Privacy Policy

Last update: 1 October 2019

General Provisions and Contact Details

This document is a short summary of the Privacy Notice of Egis Gyógyszergyár Zártkörűen Működő Részvénytársaság (“Egis”) related to its customers, clients, contact persons of its contracting partners, recipients of its marketing communications, visitors of its plant units and other facilities and other data subjects. Each circumstances of data processing is described in more detail in the full version of the Privacy Notice.

Please note that only the full version of the Privacy Notice may be regarded as comprehensive information on the data processing carried out by Egis. This summary only enables you to understand the full Privacy Notice more easily.

Main contact details of Egis: 1106 Budapest, Keresztúri út 30-38., +36 1 803-5555, mailbox@egis.hu, and in privacy issues: adatvedelem@egis.hu or gdpr@egis.hu and the website at hu.egis.health.

Scope of Data processed and the purpose of data processing

Egis is basically engaged in the personal data processing activities listed below. The full version of the Privacy Notice contains the detailed description of data processing activities carried out by Egis, including the exact data retention periods. Certain data, such as the data which form part of documents that support accounting or appear in documents related to the conclusion of agreements between Egis and customers (e.g. purchase orders) or invoices issued, shall be kept by Egis for 5 years in accordance with the taxation laws or for 8 years in accordance with the accounting laws. In general the staff of the competent business divisions of Egis have access to data.

 

Administering requests of private individuals for support and responding to relevant persons. Name, contact details (email address, phone number), family circumstances, illness related data.
Responding to product related questions. Personal data provided by individuals asking questions in the question asked over the phone and by mail.
Administering reports on adverse reactions - data provided by individuals reporting adverse reactions in their reports, typically: name, contact details, data concerning illness. If the report is not made by the patient, then such data are typically the name, contact details of the healthcare professional making the report, the name of the patient treated by him/her, the patient’s contact details, age, gender, data concerning medicines taken, his/her illness, treatments used, laboratory test results, findings of examinations, complaints.
Ensuring interactive participation in the course of a visit to ETTK (Egis Science and Technology Centre). Names, email addresses of visitors of ETTK, statement on reaching the age of 16 and if so consented, scores achieved in games and photos taken in the simulator.
Taking photos and making videos and other media materials (e.g. interviews) by Egis’ internal and external communications departments (e.g. on events, meetings, visits organized by Egis or its partners or visits to the ETTK (Egis Science and Technology Centre) or when making interviews). Photos taken and videos made by Egis’ internal and external communications departments or their agents (e.g. during events, meetings, visits organized by Egis or its partners, or in the course of visits to the ETTK (Egis Science and Technology Centre), or during interviews) and any other photos, videos and other media material provided by the relevant individuals. Photos are taken or videos are made by subcontractors (data processors): 21. századi Kommunikáció Kft., Merit Film Kft., WATER FILM Vizuális Kommunikáció Kft., Képszerkesztőség Kft., Horváth Barnabás Private Entrepreneur, Videosquare Kft., Videosquare Kft., Futurion Informatikai and Szolgáltató Kft., DekoRatio Reklámszolgáltató Zrt.

 In general Egis processes data until the relevant individual withdraws consent, failing this until Egis responds or until Egis is in contact with the relevant individual or in the case of a report on adverse reactions, until the time prescribed by law.

More information:Data processing operations in the course of the external communications of Egis

 

Obtaining official licences and permits and complying with notification obligations necessary for Egis’ activity. Names, mother’s names upon birth, places and dates of birth, gender, citizenship, addresses of authority stakeholders and their deputies, the corporate official responsible for protection from radiation, company drug and drug precursor, professional qualifications with diploma numbers. Data are transferred to the competent authorities in the event of requests for data provision, typically to the following recipients: National Police Headquarters, National Nuclear Energy Authority, National Institute of Pharmacy and Nutrition (“OGYÉI”), geographically competent Government Offices. Egis processes data while the relevant position is held.
Keeping records on certificates of fire protection exams of employees and external partners for legal compliance purposes. Names of the employees of contracting partners, number and validity of the certificate of the fire protection exam. Egis processes data for 3 years after the termination of employment or, in the case of contractual relationships, for 5 years.

More information: Data processing for environmental and operating security purposes

Processing of the data of healthcare professionals (“HCPs”) and representatives and contact persons of healthcare organizations (“HCOs”), calculation of benefits to be provided by Egis, performance and keeping records of agreements, data processing related to visits to physicians, sales talks with pharmacies, transparency obligations.

Processing data based on which benefits to HCPs and HCOs are calculated.

In the case of HCPs: Name, area of specialization, research, occupation/practice area (country) of the relevant HCP, name and address of his/her workplace/practice area, job/position, other public professional mandates, organizational membership (e.g. member/chairperson of the professional committee), number of publicly available publications, lectures and other relevant information relating thereto (including, in particular, the title, language, content, date of appearance of the publication or lecture, name of the relevant journal or periodical, conference or forum providing a frame for the lecture), public resume or curriculum vitae submitted to Egis, and the amount of the benefit calculated and the ID of the HCP used when the benefit is calculated or the related data is processed, as well as the recording by Egis of these data in the form provided by the Servier Group.

In the case of the representatives and contact persons of HCOs: name and contact details of the relevant representative, contact person (including in particular email address, telephone number, position as much as necessary for addressing him/her), in the event of the HCP’s membership, the HCP’s data indicated above and the amount of benefit calculated.  

Data retention period: 5 years.

Processing the personal data of the relevant individuals as much as necessary for the performance of agreements with HCPs and HCOs.

In the case of HCPs: name and contact details of the relevant individual (including in particular email address, telephone number, position as much as necessary for addressing him/her), the amount of his/her benefit and billing data and any other data indicated in the agreement.

In the case of the representatives and contact persons of HCOs: name and contact details of the relevant representative, contact person (including in particular email address, telephone number, position as much as necessary for addressing him/her), the amount of his/her benefit and billing data and any other data indicated in the agreement.

Data retention period: 5 years.

Keeping records of agreements in a digital database. Name, address, individual ID (stamp) of the healthcare professional, tax number, subject matter and terms and conditions of the agreement. Partner Management Tanácsadó Kft. supports digitalization (scanning, document filing) as a data processor.
Decisions on awarding benefits for participation in professional events and conferences.

Applicant’s name, stamp number/registration number, mother’s name upon birth, place and date of birth, address, telephone number, email address, name and address of workplace, position, education, qualification, languages spoken, professional corporate membership, membership in the continuing education centre, application for support and its justification.

Name, venue, dates of the relevant event/course.

Planning, arranging, measuring and evaluating the effectiveness of visits to physicians, preparing and keeping up to date the partner registry required for promotion of medicinal products and maintaining contact with physicians. Data of HCPs (physicians) and information specified by laws and external and internal policies in respect of the pharmaceutical activity. Medical sales representatives record the following data: place and time of the visit, products presented. Other: Employee data of the Medical Sales Representative, Regional Manager (name, email at work, line, registration number (PIN).
Sending out promotional materials and newsletters by mail, phone, email or SMS. Data of HCPs (physicians), workplace, position.

Sending customized communication - customized promotional materials, newsletters and professional

communication by mail, phone, email or SMS and customizing the planning of visits to HCPs.

Information provided to Egis in connection with the use of the www.egismed.hu website,

answers given to market research questions, feedback during visits, etc., other publicly available data related to professional interests (scientific publications,

communiqués, lectures on congresses, professional corporate membership etc.). 

Keeping records of attendance sheets of events and roundtable talks organized by Egis medical sales representatives. Data on the attendance sheets of events and roundtable talks organized by Egis.
Sending out invitations to events and roundtable talks organized by Egis. Contact details of the relevant individuals who Egis intends to invite and any other data and contact details provided by them in relation to participation.
Planning, organizing and measuring the success of pharmacy sales talks, compiling and keeping up to date the partner registry necessary for Egis’ sales representation in pharmacies and keeping in touch with the professionals concerned. Data of relevant professionals and information specified by laws and external and internal policies in respect of the pharmaceutical activity. During pharmacy visits, sales representatives record the following data: places, times of visits, personal experience, market demands and orders.
Complying with disclosure obligations on the Egis website under the Generic Pharmaceutical Transparency Code for the Disclosure of Benefits to Healthcare Professionals and Healthcare Organizations. The name, address, tax identification number, individual identifier (stamp/registration number) of the healthcare professional receiving the support, name and address of his/her workplace, telephone number at work, type and amount of benefit and source documents thereof in order to track the scope of recipients and the amounts of support.
Disclosing benefit-related information under the EFPIA Transparency Code and the Code for Cooperation with Patient Organizations.

The following benefits fall inter alia within the scope of the transparency obligation:

·       registration fee;

·       travelling and accommodation costs;

·       costs of services;

·       related expenses comprised in fees paid under service or consultancy agreements.

In the case of HCPs: name, position, ID, address of primary place of work of the data subject, amount and title of benefit paid and indication of the calendar year concerned.

In the case of HCOs, representatives and contact persons of patient organizations: name and contact details (if any) of the representative or contact person concerned.

 Egis processes exclusively employment related data generally for 3 years after the termination of employment and other data (e.g. related to contractual relationships) for 5 years.

More information:Processing of the data of healthcare professionals (“HCPs”) and representatives and contact persons of healthcare organizations (“HCOs”), calculation of benefits to be provided by Egis, performance and keeping records of agreements, data processing related to visits to physicians, sales talks with pharmacies, transparency obligations

 

Processing personal data of the principal investigator required to conduct and officially authorize non-interventional trials. Professional curriculum vitae of the coordinating principal investigator, statement of intent by the principal investigator or coordinating principal investigator in which he/she undertakes, if the trial is authorized, to implement the trial plan known to him/her in accordance with its terms and the terms of the authorization decision; data included in the service agreement entered into with the principal investigator who is a private individual for the performance of the tasks of the NIT principal investigator: principal investigator’s name, address, tax number, registration number, bank account number. The investigator’s name, address of his/her workplace, and professional curriculum vitae will be transferred to the National Institute of Pharmacy and Nutrition (OGYÉI) during the NIT authorization process.
Processing personal data of the investigator required to conduct and officially authorize non-interventional trials (NIT).

Data included in the investigator’s service agreement entered into with the investigator who is a private individual for the performance of the tasks of the NIT investigator: investigator’s name, address, tax number, registration number, bank account number. The name of the physician participating in the trial and the address of his/her workplace/business/place of private practice will be transferred to the National Institute of Pharmacy and Nutrition (OGYÉI) during the NIT authorization process.

 

Obtaining a ruling from the OGYÉI-ETT-TUKEB (Healthcare Scientific Council-Scientific Research Ethics Committee) for NIT authorization. 

The names of physicians participating in the trial and the addresses of their workplaces/businesses/places of private practice will be transferred to the National Institute of Pharmacy and Nutrition (OGYÉI).
Medical verification of the patient monitoring data forms (that contain the anonymized trial data). Name and stamp number of the physician in charge of investigation in the data form of each patient involved by the physician in the trial. WeB2 Research Kft. provides hosting services as a data processor.
Providing access to the program that manages electronic patient data forms (eCRF) for NIT with electronic data input. Name, email address and stamp number of the clinical trial physician. WeB2 Research Kft. provides hosting services as a data processor.
NIT Master File: storing main investigator’s documents necessary for the trial. The names and address of investigator who is a private individual (workplace/place of private practice/business) in the report form used at the trial site, data included in the service agreement entered into with the investigator who is a private individual: name, address, tax number, registration number, bank account number.

In general Egis processes the above data for 5 years.

More information: Data processing related to non-interventional trials (NIT)

 

Reporting potential adverse reactions to products (pharmacovigilance) to the National Institute of Pharmacy and Nutrition (OGYÉI) and assessment of adverse reactions.

Data provided by the patient making such a report on a voluntary basis. Typically: name, age, gender, name of medicinal product used, illness, treatments applied, laboratory results, test results, complaints; if the person making the report is not the patient, the name and contact details of that person as well as the name, contact details, age, gender, data concerning medicines taken, illness of the patient treated by him/her, treatments applied, laboratory results, test results, complaints are also processed by Egis. ARIS Global provides hosting services as a data processor only in the territory of the EU. Egis may transfer the data to its contracting partners if it is required to do so by contract (e.g. if the partner is subject to pharmacovigilance obligation). Egis may also transfer data upon the request of authorities, but only in anonymized form. Data retention period: 10 years from the expiry date of the marketing authorization of the product. 

Operating a scientific information service where anyone (especially physicians, patients) can inquire about Egis products. Voluntary information provided in the question, for example: name and contact details, of the inquirer/notifier, nature of his/her contact with the patient; patient’s name, occupation, name of the medicinal product, question asked, contact details. In the case of an inspection (official audit which is intended in particular to verify compliance with the rules governing the manufacture of medicinal products), the authority may become familiar with, or in the case of a partner audit inspecting compliance with Egis GXP (short term for standards of pharmaceutical good practices (GMP, GVP, GCP etc.) the contracting partner of Egis can also view the data. Data retention period: 3 years from responding to the question.

More information:Data processing for the purposes of medical science - evaluation and reporting of adverse reactions to the authority and operation of a scientific information service

 

Operating the entry control system: recording the times and places of entering and leaving the Egis headquarters, sites, branch, including the individual buildings by means of registered entry cards. In the event of a security problem that may arise (e.g. theft, burglary), Egis may inspect entries to offices and other premises. In addition, in the event of any emergency (e.g. fire alarm), Egis will also gather information through this on the actual location of persons who entered Egis’ territory. In the case of single entries (by means of a guest card - the guest card is validated for one day, at 18:00 that day the card authorization expires) Egis deletes the movement data 24 hours after the departure.  Egis keeps the data recorded upon entry for 1 month. In the case of regular card use, Egis deletes the movement data after 6 months or 24 hours after the card authorization expires. Egis deletes the data recorded upon entrance 8 years after the card deposit fee is refunded.
Operating an electronic surveillance system (cameras) for the protection of property and for the protection of life and bodily integrity. Recordings made of the persons entering the Egis headquarters, sites, branch and staying in the areas indicated in the separate notice, the time of recording and the conclusions that can be drawn from the recordings. Data retention period: 3 business days, in the event of keeping hazardous substances, 30 days.
Operating a drug technology camera system to ensure the protection of consumers’ life, bodily integrity and health. Recordings made of the persons entering the Egis headquarters, sites, branch and staying in the areas indicated in the separate notice, the time of recording and the conclusions that can be drawn from the recordings. Data retention period: 2 years.
Conducting breathalyser tests for the protection of property and for the protection of life and bodily integrity. Relevant individuals: persons entering the Egis headquarters, sites, branch, witnesses involved in the test and persons carrying out the test. Scope of data: name, date of birth, signature of the person subject to a breathalyser test, findings of breathalyser test, and, if so requested by the person tested, blood test result, names, registration numbers and signatures of assisting witnesses, name and signature of person carrying out the test. Data retention period: 5 years. In the case of a test with negative result: 1 year.
Baggage and cabinet inspection for the protection of property and for the protection of life and bodily integrity.

Relevant individuals: persons entering the Egis headquarters, sites, branch, witness involved in the inspection and persons carrying out the inspection. Scope of data: the name, date of birth and signature of the person subject to the inspection, the findings of the inspection, the action taken based on the findings of the inspection, any comment(s) of the person concerned on the inspection and the action taken as a result, the name, registration number and signature of the assisting witness, the name of the inspector, his/her position, the name of the organizational unit in which he/she is employed and his/her signature, as well as the place and date of the minutes taken (including the conclusion therein). Data retention period (if not followed by any procedure): 5 years or in the event of a crime, until punishability lapses. In the case of an inspection with negative result: 1 year. 

Recording the data of van and truck drivers entering the Egis sites and branch for freight transport.

Data of drivers entering the Egis headquarters, sites, branch employed by a company that carries out freight transport for Egis on the basis of an agreement.  Scope of data: name of the driver and the type and number of his/her identification document.

Data retention period: 1 years.

More information: Data processing for security purposes: operation of entry control systems, camera systems, breathalyser test, baggage and cabinet control

 

Sending promotional materials and newsletters by mail, phone, email or SMS.

For example: paper based direct marketing campaign, SMS based promotional campaign, email newsletter, marketing communication with visited physicians and key opinion leaders, other professionals, distribution of Egis publications (Bekopogtató, Lélekemelő), sending Egis VIP Pharmacy Newsletter. Scope of data processed: name, date of birth, mobile phone number, landline phone number, email address, workplace, position, address of the recipient. Editing of the newsletters and technical tasks and assistance related to their posting may be performed by Egis’ contractual partners as a data processors. 

Professional communication with decision-makers and decision promoters of authorities (in person, by phone, email). Name, mobile phone number, landline telephone number, email address, workplace, position of the decision-makers and decision promoters of authorities.
Providing support for the scientific training of physicians in order to participate in professional congresses. Name, stamp number, mother’s name upon birth, place and date of birth, address, telephone number, email address, name and address of workplace, position, education/qualification, language skills, professional corporate membership of the physicians receiving the support, the training centre of which he/she is a member. A report may be made on the data to the National Institute of Pharmacy and Nutrition (OGYÉI).
Managing speaker, article writing and Advisory Board agreements with private entrepreneurs. Phone number, email address of private entrepreneurs with speaker, article writing and Advisory Board agreements and other details included in speaker agreements (such as professional area of the individual). IT devices storing the agreements are operated by the following companies as data processors: SAP Hungary Kft., EasyCon Tanácsadó Kft., DXC Technology Enterprice Services Kft., Itelligence Hungary Informatikai Kft.
Giving notice of events to the National Institute of Pharmacy and Nutrition (OGYÉI). In order to meet transparency requirements imposed by law. For example: Egis organized event, CNS (Central Nervous System) club, hospital meeting (an event held in a hospital for physicians), roundtable (event at an external venue for physicians) - names of the participants of the event (HCPs, physicians). The data are uploaded to the website of the National Institute of Pharmacy and Nutrition (OGYÉI) at www.ogyei.gov.hu (preliminary report).
Verifying attendance of the event in order to meet transparency requirements imposed by law. Verification of the name, stamp number, workplace of the persons participating in the event (HCPs, physicians), the name of the event, the amount of the supports granted in connection with the event and the name of the sponsor of the event. Egis transfers the data to OGYÉI upon request.
Registration on a professional website (www.szakmai.nyugodtlelekkel.hu). Name, stamp number or registration number, email address of the person registering on the professional website. Data are collected and the website is developed by Square Lime Solutions Kft. (1037 Budapest, Mátyáshegyi köz 9.; office@squarelime.hu) as a data processor.
Keeping records of stakeholders. Stakeholder mapping (market access) - name, position, landline or mobile telephone number, email address of the points of contact at authorities (“stakeholder”).
Recommending centres and investigators for clinical trials to the Egis Medical Directorate. Name, position, landline and mobile telephone number, email address of investigators affected by recommendations.
In the case of products containing a biological active substance (biosimilar - i.e. replicas of medicinal products containing an authorized biological active substance), delivering educational materials to the patient’s medical specialist and its verification to OGYÉI. Name, signature of the specialist physician treating the patient (to whom the educational materials are handed over) and the name of his/her workplace. Egis transfers the data to the National Institute of Pharmacy and Nutrition (OGYÉI).

In general Egis keeps the data until the individual withdraws consent, or failing this, for the time necessary to maintain contact. In respect of events, the data retention period is 1 year, in respect of contracts and biosimilar products, it is 5 years.

Some third parties may send newsletters to individuals for promotional purposes. Newsletters may include Egis content (e.g. professional articles, video interviews, congress reports, trial summaries, Egis products). However, the list of recipients of newsletters is compiled by a third party as an independent data controller who also sends out the newsletters. Egis has no control over this data processing, is not familiar with the personal data and the terms and conditions of data processing are governed by the privacy notice of that third party.

More information: Data processing for marketing purposes, data processing for professional and communications training, media appearances, events

   

Processing customer complaints (medicinal products and medical devices).

Data voluntarily given by the submitter of the complaint.

The submitter is usually a pharmacist, wholesaler, Egis subsidiary or representative office, or contractual partner, and rarely directly the patient.

In the course of submitting and handling the complaint, Egis may learn the name, address, telephone number, e-mail address and illness of the patient, the names of the medicines taken by the patient, information related to the patient’s health, treatments used, laboratory results, examination results as well as information related to the patient’s lifestyle.

If the submitter of the complaint is not the patient, in addition to the above data, Egis also processes the name and contact details of the person making the complaint. 


Management of the claims pertaining to the products distributed by Egis (e.g. complaints, claims for damages) and processing and transferring the personal data and the related health data to the supplier of the given product, in order to inform such supplier of the relevant claim, and involve the supplier into the claim management, if necessary.

Personal data (the identification and contact data of the individuals).

Health data (medical documentation of the individual).

Personal data will be deleted after 1 year from the closure of the complaint, or until the end of the limitation period of the claims regarding the products distributed by Egis, or until the closing of the dispute resolution procedure regarding the claim.

Thereafter, Egis will only retain data in an anonymised form that cannot be connected with data subjects in relation to the complaint.

The related IT system (Catsweb) is operated by CNW Zrt.

More information: Processing of personal data related to customer and quality complaints

Egis processes the data of applicants for the vacancies it advertises, including the data of applicants who apply for vacancies advertised on the career page at https://karrier.egis.hu/allasok or on paper or by email for the following purposes.

Processing the personal data of applicants for the purpose of filling the posts advertised by Egis (recruitment). The name and contact details (address, telephone number, email address of applicants, and, as the case may be, the LinkedIn contact or their own professional websites), the content of the CV and motivation letter, profile photo attached to the CV, foreign language skills, information related to previous experience, place(s) of work, qualifications, skills and studies, preferred professional area, references and, where available, expected monthly salary. The CVs and applications may include personal data given voluntarily by applicants such as the place and date of birth, mother’s name upon birth, citizenship, Facebook, Skype identifier, mother-tongue, any other document in addition to the CV and motivation letter.
Assessing the professional competencies of the applicant for the job applied for, after the review of the job applications – in accordance with the specifics of the job which is applied for. The questions raised on the online site/test/personal monitoring (in the course of a personal interview, assessment centre) strictly relate to the examination of the professional competencies that are absolutely necessary for filling the advertised job. A professional retained by Egis or employed by Egis carries out the test, by evaluating the answers given by the applicant in the completed test forms/on the online site/in the course of personal monitoring. The following partners take part in the assessment of the test: Profiles International Hungary Kft., Performan Group Kft., HaRp &Partners Kft.
Keeping CVs or other application related materials and competence test related materials of applicants in order that Egis can contact the applicant later with a job offer directly (e.g. when a job becomes vacant later). The scope of the data collected from the applicant initially.
Processing the data of the Referees designated by the Applicant and the information provided by the referees in relation to the applicant.

The scope of data originally collected from the Applicant, the name and contact details of the Referee designated by the Applicant.

Information provided to Egis by the Referee(s) regarding the Applicant.

In respect of a successful applicant, the data retention period is 2 years from the start of the employment unless the applicant withdraws consent or objects, and in respect of an unsuccessful applicant, it is 2 years from the completion of the selection procedure. If the applicant’s CV and job application related materials and competency test related materials are kept for a future job offer, the data retention period is 2 years after the closure of the selection procedure. Within the Egis organization the person competent in the area where the job concerned was advertised and competent staff of the Egis HR Directorate may have access to applicants’ job applications and the personal data contained therein during the term of data processing. The carrier site is operated by Nexum Magyarország Kft.

More informationProcessing of the personal data of applicants for vacancies advertised by Egis

 

Processing the personal data of the principal investigator and sub-investigators required to conduct and authorize a clinical trial. Professional curriculum vitae of the coordinating principal investigator and sub-investigators and/or any other appropriate document certifying their qualification;a letter of intent from the principal investigator or coordinating principal investigator in which he/she undertakes to implement the trial plan known to him/her in accordance with its requirements and the terms of the resolution on its authorization if the trial is authorized. In addition, the data contained in the trial protocol - name and contact details of the principal investigator. Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer). Professional curriculum vitae of the principal investigators and sub-investigators and/or any other appropriate document certifying their qualification are available to the authorities.
Verifying the patient monitoring data forms (that contain the anonymized trial data). The name, signature and - as the case may be - the stamp number of the principal investigator or sub-investigators on each patient’s data form. Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).
Monitoring clinical trials - on-site audit of trial documents Health data and other personal data of the subjects (data subjects) undergoing the trial: name, signature of the data subject, his/her data necessary for contacting and identifying him/her, medical data required for conducting the trial, evaluating the safety of the trial and generating trial results. Data processing adjusts to the time required for the on-site audit of the documents.

More information: Data processing in relation to clinical trials

 

Obtaining official permit (National Institute of Pharmacy and Nutrition - OGYÉI) and ethics committee ruling (Health Scientific Council - Scientific Research Ethics Committee - ETT-TUKEB) necessary for the evaluation tests of the clinical performance of medical devices.

Relevant individuals:

Principal investigators, sub-investigators and coordinating investigator of trial sites.

Scope of data:

Professional curriculum vitae of the coordinating principal investigator and investigators of the trial sites and/or any other appropriate document certifying their qualification;

A letter of intent from the principal investigator or coordinating principal investigator in which he/she undertakes to implement the trial plan known to him/her in accordance with its requirements and the terms of the resolution on its authorization if the trial is authorised.

Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).

Processing the personal data of the trial staff (principal investigator, sub-investigator, clinical trial coordinator, clinical trial nurse) required for the agreements entered into to conduct the trials to evaluate the clinical performance of medical devices. Data included in the service agreement entered into with the trial staff (principal investigator, sub-investigator, clinical trial coordinator, clinical trial nurse) or the company represented by the individual for the performance of the investigator’s tasks of the evaluation test of the clinical performance of medical devices: name, address, tax number/tax identification number, registration number, bank account number of the investigator or, in the case of an agreement with a business, the contact details of the representative and the corporate and billing information of the business.
Collecting electronic patient monitoring data forms (CRF, Case Report Form) containing pseudonymized trial data.

Pseudonymized health data of the subjects undergoing the trial (individuals) and other personal data related to the trial that is needed to conduct the trial and assess the safety of the trial and generate trial results (including without limitation demographic data, comorbidities, medications, laboratory results, adverse drug reactions).

Data retention period: 25 years after archiving the trial or 5 years after the product ceases to be marketed (whichever is longer).

Granting access to the program that processes electronic patient monitoring data forms in the case of a clinical trial for the evaluation of performance of medical devices requiring electronic data input.

Name and email address of the clinical trial physician or person authorized by the principal investigator.

Data retention period: 10 years.

Monitoring clinical trials of medical devices - on-site audit of trial documents Health data and other personal data of the subjects (individuals) involved in the trial: name of the individual, his/her signature on the information leaflet and consent form, his/her data necessary for contacting and identifying him/her, medical data required for conducting the trial, evaluating the safety of the trial and generating trial results.

More information: Data processing related to tests of medical devices conducted for the evaluation of performance

Compiling a so-called “list of senior citizens” from employees retired from Egis so that Egis can inform the senior citizens on the list about events and programs organized by Egis, by sending out invitations by mail or by telephone (e.g. Club day, Christmas program, Senior citizens’ trip, etc.). Name, postal address or home address (city, post code, street/house number), mobile contact details, landline telephone number of the individual.
Using photos taken or videos made to record the events referred to in point 1 and consequently to preserve memories. Use of photos taken and videos made by Egis’ internal and external communications departments or agents (e.g. when attending events organized by Egis or its partners).
Sending newsletters on other events not mentioned in point 1 by post or email. Name, postal address or home address (city, post code, street/house number), email address of the individual.
Administering requests for support from Egis, responding to the relevant persons and evaluating support. Name, postal address or home address, mobile phone number, landline telephone number, email address, retirement voucher (containing name, address of the individual and amount of the pension paid to him/her) and the certificates required for applying for the support (e.g. pharmacy bills, medical findings, charge for the treatment, health data).
Administering applications related to the use of Egis resorts, responding to those concerned and examining applications. Name, date of birth, tax identification number, close relative status. In the application form the individual shall also indicate close relatives/outsiders applying with him/her, providing the data referred to above. In this regard, Egis assumes that the individual has duly informed the close relative/outsider of the data processing before providing his/her data to Egis.

More information: Data processing in respect of former employees retired from Egis

Data processing related to contractual partners and tenderers participating in a procurement process (communication, implementation of relevant contract, data processing related to persons involved in performance as well as students supplied by student job centres).

Processing data of contractual partners’ contact persons and persons involved in the performance of the contract for the purpose of fulfilling the contract (implementation on a daily level) and exercising rights related to the contract.

Name and contact details (e-mail, telephone number, mobile number, fax number) of contact persons of contractual partners and of persons involved in the performance, and communication containing any personal data related to the contract (e.g. communication received from the contact person or any natural person acting on behalf of the partner).

 

Data retention period: 5 years from the termination of the contractual relationship. 

Processing data of contact persons of contractual partners and of persons involved in the performance for compliance purposes related to the contract or any other actions related to the fulfilment of the contract including finding judicial remedy necessary for ensuring contractual rights.

Name and contact details (e-mail, telephone number, mobile number, fax number) of contact persons of contractual partners and of persons involved in the performance, and communication containing any personal data related to the contract (e.g. communication received from the contact person or any natural person acting on behalf of the partner).

Data retention period: 5 years from the termination of the contractual relationship.

Assessing the professional competence of colleagues intended to be involved or taking part in the performance of organisations which are providing service for Egis in the course of Egis’s procurements or of tendering organisations participating in the related procurement process as well as students supplied by student job centres.

Personal data disclosed by the data subject (e.g. name, information about qualifications, professional background, professional experience, any personal data given by the data subject in the CV or featured in the document verifying professional competence).

Data retention period: for non-winning tenders 5 years following the conclusion of tendering; for winning tenderers 5 years following the termination of the contractual relationship established with the chosen partner.

Inspecting the presence of persons involved in performance by external contractual partners providing service for Egis on Egis premises as well as students supplied by student job centres (and thus contractual performance) with the help of the data recorded by the registered passes provided by Egis.

Data of movements related to each registered pass (date, time and place of entry/exit) as well as the name of the person entering, the name of the department where this person is performing work on Egis premises and the name of the employer company.

Data retention period: 5 years from the termination of the contractual relationship.

 

Unless Act V of 2013 on the Civil Code (the ‘Civil Code’) provides otherwise, claims are subject to a period of limitation of 5 years. If Egis indicates the limitation period during which a claim is enforceable as the duration of data processing, an act that interrupts the limitation will extend the duration of processing until the new time limit of the limitation (Civil Code, Section 6:25(2)). If limitation is suspended, the claim shall remain enforceable within one year from the time when the reason for suspension is eliminated or, in respect of a period of limitation of one year or less, within three months even if the period of limitation has already lapsed or there is less than the above periods of time remaining therein (Civil Code, Section 6:24(2)).

In accordance with Act C of 2000 on Accounting (the ‘Accounting Act’), Egis is obliged to retain ‘accounting records’, for example those which comprise documents supporting accounting or which feature in documents related to concluding a contract between Egis and one of its contractual parters (e.g. a contract or order), in documents supporting accounting or in an issued invoice. The 8-year data retention period stipulated in the Accounting Act is to be calculated from the date when an accounting entry connected with the data arises in a given year or when the report/accounting is based on the given data in any way. In practice, when the data appear in a contract under which several orders are made (e.g. advice is provided on a number of occasions under a contract), the 8 years are to be calculated separately from the date of each performance because separate invoices are issued for each performance which are the basis of the given transactions. If, for example, the data appear in a contract which stipulates the sale of a thing (the thing is delivered and thus the contract is discharged by performance), the transaction will be accounted in the given year based on the contract and the invoice, and the aforementioned 8-year period starts from that date.

 

More information: Data processing related to contractual partners and tenderers participating in a procurement process (communication, implementation of relevant contract, data processing related to persons involved in performance as well as students supplied by student job centres).

 

1.1              IT support for data breaches and privacy records 

Within this framework Egis regularly conducts self-revisions to check whether the operation of the company’s IT system and relevant company guidelines comply with the current legal regulations. Egis also tests its technological resistance (IT security revision) during the self-revision process. Egis regularly analyses the records (IT security asset inventory) of processed and stored data in its IT systems and the IT security threats to these data.

1.2              Authentication systems

Authentication of users and supervision of Egis IT system users’ access rights. Egis utilises a central directory system and digital signatures (for authentication, signatures and encryption) to control user privileges. Egis also separates authorisation management (different persons are authorised to set privileges connected to specific systems/groups of systems); uses password management (minimum required password complexity, required and forced password changes); multiple factor authentication (use of various authentication components other than the username and password); and uses a public key infrastructure (PKI) for managing machine certificates. This procedure enables Egis to control that only recognised and registered computers are allowed to communicate within the company network.

1.3              Protection against malware

Egis operates a multi-layer, heterogenous protection system based on various technologies and manufacturers on client and server computers, network devices and content filters for protection against common malware (bot, malware, spyware etc.). Furthermore, Egis uses sandboxing technology (applications run in a secure environment) against unknown (zero-day) and advanced persistent threats (APT) for contents downloaded from the internet and email attachments.

 1.4              Security event management

Egis records and stores the technical logs of systems and applications to reconstruct past events and to provide evidence for potential investigations related to data security, data protection or IT security events. Egis continuously monitors the status and statistics of IT security systems.

1.5              User support and training

Egis supports and enhances the IT and data security awareness of corporate users with the following methods: IT security awareness program with communication and training components, a dedicated section on the intranet, regular presentations and electronic training material.

1.6              Network security

Egis monitors and controls the networks with a multi-level stateful firewall mechanism. Egis continuously analyses and evaluates network traffic with automatic intrusion detection and intrusion prevention systems (IDS/IPS). Egis centrally monitors the wireless networks used at the company’s sites, consequently, wireless access is regulated and controlled, furthermore, wireless data traffic is protected by a strong encryption procedure. In order to ensure a high level of security in communications and IT systems, the networks of Egis sites are connected by encrypted data channels (VPN).

1.7              Data processing by third parties 

Egis regulates communication and information flow with its IT service providers and conclude a confidentiality agreement with service providers and partners.

1.8              Protection of mobile systems

Corporate mobile devices with secure access channels and protection against malware and network attacks are provided and registered by Egis.

1.9              Vulnerability management

Egis regularly assesses, analyses and evaluates IT security vulnerabilities and based on the outcome, takes the required actions. Egis regularly installs security upgrades on corporate computers and devices.

1.10           Content filtering 

1.10.1       Email filtering 

Egis uses a multi-layer automated system based on various technologies to filter unwanted emails (spam), misleading emails (phishing) and emails containing malware and operates protection procedures to offer protection from special, protocol based (low-technology) threats. Where feasible, Egis strives to establish a reliable and secure email channel by using encryption procedures and technologies to identify senders.

1.10.2       Web content filtering

Egis – in line with the Privacy Policy and internal IT regulations – strictly monitors internet access and browsing activities. Egis uses an automated system to block access to unsafe sites and protection procedures to prevent special, protocol based (low-technology) threats.

Where feasible, Egis provides secure browsing channel to authenticate internet resources for communication by using up-to-date technology and encryption procedures.

In order to offer protection from malware, content downloaded from the internet is controlled by automatic systems.

1.11           Endpoint (e.g. computers or other devices, servers) protection

Egis uses a firewall and intrusion detection and intrusion prevention systems (IDS/IPS) to protect the network connection of the endpoint devices. All suitable computers and other endpoint devices are protected by continuous on-access anti-malware protection as well as with regular security checks.

1.12           Data carrier protection    

Data carriers are registered by Egis and encryption procedures are applied upon their usage.

1.13           Protection of documents and data

Regarding the physical protection of data and electronic and paper documents, Egis has lockable server rooms and processes are regulated by an up-to-date document management regulation, which requires paper documents to be stored in locked cabinets which are only accessible to persons with the appropriate level of authorisation.

1.14           Egis IT Directorate activities 

In relation with the above measures, IT Directorate provides general IT services, in particular: registration of IT devices used for work; managing IT requests; fault localisation and technical support; IT system authentication; improvement, protection, development and testing of the IT system’s performance; reconstruction of IT issues; general communication with users of IT services, assistance via remote access, if required. It also includes preventing repairs, preventing and exploring data breaches, such as: blocking content or servers sending malicious emails from the mailing system based on headers. IT Directorate also performs technical support related to browsing, improves browsing performance and explores related incidents.

While performing the above activities, IT Directorate has access to personal data only to the required extent, in order to meet the requirements of the GDPR.

 

1.1              Data protection rights and judicial remedies

Data protection rights and judicial remedies of data subjects are included in the relevant Articles of the GDPR (in particular Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79 and 82 of GDPR). The following summary contains the most relevant provisions and defines how Egis informs data subjects of their data protection rights and judicial remedies connected to data processing.

Egis shall provide information on actions taken on a request (under Articles 15 to 22 of GDPR) to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. Egis shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If Egis does not take action on the request of the data subject, Egis shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

The information requested by data subject shall be provided by Egis in writing, or where the data subject made the request by electronic means or where requested, the information shall be provided by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven to Egis.

1.2              Right of access

(1)           The data subject shall have the right to obtain from Egis confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information:

a)     the purposes of the processing;

b)    the categories of personal data concerned;

c)     the recipients or categories of recipients to whom the personal data have been or will be disclosed by Egis, in particular recipients in third countries or international organisations;

d)    where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e)     the right to request from Egis rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f)     the right to lodge a complaint with a supervisory authority; and

g)    where the personal data are not collected from the data subject, any available information as to their source;

h)    automated decision-making, including profiling, referred to in Sections (1) and (4) of Article 22 of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

(2)           Where personal data are transferred to a third country, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

(3)           Egis shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, Egis may charge a reasonable fee based on administrative cost. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

1.3              Right to rectification

The data subject shall have the right to obtain from Egis without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

1.4              Right to erasure (”right to be forgotten”)

(1)           The data subject shall have the right to obtain from Egis the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

a)     the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Egis;

b)    the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

c)     the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

d)    the personal data have been unlawfully processed;

e)     the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Egis is subject; or

f)     the personal data have been collected in relation to the offer of information society services.

(2)           Where Egis has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, Egis, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform processors that are processing the personal data that the data subject has requested the erasure by such processors of any links to, or copy or replication of, those personal data.

(3)           Paragraphs 1 and 2 shall not apply to the extent that processing is necessary, including but not limited to the following:

a)     for exercising the right of freedom of expression and information;

b)    for compliance with a legal obligation which requires the processing of personal data by Union or Member State law to which Egis is subject;

c)     for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

d)    for the establishment, exercise or defence of legal claims.

1.5              Right to restriction of processing

(1)           The data subject shall have the right to obtain from Egis restriction of processing where one of the following applies:

a)     the accuracy of the personal data is contested by the data subject, for a period enabling Egis to verify the accuracy of the personal data;

b)    the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c)     Egis no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or

d)    the data subject has objected to processing, for a period pending the verification whether the legitimate grounds of Egis override those of the data subject.

(2)           Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

(3)  A data subject who has obtained restriction of processing shall be informed by Egis before the restriction of processing is lifted.

1.6              Notification obligation regarding rectification or erasure of personal data or restriction of processing

Egis shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Egis shall inform the data subject about those recipients if the data subject requests it.

1.7              Right to data portability

(1)           The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to Egis, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Egis, where:

a)     the processing is carried out based on consent, or on a contract; and

b)    the processing is carried out by automated means.

(2)           In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another (from Egis to another controller), where technically feasible.

(3)           The exercise of the right referred to in paragraph 1 shall be without prejudice to the provisions of right to erasure (“right to be forgotten”) and the right shall not adversely affect the rights and freedoms of others.

1.8              Right to object

(1)           The data subject have the right to object, on grounds relating to his or her particular situation, at any time to legitimate processing of personal data concerning them, including profiling. In these cases, Egis shall no longer process the personal data unless Egis demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

(2)           Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

(3)           Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

(4)           In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

(5)           Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

1.9              Right to lodge a complaint with a supervisory authority

 The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes GDPR regulations. The supervisory authority in Hungary is the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, http://naih.hu/; address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; postal address: 1530 Budapest, Pf.: 5.; phone: +3613911400; fax: +3613911410; email: ugyfelszolgalat@naih.hu

1.10           Right to an effective judicial remedy against the supervisory authority

(1)           The data subject shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority.

(2)           The data subject shall have the right to an effective judicial remedy where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.

(3)           Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority has its seat.

1.11           Right to an effective judicial remedy against Egis or the data processor

(1)           Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with the GDPR.

(2)           Proceedings against Egis or the processor shall be brought before the courts of the Member State where Egis or the processor pursues its activities. Such proceedings may also be brought before the courts of the Member State of the data subject’s habitual residence.

(3)           For a detailed list of courts please visit: https://birosag.hu/ugyfelkapcsolati-portal/illetekessegkereso.

 

Contact detail of Egis Pharmaceutical PLC' Data Protection Officer : adatvedelem@egis.hu 

1.              ÁLTALÁNOS INFORMÁCIÓK

Az Egis Gyógyszergyár Zártkörűen Működő Részvénytársaság („Egis”) ügyfeleivel, a szerződéses partnerei kapcsolattartóival, marketing üzenetei címzettjeivel, gyáregységei és egyéb létesítményei látogatóival, valamint egyéb érintettekkel („érintett(ek)”) kapcsolatban az EU 2016/679. számú Általános Adatvédelmi Rendelete („GDPR”) 4. cikk 1. pontja szerint „személyes adatnak” minősülő információkat kezel A jelen adatkezelési tájékoztató („Tájékoztató”) ezen személyes adatok kezeléséről, valamint az érintettek adatkezeléssel kapcsolatos jogairól és jogorvoslati lehetőségeiről ad tájékoztatást.

Az Egis elérhetőségei

Az Egis székhelye: 1106 Budapest, Keresztúri út 30-38. 

Az Egis cégjegyzékszáma: Cg. 01-10-041762, nyilvántartja a Fővárosi Törvényszék Cégbírósága 

Az Egis telefonszáma: +36 1 803-5555

Az Egis e-mail címe: mailbox@egis.hu, illetve adatvédelmi kérdésekben: adatvedelem@egis.hu.

Az Egis weboldala: https//: egis.health

2.              A TÁJÉKOZTATÓ FRISSÍTÉSE ÉS ELÉRHETŐSÉGE

Az Egis fenntartja a jogot, hogy a jelen Tájékoztatót egyoldalúan, a módosítást követő hatállyal módosítsa, szükség esetén az érintettek megfelelő időben történő előzetes tájékoztatásával és figyelemmel a vonatkozó jogszabályokban foglalt korlátozásokra. A jelen Tájékoztató módosítására különösen abban az esetben kerülhet sor, ha arra jogszabályváltozás, adatvédelmi hatósági gyakorlat, üzleti- vagy munkavállalói igény, új, személyes adatok kezelésével járó tevékenység, illetve újonnan felfedezett biztonsági kockázat miatt szükség van.

3.              SPECIFIKUS ADATVÉDELMI FELTÉTELEK

Egyes külön esetekben – például az Egis által üzemeltetett weboldalak használata során, vagy az Egis biztonsági kameráival kapcsolatban – specifikus adatvédelmi feltételek is alkalmazandók lehetnek, melyekről az érintettek külön tájékoztatást kapnak, például az Egis területére való belépést megelőzően, az adott weboldalon vagy az adatkezeléshez adott hozzájáruló nyilatkozaton.

4.              A KEZELT ADATOK KÖRE ÉS AZ ADATKEZELÉSI CÉLOK

 Az adatkezelési célok, az adatkezelés jogalapja, a kezelt adatok köre, valamint az adatkezelés időtartama és az adatokhoz való hozzáférésre jogosultak, továbbá az adattovábbítás címzettjeinek köre az alábbi táblázatban kerülnek bemutatásra. Ha egy adatkezelési cél az Egis vagy harmadik fél jogos érdekeinek érvényesítéséhez szükséges, a jogos érdek megállapításához használt érdekmérlegelési tesztet az Egis a fenti elérhetőségek valamelyikére benyújtott kérés esetén rendelkezésre bocsátja. Az Egis kifejezetten felhívja az érintettek figyelmét, hogy az érintett jogosult arra, hogy a saját helyzetével kapcsolatos okokból bármikor tiltakozzon személyes adatainak jogos érdeken alapuló kezelése ellen, ideértve az említett rendelkezéseken alapuló profilalkotást is. Ebben az esetben a személyes adatokat az Egis nem kezeli tovább, kivéve, ha bizonyítja, hogy az adatkezelést olyan kényszerítő erejű jogos okok indokolják, amelyek elsőbbséget élveznek az érintett érdekeivel, jogaival és szabadságaival szemben, vagy amelyek jogi igények előterjesztéséhez, érvényesítéséhez vagy védelméhez kapcsolódnak. Az Egis kifejezetten felhívja az érintettek figyelmét, hogy ha a személyes adatok kezelése közvetlen üzletszerzés (marketing) érdekében történik, az érintett jogosult arra, hogy bármikor tiltakozzon az érintettre vonatkozó személyes adatok e célból történő kezelése ellen, ideértve a profilalkotást is, amennyiben az a közvetlen üzletszerzéshez kapcsolódik. Ha az érintett tiltakozik a személyes adatok közvetlen üzletszerzés érdekében történő kezelése ellen, akkor a személyes adatok a továbbiakban e célból nem kezelhetők.

WarningYour browser is out of date. Please, use an updated version! Chrome || Firefox