Information about Cosmodent Ltd. on data processing

Cosmodent Kft. hereby informs its patients of its data processing related to dental or other relevant services according to the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR):

1. Identity and contact details of the controller

Patient’s data is processed by Cosmodent Kft., whose business data are the following:

Name of the company: Cosmodent Kft.
Seat: 1118 Budapest, Budaörsi út 9.
Phone: +36 1 2001378
E-mail adress: info@cosmodent.hu
URL: https://www.cosmodent.hu/
Representative: Dr. Óvári Zoltán managing director

2. Data Protection Officer Details

Cosmodent Ltd. does not employ a Data Protection Officer.

3. Purpose of the Planned Processing of Personal Data

Cosmodent Ltd. processes the personal data of patients for the following purpose:

1. Fulfillment of the contract concluded with the patient for the provision of healthcare services and treatment;

2. Fulfillment of legal obligations related to healthcare and treatment;

3. Provision of additional services under the contract with the patient, including organizing travel;

4. Fulfillment of legal obligations related to Cosmodent Kft., especially compliance with regulations on health data reporting, invoicing, and accounting;

5. Settlement, verification, post-audit, and enforcement of claims arising from the performance under the contract with the patient.

4. Legal basis for the processing of personal data

Cosmodent Kft. processes the patient’s personal data based on the following legal grounds:

1. GDPR Article 6 1)(b), i.e., processing is necessary for the performance of a contract in which the patient is a party or for taking pre-contractual steps at the request of the patient;

2. GDPR Article 6(1)(c), i.e., processing is necessary for compliance with a legal obligation to which Cosmodent Kft. is subject;

3. GDPR Article 6(1)(f), i.e., processing is necessary for the legitimate interests pursued by Cosmodent Kft. These legitimate interests include asserting rights and claims arising from the contract with the patient and defending against claims against Cosmodent Kft.

Cosmodent Kft. processes the patient’s personal data considered as health data based on the following legal grounds:

1. GDPR Article 9 (2)(f), i.e., processing is necessary for the establishment, exercise, or defense of legal claims, or whenever courts are acting in their judicial capacity; R 9.

2. GDPR Article 9 (2)(h), i.e., processing is necessary for reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of healthcare and of medicinal products.

Regarding the processing of health data, Cosmodent Kft. informs patients that the processing of health data is carried out by a professional who is subject to the statutory obligation of professional confidentiality as defined in Hungarian law.

5. Categories of recipients of personal data

Cosmodent Kft. transfers the patient’s personal data to the following recipients:

• Accountant;

• Auditor;

• Taxi service providing shuttle services;

• Dental laboratory, other laboratories;

• Government authorities;

• Central registers, especially the Central Implant Register;

• IT system operator;

• Legal counsel.

6. Duration of data processing

Healthcare documentation must be preserved for 30 years from the date of data collection, and the final report must be kept for 50 years, as stipulated by Act XLVII of 1997 on the processing and protection of health-related personal data.

7. Data transmission to third countries

Cosmodent Kft. transmits data of patients domiciled or residing in Switzerland to Switzerland. The Commission has determined that Switzerland ensures an adequate level of data protection.

8. Rights of patients regarding data processing

8.1 Right of access

Patients have the right to receive feedback from Cosmodent Kft. as to whether their personal data is being processed. If such processing is underway, patients are entitled to access their personal data and the following information:

1. Purposes of data processing;

2. Categories of personal data concerned;

3. Recipients or categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations;

4. Where possible, the envisaged duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration;

5. The right of the patient to request from Cosmodent Kft. rectification or erasure of personal data or restriction of processing, and to object to such processing;

6. The right to lodge a complaint with a supervisory authority;

7. Information about the source of the data if it was not collected from the patient.

If personal data is transferred to a third country or international organization, the patient has the right to be informed about the appropriate safeguards under the GDPR for such transfers.

Cosmodent Kft. provides the patient with a copy of the personal data undergoing processing. For additional copies requested by the patient, Cosmodent Kft. may charge a reasonable fee based on administrative costs. If the patient has submitted the request electronically, the information should be provided in a widely used electronic format unless requested otherwise by the patient. The right to request a copy, as mentioned in this paragraph, shall not adversely affect the rights and freedoms of others.

Cosmodent Kft. Cosmodent Kft. informs patients that it does not apply automated decision-making and profiling.

8.2 Right of rectification

Patients have the right to request Cosmodent Kft. to rectify inaccurate personal data concerning them without undue delay. Taking into account the purpose of data processing, patients have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

8.3 Right to erasure

Considering that data processing is also carried out to fulfill obligations imposed by Hungarian law requiring the processing of personal data, and the duration of data processing is determined by law, patients are not entitled to the right to erasure under Article 17(3) of the GDPR.

8.4 Right to restriction of processing

Patients have the right to request Cosmodent Kft. to restrict the processing of their data if one of the following applies:

1. The accuracy of the personal data is contested by the patient, in which case the restriction applies for a period allowing Cosmodent Kft. o verify the accuracy of the personal data.

2. The processing is unlawful, and the patient opposes the erasure of the data, requesting instead the restriction of their use;

3. Cosmodent Kft. no longer needs the personal data for processing purposes, but the patient requires them for the establishment, exercise, or defense of legal claims.

If data processing is restricted based on the above, such personal data, except for storage, may only be processed with the patient’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

8.5 Right to object

Patients have the right to object at any time, for reasons related to their particular situation, to the processing of their personal data by Cosmodent Kft for the exercise of legitimate interests. In such cases, Cosmodent Kft. may not further process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the patient or for the establishment, exercise, or defense of legal claims.

Cosmodent Kft. informs the patient that it does not use their personal data for direct marketing purposes.

8.6 Right to data portability

Considering that the data processing is not carried out in an automated manner, the patient does not have the right to data portability.

8.7 Right to lodge a complaint with a supervisory authority

Without prejudice to other administrative or judicial remedies, the patient is entitled to lodge a complaint with a supervisory authority – especially in the Member State of their habitual residence, place of work, or the place of the alleged infringement – if, in the patient’s opinion, the processing of their personal data violates the GDPR.

In Hungary, the following supervisory authority has jurisdiction:

Official name: National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf.: 5.
Phone number: +36 (1) 391-1400
Fax number: +36 (1) 391-1410
Central email address: ugyfelszolgalat@naih.hu
The website URL is http://www.naih.hu

9. Basis for providing personal data

Considering that without providing personal data, the provision of healthcare and treatment may be impossible, the provision of personal data is a prerequisite for entering into a contract for the provision of healthcare and treatment. The 10. Failure to provide the personal data mentioned in point g) of paragraph 10 does not affect the performance of the contract concluded with the patient, but during performance, the undisclosed personal data will naturally remain disregarded.

10.Categories of personal data affected by data processing

Cosmodent Kft. manages the following personal data:

1. identifying data (including, in particular, surname and first name, maiden name, gender, place and date of birth, mother’s maiden name, residence, domicile, social security identification number)

2. data relating to health insurance or other insurance

3. electronic contact details (including, in particular, phone number, email address)

4. health data, especially personal data directly provided by the patient or a third party regarding the patient’s physical or mental health status, including information about healthcare services provided to the patient.

5. data related to the patient’s transportation

6. data required for invoicing

7. other personal data communicated by the patient to Cosmodent Kft.