4 Personal Data Controlling by the Operator
4.1 Data Controlling Related to the Mandatory Tasks Required by the Law
4.2 Other Data Related to the Services
5 Storage of personal data, Data Security
6 Contact details of the data controller
7 Details and contact information of data processors
Vetway Mobile Vet Services is operated by AZALA Kft, a Hungarian limited liability company with a branch office at 1126 Budapest, Szendrő utca 30. II/2. and a registered seat at 5000 Szolnok, Csokonai u. 16. III/15 (“Operator”). Vetway’s goal is to provide basic veterinary care for pets in the client’s home in a relaxed and convenient way (“Service”). In order to render its Services, the Operator has to control certain personal data related to the owners (caretakers) of the pets. This purpose of this document (“Privacy Policy”) is to inform those concerned in the data controlling of the most important circumstances affecting their personal data.
In respect of the Services, Operator hereby agrees to be bound, as data controller, by the contents of this policy. Operator undertakes to ensure that all data controlling activities related to the Service shall comply with the requirements set out in this Privacy Policy and legislation in force.
Only the Operator will control the personal data obtained while rendering the Services and it will not use data processors other than those referred to in this Privacy Policy. Personal data will not be processed outside Hungary or the area of the EEA. Personal data related to the Services will be forwarded only to those data processors set out in this Privacy Policy.
Data protection rules and information related to data management by the Operator are continuously available at the web address: www.vetway.hu/privacy.
Operator reserves the right to amend this Privacy Policy, on which it will provide information in line with legislation in force.
Should you have any questions in connection with this Privacy Policy, please write to us at the e-mail address: office@vetway.hu, and our colleagues will answer your questions.
The Operator is committed to protecting the personal data of its clients and places special emphasis on respecting their right of informational self-determination. The Operator will treat personal data as confidential and take all security, technical and organisational measures to guarantee the safety and security of data.
The Operator’s data management principles are in compliance with the legislation in force on data protection, including in particular:
The terms of this Privacy Policy shall have the meaning set forth in the Data Protection Act, in particular:
Those providing data to the Operator are advised that when not providing their own personal data, they are obliged to obtain the consent of the data subject.
Purpose of data controlling: performing mandatory tasks related to veterinary services such as disease control, international transportation of pets to/from Hungary and further official duties vested on veterinary service providers.
Essential steps: with respect to the obligatory microchip transpondering of animals, the Operator controls and forwards the following personal data related to the national authority: owner’s name and address, caretaker’s name and address, phone number, e-mail address, the animal’s species, gender, date of birth, name, home address, microchip ID and other data, information related to neutering. In relation to disease control and obligatory rabies vaccination, the Operator controls and forwards the following personal data to the national authority: caretaker’s name and address, health records. With respect to the transportation of pets to/from Hungary, the Operator controls the following personal data and forwards it to the competent authorities (i.e. the Hungarian Veterinary Chamber or the body designated by it): data related to immunization and transponder microchipping.
The data controlling described above includes any step or measure required for obtaining the goal of the data controlling such as registering, storing, reading, using, modifying, methodizing, anonymizing, erasing, destroying the data or adjoining it with other (not necessarily personal) data and using it for statistical or scientific purposes in an anonym form.
Legal grounds for data management: Section 42/A of the Animal Protection Act, Sections 43/A (1) d), 43 (2) and 43 (3) of the Veterinary Act, Section 4 (4) b) of the Veterinary Act, Sections 51 and 76 (2) of the Food Safety Act.
Range of data managed: name and address of the owner and caretaker, phone number, e-mail address, species of the animal, gender, date of birth, home and name of the pet, transponder microchip ID and other data related to it, data concerning neutering.
Source of data: directly from the clients (in personal, via phone or on the internet).
Duration of data management: the Operator erases the data related to transponder microchipping within 5 as of forwarding it to the national register. Data related to vaccination and disease control, unless the authority rules otherwise, is stored within the life span of the pet and 5 more years after that. Data associated with pet passports are deleted within 5 years as of the registration of such data.
Purpose of data management: to perform any other veterinary services unrelated to the official duties described above, in particular therapy, appointments, differentiating the pets and the clients from one another, running the loyalty program and other discounts applied by the Operator, customer relationship management tasks, sending reminders of due veterinary tasks, organising events and workshops educating on conscious animal care.
Essential steps: any step or measure required for obtaining the goal of the data controlling such as registering, storing, reading, using, modifying, methodizing, anonymizing, erasing, destroying the data or adjoining it with other (not necessarily personal) data and using it for statistical or scientific purposes in an anonym form.
Legal grounds for data management: consent of the data subject (Section 5 (1) b) of the Data Protection Act) and Section 169 (2) of the Accounting Act concerning the personal data found in accounting documents.
Range of data managed: name and address of the owner and/or caretaker, destination of local veterinary services if that differs from their address, the pet’s name, date of birth, physical traits, health records (anamnesis, diagnosis, therapy data), transponder microhip ID and its other data, immunization treatment records (rabies and other), pet passport data.
Source of data: directly from the clients (in personal, via phone or on the internet).
Duration of data management: the Operator deletes the personal data after 3 years following the termination of the customer relationship with the data subject or, if that is shorter, 3 years after the pet has passed away. Data found in accounting records is deleted after 8 years.
Purpose of data management: On the ground of specific consent granted by the customer, the Operator may send direct marketing messages via e-mail, phone, postal mail or in person to the custmers or enrol them to promotional games and campaigns. In order to achieve these purposes, the Operator may handle personal data to organise such campaigns, identify the customers and personalise its commercial offers.
Essential steps: controlling the name and contact details (postal address, e-mail address and phone number) of the consented customers and adjoining these data with the data controlled in order to perform the veterinary services. Delivering personalised or non-personalised DM and other commercial messages to the customers via the submitted contact details.
Data controlling for Direct Marketing purposes includes any step or measure required for obtaining the goal of the data controlling such as registering, storing, reading, using, modifying, methodizing, anonymizing, erasing, destroying the data or adjoining it with other (not necessarily personal) data and using it for statistical or scientific purposes in an anonym form.
Legal grounds for data management: Section 6 of the Advertising Act, Section 5 (1) a) of the Data Protection Act, Section 169 (2) of the Accounting Act.
Range of data managed:contact details submitted by the customer, data required for the registers prescribed by the Advertising Act and other regulation concerning commercial communication, data controlled in connection with rendering the Services.
Duration of data management: In the absence of use, video recordings shall be destroyed or erased by the Service Provider on the 16th day after recording. Use of video recordings shall include use as evidence in judicial or administrative proceedings or filing with a court or authority in such proceedings.
Source of data: directly from the clients (in personal, via phone or on the internet) and data transferred from the database containing the data related to the Services.
Duration of data management: until the consent for the data controlling is withdrawn. The data subjects are free to withdraw their consent at any time and request the deletion of their personal data controlled pursuant to the provisions of this chapter. However, the name and address of those withdrawing their consent will remain recorded in order to avoid unwanted messages in the future. In the case of trade promotion games, the public details of the winners will be removed in 6 months while accounting documents related to the prizes will be deleted after 8 years, pursuant to the Accounting Act.
If you do not wish to receive commercial communication in the future and want your personal data be deleted, you may request it via office@vetway.hu or by sending a letter to 1126 Budapest, Szendrő utca 30. II/2.
If a customer turns to the Operator with any complaint, notice or request concerning the Services in person or via phone, e-mail or any other mean, then the Operator will register such notice, store that in its records and answer it pursuant to Sections 17/A and 17/C of Act CLV on Consumer Protection. If these records contain any personal data, then this Privacy Policy shall apply to the controlling of such data as well. Operator will delete these records after 5 years as of the receipt of the communication.
Information on data management not listed in this Privacy Policy will be provided upon recording of the data.
Users are advised that the courts, public prosecutors, investigative authorities, authorities dealing with administrative offences, administrative authorities, the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, “NAIH”) and under authority provided by law other agencies may request the Operator to provide information, disclose or transfer data, or make available documents to them.
The Operator – provided that the authority has specified the specific purpose and the range of data – will disclose personal data only to the extent absolutely necessary for achieving the purpose of such request.
The Operator’s data retention facilities are located at 1126 Budapest, Szendrő utca 30. II/2. and at the Operator’s rented web hosting supplier, i.e. Docler Nethosting. The paper-based data related to the Services is stored at 1126 Budapest, Szendrő utca 30. II/2.
The Operator selects and operates the information technology equipment used in the course of providing the service with a view to ensuring that the data managed are:
The Operator shall protect the data by implementing appropriate measures in particular against unauthorised access, alteration, transmission, public disclosure, erasure or destruction, as well as accidental loss, damage or becoming inaccessible due to any changes in or modification of the applied technique.
The Operator shall for the protection of data files stored in various electronic filing systems, implement appropriate technical solutions to ensure that – unless permitted by law – the data stored cannot be directly combined or attributed to data subjects.
The Operator shall in view of the state of the art implement appropriate technical and organizational measures to ensure a level of security of data management appropriate to the risks represented by such data management.
The Operator shall in the course of data management preserve
The information technology system and network of the Operator and its cooperating partners are protected against computer-aided fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The Operator implements server-level and application-level protection measures to ensure security.
Customers are advised that electronic messages transmitted through the internet are, regardless of protocol (e-mail, web, ftp, etc.), vulnerable to network threats leading to unfair practice, contract dispute or disclosure or alteration of information. Operator takes all reasonable precautions against such threats, including monitoring systems to be able to record any security deviation and provide proof in respect of any security event. Systems monitoring also permits verification of the efficiency of the precautions taken.
AZALA Kft.
Branch: 1126 Budapest, Szendrő utca 30. II/2.
Trade registry number: 16-09-015470
Website: www.vetway.hu
Phone: +36304137185
E-mail: office@vetway.hu
Docler Nethosting Kft
Registered seat: 1101 Budapest, Expo tér 5-7.
Website: https://www.doclernet.hu/
Docler Nethosting Kft provides web-hosting services to the Operator based on the contract concluded between them. That agreement covers the storage of personal data related to the Services and defines the steps and measures that DoclerNet is allowed to perform on the personal data.
The Operator reserves the right to engage further data processors, whose identity shall be individually communicated upon commencement of the data processing, at the latest.
Data subjects may request information on their personal data being managed, and request rectification or – save where data management is mandatory – erasure or blocking of their personal data, in the manner indicated upon recording of the data or the contact address of the data controller specified above.
Upon the data subject’s request the Operator shall provide information concerning data relating to the data subject that is managed by the Operator or processed by a data processor on its behalf, the sources from where such data were obtained, the purpose, legal grounds and duration of management, the name and address of the data processor and its activities relating to data management, and – in the case of data transfer – the legal grounds for and the recipients of such transfer. The data controller must comply with requests for information as soon as possible, and provide the information requested in an easily understandable form, in writing if requested by the data subject, within no more than 30 days (unless a shorter deadline is prescribed by law). Such information shall be provided free of charge, provided that the data subject has not yet submitted to the data controller a request for information concerning the same data set in the year concerned. Otherwise, the data controller will charge a fee to recover expenses.
The Operator shall rectify personal data if such data is inaccurate and the correct personal data is available to the data controller.
The Operator shall block personal data if requested to do so by the data subject, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Blocked personal data shall only be managed until the data management purpose which prevented its erasure exists.
The Operator shall mark personal data managed by it if the accuracy of such personal data is contested by the data subject and the accuracy or inaccuracy of such personal data cannot be ascertained beyond doubt.
The Operator shall erase personal data if the same is managed unlawfully, if requested to do so by the data subject, if such personal data is incomplete or inaccurate and cannot be lawfully rectified, provided that erasure is not disallowed by law, if the purpose of data management no longer exists or the statutory time limit for storage has expired, or if ordered by a court or the National Authority for Data Protection and Freedom of Information.
The Operator shall have thirty days to erase, block or rectify personal data. If the data controller refuses to comply with a data subject’s request for rectification, blocking or erasure, the reasons for refusal shall be communicated in writing within thirty days.
When rectifying, blocking, marking or erasing data, the Operator shall inform the data subject and all recipients to whom such data was transmitted for data management. Notification will be omitted if in the light of the purpose of data management this does not violate the rightful interests of the data subject.
The data subject may object to the management of personal data relating to him:
The Operator shall investigate any objections as soon as possible after submission but not later than within fifteen days, make a decision as to the merits of the same and notify the data subject in writing of its decision. If, according to the findings of the data controller, the data subject’s objection is justified, the data controller shall terminate all data management operations (including data collection and transfer), block the data concerned and notify all recipients to whom such personal data had previously been transferred concerning the objection and the measures taken in response, and such recipients shall also take measures regarding the enforcement of the right of objection.
If a data subject disagrees with the decision taken by the data controller, the data subject may challenge the decision in court within thirty days of receiving notice thereof.
The data subject may, in the event of an infringement of his rights, may file a petition in court against the data controller. The court will hear such cases in expedited proceedings.
The Operator shall be liable for any damage caused to a data subject as a result of unlawful data management or by any violation of data security requirements. The Operator shall be exempted from liability if the damage was caused by reasons beyond its control and outside the scope of data controlling. No compensation shall be paid where the damage was caused by wilful or grossly negligent conduct on the part of the aggrieved party.
If you have any questions or comments in connection with data controlling by the Operator, please contact the Operator at the address specified in Section 6.
Complaints and requests for remedy should be addressed to the National Authority for Data Protection and Freedom of Information:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Telephone: +36 1 391 1400
Facsimile: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu