01 April 2022
Purpose and scope of the Notice
1.1. The Association of Innovative Pharmaceutical Manufacturers (registered office: H-1077 Budapest, Kéthly Anna tér 1.; Cg 01-02-0005205; hereinafter “Controller”) acknowledges that it is bound by the provisions of this privacy notice (hereinafter “Notice”). In its activities, the Controller undertakes to process the personal data that it obtains in the course of the operation of the Controller and the website (https://www.aipm.hu) maintained by it (hereinafter referred to as the “Website”) in accordance with the provisions of this Notice and the applicable laws.
1.2. The aipm.hu website and the subpages accessible from it are online interfaces for public information related to the activities of the Controller. The texts quoted on the website are predominantly self-created. In the case of texts quoted from other sources, the references of the sources are always provided.
1.3. The purpose of this Notice is to set out the principles for the processing of Personal Data provided by the Data Subject (see 2.6.) when contacting the Controller through the Controller’s Website or otherwise contacting the Controller.
The Terms used in this Notice shall have the following meanings:
2.1. Processing means performing technical tasks related to data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
2.2. Processor means any natural or legal person or unincorporated organisation processing personal data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;
2.3. Data Processing means any operation or set of operations which is performed on personal data, irrespective of the procedure used, in particular but not exclusively, collecting, recording, registering, organising, storing, altering, using, retrieving, transferring, disclosing, aligning or combining, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans, etc.);
2.4. Controller means the natural or legal person or unincorporated organisation which, alone or jointly with others, determines the purposes for processing personal data, takes and implements decisions regarding the Data Processing (including the means used) or have them implemented by the Processor;
2.5. Data Transfer means providing access to personal data to a specified third party;
2.6. Data Subject means any natural person who is identified or can be identified, directly or indirectly, on the basis of any specified personal data;
2.7. GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation);
2.8. Third Party means any natural or legal person, or unincorporated organisation other than the Data Subject, the Controller or the Processor;
2.9. Authority means the National Authority for Data Protection and Freedom of Information, established in accordance with the provisions of the Fundamental Law to ensure the right of informational self-determination, freedom of information and protection of personal data, as well as the legitimate access to public data and data in the public interest, and to monitor and promote the exercise of these rights;
2.10. Consent means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she signifies agreement to the processing of personal data relating to him or her, whether in full or for specific operations;
2.11. Info Act means Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information;
2.12. Personal Data means Personal Data that can be associated with the Data Subject, in particular, but not limited to, the name, identifier or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the Data Subject, and the inference that can be drawn from the Personal Data concerning the Data Subject.
- Principles of Data Processing
3.1. The Controller shall process Personal Data only for specified, express and legitimate purposes, for the exercise of a right or the fulfilment of an obligation; it shall record them taking into account the principles of fairness and lawfulness and process them in compliance with these principles.
3.2. The Controller shall ensure that the Data Processing at all stages meets the purposes for which it is carried out and that the Personal Data are adequate, relevant and not excessive in relation to the purposes for which they are further processed.
3.3. The Controller shall only process Personal Data that is essential to and suitable for achieving the purpose of Data Processing. The Controller shall process the Personal Data to the extent and for the duration necessary to achieve the purpose. Personal Data shall be kept in a form which permits identification of the Data Subject for no longer than is necessary for the purposes for which the Personal Data are collected or further processed.
- Purpose and legal basis of Data Processing
4.1. The purpose of the data processing carried out by the Controller is (i) to provide online content, (ii) to identify the Data Subject, to maintain contact with the Data Subject, (iii) to identify the Data Subject’s rights, (iv) to produce statistics and analyses, (v) to protect the rights of the Data Subjects, (vi) to enforce the legitimate interests of the Controller. The Controller shall not use the Personal Data for purposes other than those set out in this Section 4.1.
4.2. The processing of Personal Data takes place on the basis of the Data Subject’s freely given and informed Consent. The Data Subject shall have the right to withdraw his or her Consent at any time. The withdrawal of Consent shall not affect the lawfulness of Data Processing based on Consent before its withdrawal. Based on the Consent, the Data Subject expressly consents to the use of the Personal Data provided by the Data Subject or Personal Data generated about the Data Subject in the course of using the Website.
4.3. The Controller shall be entitled to record the IP address of the Data Subject when clicking on the Website in order to enforce the legitimate interests of the Controller, without the specific consent of the Data Subject.
4.4. The Data Controller’s Website may use anonymous Data Subject identifiers, so-called “cookies”, in order to provide a personalised service. Cookies are signal sequences for unique identification or storing profile information that are placed on the Data Subject’s computer by service providers, so that the next time you visit the same website, the website can retrieve the data stored in the cookies and thus collect information about your further activities (e.g. cookies store the Data Subjects’ preferences, etc.). Such signal sequence alone is only capable of recognising the Data Subject’s computer but cannot identify the Data Subject individually.
4.5. Information on cookies
What exactly is a cookie?
A cookie is a small file that is placed on your computer when you visit the Website. Cookies have many functions. Among other things, they collect information, remember the visitor’s individual preferences, are employed, for example, when using online shopping carts, and generally make the use of the Website easier for users.
What cookies does the website use and what for?
- to collect information about how you use the Website – by analysing which parts of our Website you visit or use most, so that we can learn how to provide you with an even better user experience when you visit our site again,
- to improve our Website,
- to make it easier for you to navigate around our Website and use its features, thus ensuring a seamless user experience,
to manage your session after you log in.
Essential session cookies
These cookies are necessary to enable users to browse our Website, use its features, such as, among other things, to remember your actions on particular pages during a visit. These cookies are valid only for the duration of your current visit, and are automatically deleted from your computer at the end of your session or when you close your browser. Please note that without these cookies, we cannot guarantee your use of our Website.
Cookies to facilitate use
These give us the opportunity to remember your choices made about our Website.
We use Google Analytics cookies to collect information about how our visitors use our Website. These cookies cannot identify you personally (they only partially record the IP address you are using), but they do collect information such as which pages our visitors have visited, which part of the Website users clicked on, how many pages they visited, the length of time spent on each session, and any error messages – all with the aim of improving our Website and the experience we provide to our users.
How can you check and turn off cookies?
All modern browsers allow you to change your cookie settings. Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and each time will offer you the choice of whether or not to enable cookies.
Please note that since the purpose of cookies is to facilitate or enable the usability and processes of our Website, by disabling or deleting cookies, our users may not be able to fully use the features of our Website or the Website may not function as intended in their browsers.
4.6. Where the Data Subject provides Personal Data about a third party, the Data Subject warrants that he or she has obtained the lawful consent of that third party. By providing their e-mail address and other Personal Data (e.g. Data Subject’s name, password etc.), each Data Subject also accepts responsibility for ensuring that they are the only person using the services from the e-mail address and through use of the Personal Data provided.
- Scope of Personal Data processed
5.1. When the Data Subject visits the Website, the Controller’s system automatically records the Data Subject’s IP address.
- Duration of Data Processing
6.1. The Data Controller shall process the Data Subject’s data until the purposes of the processing described above are fulfilled, or the Data Subject’s consent is withdrawn or the Data Subject requests the data to be deleted.
6.2. Data automatically and technically recorded during the operation of the system are stored in the system from the moment they are generated for a period of time that is reasonable to ensure the operation of the system. The Controller shall ensure that such automatically recorded data cannot be linked to other Personal Data, except where required by law.
6.3. The Data Subject may at any time object to Data Processing, request the cessation of Data Processing, the cessation of certain forms of Data Processing or the erasure of the data regarding specific purposes. In such cases, the period of Data Processing lasts until the receipt and processing of the request to this effect, which is carried out by the Controller without delay, but within 10 working days at the latest.
6.4. The erasure requested under Section 7 may be refused (i) for the exercise of the right to freedom of expression and information, or (ii) where the processing of Personal Data is authorised by law; or (iii) for the establishment, exercise or defence of legal claims.
- Rights of the Data Subject
7.1. The Data Subject may obtain information on the Data Processing by sending an e-mail to email@example.com or by sending a registered letter with or without acknowledgement of receipt to the address of the Controller specified in Section 11. The Data Subject may obtain from the Controller information as to whether the Data Subject’s Personal Data is processed and, if so, access to the Personal Data processed by the Controller. The Data Subject’s request for information may relate, among other things, to the scope of the Personal Data processed, their source, the purpose, legal basis, duration of Data Processing and the identification of Processors.
7.2. The Data Subject may request rectification or modification of his or her Personal Data processed by the Controller. Taking into account the purpose of Data Processing, the User may request the completion of incomplete Personal Data.
7.3. The Data Subject may obtain from the Controller restriction of processing of his or her Personal Data if the accuracy of the Personal Data processed is contested by the Data Subject. In this case, the restriction applies for a period of time that enables the Controller to verify the accuracy of the Personal Data. The Controller shall mark the Personal Data that it processes if the Data Subject contests its accuracy or correctness, but the incorrectness or inaccuracy of the contested Personal Data cannot be clearly established. The Data Subject may obtain from the Controller the restriction of the processing of his or her Personal Data also if the Data Processing is unlawful, but the Data Subject opposes the erasure of the Personal Data processed and requests the restriction of their use instead. The Data Subject may also obtain from the Controller restriction of processing of his or her Personal Data where the purpose of the Data Processing has been fulfilled, but the Data Subject requires the Controller to process the Personal Data for the establishment, exercise or defence of legal claims.
7.4. The Data Subject may ask the Controller to provide him or her with the Personal Data provided by the Data Subject and processed by the Data Controller in an automated way in a structured, commonly used, machine-readable format and/or to transmit it to another controller.
7.5. The Data Subject shall have the right to object to the processing of his or her Personal Data (i) where the processing of the Personal Data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller or a third party; (ii) where the purpose of the Data Processing is direct marketing, public opinion polling or scientific research; or (iii) where the Data Processing takes place for the performance of a task carried out in the public interest. The Controller shall examine the lawfulness of the Data Subject’s objection and, if the objection is justified, shall cease the Data Processing and block the Personal Data processed, and shall notify those to whom the Personal Data concerned by the objection have been previously transferred of the objection and the action taken on it.
- Use of Processors
8.1. Where the Data Processing is to be carried out on behalf of the Controller, the Controller shall use only Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Data Processing will meet the requirements of the GDPR and ensure the protection of the rights of the Data Subjects. The Processor shall not engage another processor without prior specific or general written authorisation of the Controller.
- Possibility of Data Transfer
9.1. The Controller shall be entitled and obliged to transmit to the competent authorities any Personal Data at its disposal and stored by it in a lawful manner, which Personal Data it is required to transmit by law or by a final and compulsory order from a public authority. The Controller cannot be held liable for such data transfers and the consequences thereof.
9.2. The Controller shall keep records of data transfers for the purposes of monitoring the lawfulness of data transfers and providing information to the Data Subject.
- Remedies available to the Data Subject
10.1. We advise the Data Subject to lodge a complaint with the Controller before seeking recourse to the authorities or the courts.
Contact details of the Controller’s contact person:
Name: Kinga Shalaby
Telephone: +36 1 250 4876
E-mail address: firstname.lastname@example.org
10.2. In the event of a breach of his or her rights in relation to his or her Personal Data, the Data Subject has the right to notify the Authority using the following contact details:
Hungarian National Authority for Data Protection and Freedom of Information
Mailing address: H-1530 Budapest, Pf.: 5.
Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail address: email@example.com
10.3. The Data Subject has the right to apply to the courts if his or her rights are infringed or if he or she disagrees with the decision of the Controller regarding his or her objection to the processing of his or her Personal Data. The action falls within the jurisdiction of regional courts and may be brought before the regional court of the place of residence or stay of the Data Subject.
- Amendments to the Privacy Notice
11.1. The Controller shall be entitled to amend this Policy unilaterally. However, the Controller shall inform the Data Subject of any amendments to this Notice that are necessary for the exercise of his or her rights or the fulfilment of his or her obligations.
Association of Innovative Pharmaceutical Manufacturers – Hungary
Address: H-1077 Budapest, Kéthly Anna tér 1.
E-mail address: firstname.lastname@example.org