Privacy Policy

Data controller data

• name: Imagine Health Kft.
• address: 1024 Budapest, Retek u. 24-27.
• tax number: 32686339-2-13
• e-mail: info@imaginehealth.hu
• telephone: +36 70 516 1514

The purpose of this Privacy Notice (hereinafter referred to as the "Notice") is to set out the procedures for the use of the records/databases kept by the Data Controller.

Purpose and scope of the Prospectus

• It ensures that the constitutional principles of data protection, the right to informational self-determination and data security requirements are respected,
• ensures that, within the limits of the law, everyone has access to his or her personal data, knows the circumstances of their processing, and prevents unauthorised access, alteration and unauthorised disclosure,
• to provide information to data subjects on the Data Controller's data management practices.

Governing legislation

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation; hereinafter: GDPR)
• Act CXXXIII of 2007 on the Rules of Personal and Property Protection and Private Investigation (hereinafter referred to as the " Act on the Protection of Persons and Property and Private Investigation")
• Act CXII of 2007 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the " Infotv.")
• Act No I of 2012 on the Labour Code
• Act XXXIV of 2007 (hereinafter: GDPR-Salata Act)
• information from the National Authority for Data Protection and Freedom of Information on the basic requirements for data processing in the workplace (hereinafter: NAIH information)
• the recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements for prior information (hereinafter: NAIH recommendation)
• Act LXXVI of 1999 on Copyright 

The Data Controller

According to the interpretative provision of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, a data controller is a natural or legal person or an organisation without legal personality who, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions concerning the processing (including the means used) or implements them with the data processor.

Data of the Data Controller:

• name: Imagine Health Kft.
• address: 1024 Budapest, Retek u. 24-27.
• Tax number: 32686339-2-13

Contact:

• postal address: 1024 Budapest, Retek u. 24-27.
• e-mail: info@imaginehealth.hu
• phone: +36 70 516 516 1514

The Data Processors

The processor may process the personal data of the data subject only for the purposes specified by the Data Controller and contractually agreed upon, in accordance with the instructions of the Data Controller, and has no autonomous decision-making rights with regard to the processing. The Processor has undertaken confidentiality obligations and contractual guarantees with regard to the retention of personal data obtained in the course of its tasks.

• Accounting: ANGYAL-TAX Korlátolt Felelősségű Társaság, 2040 Budaörs, Árok utca 5., 13-09-151316
• Hosting provider: HOSTINGER Ltd., UAB Švitrigailos str. 34, Vilnius 03230 Lithuania, gdpr@hostinger.com
• Logistics service providers:
  • Noblehunt Kft., 3264 Kisnána, Béke u 43.
  • Fáma First Kft., 2220 Vecsés, Tengely utca 3.
  • Packeta Hungary Kft., Budapest Ezred utca 2 B2/11, 1044
  • FoxPost Zrt, Váci út 60-62, 1044
  • Magyar Posta Zrt., 1138 Budapest, Dunavirág utca 2-6.
  • DPD Hungary Kft., 1134 Budapest Váci út 33., A épület II. emelet
  • Barion Payment Zrt., Budapest, Irinyi József u. 4-20
• Treatment of insolvency:
  • Legal Labs Kft., 1054 Budapest, Honvéd utca 8. 1. em. 2.

Purpose, duration and legal basis of the processing

The Data Controller carries out its processing on the basis of the voluntary consent of the data subjects or on the basis of a legal authorisation.

Reporting parties are required to provide all information accurately and to the best of their knowledge.

Where the data subject does not provide his or her own personal data, it is the data subject's responsibility to obtain the data subject's consent.

The duration of the processing is the minimum processing period provided for by law.

Data processing related to certain activities of the Data Controller:

Product ordering, quoting, rental, franchise cooperation

• Legal basis for processing: data subject's consent
• Data processed: name, e-mail address, telephone number, billing and delivery details
• Purpose of the processing: to ensure online sales procedures
• Data transmission: none
• Time limit for deletion of data: minimum processing period provided for by law.
• Possible consequences of non-disclosure: non-purchase

Subscribe to the newsletter

• Legal basis for processing: data subject's consent
• Data processed: name, e-mail address
• Purpose of processing: sending digital material and offers by e-mail
• Data transmission: none
• Deadline for deleting data: until revoked
• Possible consequences of non-disclosure: non-purchase

Contact

• Legal basis for processing: data subject's consent / legitimate interest
• Data processed: sender's name, address, e-mail address, telephone number, date of contact, attachments
• Purpose of processing: information, communication and proof of consent
• Transmission of data: in the event of an incident, as defined by law
• Time limit for deletion of data: 3 years
• Possible consequences of non-disclosure: lack of evidence of disclosure/information/contribution

Satisfaction measurement

• Legal basis for processing: consent of the data subject
• Data processed: gender, age, education, interests, date of purchase, method of purchase, method of using the service
• Purpose of data processing: to measure satisfaction with the service/product in order to ensure further improvements
• Data transmission: none
• Time limit for deletion of data: data will be kept in a non-identifiable form until the business interest has been fulfilled, up to a maximum of 10 years
• Potential consequences of non-disclosure: inaccurate needs assessment to support further improvements

Applying for a job

• Legal basis for processing: data subject's consent / legitimate interest
• Data processed: applicant's name, address, e-mail address, telephone number, date of contact, attachments
• Purpose of processing: to assess a job application
• Transmission of data: in the event of an incident, as defined by law
• Time limit for deleting data: 1 year
• Possible consequence of failure to provide information: application will not be considered

Where the Data Controller or the processors transfer the data to other third parties, they shall keep a record of this. The record of the data transfer shall include the recipient of the data transfer, the means, the date and the scope of the data transferred.

How the data is processed, stored and secured

The data will be treated confidentially in accordance with the law.

Users will be contacted at the contact details provided for cases they have approved. If contacted by telephone, the telephone conversation will not be recorded.

The Data Controller keeps the data processed by it - both in paper and electronic form - at the following location: 1024 Budapest, Retek u. 24-27.

For its operation, the Data Controller uses an IT system that ensures that the data:

• be verifiable (data integrity);
• to ensure the authenticity of the data (authenticity of processing);
• be accessible to those who are entitled to them (availability);
• and to be protected against unauthorised access (data confidentiality).

The Data Controller and its data processors shall at all times protect their IT systems against fraud, espionage, viruses, intrusions, damage and natural disasters. The Controller (or the processor) shall apply server-level and application-level security procedures.

Messages transmitted to the Data Controller via the Internet, in any form, are at increased risk of network threats that could lead to modification of information, access by unauthorized persons, or other illegal activity. To counter such threats, the Controller will use all reasonable efforts to do all that is reasonably possible and reasonable to expect of it.

Analytics and cookies

Cookies are small pieces of data that internet services store in your browser. IMAGINEHEALTH.HU uses cookies to optimise the user experience. This can be deleted from your computer or browser at any time. If the user does not accept cookies, we cannot guarantee the proper functioning of the site. For detailed information on the use of cookies, please refer to the Cookie Notice.

Embedded content from other websites

The posts available on IMAGINEHEALTH.HU may use embedded content (e.g. videos, images) from external sources. Embedded content from external sources behaves exactly as if you had visited another website.

These websites may collect data about visitors, use cookies or use third-party tracking code. The Data Controller is not responsible for the data and information privacy policies and practices of these sites.

If the Data Controller becomes aware that the external website violates the legislation in force or engages in harmful conduct, it will immediately remove the links from its site.

Data subjects' rights, remedies

Data subjects may at any time request information in writing from the Data Controller about the way their personal data are processed, indicate their wishes for erasure or modification, and withdraw their previously given consent.

Data subjects may not exercise their right to erasure in the case of processing required by law.

(a) Content of the right to information: at the request of the data subject, the Controller shall provide the data subject with the information listed in Articles 13 and 14 of the GDPR and the information referred to in Articles 15 to 22 and 34 of the GDPR in a concise and plain language.

b) Content of the right of access: upon request of the data subject, the Data Controller shall provide information on whether or not data processing concerning him or her is in progress at the Data Controller. Where the Controller is processing data relating to the applicant, the data subject shall have the right of access to the following information:

• Personal data concerning him or her;
• the purpose(s) of the processing;
• the categories of personal data concerned;
• the persons to whom the data subject's data have been or will be disclosed;
• the duration of data storage;
• the right to rectification, erasure and restriction of processing;
• the right to apply to a court or supervisory authority;
• the source of the data processed;
• profiling and/or automated decision-making and the details and practical implications of their use;
• the transfer of processed data to a third country or international organisation.

In the event of a data request as described above, the Data Controller shall provide the data subject with a copy of the data processed by the Data Controller in accordance with the request. Upon specific request, it is possible to request the Controller to deliver the data by electronic means. The Controller charges an administration fee of HUF 500,- per page for each additional copy. The deadline for the release of the requested data is 30 days from the date of receipt of the request.

c) A helyesbítéshez való jog: Az érintett kérheti az Adatkezelő által kezelt, rá vonatkozó pontatlan adatok helyesbítését.

d) Right to erasure: If any of the following grounds apply, the Data Controller shall, at the request of the data subject, erase the data relating to the data subject as soon as possible and in any event within 5 working days:

• The data was processed unlawfully (without legal authorisation or personal consent).
• The processing of the data is unnecessary to achieve the original purpose.
• The data subject withdraws his or her consent to the processing and the Controller has no other legal basis for the processing.
• The data in question was collected in connection with the provision of information society services.
• Personal data must be deleted in order to comply with the legal obligations applicable to the Data Controller.

The Controller is not able to delete the data if the processing is still necessary for any of the following:

• Further processing is necessary to comply with the legal requirements applicable to the Data Controller;
• Necessary for the exercise of the right to freedom of expression and information;
• In the public interest;
• For archiving, scientific, research or statistical purposes;
• For archiving, scientific, research or statistical purposes;

e) Right to restriction of processing: if any of the following grounds apply, the Data Controller shall restrict processing at the request of the data subject:

• The data subject disputes the accuracy of the data relating to him/her, in which case the restriction applies for the period until the accuracy and correctness of the data in question can be credibly reviewed;
• The data processing is unlawful, but the data subject requests that the deletion not be carried out, but only requests the restriction of data processing;
• The data is no longer necessary for data processing, but the data subject requests their continued storage for the exercise or defense of legal claims;

If the Data Controller imposes a restriction on any processed data, during the period of the restriction, it will only process the data concerned if and to the extent that:

• The data subject consents to this;
• Necessary for the establishment or defense of legal claims;
• Necessary to enforce or protect the rights of another person;
• It is necessary to enforce public interest.

f) Right to withdrawal: The data subject has the right to withdraw his/her consent to the Data Controller at any time – in writing. In the event of such a request, the Data Controller shall immediately and permanently delete all data processed in relation to the data subject, the further storage of which is not required by law or is not necessary for the exercise or protection of rights related to legitimate interests. The withdrawal shall not affect the lawfulness of the data processing carried out until the consent is withdrawn.

g) Right to data portability: The data subject has the right to request that the Data Controller transmit the data concerning him or her to another data controller in a commonly used, computer-readable format. The Data Controller shall comply with the request as soon as possible, but no later than within 30 days.

h) Automated decision-making and profiling: The data subject has the right not to be subject to a decision based solely on automated processing (such as profiling) which would have legal effects on him or her or would otherwise adversely affect him or her. This right does not apply if:

• the data processing is necessary for the conclusion or performance of a contract between the data subject and the Data Controller;
• the data subject expressly consents to the use of such a procedure;
• its use is permitted by law;
• necessary to assert or defend legal claims.

Procedural rules

If the Data Controller receives a request pursuant to Articles 15-22 of the GDPR, the Data Controller shall inform the data subject in writing as soon as possible, but no later than within 30 days, of the measures taken based on the request.

If justified by the complexity of the request or other objective circumstances, the above deadline may be extended once, for a maximum of 60 days. The Data Controller shall notify the data subject in writing of the extension of the deadline, together with the appropriate justification for the extension.

The data controller provides the information free of charge, unless:

• the data subject repeatedly requests information/measures with essentially unchanged content;
• the request is clearly unfounded;
• The request is excessive.

If the applicant requests the transfer of data on paper or on an electronic data medium (CD or DVD), the Data Controller will provide a copy of the data concerned free of charge in the requested manner (unless the chosen platform would technically present a disproportionate difficulty). For each additional copy requested, an administration fee of HUF 500 per page/CD-DVD is charged.

The data controller shall respond to the request in electronic form, unless:

• the data subject explicitly requests the answer in a different way, and this does not cause unreasonably high additional expenses for the Data Controller;
• the Data Controller does not know the data subject's electronic contact information.

Remedies

If you notice anything objectionable regarding data processing, please report it immediately using one of the contact methods provided in point 4.

If the data subject believes that his or her rights have been violated by the Data Controller and/or the data processors, he or she has the right to appeal to the competent and competent court.

If the data subject wishes to file a complaint regarding data processing, he or she may do so at the National Authority for Data Protection and Freedom of Information, at the following contact details:

• registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.;
• mailing address: 1530 Budapest, P.O. Box: 5.
• phone: 06-1/391-1400; fax: 06-1/391-1410;
• e-mail: ugyfelszolgalat@naih.hu;
• website: www.naih.hu

Cooperation between authorities

If the Data Controller receives an official request from the authorized authorities, it is mandatory to provide the specified personal data.

The Data Controller only transfers data that is absolutely necessary to achieve the purpose specified by the requesting authority.

Valid from 01.03.2025 until revoked.