Data Privacy Notice for Patients
Affidea is a medical services provider with high ethical standards. “Affidea” (“we” or “us” or “our”) refers to Affidea Magyarország Kft. (registered seat: 1054 Budapest, Szabadság tér 7.; e-mail address: email@example.com; phone number: +36 1-317-8610; website: www.affidea.hu).
1. Legal purpose and basis for processing your personal data
Below we will share the most important information on the purposes and legal bases of our data processing with you. You can find more information on the purposes and legal bases of our data processing in the Annex of this document.
1.1. Processing of personal data necessary for the delivery of the requested medical services
We are committed to protecting your personal data and we are required to do so by law. As a main rule, our medical professionals, who are subject to a professional duty of confidentiality, are responsible for the processing of your personal data and health data.
Processing of your personal data (e.g. name and contact details) and health data (e.g. information about a requested diagnosis/treatment and our health assessment) is basically necessary for the delivery of the medical services you need. The preparation and performance of your medical service agreement constitutes the legal basis for processing your basic personal data and health data.
If you are in an extreme or life-threatening condition while present at one of our centres, we will use your health data in order to preserve your health and well-being, and on the basis of protecting your vital interests.
We note that the above data processing could be interpreted as a condition of delivering our services, we would not be able to provide services to you without your necessary data.
1.2. We are constantly improving our services.
At Affidea we are always searching for better ways to provide our services.
We will contact after your visit for feedback about your experience. Your participation in the satisfaction survey is voluntary and will not affect our service to you. We will also review your use of our services though analysis of the data we collected about you for purposes of business development (for example looking at the location of patients to decide on whether to open a new medical centre). The legal basis of processing your personal data for the above purposes is your express written consent.
1.3. You can also voluntarily consent to the following data processing of Affidea, if you wish.
By ticking the relevant box in the Data Privacy Notice you can voluntarily give us consent to the following with no extra cost.
A) Anonymising your data to improve medical services
We are committed to continuously improving our medical services. We kindly ask for your support by allowing us to anonymise a copy of your personal data and use it for research and development. Anonymization describes a process on personal data (or a set of personal data) that makes it permanently impossible to identify the person to whom the personal data related to. In this way, you remain anonymous.
In the field of research and development we intend to co-operate with other healthcare and information technology professionals and intend to share data (once it has been fully and irreversibly anonymised) with them. Your anonymised data will not be used for any other purpose and does not include personally identifiable information.
B) Contacting you for marketing purposes
We would like you to be aware of our general medical services and benefit from our tailored promotions and personalised medical services. If you agree to us contacting you with personalised marketing, we will also send you reminders if a repeat examination is due.
If you change your mind later, you can withdraw your consent(s) and this will not have any impact on the medical treatment you receive from us. The withdrawal of your consent will have no impact on the lawfulness of data processing performed prior to the withdrawal. You can find more information on the subject in Point 7 of the Annex.
2. Data we process
During your relationship with Affidea, we collect your personal data from three sources: (1) from you, (2) from others and (3) from our medical activity.
(1) In order to provide you with your medical service, we ask you to provide us your basic personal data (especially your personal identification data), your payment and insurance data (data necessary in order to pay for our service) and your health data (particularly information about your health condition). If you decide to share previous images and medical reports for us to use, we will store and process these on our systems for the purposes of your medical diagnosis and/or medical treatment. If you voluntarily supply contact information of your next of kin or family, this data will only be used when we are unable to contact you, or in the event of an emergency.
(2) We collect personal data from others especially in the following instances:
a) If you are referred to our centre by a medical provider (referring doctor or hospital) we consult this person about your health condition and/or treatment, if necessary to find the most appropriate medical service for you.
b) If the medical diagnosis and/or medical treatment we provide you are paid for by a medical insurer (either public or private) we need to check your insurance cover before we provide the medical service to you.
(3) When providing your medical diagnosis and/or medical treatment, we record health data about you. As a medical services provider, Affidea is required by law to carefully document the service provided to you.
For further information about the data we process, especially the exact data scopes, the exact data sources, please see the Annex of this notice or ask one of our receptionists.
3. How long we retain your data for
Affidea retains your personal data for a period necessary to provide medical services and to comply with applicable medical, tax, accounting or other legislative requirements. If our legal obligation to retain your data ends, we will delete your data or anonymise it (as explained above) unless you consent to us retaining your records for 75 years. Affidea will not delete your data if an alternative legal basis for keeping is applicable, for example, Affidea’s legitimate interest to defence against claims. If this is the case, we will contact you.
For further information about how long we keep your data, please see the Annex of this notice or ask one of our receptionists.
4. Who we share your data with
During your relationship with Affidea, we may share your personal data with three different types of recipients: (1) with providers instructed by us, (2) with providers independent from us and (3) with people you request us to share data with.
(1) Affidea uses service providers (so-called data processors) to assist us in processing the personal information we collect from others or that werecord (for example medical and financial software and hardware vendors, contracted medical professionals, providers of paper document storage). The data processors act on behalf of Affidea on our written instructions. We only share your data that is absolutely necessary.
(2) We share your personal data with third parties (meaning recipients independent from us) in the following instances:
a) If we are required by law (e.g. recording your health data related to your health condition, medical history, interventions in the Electronic Health Service Space (in Hungarian: Elektronikus Egészségügyi Szolgáltatási Tér).
b) If needed to perform our obligations with a medical professional or insurer you have a contract with.
c) If the protection of your vital interest so requires, we will share your health data with other medical professionals.
We only share data with third parties that is absolutely necessary to share.
(3) You may request that we send your health data to your referrer or your family doctor. If you wish to ask us to share your data with someone, we kindly suggest enquiring about how and why this person would process your personal data first. The processing activities of third party recipients are outside our control and responsibility. If you want us to share your health data with other medical professionals, please consult our receptionists about the available means for such data transmission.
For further information about the recipients of your personal data please see the Annex of this notice or ask one of our receptionists.
5. International data transfers
It might be needed to share your personal data with recipients located outside Europe. Before transferring your data outside Europe, your data is safeguarded as we ensure (1) the recipient country is covered by an adequacy decision of the European Commission and (2) that so-called Binding Corporate Rules or standard EU contracts are used. If we need to transfer your data to a country not covered by an adequacy decision of the European Commission, we will inform you about this transfer in advance.
For further information about the location of your personal data, please see the Annex of this notice or ask one of our receptionists.
6. Keeping your data safe
Keeping your data safe is our priority. Your personal data is stored securely by us, or by our carefully selected service providers. When our service providers process health data on our behalf, we require a high level of protection.
We make sure that very strict security measures are in place to keep your personal data safe against loss and misuse, as well as unauthorized access or transfer.
7. Your rights
Under data protection legislation you have the following rights.
7.1. Right of access. This means that you are entitled to know that Affidea processes your personal data and how they are processed, including the purposes of data processing, recipients to whom your data have been disclosed, the source that has provided data to Affidea, storage period, any of your rights related to data processing, information on automated decision-making and profiling, and in the case of transferring data to third countries or international organizations, information on the related guaranties. When you exercise your right to access your personal data, you are also entitled to request a copy of your data.
7.2. Right to rectification. This means that you are entitled to have your personal data corrected or completed if your data are inaccurate or incomplete. If we are in doubt about your corrected personal data, we might call and ask you to properly verify your corrected data, primarily by a document.
7.3. Right to erasure. This means that you are entitled to have your personal data deleted in specific circumstances. Your data may be deleted if (i) we do not need your personal data for the purpose for which we have collected or in any other manner processed them, (ii) the data processing had been based on your consent but you withdrew your consent and the data processing has no other legal basis, (iii) the data processing had been based on Affidea’s or a third person’s legitimate interest, however you objected to it and, except for objection to data processing for direct marketing purposes, there is no overriding legitimate ground for the processing, (iv) we have processed your personal data unlawfully or (v) data deletion is required for the fulfilment of a legal obligation. .
7.4. Right to restriction of processing. This means that you may request to ‘block’ the processing of your personal data. As a main rule, your valid request will mean that we will only be allowed to store your personal data, but not to process them any further. You may request to restrict data processing if (i) you argue the accuracy of your personal data in which case the restriction is applicable to the period that enables us to verify your personal data, (ii) our data processing is unlawful but you object to the deletion of your personal data and instead, request to restrict their use, (iii) we do not need you personal data for data processing any more but you request them for the establishment, exercise or defence of legal claims, or (v) you objected to the data processing in which case the restriction is applicable to the period during which Affidea establishes that its legitimate grounds override your legitimate grounds.
7.5. Right to data portability. This means that you are allowed to ask us to transfer your personal data that you have provided us on the basis of your consent or contractual obligation and the data processing is automated (e.g. in a computer system) to you or another controller. An action taken under data portability does not mean the deletion of your data unless you simultaneously submit a well-founded request for deletion.
7.6. Right to object. You may exercise your right to object to the processing of your personal information for direct marketing purposes or the use of your personal data for other purposes that is based on Affidea’s or a third person’s legitimate interest. Affidea has no obligation to accept your request if we demonstrate that (i) we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or (ii) the data processing is required for Affidea’s establishment, exercise or defence of legal claims.
7.7. Right to an effective judicial remedy. If you believe that our data processing infringes the applicable data protection regulations, you may file a complaint with the National Authority for Data Protection and Freedom of Information (in Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság) (website: http://naih.hu/; address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; PO Box: 1530 Budapest, Pf.: 5.; phone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: firstname.lastname@example.org). We however trust you to inform us about your issues first. You are also entitled to file a complaint with the competent data protection supervisory authority in the Member State of your habitual residence, place of work or the place of the alleged infringement, or bring proceedings before a court for such infringement.
If you are exercising any of your above rights and we have previously disclosed your personal data that, at your request, have been subject to rectification, completion, deletion or restriction, to any other person, upon fulfilling your request, we will notify these persons, provided that it is not impossible or requires disproportionate efforts from us. At your request, we will inform you about the identity of these persons.
If your right to access your personal data or right to data portability adversely affects the rights and freedoms of other persons, Affidea will be entitled to reject the fulfilment of your request to the necessary and proportionate extent.
If you wish to receive more information about your rights or wish to exercise any of your rights above or to withdraw your former consent, please ask one of our receptionists or contact our Data Protection Officer (you can see the contact details below).
8. Automated decision-making, profiling
No automated decision-making is performed in the course of Affidea’s data processing.
Affidea performs profiling, in other words, linking and assessing personal data in an automated manner, in order to send marketing newsletters, offers or reminders about due examinations if you have given your consent, or in the case of health data, your express consent to it. However, the only impact, indicated in the preliminary notice, this process can have on you is that Affidea sends personalized offers, newsletters, reminders that do not qualify as a decision significantly affecting or having any legal consequence on you.
9. If you have any questions
If you have any questions or would like more information, please feel free to contact our Data Protection Officer (e-mail: email@example.com, postal address: 1054 Budapest, Szabadság tér 7.; telephone number: +36 1-317-8610) or ask one of our receptionists for further information.