This privacy statement explains how the IMED Ltd. (Headquarters: H-1119 Budapest, Etele út 59-61, company registration number: 01-09-074315) created Windows and mobile application ("App") and its website, http://www.imed.hu (the "Site") (collectively, the "Services") collect, treat, transmit and protect the personal information of its customers.
The IMED Ltd. pays particular attention to the collection, management, use, processing and transmission of personal data related to Act CXII of 2011 on Informational Self-Determination and Freedom of Information Law, Act CVIII of 2001 on electronic commerce services and certain aspects of information society services, Act CXIX of 1995 on the management of data of name and address for the purpose of research and direct marketing, over and above 2016/679/EU Directive (i.e. General Data Protection), which takes effect from 25 May 2018, on the protection and the free movement of such data used with effect of natural persons in the management of personal data in respect of the provisions of keeping proceed.
Your privacy matters to IMED Ltd., so whether you are new to IMED Ltd. or a long-time user, you can get to know our practices below, and contact us via the imed@imed.hu email address in case of any questions.
This Privacy Statement is an integral part of the contract ("Contract") between you and IMED Ltd.
By signing a contract with IMED Ltd. (written order) you acknowledge that the information in this Privacy Statement has been recognized and consent to the processing and registration of your provided information by IMED Ltd. under the applicable laws; at the same time, you contribute to the availability of your contact information in the database of IMED Ltd. in order to inform you about the facts and changes in related to the services of IMED Ltd, and other changes affecting you.
| Data subject | Any natural person directly or indirectly identifiable by reference to specific personal data; |
| Personal data | Data relating to the data subject, in particular the name, identification number or one or more factors specific to the person’s physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject; |
| Consent | Any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations; |
| Objection | A declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed; |
| Controller | Any natural or legal person or organization without legal personality who or which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor; |
| Data processing | Any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans); |
| Data transfer | Ensuring access to the data for a third party; |
| Disclosure | Ensuring open access to the data; |
| Data erasure | Making data unrecognisable in a way that it can never again be restored; |
| Data process | Performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data; |
| Data Processor | Any natural or legal person or organization without legal personality, who, under a contract - including a contract under the provision of the law – processes the data; |
| Data set | All the data processed in one register; |
| Third person | Any natural or legal person or organization without legal personality that is not the same as the data subject, the data controller or the data processor; |
| EEA Member State | Any Member State of the European Union and any State which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area, based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area; |
| Third Country | Any State that is not an EEA State; |
| Data breach | Illegal management or processing of personal data especially unauthorised access, alteration, transmission, dissemination, erasure (loss) or destruction or inadvertent destruction or damage. |
The personal data of the customers / business partners processed and stored by IMED Ltd. are described for each data processing in the table of Chapter 4.
The company data appearing on sales or vendor contracts as well as on the performance of the contract or on other business documents and records shall not be considered as personal data.
The patient data (including the ECG measurement itself, the average heart rate, which part of body the ECG was taken, etc.) stored on the media of the products returned to IMED Ltd. is not processed and stored by IMED Ltd.
The subjects affected by data processing listed in Chapter 4 are the Office-holder’s and contact person’s of the organizations that are in business relationship with IMED Ltd. (by buying the products provided by IMED Ltd. or supplying goods or services for IMED. Ltd).
We handle and process the data only of the persons who are not protesting against the processing and provide their personal data according to their free will.
In case the legal basis for data management is the “Consent for a specific or multiple purposes”, IMED Ltd. provides detailed information for the data subjects with the help of this unambiguous statement and ensures the acquisition of Consent Declarations.
IMED Ltd. as controller handles and processes the data only for purpose specified in the table of Chapter 4 and only for the time period fixed in the table and does not make it available to third parties other than the data processors described.
By providing personal data for IMED Ltd., you guarantee the data is correct, accurate and up to date.
If the source of the personal data is the employer of the concerned private person IMED Ltd. does not take the responsibility for obtaining the consent of a natural person for the data transfer.
IMED Ltd. excludes its liability in cases of invalid or false personal data provided by data sources.
| The purpose of data procession | Legal ground for data procession | Possible consequences of failure to provide the data | Processed data | Data storage duration |
| Providing commercial quotation | Necessary for the performance of a contract, where the data subject is a party or initiates the conclusion of the contract | There will be no product sales, or support | The contact person’s -name; -e-mail address*; -phone number | 5 years from the quotation Data processor: IMED Ltd. |
| Sales framework agreement / exclusivity or supplier agreement with the company | Responsible officer’s contact person’s -name; -position; -e-mail address*; -phone number | 15 years after the last invoice issuance Data processor: IMED Ltd. | ||
| Customer service | The contact person’s -name; -e-mail address*; -phone number | |||
| Order fulfilment, delivery | The contact person’s -name; -position; -e-mail address*; -phone number -the billing and shipping address ** | |||
| Service and repair | ||||
| Invoicing to companies | Required for fulfilment of the controller’s legal obligation | The content requirements related to the invoice are not met and official condemnation takes place | The contact’s -name; -position; -e-mail address*; -phone number | Storage period according to the Accounting Law Data processor: IMED Ltd. |
| Invoicing to private persons or individual entrepreneur | The contact person’s -name; -tax identification number -tax number (contractor); | |||
| Business correspondence Consultancy warnings | Consent for a specific or multiple purposes | Efficient and timely provision of information is not possible | The contact person’s -name; -position; -e-mail address*; -phone number | Until the withdrawal of the consent or the termination of the party’s e-mail address Data processor: IMED Ltd.. |
| Download documents and software from http://www.imed.hu/ | ||||
| Information in newsletters about the operation, availability and products of IMED Ltd. | Until the withdrawal of the consent or the termination of the party’s e-mail address Data processor: IMED Ltd.. |
* In case of official correspondence the e-mail can be considered personal data if it contains the name of a private person
** In case private individual or private contractors using a private address
The data processing is done only to the extent and for the time necessary for the realization of the purpose and with personal data only that is indispensable for the purpose of data processing and otherwise suitable for the purpose in particular, as long as your rights, obligations and responsibilities in relation to your information, the provision of services and the related administration are in place.
When determining the storage period for personal data the following have been taken into account:
of which is the longer period.
Each data storage duration is given in the table of Chapter 4.
If a data occurs in more than one data management process, the longer period according to the table is applicable for the storage time of the data. Of course, the data stored in this way can only be used for data processing that is still in force.
Addressees of personal data within IMED Ltd.:
IMED Ltd. take advantage of the following data processors contribution for its data management activities:
Data Processor | Target | Contact |
Grund-Taxe Zrt. | Accounting activities | H-1029 Budapest, Nádor utca 16. Tax ID: 24356659241 Contact person: Rudl Ferenc Tel: +36 30 971 4386 |
By signing a contract with IMED Ltd (written order), you expressly consent to the fact that the personal data provided by you can be accessed and processed by the employees, senior officials, consultants, data processors or other employees of IMED Ltd. and by the partners to whom transmitting the data you have contributed to.
According to legal regulations, courts and certain authorities are entitled to know the personal data we manage.
We are aware that your data is valuable and will do our best to protect them in our data management.
In some cases, the personal information will be shared with third parties cooperating with us or acting on our behalf, if this is necessary to achieve the purpose for which the data subject or you the data has disclosed.
Your personal data may also be transferred to other third parties by IMED Ltd. if this serves you for more efficient service, or if those third parties handle the data on behalf of IMED Ltd. however, we have made sure that these third parties adequately protect information and data. The personal data may also be transferred by IMED Ltd. to other third parties if it is to serve you more efficiently or if the third party manages the data concerned on behalf of IMED Ltd. However, we have ensured that these third parties adequately protect the information and data.
IMED Ltd. may transfer personal data to third party processors providing an appropriate level of technical and organisational guarantees. IMED Ltd. may, in accordance with generally accepted data protection practices, use external service providers to perform regular server maintenance, data storage or other IT tasks.
We will share information with other third parties only if:
By signing the contract (written order), you expressly consent to the transfer of such data and guarantee that you are entitled to transfer personal data to IMED Ltd for such purposes.
As soon as the terms and conditions for legitimate handling or transfer of data cease to exist, IMED Ltd. shall immediately take steps to delete the personal data from the database and notify you of the deletion.
In the course of data processing, the data, that IMED Ltd. has got access to and stored whether in the electronic information system or on traditional paper-based media, has been handled with the utmost care and strictly confidential, and shall endeavour to protect them by all lawful means, in particular unauthorized access, alteration, transmission, disclosure, misuse, deletion or destruction, and technical and organizational measures against accidental destruction and injury.
The IT system of IMED Ltd. provides adequate security for the management of data in an electronic information system. Our data controllers and partners are responsible, just like IMED Ltd, for providing data protection and data usage strictly only for purpose. The processed data is accessible to authorized persons, the authenticity and authentication of the data is guaranteed, the data is unchanged and the data is protected against unauthorized access.
IMED Ltd. protects the data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage.
IMED Ltd. ensures data security with technical, coordinational and organizational measures which provide a level of protection appropriate to the risks associated with data management. We have implemented generally accepted technological and operational security solutions to prevent the loss, alteration, destruction or misuse of identifiable personal data. To the fullest extent possible we ensure the protection of personal data handled by IMED Ltd. through adequate confidentiality commitments as well as technical and security measures. Personal data may only be accessed by our duly authorized confidentiality personnel or authorized data controllers.
By ordering the services or products of IMED Ltd. and providing your email address in the contract (written order) to IMED Ltd. you agree that IMED Ltd. mails you professional materials and other information, notifications about IMED Ltd. to the given address in the form of newsletter.
IMED Ltd. establishes a database of information (company name, name, position, company email address) given by contact persons as their company contact in order to regularly send them (to the company email address of the contacts) newsletters on topics marked by them or in the view of the IMED Ltd. they might be interested in. The contact information provided during the subscription is stored in the customer relationship management system of IMED Ltd., managed confidentially, not transferred to unauthorized persons, or made available.
The newsletter sending service draws the attention of the organizations represented by the contact points to the current rules related to the activities of IMED Ltd. and to their changes as well as providing guidance in the practical application of the individual rules, offers opportunities for participation in events that require a personal appearance (offline) as well as in events held with the help of electronic communication devices (online) and in addition the direct contact details of its employees in relation to the topics.
Newsletters and presentations are not for contact persons as individuals, but for organizations that are related to them, such as you, furthermore the provided data related to the above mentioned data processing is stored and processed by IMED Ltd. as company contact information and not as personal contact details, therefore, no personal data is processed in this case.
IMED Ltd. reserves the right to exclude anyone from the newsletter at any time.
The data will be handled by IMED Ltd. until deletion is requested by data subject.
When you visit our Services or open our emails, we may collect certain information by automated means, such as cookies, web beacons and web server logs. The information we collect in this manner includes IP address, browser characteristics, device characteristics, operating system version, language preferences, referring URLs, information on actions taken on our Services, and dates and times of website visits. The information does not identify you. If you continue to use our Services, we will assume that you permit this collection.
We use cookies, web beacons, web server logs and other automated means for purposes such as (i) customizing users' visits to our Sites, (ii) delivering content tailored to users' interests and the manner in which users browse our Sites, and (iii) managing our Sites and other aspects of our business.
We may use third-party web analytics services on our Services, such as those of Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons collect usage information matched to an IP address, but not your personal information, to help us analyse how visitors use the Sites and improve the overall experience of the Sites. The analytics providers may also collect information about your use of other websites over time, if those websites also use the same analytics providers. To learn more about Google Analytics and how to opt out, please visit http://www.google.com/analytics/learn/privacy.html.
We may use third-party services on our Services, to collect usage data in order to understand and continue improving our products and services.
Data subjects may request information about the personal data submitted by you and handled by IMED Ltd., their source, the purpose, legal basis, duration of the data processing, the name, address and data management of the data processor, and in the case of transmission of personal data, the legal basis of the transfer and its addressee.
The request for information is only carried out personally by the IMED Ltd. in order to ensure the safety of the data of the data subjects. For this purpose, the request for information may be sent to IMED Ltd. by post in the form of a private document with full probative force, by email or by fax, providing the appropriate identification information. IMED Ltd. will provide the information to the address given by you in the shortest possible time, but not later than 30 days in writing and in a comprehensible manner.
Please note that information on a particular datum per year is free of charge, for further information IMED Ltd. may charge reimbursement.
If the data subject indicates to IMED Ltd. by providing the specified personal data at the same time that the personal data handled does not correspond to the reality or if IMED Ltd. otherwise becomes aware of the personal data error and correct data, then IMED Ltd. corrects the personal data. IMED Ltd. informs the person concerned about the rectification or the refusal of his claim for rectification.
Data subjects are entitled to request the deletion or blocking of their personal data. Personal data will be blocked if, on the basis of the information available, it can be assumed that the deletion would infringe the legitimate interests of the person concerned. We treat personal data blocked in this way only as long as there is a data management purpose that excludes the deletion of personal data. We will notify the data subjects of the erasure or blocking as well as of the rejection of the request for deletion or blocking.
Data subjects - except in the case of mandatory data management - are entitled to object to the processing of their personal data
IMED Ltd. shall review the protest within the shortest possible time, but within a maximum of 15 days of the submission of the request, to make a decision on its validity and inform the applicant in writing of its decision.
If the objection is well-grounded, IMED Ltd. discontinues the processing of data, including further data collection and data transmission, locks the data as well as notifies those, for whom the personal data affected by the protest were forwarded and who are obliged to take action to enforce the right of protest, about the measures taken.
Their cooperation on direct marketing letters shall be refused at any time without justification by the data subjects. In this context, they are entitled to refuse or prohibit the inclusion of their name data in the list of contacts and/or the marketing, the use of it for – specific – direct marketing purposes and the handover for a third party.
You have the right and the obligation to report changes to the data in your own possession, managed by IMED Ltd., within 15 days.
With regard to personal data protection and data handling issues, the persons concerned may appeal to the National Data Protection and Information Authority (H-1125 Budapest, Szilágyi Erzsébet fasor 22 / c., Postal address: 1530 Budapest, Pf.:5) and apply for legal remedy.
The rights described above may, in exceptional cases, be limited by statutory provision, in particular to protect the rights of the data subject or of others.
IMED Ltd. performs the supply of data contrary to your data management declaration only at the request of the bodies authorized by law and in the cases specified by law.
IMED Ltd. reserves the right to unilaterally amend this Privacy Policy at any time. You will be clearly informed in writing of any changes in the information provided in your contract.
Should you have questions or comments please do not hesitate to contact IMED Ltd. in any of the following contact details:
Date: Budapest, 15/02/2019.
