any time to processing of your personal data based on our legitimate interest (see clause 1.2. of this Notice). You can also object to our using your personal data for direct marketing purposes.
If you wish to use your rights or wish to have further information about your rights above, please ask one of our receptionists or contact our Data Protection Officer (you can see the contact details in clause 9 below).

8. Automated individual decision-making, profiling

Affidea is not processing your personal data for automated individual decision-making. We only do profiling (meaning an automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person) in two instances:
(i) If you explicitly authorise us to send you personalised promotions (see clause 1.3 / B.). The only consequence of this permission is that you will receive personalized information, offers, or reminders about medical examinations. Affidea does not use this marketing profiling to take any decision about you or your medical condition.
(ii) If the reading of a diagnostic image by a radiologists is supported by an algorithm (e.g. in case of post processing of MRI images). Your medical condition is diagnosed always with an involvement of a radiologist, no medical diagnosis is made solely with automated processing of diagnostic images.

9. If you have any questions

If you have any questions or would like more information, please feel free to contact our Data Protection (email:; postal address: H-1083 Budapest, 44-46 Bókay János utca 8th floor; phone number: +36 1-317-8610) or ask one of our receptionists for further information. If you are unhappy with the way we process your data, you can make a complaint to the Supervisory Authority, typically the Supervisory Authority of your habitual residence or where you work. The contact details of that Supervisory Authority are website:; address: 1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf. 9.; e-mail: However, we would of course hope that you are able to raise any issues with us in the first instance.

Data Privacy Notice for outpatient care (F-LC-HUN-017-09-M2_eng V00) can be found here.

Data Privacy Notice for diagnostic imaging (F-LC-HU-017-09-M1_eng V02) can be found here.

Data Privacy Notice for occupation health service (F-LC-HUN-017-09-M3_eng V00) can be found here.