Privacy policy

Data Protection and Data Security Policy

This Data Protection and Data Security Policy (hereinafter: Policy) is Neumann Diagnostics Limited Liability Company (headquarters: 7623 Pécs, Nagyvárad utca 15. fszt. 1.; Company registration number: 02-09-081306; Tax number: 25106000-2-02; e-mail : kerdes@neumannlabs.com; web: www.neumannlabs.com), as Data Controller Regulations.

The Data Controller considers it important to respect and enforce the rights of its customers and all other affected natural persons (hereinafter: Data Subjects) related to data processing, and therefore hereby informs the Data Subjects that during its data processing, the substantive and procedural rules of Hungarian law in force, the Data Protection and Data Security Regulations in force at all times , as well as other internal regulations.

The purpose of these Regulations is to define and adhere to the basic principles and provisions regarding the handling of the data of natural persons who come into contact with the Data Controller in order to ensure that the privacy of natural persons is protected in accordance with the relevant legal regulations and official resolutions.

The data is handled in accordance with the provisions of these Regulations, CXII of 2011 on the right to self-determination of information and freedom of information. is carried out in accordance with the provisions of the Act (hereinafter: Infotv.). The Data Controller is Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Directive 95/46/EC ("General Data Protection Regulation", "GDPR") informs the Data Subjects below regarding the management of their personal data.

The Data Controller acknowledges the content of these Regulations as binding on itself and undertakes to ensure that its data management related to its service meets the requirements set out in these Regulations.

LEGAL RULES RELATING TO DATA PROTECTION

During its data management practice, Neumann Diagnostics Kft. takes into account the relevant laws in force at all times. The data management principles published in these Regulations are in accordance with the following legislation:

year LXVI law - on the registration of citizens' personal data and residential address;
year CXIX Act – on the management of name and address data for the purpose of research and direct business acquisition (DM Act);
year CVIII Act - on certain issues of electronic commercial services and services related to the information society;
year XLVIII Act - on the basic conditions and certain limitations of economic advertising activity (Grt.)
year CXII. Act - on the right to self-determination of information and freedom of information
year XLVII Act on the management and protection of health and related personal data

BASIC PRINCIPLES

The basic principles defined in the GDPR are implemented as a minimum requirement in the data management behavior of Neumann Diagnostics Kft.

The basic principles contained in the GDPR are as follows:

a) Principle of legality, fair procedure and transparency
b) Principle of goal-boundness
c) Data saving principle
d) Principle of accuracy
e) Principle of limited storability
f) Principle of integrity and confidentiality
g) Principle of accountability

CONCEPTS

Personal data

Any specific data identified on the basis of personal data or linked to - directly or indirectly - an identifiable natural person (hereinafter: Data Subject) - in particular the Data Subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the Data Subject knowledge - as well as the conclusion about the Data Subject that can be drawn from the data.

Contribution

The Data Subject's voluntary and decisive declaration of will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations.

Protest

The Data Subject's statement objecting to the processing of his personal data and requesting the termination of data processing or the deletion of processed data.

Data controller

A natural or legal person, or an organization without legal personality, who independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor commissioned by it.

Data handling

Regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, alteration, use, query, transmission, disclosure, alignment or connection, locking, deletion and destruction of the data, as well as preventing its further use, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image).

Data transfer

Making the data available to specific third parties.

Disclosure

Making the data available to anyone.

Data deletion

Making data unrecognizable in such a way that their recovery is no longer possible.

Data processing

Performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

Data processor

A natural or legal person, or an organization without legal personality, who processes data on the basis of a contract with the data controller - including the conclusion of a contract based on the provisions of the law.

Data handling

Personal data can be processed if

a) the data subject consents to it, or
b) it is ordered by law or - based on the authorization of the law, within the scope defined therein - by a local government decree for a purpose based on public interest (hereinafter: mandatory data management).

Personal data can only be processed for specific purposes, in order to exercise rights and fulfill obligations. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal.

Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose.

LEGAL BASIS AND LEGALITY OF DATA MANAGEMENT

In all cases, the Data Controller informs the Data Subject of the legal basis of data management in these Regulations and in the Data Protection Information, if necessary in another document (e.g. consent statement, consent statement or other information).
In accordance with the purposes of each data management, the specified data management is legal if and to the extent that at least one of the following is fulfilled:
a) the Data Subject has given his prior and voluntary consent to the processing of his personal data for one or more specific purposes;
b) if the Data Subject is unable to give his consent due to his incapacity or other unavoidable reasons, then to the extent necessary to protect his own or another person's vital interests, as well as to eliminate or prevent a direct threat to the life, physical integrity or property of persons, the Data Subject shall, during the existence of obstacles to consent, personal data can be processed;
c) data management is also legal if data management is necessary to protect the vital interests of the Data Subject or another natural person;
d) data management is lawful if data management is necessary for the performance of a contract in which the Data Subject is one of the parties, or it is necessary to take steps at the Data Subject's request prior to the conclusion of the contract;
e) data management is lawful if data management is necessary to fulfill the legal obligation of the data controller;
f) data management is lawful if the data management is in the public interest or is necessary for the execution of a task performed in the context of the exercise of public authority granted to the data controller;
g) data management is lawful if data management is necessary to enforce the legitimate interests of the Data Controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the Data Subject that require the protection of personal data, especially if the Data Subject child.
Prior and express consent can only be considered legally acceptable if all three content requirements are met, i.e
a) volunteering,
b) definiteness (unambiguity) and
c) also provides information.
In case of voluntary, explicit provision of data by the Data Subject, the Data Controller processes the personal data with the consent of the Data Subject.
Voluntary consent, as consent, should also be understood as the behavior by which the Data Subject accepts that the present Regulations automatically apply to him.
It must clearly follow from the consent that the Data Subject consents to data management. If the data management is based on the Data Subject's consent, in case of doubt, the Data Controller must prove that the Data Subject has consented to the data management operation.
If the Data Subject gives his consent in the context of a written statement that also applies to other matters, the request for consent must be submitted in a way that is clearly distinguishable from these other matters, in an understandable and easily accessible form, with clear and simple language.
The Data Controller hereby informs the Data Subjects that the Data Subjects have the right to withdraw their consent at any time.
Withdrawal of consent does not affect the legality of data processing based on consent prior to the withdrawal, so the withdrawal applies only to the future and has no retroactive effect.
If the processing of personal data is mandated by law, data processing is mandatory. The Data Controller informs the Data Subject in detail about this in these Regulations and other regulations, which are to be considered annexes to these Regulations and to be interpreted together with them.
In the case of mandatory data management, if the Data Subject fails to provide data, the Data Controller is obliged to refuse the service/data management.
In all cases, the Data Controller informs the Data Subject of the legal basis for data management in these Regulations.

CERTAIN ACTIVITIES AFFECTED BY DATA MANAGEMENT

Data management is broken down into the following elements:

Registration of customer data when ordering the service on the website of the Data Controller
Website visit data
Laboratory diagnostic service
Invoicing
Package sending
Online payment
Presence on social media sites
Newsletter subscription
Complaint handling

The individual elements of data management and their characteristics are described in detail below.

Registering the Customer's data when ordering the service on the Data Manager's website

The data controller keeps a record of the Customer's data for an electronic order, into which the Customer enters the processed data himself.

1.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently).

1.2. Legal basis for data management

Data management is based on voluntary consent, a condition for becoming a Customer. Starting with the application of the GDPR, the legal basis for data management is Article 6 1. b. the second round of point (data processing is necessary to take steps at the request of the Data Subject prior to the conclusion of the contract).

1.3. Circle of Stakeholders

Every natural person who is a customer or wants to be a customer of the Data Controller.

1.4. Scope of managed data

Name* (for identification purposes), telephone number* (for contact purposes), e-mail address* (for contact purposes), previous orders (for statistical purposes), payment method (for the purpose of monitoring financial performance), discount (purpose of granting, checking, withdrawal).

Regarding the data marked with *, the Data Controller draws attention to the fact that if the data subject does not provide them to the Data Controller, the Data Controller cannot provide the service.

1.5. Purpose of data management

Facilitating smooth communication and delivering the ordered products to the address specified by the customer.

1.6. Duration of data management

2 years from the last purchase

1.7. The data management process

The Customer delivers the Data Subject's data to the Data Controller.

The data is entered manually by the Customer on the interface created for this purpose of the electronic web store for the purpose of registration and ordering. (www.neumannlabs.com)

The Customer of the service voluntarily consents to the fact that, if he provides his contact information, the Data Controller will contact him through it in order to keep his data up-to-date.

Data is communicated to a third party: on the payment interface, with regard to the Shopify module used on the website, when handing over the package to the courier service.

1.8. Method of data management

Electronic.

1.9. The source of the data

Directly from the Contact.

1.10. Data processing

The data controller uses the following data processors to fulfill the order:

Shopify (headquarters: 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada; web: www.shopify.com) for hosting activity(ies)

OTP Mobil Szolgáltató Kft. (head office: 1093 Budapest, Közraktár u. 30-32.; company registration number: 01-09-174466; tax number: 24386106-2-43; web: www.simplepay.hu) with regard to online payment activities.

Website visit data

Data controller, in view of the provisions of § 155, paragraph 4 of Act C of 2003, according to which "Data may be stored on a subscriber's or user's electronic communication device only based on the consent of the concerned user or subscriber following clear and complete information - including the purpose of data management - , or to access the data stored there" provides the following information regarding the analytical tools it uses, i.e. cookies (in Hungarian: cookie).

2.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently).

2.2. Legal basis for data management

Data management is based on voluntary consent.

2.3. Circle of Stakeholders

All natural persons who visit the Website of the Data Controller.

2.4. Scope of managed data

We would like to inform you that these cookies cannot personally identify the visitor.

Cookies record and manage the following data about you, your computer, or the device used for browsing: the IP address you use, the type of browser, the characteristics of the operating system of the device used for browsing (for example, type, set language ), the exact time of the visit, the address of the page previously visited, the page, subpage, function or service used, and the time spent on the page.

2.5. Purpose of data management

The data controller uses cookies for the following purposes:

a) Absolutely necessary cookies

Such cookies are essential for the proper functioning of the website. Without accepting these cookies, the Data Controller cannot guarantee that the website will function as expected, nor that the user will have access to all the information the user is looking for. These cookies do not collect personal data from the Data Subject or data that can be used for marketing purposes. Absolutely necessary cookies are, for example, performance cookies, which collect information about whether the website is working properly and whether there are any errors in its operation. By indicating possible errors, they help the Data Controller to improve the website, and indicate which are the most popular parts of the website.

b) Functional cookies

These cookies ensure a consistent appearance of the website tailored to the needs of the data subject and remember the settings chosen by the data subject (for example: color, font size, layout).

c) Targeted cookies

Targeted cookies ensure that the advertisements appearing on the website are tailored to the interests of the person concerned. The website primarily contains advertisements related to the services and products provided by the Data Controller and serves to facilitate access to more favorable offers for the data subject (e.g. IP address).

d) The cookie also helps to improve the ergonomics of the website, to create a user-friendly website, in order to enhance the online experience of the visitors. Cookies are small text files that can be used by a specific website to make the user experience more efficient. According to the law, cookies can be stored on your device if this is absolutely necessary for the website to function.
Data related to the provision of laboratory diagnostic services

3.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently).

3.2. Legal basis for data management

Voluntary consent of the person using the laboratory diagnostic service, legal provision.

3.3. Circle of Stakeholders

Affected are all natural persons identified or - directly or indirectly - identifiable on the basis of any specified personal data, whose data is managed by the Data Controller, and who order the examination and evaluation of the sample from the Service Providers.

3.4. Scope of managed data

Personal data processed for the purpose of test identification and transmission of the result: surname and first name of the tested person*; gender, mother's name*; Date of Birth*; residential address*, TAJ number; His e-mail address*; phone number, signature of the person under investigation.

Health data handled during the examination: time of the examination*; test result*; medical opinion based on examination results*.

If the data marked with * is not disclosed, no contractual legal relationship will be established between the Data Controllers and the Data Subject, since the data controllers cannot carry out the investigation and deliver the results of the investigation to the Customer.

3.5. Purpose of data management

Provision of service(s), fulfillment of the obligation to provide health data.

3.6. Duration of data management

The retention period of health documentation is 30 years. XLVII of 1997 Act § 30

3.7. The data management process

The customer delivers the sample to the Service Provider with the completed and signed Declaration of Consent attached to the service and the Examination Requester. Based on the order, the service provider carries out the test and, based on the consent of the Customer, sends it to the contact information provided by the Customer.

3.8. Method of data management

On paper and electronically.

3.9. The source of the data

Directly from the person concerned.

3.10 Data transfer:

The laboratory findings are uploaded to the Electronic Health Services Area, according to EMMI Regulation 39/2016. The EESZT's information on data management is available at: https://e-egeszsegugy.gov.hu/GDPR

Transmission of data for epidemiological purposes to the epidemiological authority. The results of the SARS-CoV-2 tests will be forwarded to the epidemiological authority. XLVII of 1997. according to § 15 of the Act and the current epidemiological procedure.

The SARS-CoV-2 positive test samples are forwarded to the reference laboratory according to the 18/1998. According to § 26 (4) of the NM Decree.

Invoicing

4.1. Data of data controllers

Neumann Diagnostics Kft. (independently)

4.2. Legal basis for data management

Mandatory data management, essential for service provision. CXXVII of 2007 on general sales tax determines the invoicing regulations. Act (hereinafter: VAT Act), as well as the decrees issued under the authority of this Act.

4.3. Circle of Stakeholders

All natural persons who placed an order with the Data Controller through their online store.

4.4. Scope of managed data

Personal data processed for invoicing purposes: family and first name*; billing address*.

If the data marked with * is not communicated, no contractual relationship will be established between the Data Controllers and the Data Subject, since the data controllers cannot even issue an invoice.

4.5. Purpose of data management

Fulfilling legal obligations, issuing invoices.

4.6. Duration of data management:

In the case of the data on the invoice, it is the 8th year. Act C of 2000 § 169

4.7. The data management process

The Customer provides the indicated data when placing the order via the Service Provider's website. After that, the Service Provider issues an invoice to the Customer, which it delivers to the Customer at the same time as the package.

4.8. Method of data management

Electronically and on paper.

4.9. The source of the data

Directly from the Contact.

4.10. Data processing

In relation to invoicing, the Data Controller uses the following data processor:

Billingo (www.billingo.hu)

Package sending

5.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently)

5.2. Legal basis for data management

Data management is based on voluntary consent.

5.3. Circle of Stakeholders

All natural persons who placed an order with the Data Controller through their online store.

5.4. Scope of managed data

Personal data processed for the purpose of online ordering and its fulfillment, i.e. sending the ordered product as a package: family and first name*; e-mail address*; telephone number*; Delivery Address*. If the data marked with * is not communicated, no contractual relationship will be established between the Data Controllers and the Data Subject, as the Data Controller cannot complete the package delivery.

5.5. Purpose of data management

Delivery of the ordered test to the Customer.

5.6. Duration of data management

2 years after the completion of the service.

5.7. The data management process

The Customer registers his order through the Service Provider's website and the data required for sending the order as a package.

5.8. Method of data management

Electronically and on paper.

5.9. The source of the data

Directly from the person concerned

5.10. Data processing

For sending packages, the Data Controller uses the following data processor: DPD Hungária Kft. (headquarters: 1158 Budapest, Késmárk utca 14. Building B.; company registration number: 01-09-888141; tax number: 13034283-2-42) the courier service activity(s) ) regarding. Or DHL Express Magyarország Szállitmányozó és Zolgáltató Kft., Tax number 10210798244, Company registration number 01 09 060665, Address 1185 Budapest, BUD International Airport, building 302.

Online payment

6.1. Data of Data Controllers

Neumann Diagnostics Kft. does not manage data related to online payment, however, the Customer must provide the data for payment through its website.

6.2. Legal basis for data management

Data management is based on voluntary consent.

6.3. Circle of Stakeholders

All natural persons who have placed an order with the Data Controller through their online store and pay the price of the order online.

6.4. Scope of managed data

In connection with the realization of product sales and service provision as a data management goal, data related to purchases made on the Internet are transmitted through the bank card acceptance network of OTP Mobilszolgáltató for the purpose of financial processing of the transaction, security of the transaction and monitoring of the transactions. The scope of transmitted data: last name, first name, delivery address, billing address, telephone number, e-mail address, data related to payment transactions. Our company does not store payment-related data, it is entered directly for the payment, to which only the OTP Mobile Service Provider has access.

6.5. Purpose of data management

Payment of the order.

6.6. Duration of data management

According to the regulations of the OTP Mobile Service Provider.

6.7. The data management process

The Customer registers his order and the data required for online payment of the order through the Service Provider's website.

6.8. Method of data management

Electronically.

6.9. The source of the data

Directly from the Contact.

6.10. Data processing

For online payment, the Data Controller uses the following data processor: OTP Mobil Szolgáltató Kft. (headquarters: 1093 Budapest, Közraktár u. 30-32.; company registration number: 01-09-174466; tax number: 24386106-2-43; web: www. simplepay.hu) with regard to the following online payment activity(s).

Presence and marketing on social media

The Data Controller is available on social media on the following pages:

Facebook: www.facebook.com/NeumannLabs

Instagram: www.instagram.com/NeumannLabs

7.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently).

7.2. Legal basis for data management

Data management is based on voluntary consent,

7.3. Circle of Stakeholders

All natural persons who voluntarily follow, share and like the social pages of the Data Controller, especially the page on the facebook.com social page or the content appearing on it.

7.4. Scope of managed data

a) public name of the Data Subject - identification
b) public photo of the Data Subject - identification
c) public e-mail address of the Data Subject - contact
d) the Data Subject's message sent via the social media site - the basis for maintaining contact and responding

7.5. Purpose of data management

The use of social media sites, especially the Facebook page, and through it, contacting and maintaining contact with the Data Controller, and other actions permitted by the social media site.

7.6. Duration of data management

Until deleted at the request of the data subject.

7.7. The data management process

The Data Controller publishes images of its products and service prices on its social media pages, especially on its Facebook page, as well as related information and information, the Data Controller's services, etc. The data controller can connect the Facebook page to other social networking sites in accordance with the rules of the social networking site facebook.com, so publication on the Facebook site must also be understood as publishing on such connected social networking sites.

The Data Subject can receive information about the data management of the given social media site on the given social media site, accordingly, information about the data management of the Facebook site can be obtained at www.facebook.com. The purpose of the presence on social portals, especially Facebook, and related data management is to share, publish, and market the content on the website on social media.

7.8. Method of data management

Electronically

7.9. The source of the data

Directly from the person concerned

7.10. Data processing

The data manager does not use a data manager for data management related to the social media site.

Send a newsletter

8.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently).

8.2. Legal basis for data management

Data management is based on voluntary consent

8.3. Circle of Stakeholders

All natural persons who subscribe to the Newsletter service on the Data Controller's website.

8.4. Scope of managed data

Name* (for identification purposes), e-mail address* (for contact purposes).

8.5. Purpose of data management

Sending a newsletter to the subscriber, conducting marketing activities, informing the Subscriber about the Data Controller's products and services.

8.6. Duration of data management

Until deletion at the request of the data subject.

8.7. The data management process

The Data Subject can subscribe to the newsletter before or during the use of the services, or in some other way.

Subscription to the newsletter is based on voluntary consent.

Scope of those affected: All natural persons who wish to be regularly informed about the Data Controller's news, promotions and discounts, and therefore subscribe to the newsletter service by entering their personal data.

The purpose of data processing related to sending newsletters is to provide the recipient with full general information about the Data Controller's latest promotions, events, news, and changes to notification services.

The newsletter is sent only with the prior consent of the person concerned.

The Data Controller and the Data Controller's data processor only manage the personal data collected for this purpose until the data subject unsubscribes from the newsletter list.

The person concerned can unsubscribe from the newsletter at any time, based on the request at the bottom of the electronic mail and sent to the email address kerdes@neumannlabs.com.

The data manager keeps statistics on the reading of the sent newsletters, with the help of clicks on the links in the newsletters.

Data is not disclosed to third parties.

8.8. Method of data management

Electronic.

8.9. The source of the data

Directly from the Contact.

8.10. Data processing

For newsletters, the Data Controller uses the services of MailChimp (512 Means St Suite 404 Atlanta, GA 30318 USA), which stores the data on www.mailchimp.com until the consent to data management is revoked.

Complaint handling

9.1. Data of Data Controllers

Neumann Diagnostics Kft. (independently).

9.2. Legal basis for data management

Data management is based on voluntary consent, it starts with voluntary consent, but based on GDPR Article 6 (1 para. c), data management is necessary to fulfill the legal obligations of the data controller in the CLV of 1997 on Consumer Protection. according to § 17/A (7) of the Act

9.3. Circle of Stakeholders

All natural persons who wish to communicate their complaint orally or in writing. Persons who submit a complaint to the Data Controller regarding the purchased service, product, or the Data Controller's conduct.

9.4. Scope of managed data

For identification purposes, name and date of receipt of the complaint, for contact purposes, e-mail address, billing/mailing address, telephone number; for the purpose of investigating the complaint, the complained product/service, attached documents, the complaint itself.

9.5. Purpose of data management

The purpose of data management is to identify the person concerned and the complaint.

9.6. Duration of data management

Duration of data management: The data manager manages the record of the complaint and the copy of the response for 5 years from the date of their recording.

9.7. The data management process

The Data Controller ensures that the data subject can submit a complaint in writing (by post or electronic mail) regarding the ordered service, or even the behavior, activities or omissions of the Data Controller.

9.8. Method of data management

Electronically and/or on paper.

9.9. The source of the data

Directly from the Contact.

9.10. Data processing

Data is not disclosed to third parties, except in the case of an official request.

Requests to authorities may arise in the following cases and in relation to the authorities.

a) In case of violation of the right to self-determination, you can contact the following authority:

National Data Protection and Freedom of Information Authority

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

www: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

b) In the event of a violation of your rights related to content that offends, hates, or excludes minors, rectification, the rights of a deceased person, or violation of reputation, you may contact the following authority:

National Media and Communications Authority

1015 Budapest, Ostrom u. 23-25.

Mailing address: 1525. Pf. 75

Tel: (06 1) 457 7100

Fax: (06 1) 356 5520

E-mail: info@nmhh.hu

c) The Data Subject may go to court in the event of a violation of his rights. The court acts out of sequence in the case. The Data Controller is obliged to prove that the data management complies with the provisions of the law.
d) In the event that the Data Controller violates the data subject's right to privacy by illegally handling the data subject's data or violating the requirements of data security, the data subject may demand damages from the Data Controller.

DELETION OF PERSONAL DATA

Neumann Diagnostics Kft. deletes personal data if its processing is illegal, the purpose of data processing has ceased, or the legally defined time limit for data storage has expired, it was ordered by the court or the data protection commissioner.
The Data Subject may request the deletion of his/her personal data, for which the request must be sent by e-mail to kerdes@neumannlabs.hu or by post to Neumann Diagnostics Kft., 1139 Budapest, Röppentyű u. You can request it by sending a letter to address 48. The Organization will delete the data within 15 working days from the receipt of the legal request for deletion, otherwise it will contact the applicant.

ENFORCEMENT OPTIONS

The Data Subject may request the Data Controller to provide information on the management of his personal data, to correct his personal data, and to delete or block his data. The Data Subject may object to the processing of his personal data.
At the Data Subject's request, the Data Controller provides information on the managed data, the purpose, legal basis, and duration of the data management.
Although the employees of Neumann Diagnostics Kft. do their best to ensure that data management is safe, transparent and legal, it is a natural part of the process to prepare for possible emergency situations. A data protection incident occurs when a security incident affects the data, the obligation of confidentiality, accessibility or integrity may be violated. If this occurs and the incident is likely to pose a risk to the rights and freedom of the Data Subjects, without undue delay, no later than 72 hours after the data protection incident became known to the Data Controller, the Data Controller must report the incident to the supervisory authority at the following address.

National Data Protection and Freedom of Information Authority

1125 Budapest, Szilágyi Erzsébet fasor 22/C;

postal address: 1530 Budapest, Pf.: 5.,

phone: +36 (1) 391 1400;

e-mail: ugyfelszolgalat@naih.hu ; www.naih.hu)

VALIDITY

These Regulations are valid from September 20, 2022 until withdrawn.

THE RIGHT TO CHANGE

The Data Controller declares that it reserves the right to change these Regulations, which may take place in the event of a change in the relevant legislation or other internal processes and procedures.