Privacy Policy

UroSystem – Privacy Policy

Urosystem Zrt (hereinafter referred to as Provider, Controller or Data Controller) meets its information obligations related to data processing by issuing this Policy. The Provider acknowledges the content of this legal notice as binding for itself and guarantees that all data processing operations related to its activities comply with the requirements defined in this Policy and the rules of law in force.

The Controller:

  • reserves the right to change this Policy; 
  • is committed to the protection of the personal data of its clients and partners and considers respect of its clients’ right for informational self-determination particularly important; 
  • will process personal data confidentially and take all security, technical and organizational measures to guarantee the security of such data;
  • will process personal data only for specific, explicit and legitimate purposes, for the purposes of exercising a right or fulfilling an obligation; will collect it taking the principle of fairness and legality into consideration and process it in adherence to such principles;
  • will process only personal data that is indispensable and suitable for the purposes of data processing. The Provider will process personal data to the extent and for the period necessary for implementing the purpose. Personal data will be stored in a form to enable identification of the data subject only for the period necessary for achieving the specific purposes, i.e. collection and further processing of the personal data.

The Controller’s data processing principles are in accordance with the legal regulations related to data protection.

The Controller is the operator of the app. urodapter.com webpage (Webpage), on the one hand, it is engaged in media content provision and provides the services available there in relation to its such activity and, on the other hand, it performs the related IT services as well. For the purposes of this Policy, each individual who enters or visits the Webpage and provides his or her data referred to herein is considered a user (hereinafter referred to as User). 

Data Controlling

1. Whose data is being controlled?
Every User is a subject to data controlling. Persons, who do not share any personal data, the Cookie Policy concerns. Persons who provide personal data during contact are considered Data Subjects/Users. 

2. What sort of personal data is being controlled?
The following personal data are controlled for contact services (Users) by sending an e-mail or filling out the contact form:

  • Name (first name, surname)
  • Email address
  • Company/Institution
  • the text of the message

Those third party partners to whom we transmit personal data also carry out data controlling activities. Details of this can be found in point 8. and the Privacy Policies of these third party partners.

3. What sort of health Data is being controlled?

We do not process health data during the provision of services currently available on our Webpage.

4. What is legal basis of collecting and controlling personal data?

The legal basis of collecting and controlling personal data are:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; 
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; 
(c) processing is necessary for compliance with a legal obligation to which the Controller is subject.

If the legal basis of the controlling of the personal data is the consent of the Users, then before giving consent, they should receive clear, written information about our privacy procedures which you can accept by placing a tick in the appropriate check box and which means to give the consent to the control of your personal data.

5. What is the duration of Data Controlling?

If the legal basis of the controlling of the personal data is the consent of the Users, then we are allowed to control your personal data for a 3 years period, but controlling ends instantly in case of the withdrawal of a consent, a request of deleting or destroying. The consent can be withdrawn at any time.

6. What is the purpose of Data Collecting and Controlling?

  • Making it available for the Users to contact us.
  • Making it available for the Users to ask for information.
  • The easy and efficient use of the Webpage for the Users.

7. Who can access to the data?

No Visitor, User or unappointed third party can access to any other data.

The staff of the Webpage and other third parties can access all data, however, they are not allowed to use them for any other purpose than described in point 6., nor transfer or sell them to any unappointed third parties.

Appointed third parties that are able to access to the data are described in the following section.

8. To whom is data transferred?

External service provider: the Controller may, in connection with operation of the Webpage or the provision of the services provided there – either directly or indirectly – employ third party service providing partners to whom the personal data are or may be transferred, or who may transfer personal data to the Controller. 

Furthermore, service providers who are not in cooperation with the Controller but who collect data of the Visitors, Users by having access to the webpage of the Service that may be suitable to identify them – either independently or combined with other data – shall also be considered external service providers.

The personal data processed in the systems of External service providers shall be subject to the provisions of the External service providers’ own privacy notices. 

In order to provide customized service, the Data Controller uses external service providers to operate the Webpage, the purpose of which is to identify and maintain contact with the User, as well as to maintain, operate and develop IT systems.

Any data have to be transferred to third parties if they are required for investigating and/or examining criminal cases or cases of natural security. If this happens, the third party who requires the data must define what data they need and name the exact purpose of data controlling, too.

Apart from the cases described above, no data can be transferred to any other third parties without the consent of the Visitor or the User.

Although there are External service providers with whom none of the Controllers is in contractual or cooperation relationship intentionally in respect of the relevant data processing, but who nevertheless have access to the Webpage – either with or without contribution of the user – and so collect data on the Users or user activities on the Webpage, which may be suitable – either independently or combined with the data collected by such other external service provider – for identifying the User. Such External service providers might be, in particular but not limited to:  Facebook Ireland LTD., Google LLC, Instagram LLC., Infogram Software Inc, PayPal Holdings Inc., Pinterest Europe Ltd., Playbuzz Ltd., Twitter International Company, Viber Media LLC, Vimeo INC., YouTube LLC. 

Such External service providers process the personal data forwarded to them according to their own privacy policies. 

The links and code of the External service providers are accessible at Webpage.

9. What happens if personal data are not shared or if a person ceases to share it?

No Visitor or User is obligated to share any personal data, visiting the webpage is possible without doing so (or after withdrawing a consent to Data Controlling). In this case, however, they may have limited access to our services on the Webpage.

Data protection

The Data Controller makes every effort (that can be expected rationally) so that the principles of the safety of data can prevail. This can be summarized in the following way.
1. Availability
Those who have the right to access the necessary data are able to do so at any time.
2. Confidentiality
Every piece of data is available only for those who are authorized to control and process it.
3. Authenticity and Integrity
During the process of data storing and controlling the data itself remains unchanged.
While the data is being stored, the Data Controller performs every measure of protection and precaution (that can be expected rationally) so that the data shall be protected against stealing, unauthorized accessing, becoming damaged, corrupted, deleted, destroyed and published (regardless of a result of an intentional or unintentional act), failures of electronic or any other forms (including natural disasters).

Data Breach and its Handling

In case of data breach of high risk, the Data Controller informs the persons who are involved (due to their rights) with no delay.
The Data Controller need not inform the persons who are involved if
•    the Data Controller performed actions which made the data affected by the breach incomprehensible (e.g. by using encryption on the data)
•    informing the persons who are involved would require actions of unproportional effort (in this case information shall be provided in another form, e.g. publishing)
•    due to the actions performed by the Data Controller the high risk does not exist anymore.

Cookies
The Webpage uses cookies for its operation. The data protection information related to cookies can be found in the Cookie Policy.

The Visitors’ and Users’ Rights
Every User has right for the following actions and rights which can be enforced by sending an e-mail to the address shown on the Webpage. The e-mail address: mail@urosystem.com

These rights are the following:

1. The right to be informed forehand
Every person has the right to be informed about all the facts related to data controlling and processing, in a clear and legible form. This right exists even if the data controlling has not begun.

2. The right to access
Every person has the right to receive feedback about the process how his/her data is being controlled, including the nature of the data, the purpose and duration of controlling and the fact if his/her data is being transferred to a third person. Every person has the right to be informed about their rights related to data controlling and processing.
Certain services of the Webpage might not be available if the User does not allow that certain data are being transferred to third parties elaborated in the point 8. of this Policy

3. The right to rectification
Every User has the right to ask the Data Controller to correct his/her personal data. (The Users may be asked to provide some additional data if it is missing.) 

Every natural or legal person whom the corrected data (of any nature) has been transferred shall be informed about the correction unless it is impossible or unproportional effort is required.

4. The right to erasure and to be forgotten
Without any further notice or request the data of a User is to be deleted in the following cases:

  • the data collected and processed before is not used in the future
  • the only legal basis of data controlling was the User’s consent, which has been withdrawn
  • it has been proved that the data controlling has been illicit.

Should the Data Controller used (or shared) personal data for any other purpose than described in the corresponding section of Data Controlling before the arrival of the request, it was performed with the use of an anonymized form of data, which did and does not enable the identification of a User. In this case the right to be forgotten cannot be comprehended. (A brief explanation: in this situation it would be impossible to decide whose data should be deleted.)

Should any data of a User have been published (followed by a formerly expressed consent) and it must be deleted (due to the User’s right to erasure), every other data collector involved in the situation are attempted to be informed that the User requested the deletion of his/her data. The particular amount of effort taken depends on the available time, technology and the estimated costs of the action. Approved third parties are informed about the User’s request in all cases.

5. The right to restrict
Should a User consider our methods of data controlling inappropriate he/she can request us to restrict the processing of their data.
If it becomes proven that the User’s or Visitor’s data has been illicit, restricting data instead of deleting it can be requested, too. In this case the Data Controller stores the data in question but does not process it.
Due to data restriction certain services of the Webpage might become restricted.

6. Right to object
Any affected person has the right to object against controlling his/her personal data due to any reason related to his/her situation at any time; regardless of the Data Controlling is carried out in the public interest, in the exercise of an official authority vested in the controller, or controlling is carried out due to the need of exercising the legal claims of a third party.
In the cases above the Data Controller shall not control the related personal data any more unless it is proven by the Data Controller that doing so is a necessity based on legal reasons which override the interests, rights and freedom of the affected person or are in direct connection with proposing, exercising or protecting legal claims.
If the controlling of personal data happens for direct solicitation, the affected person has the right to object against controlling his/her personal data for this particular purpose. If an objection happens due to this reason, the related personal data shall not be controlled for this purpose in the future.
No personal data are being collected for research or statistic purposes in a form which enables the identification of any User; all collected data for these purposes are anonymized. Therefore, the affected person may object to control anonymized data only before collecting the described data takes place. Special attention has to be called to the right to object when or before the first contact between the Data Controller and the Visitor established, the related information has to be announced in a clear and unambiguous form, separated from any other pieces of information.

7. The right to data portability
If the claim of Data Controlling is the consent of a Visitor or based on a contract, the User has the right to obtain all data related to him/her in a legible form that is viewable with a computer or any other similar digital device. The format of the data shall be a widespread one. Assuming it is attainable, the User may request that his/her data shall be transferred to another Data Controller.
Exercising the right to data portability may not affect disadvantageously the rights and freedom of other persons.

8. Automated decision systems
The Webpage uses no automated decision systems.

9. The right to legal remedy
If a Visitor or User presumes that the data controlling happens improperly or in an illicit way, they have the rights to contact us by using the contact email address found on the Webpage. The e-mail address: mail@urosystem.com

Any complaints related to controlling personal data can be addressed to Hungarian National Authority for Data Protection and Freedom of Information (NAIH; Nemzeti Adatvédelmi és Információszabadság Hatóság), whose address is the following: 22/C Szilágyi Erzsébet fasor, 1125 Budapest, Hungary, Europe; postal address: Post Office Box 5, 1530, Budapest, Hungary.
The Visitor or User has the rights to exercise their rights in the form of a lawsuit at a civil court. Assessing the legal action is at the sphere of action of the court of justice. The plaint has to be submitted to the court corresponding to the Visitor’s living place. Further information about the Hungarian courts can be found at the following webpage: https://birosag.hu/torvenyszekek.

Terms and Definitions

Consent – An express from the side of a Visitor which has been performed voluntarily, clearly and definitely based on an adequate form of informing, in which he/she agrees that their personal data can be controlled by the Data Controller. A Consent can be of a form of declaration, or any form of action that refers to the expression of will.

Data Breach – aka. Breach; an incident which leads to security issues, which means the loss, alteration or destruction of data (accidentally or illicit), and/or the illicit publishing or accessing to data.

Data Controller – Urosystem Zrt., registered office: 26 Szent István park, 1137 Budapest, Hungary, e-mail: mail@urosystem.com

Data Controlling – Any automatized or manually performed process applied to data. The term includes collecting, recording, systematization, conversion, query, publishing, applying, noticing, providing, spreading, harmonizing, restricting, deleting and destroying.

Data Deleting – aka. Erasure; making data unrecognizable in a way which guarantees that the particular data cannot be recovered in the future.

Data Processing – Any task executed on data, related to Data Controlling; regardless of its place, manner, used tools and methods.

Data Processor – A natural or legal person, or an organization without a legal personality who is assigned by the Data Controller to the task of processing data.

Data Transferring – Making data available for a certain third party.

Personal Data – Any information which refers to an identified natural or legal person or enables the identification of them. A person is identifiable if this process can be done by either directly or indirectly using one or more types of personal data.

Protest – A notice given by a person so that they express an objection to the controlling of their personal data, or they express a request of ceasing of Data Controlling or deleting their data.

User – A person who is visiting the Webpage and who asks for additional information. See also definition of Visitor.

Visitor – A person who is visiting the Webpage without filling in contact form. Visitors need give no personal data for this action.