Privacy Policy

Aesthetic Expert Kft. (hereinafter: "Data Controller") places great emphasis on the protection of personal data, with particular regard to health data processed in the course of providing healthcare services, which qualifies as special category data.

The purpose of this Privacy Policy is to provide transparent, detailed and accessible information about data processing practices, the legal basis, purpose and duration of data processing, as well as the rights of data subjects and available remedies.

The Data Controller ensures that the processing of personal data is carried out at all times in accordance with applicable European Union and Hungarian legislation, taking into account the highest data security requirements.

1. Data Controller Details

Company name: Aesthetic Expert Kft.
Registered office: 1025 Budapest, Ruthén út 18.
Company registration number: 01 09 429004
Tax number: 32530180-2-41
E-mail: info@bemedclinic.hu
Phone: +36 30 101 6555
Website: bemedclinic.hu

The Data Controller is responsible for all decisions and measures related to the processing of personal data, as well as for the lawfulness of data processing procedures.

2. Purpose and Scope of Data Processing

The purpose of data processing is the provision of healthcare services, communication with patients, facilitating appointment booking, operating the website, and fulfilling legal obligations.

This Policy applies to all natural persons who visit the website, contact the Data Controller, or use the healthcare services.

3. Legal Bases for Data Processing

The legal basis for data processing may be:

– performance of a contract or pre-contractual steps (GDPR Article 6(1)(b)),
– compliance with a legal obligation (GDPR Article 6(1)(c)),
– legitimate interest (GDPR Article 6(1)(f)),
– provision of healthcare (GDPR Article 9(2)(h)).

The Data Controller determines the appropriate legal basis for each data processing activity.

4. Website Visits and Logging

During the use of the website, technical data may be recorded, including IP address, time of visit, browser type and operating system.

The purpose of this data processing is to ensure system security, prevent misuse and maintain the technical operation of the service.

5. Appointment Booking and Contact

Personal data provided during contact is used by the Data Controller exclusively for the purpose of communication and preparation of the service.

The purpose of data processing is to ensure proper communication and accurate assessment of the patient's needs.

6. Processing of Health Data

In the course of providing healthcare services, the Data Controller processes special category data relating to the patient's health condition, diagnosis and treatment.

Such data is processed exclusively for the purpose of healthcare provision and is treated in strict confidence.

7. Data Retention Period

The Data Controller retains data only for as long as necessary. The retention period for medical documentation is generally 30 years in accordance with applicable legislation.

8. Cookies and Analytics Services

The website uses Google Analytics for statistical purposes. Statistical cookies are activated only with prior consent.

9. Data Processors

The Data Controller may engage data processors for the provision of services, who act on the basis of contractual obligations.

10. International Data Transfers

International data transfers are carried out only with appropriate safeguards in place.

11. Rights of Data Subjects

Data subjects are entitled to request access, rectification, erasure or restriction of processing, as well as to object to data processing.

12. Legal Remedies

Data subjects may file a complaint with the NAIH (National Authority for Data Protection and Freedom of Information) or turn to the courts.

13. Amendments to the Policy

The Data Controller reserves the right to amend this Policy.