Legal Information
Privacy Policy
Aesthetic Expert Kft. (hereinafter: "Data Controller") places great emphasis on the protection of personal data, with particular regard to health data processed in the course of providing healthcare services, which qualifies as special category data.
The purpose of this Privacy Policy is to provide transparent, detailed and accessible information about data processing practices, the legal basis, purpose and duration of data processing, as well as the rights of data subjects and available remedies.
The Data Controller ensures that the processing of personal data is carried out at all times in accordance with applicable European Union and Hungarian legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR), Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (Infotv.), and Act XLVII of 1997 on the Processing and Protection of Health and Related Personal Data (Eüak.), taking into account the highest data security requirements.
Data Controller Details
Company name: Aesthetic Expert Kft.
Registered office: 1025 Budapest, Ruthén út 18.
Company registration number: 01 09 429004
Tax number: 32530180-2-41
E-mail: info@bemedclinic.hu
Phone: +36 30 101 6555
Website: bemedclinic.hu
The Data Controller is responsible for all decisions and measures related to the processing of personal data, as well as for the lawfulness of data processing procedures.
Purpose and Scope of Data Processing
The purpose of data processing is the provision of healthcare services, communication with patients, facilitating appointment booking, operating the website, and fulfilling legal obligations.
This Policy applies to all natural persons who visit the website, contact the Data Controller, or use the healthcare services.
Legal Bases for Data Processing
The legal basis for data processing may be:
- performance of a contract or pre-contractual steps (GDPR Article 6(1)(b)),
- compliance with a legal obligation (GDPR Article 6(1)(c)),
- legitimate interest (GDPR Article 6(1)(f)),
- provision of healthcare (GDPR Article 9(2)(h)).
The Data Controller determines the appropriate legal basis for each data processing activity.
Website Visits and Logging
During the use of the website, technical data may be recorded, including IP address, time of visit, browser type and operating system.
The purpose of this data processing is to ensure system security, prevent misuse and maintain the technical operation of the service.
Appointment Booking and Contact
Personal data provided during contact is used by the Data Controller exclusively for the purpose of communication and preparation of the service.
The purpose of data processing is to ensure proper communication and accurate assessment of the patient's needs.
Processing of Health Data
In the course of providing healthcare services, the Data Controller processes special category data relating to the patient's health condition, diagnosis and treatment.
Such data is processed exclusively for the purpose of healthcare provision and is treated in strict confidence.
Data Retention Period
The Data Controller retains data only for as long as necessary. The retention period for medical documentation is generally 30 years in accordance with applicable legislation.
Cookies and Analytics Services
The website uses Google Analytics for statistical purposes. Statistical cookies are activated only with prior consent.
For full details, see our Cookie Policy.
Data Processors and Third-Party Recipients
The Data Controller may engage data processors and disclose personal data to third parties for the provision of services, who act on the basis of written contractual obligations that meet the requirements of Article 28 GDPR.
Main categories of recipients:
- Hosting and IT service provider: Tárhely.eu Kft. (1097 Budapest, Könyves Kálmán körút 12-14.)
- Booking platform: Altegio (used for online appointment booking)
- Analytics service: Google Ireland Limited (Google Analytics, with prior consent only)
- Mailing service provider used for newsletter dispatch and contact form processing
- Customer relationship management tool used for ticket handling (MiniCRM)
Personal data is shared with public authorities only where required by law.
International Data Transfers
International data transfers are carried out only with appropriate safeguards in place.
Rights of Data Subjects
Data subjects are entitled to request access, rectification, erasure or restriction of processing, as well as to object to data processing.
Legal Remedies
Data subjects may file a complaint with the NAIH (National Authority for Data Protection and Freedom of Information) or turn to the courts.
Amendments to the Policy
The Data Controller reserves the right to amend this Policy.