1.Purpose of the Policy
The purpose of this policy is to set out the privacy and data protection principles applied by smartclinic.hu (the Service Provider) in the operation of the smartclinic.hu web store and the privacy and data management policy of smartclinic.hu, which is acknowledged by smartclinic.hu as binding for itself.
2. Terms and definitions
Personal Data: Data that can be associated with a specific natural person, and a conclusion that can be deduced from that data regarding a natural person. Personal data preserves its quality during management as long as its relationship can be restored with the data subject.
Data management: the collection, recording and storage, processing, utilization (including transmission and disclosure) and deletion of personal data, irrespective of the procedure used. Data management also includes changing the data and preventing it from being reused.
Data Controller: Line of Least Resistance Kft. (2870 Kisbér, Kincsem u. 26.)
Data processing: performing data management operations, technical tasks, irrespective of the methods and tools used to perform the operations and the location of the application.
Data Processor: any natural or legal person, or any entity without legal personality, who processes personal data on behalf of the data controller.
Data transmission: making any data available to a specified third party.Data erasure: making data unrecognizable in such a way that their recovery is no longer possible.
Customer: any person registered on the smartclinic.com website or using the services of smartclinic.com.
3. The scope of personal data managed
During the registration or the use of Smart Clinic Services, the Customer provides the following information: name, email address, shipping address, billing address and telephone number, or, if using a service, the serial number or IMEI number of the device. In the case of a telephone call, calls are always recorded for quality assurance and conversion measurement purposes.
The Service Provider's servers automatically store the IP address of the Customer, the type of operating system and browser they use, and some other information that is generated when using the Service upon registration. The Service Provider uses this information only in cumulated and processed (aggregated) form, in order to improve the quality of its services and to eliminate any errors, and for statistical purposes. Except as required by law, it will not link this information with any other information provided by Customers. Data is stored only on the server. Customer data may be accessed only by authorized Service Provider employees and users.
4. Legal basis, purpose and manner of data management
The legal basis for the data management is the voluntarily filled out form based on the relevant information when registering on smartclinic.com. The purpose of data management is to provide the services available on the smartclinic.hu website. The provider may manage the data of personal identity and address necessary to identify the Customer natural person for the purpose of establishing a contract on the provision of a service related to the information society, defining and modifying its content, monitoring its performance, billing the charges derived therefrom and enforcing claims related thereto.
The Service Provider does not use the provided personal data for purposes other than the use of the service.
The Service Provider does not check the personal data provided during registration or during the use of the Services. The accuracy of the information provided is the sole responsibility of the person providing it. When entering any Customer's email address, it is also responsible for ensuring that only the Customer uses the service from the email address provided.
5 Principles of data management
Data may only be obtained and processed fairly and lawfully. Data may only be stored for specified and legitimate purposes and not used in any other way.
The Service Provider shall take appropriate security measures to protect personal data stored in automated data files against accidental or unlawful destruction, accidental loss, unauthorized access, alteration or distribution.
6. Privacy guidelines
The Service Provider shall use the personal data indispensable for the use of the services of smartclinic.hu, subject to the consent of the data subjects, solely in connection with the use of the services.
The Service Provider undertakes to manage the data obtained by it in accordance with the data protection laws and the principles set out in this policy and not to pass it on to third parties. An exception to this is the use of the data in a statistically aggregated form, which does not contain any data suitable for identifying the Customer concerned.
In all cases where the Service Provider intends to use the stored personal data for a purpose other than providing the service, it shall inform the Customer of the different data management purpose and shall request its prior express consent and give it the opportunity to refuse at any time. Data processed pursuant to this provision shall be deleted if the purpose for which the data are processed ceases to exist or if the recipient so provides.
The Service Provider, as data manager, shall ensure that the Customer's data is not accessed by anyone other than those specified in this Policy, unless otherwise provided by law. The Service Provider, however, reserves the right to disclose its personal data to the competent authorities in the event that the Customer is suspected of misusing the service or other criminal activity. Except for the provision of data to subcontractors required for the fulfilment of orders, the Service Provider shall not disclose the data it manages to third parties. Subcontractors (e.g. Courier service) are not authorized to use any personal information provided by smartclinic.com or to transfer it to any third party.
The Service Provider shall take all reasonable measures to preserve the data safely, but shall not be liable for any damage, destruction or unauthorized access to the data in case of technical failure, natural disaster, terror or crime.
7. Duration of the data management
The starting date of data management is the completion of the registration form, the requesting of the data recorded at the commencement of the use of the services and the acceptance of this Policy. After registration, Customer's data will be stored in our database in accordance with these terms and conditions.
Customer data provided during the registration on the site and using the services will be stored until the registration is valid. Once the user's access to the site is terminated, its data will be deleted. The date of cancellation shall be 10 business days from the receipt of the Customer's unsubscription (deletion request). After deletion, all personal data of the Customer will be deleted, except for the data that must be stored by law (e.g., data appearing on an invoice). Furthermore, in the case of a suspected crime or civil liability, the Service Provider is entitled to retain the data for the duration of the proceedings to be conducted.
Other data that is automatically captured during the operation of the system and stored technically on the server is stored for a reasonable period of time from the time it is generated. The Service Provider shall ensure that such data is in no way linked to any other personal user data.
8. Access to personal information
The Service Provider shall provide its customers with the possibility to view, modify or delete their registration data at any time.
Customers may make changes to individual information after logging in to the system through their personal profile page.
Users can ask for their deletion of registration at the contact menu on smartclinic.com via a contact form. Once a request for deletion or modification of personal data has been completed, previous deleted data cannot be recovered.
9. Data processing
Smartclinic.hu does not use an external data processor, it processes the personal data it manages itself.
10. Data transfer
The Service Provider, as a data controller, is entitled and obliged to transfer to the competent authorities any personal data that is available and duly stored by it, which is required by law or by a final regulatory obligation. The Service Provider shall not be liable for the forwarding of such data and the consequences thereof.
Questions related to data management and data protection are to be answered by the Data Manager within 8 working days of receipt. In the case of e-mail, the date of receipt shall be the first working day following its sending. Clients may request written information about the management of their personal data from the Service Provider as Data Manager at any time.