Informácie pre pacientov v súvislosti s ochranou osobných údajov (ďalej len OÚ) na základe nariadenia EÚ a Rady č.2016/679 (ďalej len GDPR) čl.13

Prevádzkovateľ: MUDr. Jaroslava Kuchtová, IČO: 51746531, Mobil: +421940222073, email: alergologiabytca@gmail.com v informačnom systéme spracúva osobné údaje dotknutej osoby - pacienta za účelom poskytovania zdravotnej starostlivosti. OÚ sú spracúvané bez súhlasu dotknutej osoby na právnom základe v zmysle GDPE čl.6 ods. 1 písm. b) v spojitosti so zákonom č.576/2004 Z.z. o zdravotnej starostlivosti, službách súvisiacich s poskytovaním zdravotnej starostlivosti a o zmene a doplnení niektorých zákonov v znení neskorších predpisov, zákonom č.362/2011 Z.z. o liekoch a zdravotníckych pomôckach a o zmene a doplnení niektorých zákonov v znení neskorších predpisov, zákonom č.581/2004 Z.z.o zdravotných poisťovniach. dohľade nad zdravotnou starostlivosťou a o zmene a doplnení niektorých zákonov v znení neskorších predpisov a zákonom č.153/2013 Z.z. o Národnom zdravotníckom informačnom systéme a o zmene a doplnení niektorých zákonov v znení neskorších predpisov.

Prevádzkovateľ poskytuje osobné údaje dotknutej osoby nasledovným príjemcom: zdravotná poisťovňa dotknutej osoby, iní poskytovatelia zdravotnej starostlivosti poskytujúci zdravotnú starostlivosť dotknutej osobe, Národné centrum zdravotníckych informácií, osoby vymenované v § 24 ods.4 a § 25 ods. 1 zákona č. 576/2004 Z.z.

V zmysle § 22 ods. 2 zákona č.576/2004 Z.z. prevádzkovateľ uchováva osobné údaje dotknutej osoby 20 rokov po smrti dotknutej osoby alebo 20 rokov od posledného poskytnutia zdravotnej starostlivosti dotknutej osobe. Prevádzkovateľ má prístup k OÚ pacientov uchovávaných v Národnom zdravotnom informačnom systéme na základe Zákona č.153/2013 Z.z. o Národnom zdravotníckom informačnom systéme a o zmene a doplnení.

Práva dotknutých osôb (pacientov) podľa nariadenia EÚ 2016/679:                                                                                                              Právo požadovať od poskytovateľa prístup k osobným údajom týkajúcich sa pacienta - pacient má právo požiadať prevádzkovateľa o informácie ohľadom typu a rozsahu uchovávaných OÚ o pacientovi. Pacient má tiež právo získať výpis OÚ, ktoré prevádzkovateľ o ňom uchováva.                                                                                                          

Právo na opravu osobných údajov - pacient má právo požiadať opravu OÚ, ktoré prevádzkovateľ uchováva. Tento má povinnosť ich bezodkladne opraviť - pokiaľ je to technicky možné.                                                                        

Právo na vymazanie osobných údajov - pacient nemá právo na zabudnutie/vymazanie OÚ, ktoré o ňom prevádzkovateľ uchováva. Toto právo sa nevzťahuje na údaje, ktoré prevádzkovateľ uchováva na základe zákonnej povinnosti.                                                                            Právo na obmedzenie spracúvania osobných údajov - v prípade, že spracúvanie údajov je protizákonné alebo prevádzkovateľ už nepotrebuje OÚ na účely spracúvania, ale potrebuje ich pacient na preukázanie, uplatňovanie alebo obhajovanie právnych nárokov má právo pacient žiadať obmedzenie spracúvania takýchto údajov.              

Právo namietať spracúvanie osobných údajov - pacient má právo namietať spracovanie OÚ zo strany prevádzkovateľa.                                                                                                                                                 

Právo na prenosnosť osobných údajov - pacient má právo na prenosnosť svojich údajov k inému prevádzkovateľovi. Prevádzkovateľ ich tak musí poskytnúť pacientovi v štruktúrovanom a bežne používanom formáte. Pacient má následne právo tieto údaje preniesť k inému prevádzkovateľovi. Priamy prenos od jedného prevádzkovateľa k druhému nie je technicky možný.                                                                                                                                

Odvolanie súhlasu so spracovaním osobných údajov - pacient má právo kedykoľvek odvolať súhlas so spracovaním OÚ, ktorý poskytol prevádzkovateľovi. Toto odvolanie musí byť vykonané písomne.

V prípade upretia týchto práv má pacient právo podať sťažnosť na Úrade pre ochranu osobných údajov Slovenskej republiky. Podrobnosti môže dotknutá osoba získať nahliadnutím do bezpečnostnej dokumentácie prevádzkovateľa.

POLITIKA INFORMAČNEJ BEZPEČNOSTI

Vyhlásenie prevádzkovateľa: MUDr. Jaroslava Kuchtová

Vzhľadom na nariadenie Európskeho parlamentu a Rady (EÚ) 2016/679 o ochrane fyzických osôb pri spracúvaní osobných údajov a o voľnom pohybe takýchto údajov - General Data Protection Regulation (ďalej len GDPR), smernicu Európskeho parlamentu a Rady (EÚ) č.2016/680 a zákon č.18/2018 Z.z. - Zákon o ochrane osobných údajov, prijímame nasledujúci dokument.

Zabezpečíme, aby osobné a iné citlivé údaje obsiahnuté v našicj informačných systémoch boli chránené proti poškodeniu, zničeniu, strate, zmene, neoprávnenému prístupu a sprístupneniu, poskytnutiu alebo zverejneniu, ako aj pred akýmkoľvek iným neprípustným spôsobom spracúvania.

Zabezpečíme, aby boli spracúvané len za účelmi a v rozsahu uvedenými v evidencii spracovateľských činností.

Vyhlasujeme, že na dosiahnutie tohto cieľa využijeme všetky organizačné, personálne a informačné možnosti v súlade s dobrými mravmi a rozumnou mierou nákladovosti.

Zaväzujeme sa pracovať v súlade a s rešpektovaním platných zákonov Slovenskej republiky, platných medzinárodných noriem a v maximálnej možnej miere chrániť osobné údaje v našicj systémoch.

Všetky zlepšenia a postupy informačnej bezpečnosti budeme v budúcnosti zavádzať v súlade s platnými vyhláškami a metodickými usmerneniami.

V súvislosti s účinnosťou zákona 18/2018 Z.z. od 25.mája 2018 sme spracovali bezpečnostnú dokumentáciu a zaviedli do praxe základné princípy GDPR. Tieto dokumenty sú umiestnené na prevádzke a sú k dispozícii dotknutým osobám.

Prijímame týmto opatrenia a postupy ochrany osobných údajov uvedené v GDPR bezpečnostnej dokumentácii so záväzkom neustáleho zlepšovania a zdokonaľovania našej práce.

Za ochranu osbných údajov zodpovedá prevádzkovateľ a poverený personál.

Dátum: 15.11.2019                                                                          MUDr. Jaroslava Kuchtová

Vážení zákazníci spoločnosti,

naša spoločnosť si veľmi váži Vašu dôveru a kladie veľmi veľký dôraz na ochranu Vašich údajov, vrátane údajov osobných, pri ich spracúvaní. Spoločnosť spracúva všetky osobné údaje výlučne v súlade s platnými právnymi predpismi, ktoré upravujú ich ochranu. Cieľom tohto prehlásenia je informovať o spracúvaní osobných údajov, ku ktorému dochádza v súvislosti s návštevou našich webových stránok, ako aj niektorých ďalších prípadoch spracovania osobných údajov.

Súbory cookies

Táto stránka používa pre skvalitnenie služieb súbory cookies. prehliadaním stránky vyjadrujete svoj súhlas s ich používaním. S cieľom zabezpečiť riadne fungovanie tejto webovej lokality ukladáme niekedy na vašom zariadení malé dátové súbory, tzv. cookie. Je to bežná prax väčšiny webových lokalít. Tieto súbory môžu v niektorých prípadoch obsahovať aj osobné údaje. Prenos týchto údajov na iné servery je riadený použitým prehliadačom. Použitie týchto súborov si môžete v danom prehliadači zakázať, čo Vám však neodporúčame, lebo môžete významne obmedziť funkčnosť stránky

Čo sú súbory cookies?

Súbor cookie je malý textový súbor, ktorý webová lokalita ukladá na vašom počítači alebo mobilnom zariadení pri jej prehliadaní. Vďaka tomuto súboru si webová lokalita na určitý čas uchováva informácie o vašich krokoch a preferenciách (jazyk, krajina, mena a podobne), takže ich pri ďalšej návšteve lokality alebo prehliadaní jej jednotlivých stránok nemusíte opätovne uvádzať.

ako používame súbory cookies?

tieto webstránky používajú súbory cookies na zapamätanie si používateľských nastavení a pre nevyhnutnú funkcionalitu webstránok.

Ako kontrolovať súbory cookies?

Súbory cookie môžete kontrolovať alebo zmazať podľa uváženia - podrobnosti si pozrite na stránke www.aboutcookies.org Môžete vymazať všetky súbory cookies uložené vo svojom počítači a väčšinu prehliadačov môžete nastaviť tak, aby ste im znemožnili ich ukladanie. V takomto prípade však pravdepodobne budete musieť pri každej návšteve webovej lokality manuálne upravovať niektoré nastavenia a niektoré služby a funkcie nebudú fungovať.

Ako odmietnuť používanie súborov cookies?

Používanie súborov cookies je možné nastaviť pomocou vášho internetového prehliadača. Väčšina prehliadačov súbory cookie automaticky prijíma už v úvodnom nastavení.


Súhlasím, že
Názov firmy: MUDr. Jaroslava Kuchtová
Sídlo: S. Sakalovej 190, 014 01 Bytča
Identifikačné číslo: 51 746 531
E-mail: alergologiabytca@gmail.com
Telefónne číslo: +421940222073
Webová stránka: www.alergologiabytca.sk
ďalej ako Prevádzkovateľ, pri registrácii zadané osobné údaje, dátum a čas registrácie a IP adresu môže spravovať, ukladať, aktualizovať a používať na účely:

- poskytuje informácie o dostupných dátumoch poskytovaných služieb,
- v rezervačnom systéme zaznamenáva objednanú službu a dátum, aby mohol byť pripravený poskytovať službu v dohodnutom čase a byť schopný ma rozlíšiť a odlišovať od ostatných zákazníkov,
- Prevádzkovateľ poskytuje informácie o vybranej službe a dátumoch,
- ak v budúcnosti využijem ďalšie služby, Prevádzkovateľ vie, že kedy a aké predchádzajúce služby som využil/-a a može konať podľa toho.

Tento súhlas povoluje Prevádzkovateľovi spracúvať moje osobné údaje len v súvilosti s používaním online rezervačného systému. Prečítal/-a som si a súhlasím s Vyhlásením o spracúvanie osobných údajov. Súhlasím so zachovaním údajov o rezervácií v rezervačnom systéme až do 3 kalendárnych rokov odo dňa poslednej rezervácie.

Uvedomujem si, že mám právo požiadať Prevádzkovateľa o prístup k mojim osobným údajom, o opravu, odstránenie, obmedzenie spravovania, alebo odobrať súhlas so spracovaním údajov. Mám právo odobrať súhlas, ale odvolanie neovplyvňuje zákonnosť spracúvania údajov, ktorá bola vykonaná až do dátumu stiahnutia. Pri porušení mojich práv, mám právo podať sťažnosť cez Hungarian National Authority for Data Protection and Freedom of Information.

Uvedomujem si, že vyjadrenie súhlasu je nevyhnutným predpokladom používania systému.

Uvedomujem si, že poskytovateľ pri spracúvaní mojich osobných údajov využíva služby sprostredkovateľa booked4.us Kft. (adresa firmy: Zichy H. 12, 2066 Vác, Maďarsko, identifikačné číslo: 13-09-198371, e-mail: info@booked4.us, telefónne číslo: +36-1-510-0212, zástupca a kontakt pre ochranu osobných údajom: Péter Balogh). Prečítal/-a som a súhlasím s Vyhlásením o ochrane osobných údajov poskytnutých na webovej stránke booked4.us Kft. (https://booked4.us).

Informácie o ochrane osobných údajov

The booked4.us service (hereinafter "Service") is a cloud based online scheduling system which is capable of being embedded in a website.

The service provider and data controller company is booked4.us Kft. (hereinafter "Service Provider"), who shall be data processor regarding to customers who use the service.

Company data:
Name: booked4.us Kft.
Seat: H-2600 Vác, Zichy H. utca 12.
Company representative: Balogh Péter
Company registration number: 13-09-198371
VAT number: HU26668901
Financial institution holding account: Erste Bank (GIBAHUHB)
Bank account number: HU54116000060000000084765802
E-mail: info@booked4.us
Phone: +36-1-510-0212

Data controller contact point: Balogh PéterE-mail: data-control@booked4.us
Phone: +36-1-510-0212

User Categories:

Site visitors: Visitors of the websites of the Service Provider, who do not register on the website and do not intend to use the Service, neither as User nor as Costumer.

Newsletter subscribers: Visitors of our websites who subscribe to regular and occasional newsletters by selecting the related checkbox on the website.

Users: Any natural persons, identified or (directly or indirectly) identifiable based on personal data, standing for a business organization subscribing to the Service and creating a booking system instance or using the system instance with an administrator or employee account and using the Service for booking purposes.

Costumers: Any persons booking appointment(s) for a service following her or his registration on the system instance of a User. Upon the registration personal data of the Costumer will be stored in the system of the Service Provider as data processor.

The booked4.us online booking system is collecting and processing personal data from the users for the purposes and in the extent described in following points.

I. All users ( Site visitors, Newsletter subscribers, Users, Costumers)

Upon visiting our websites technical data will be stored on our webservers from the devices of the users.

A.) Cookies

1. The websites of the Service Provider and the booking system contain cookies. A cookie is a text file that a web browser stores on a user's machine. Cookies are used by the user's device for authentication, storing website information/preferences, other browsing information and anything else that can help the user while accessing the Service. Cookies do not contain any persona data like name, address, email address, etc.

2. There is no need for special browser settings in order to save cookies on your device. At default settings your browser will receive cookies and store them on a list ("temporary internet files"), as it does not present any risk. In case you decide not to accept Service Provider's cookies, you can inactivate it in the browser settings. For further information please read the Help menu of your browser.

3. If you accept the use of cookies, they will be stored on your device, for the time being you delete them. Please note, that declining cookies can cause limited functionality of the Web site and the Service.

4. Please be informed that upon visiting our website(s) third party cookies are used as well, which help the Service Provider to get statistics about page visitors and social media trends and to ... marketing activities.

Third party cookies built in to the Service Provider's website(s) and to the booking system (Service):

Google Analytics

Facebook

Smartlook

Vimeo

booked.us session cookie

5. There are links and icons on the Service Provider's websites - e.g. Facebook Like button, You Tube video link) - which refer to other websites using cookies as well. Information about using cookies on these websites are to be found on the concerning website. Service Provider does not review third party websites and does not take responsibility for the content of third party websites.

6. Unless you want to receive certain type of cookies, you have the option to configure your internet browser to block using cookies or to send you notification if a website uses cookies. For further information about this functionality and to change the cookie settings, please read the Help of your browser.

7. By using the Service User accept that limiting cookie functionalities certain functions of the Service are not available.

B.) Data processors of Service Provider

- Google Analytics

We collect technical data about the visits on our website and usage of the Service by using Google Analytics. The data gathered by Google Analytics (e.g.: type of device, type of browser, language settings, referring website, IP address of browsing device and other geographical data) are stored anonymously and independent of personal data. These data are for statistical analytics for optimizing the system's utility and marketing.

Duration of preservation: we store the anonymous data gathered by Google Analytics for at most 3 years.

- Smartlook

By using Smartlook we can analyze the clicks happening on the website and the system's user interface and the behavior of the visitors without storing the data recorded by them. The goal is to improve the user interface and make the usage of the system more easy and understantable.

Duration of preservation: we store the anonymous data gathered by Smartlook for at most 1 year.

- Facebook

Our websites may contain plug-ins of facebook.com social media network. The plug-in forwards to the provider that which of our websites did you open. If you are logged in to your Facebook account during browsing our website, the provider can compare the information you are interested in (that you have reached) with your user account. In case of using the plug-in's function (e.g.: clicking on the "Like" button, commenting), the browser will send this information directly to the provider for preservation.

You can find further information about how do Facebook collects and use data, as well as your rights related to data controlling mentioned above and your available possibilites in the provider's privacy policy: https://www.facebook.com/policy.php

If you want to avoid connecting the visit of our website with your Facebook or Twitter account, you have to sign out of these accounts before opening our website.

II. Newsletter subscribers

A) Data controlling related to the newsletter

- Legal basis: consent of the affected natural person which can be given by clicking in the related checkbox on the website or the blog by subscribing to the newsletter or register to the trial period.

- Goal: sending regular and occasional newsletter about updates of the service, tips, professional content and messages with marketing goal.

- Controlled data: name, email address

- Duration of data controlling: until the existence of the newsletter service, or the withdrawal of consent (request of deletion). One can withdraw the consent by using the link at the bottom of the newsletter or sending an email to data-control@booked4.us.

B) Data processors of Service Provider

- SurveyMonkey

- We collect and store survey data about client satisfaction and marketing by using SurveyMonkey, which are voluntary.

Duration of preservation: for at most 3 years after filling the survey.

III. Users

A.) Data controlling related to registration and creation of scheduling system

- Legal basis: The User or its natural person representative gives its consent to data controlling by registering to the free trial period of the Service, filling the registration survey and checking the checkbox about accepting this data controlling informative.

- Goal: creating a new scheduling system for the User with default settings, identifying the User, possibility of contacting (in favor of phone or personal support to get to know the needs and help with the settings and offering a proposal), giving information about functions and services.

- Controlled data: full name, email address, password, phone number, id of scheduling system and data given during setting the system (e.g.: opening hours, services, language setting, etc)

- Duration of data controlling: if the User does not become a subscriber after the free trial period and he/she does not give its consent for keeping their data and further contacting, their data will be deleted in at most 30 days after the end of the trial period.

B.) Data controlling related to subscription

- Legal basis: The User gives its consent to data controlling by filling the subscription form and checking the checkbox of accepting Terms and Conditions.

- Goal: Serving, contacting based on contracted legal relationship, informing the User as Service subscriber about new functions and services; creating invoices suitable for regulations and fulfilling the accounting document keeping obligation.

- Controlled data: name, email address, phone number of natural person representative; company name, seat, site address, phone number, email address, website, customer id, scheduling system id of legal person and data given during setting the scheduling system (e.g.: opening hours, services, language settings, etc.).

- Duration of preservation: For at most 3 years after the existence of an active contracted connection (subscription), or the natural person's representative state. The invoices have to be kept for 8 years from invoicing based on 169. § (2) of Act C of 2000 on accounting. We inform you that if you withdraw your consent for invoicing, the Data controller has the right to keep your personal data known from invoicing for 8 years based on the 6. § (5) of Act CXII of 2011 on Informational Self-determination and Freedom of Information.

C.) Data controlling related to customer service (support)

- Legal basis: Explicit consent of the User by filling the registration or subscription form.

- Goal: proactive support of registered Users: offering help for setting up the system, surveying client satisfaction, ask about unique needs and subscription intention, call for proposal; receiving client needs through incoming calls, support Users with system usage, handling complaints and other general contact functions.

- Controlled data: name, phone number, customer service notes without personal data about needs, questions, technical problems and data given during registration and subscription (see above).

- Duration of data controlling: see in Data controlling related to registration and creation of scheduling system and Data controlling related to subscription chapters

D.) Data controlling related to phone contact (support)

- Legal basis: The Service Provider can record the customer service's phone calls in favor of fulfilling sales and services, giving information and quality assurance. The legal basis of this data controlling is the affected person's consent. If the Service Provider wants to record the call, it notifies the called party and ask for consent.

- Goal: The goal of outgoing calls and the related data controlling is to proactively support the registrated Users: offer help for setting up the system, surveying client satisfaction, ask about unique needs and subscription intention; in case of incoming calls the goal is to receive client needs, support Users with system usage, handling complaints and other general contact functions

- Controlled data: name, phone number, customer service notes about the content of the call without recording personal data; if recording the call, the sound recording and the related scheduling system's id.

- Duration of data controlling: we store the phone calls and the related data for at most 3 years. The recorded audio material is searchable by phone number and the date of the call.

F.) Data processors of Service Provider:

- ZOHO CRM

We store the CRM kind data of the trial period registrations, active subscribers and customer service communications in the ZOHO CRM system. Duration of preservation: for at most 30 days after the expiry of the trial period, in case of subscription: for at most 3 years after the existence of an active contracted connection (subscription), or the natural person's representative state.

- Sales Autopilot

- We store the CRM kind data of the trial period registrations, active subscribers and subscriptions in the SalesAutopilot system. Duration of preservation: for at most 30 days after the expiry of the trial period, in case of subscription: for at most 3 years after the existence of an active contracted connection (subscription), or the natural person's representative state.

- számlázz.hu

We do the invoices, store the invoice's data, and track the payment status in the Számlázz.hu system. Duration of preservation: The invoices have to be kept for 8 years from invoicing based on 169. § (2) of Act C of 2000 on accounting. We inform you that if you withdraw your consent for invoicing, the Data controller has the right to keep your personal data known from invoicing for 8 years based on the 6. § (5) of Act CXII of 2011 on Informational Self-determination and Freedom of Information.

- SurveyMonkey

We collect and store survey data about client satisfaction and marketing by using SurveyMonkey, which are voluntary.

Duration of preservation: for at most 3 years after filling the survey.

- Amazon Web Services

The Service Provider store the data (controlled and stored by the scheduling system) at the virtual servers (VPS) in the Frankfurt data center of Amazon Web Services, Inc. (seat: 1 Burlington Rd, Dublin 4, Ireland) as data processor. Duration of preservation: see in section Controll data recorded in scheduling system

- Twilio

The incoming and outgoing calls of customer service are going through the Twilio system. We store the technical data of the calls (e.g.: date of the call, duration, called or calling phone numbers) and if recording, the sound material in the Twilio system. Duration of preservation: we store the calls and the related data for at most 3 years.

IV. Customers

A.) Control data recorded in scheduling systems

- Legal basis: natural person's registration on the User's scheduling system or booking an appointment without registration and giving consent to data controlling by checking the privacy policy accepting checkbox. Service Provider considered as data controller (see section 8 in Terms and Condition)

- Goal: support the practical roles of the User related to managing the appointments, reception of clients, and providing services, e.g.: preparing for providing the service, identifying the client at the agreed date, giving information if the date is changing or the appointments has to be cancelled, giving information, follow-up, managing technical information automatically coming from the browser (e.g.: type of device, operating system, language setting, size and type of display)

- Controlled data: full name, email address, phone number, (password in case of registration), id of the scheduling system, chosen service provider, chosen service during booking, chosen date and time, time of arrival, name and id of calendar related to the service (can relate to location, colleague or any other thing specified by the User), any other information specified by the User that can be filled in the booking survey, IP address of User who gathers bookings, managing technical information automatically coming from the browser (e.g.: type of device, operating system, language setting, size and type of display)

- Duration of data controlling: the data is stored in the database of the scheduling system for at most 3 years from the last booked date of the User's customer.

B.) Data processors of Service Provider:

- Amazon Web Services2-3

The Service Provider store the data (controlled and stored by the scheduling system) at the virtual servers (VPS) in the Frankfurt data center of Amazon Web Services, Inc. (seat: 1 Burlington Rd, Dublin 4, Ireland) as data processor. Duration of preservation: see in section Controll data recorded in scheduling system

V. Data transfer

Service Provider shall not transfer the data of Newsletter subscribers, Users, Costumers to third parties.

VI. Data security

1. Service Provider takes all necessary measures (organizational and technical) to ensure the highest level of security for the protection of personal data or the prevention of unauthorized alteration, deletion or use of such data.

2. Service Provider takes all necessary measures to ensure data integrity, i.e., the accuracy and completeness of the data handled or processed by it.

3. Service Provider protects the data with appropriate measures in particular against unauthorized access, alteration, transfer, disclosure, deletion or erasing or accidental destruction, injuries or inaccessibility resulting from the change of applied technology.

4. The Service Provider takes all necessary steps to ensure the credibility and confidentiality of the processed data and in order to ensure that data subjects and those entitled can always access the data.

5. Service Provider, in order to comply with the foregoing obligations, reserves its rights to provide information to its clients and partners concerning security leaks detected on the side of clients or partners and, simultaneously, restrict their access to the system and services of the Service provider or certain functions of the Service until the security leak is eliminated.

6. Data privacy incidents are treated according the Service Provider's internal security policy.

VII. Rights of data subject

1. Service Provider should provide the facility the data subject - through the contact details set out in point 1. -- to request access, rectification or erasure personal data if applicable, and the exercise of the right to object. The data subject can withdraw her or his consent to the processing of personal data, which does not affect legality of data processing with consent before the time of withdrawing.

2. On request of data subject Service provider provides information about data being processed, the source of the data, purpose, legal basis and duration of data processing, name, address and activities of data processor, if applicable, and in case of data transfer, the legal base and the addressee of data transfer. Service Provider should provide information in written and easy recognizable form as soon as possible but at latest within 30 days, free of charge.

3. Service Provider should rectify personal data if it is not real and accurate and the real data Is available.

4. Service Provider erases personal data immediately if the processing is improper, on the request of data subject, if data is incomplete or not real and the law does not preclude the deletion, if the purpose of data processing is terminated, if the term of data processing is over, on the order of the court or the Hungarian National Authority for Data Protection and Freedom of Information. Service Provider does not take responsibility for data being erased from the Service but to be found in search engines in an archived form, deletion should be requested in this case at the provider of the search engine.

5. Service Provider informs subject of data about rectification of data, limitation of data processing or erasure of data. Service Prover should execute rectification, erasure or limitation of processing within 30 days.

6. Subject of data can turn to the following authority in case of a perceived violation of his rights:

Nemzeti Adatvédelmi ls Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing information: 1530 Budapest, Postafiók: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

VIII. STATEMENT OF THE SERVICE PROVIDER

1. The booked4.us Service Provider, as data controller and data processor, acknowledges the binding nature of this Privacy Policy on.

2. The Data Controller undertakes to ensure that its data processing in connection with the Service or the operation of the Service always complies with the requirements laid down in this document and in the Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

3. Service Provider ensures that the present Privacy Policy is constantly available on the www.booked4.us website (hereinafter "Website"). Modifications to the present Privacy Policy enter into force with their publication on the Website.

Budapest, 24 May 2018.

Data Transfers from the EU, the UK and Switzerland to the United States

We participate in the EU-U.S. & Swiss-U.S Privacy Shield Frameworks to meet the privacy adequacy provisions of the GDPR.

Cognito Forms participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal information received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield website: https://www.privacyshield.gov/welcome. A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.

Cognito Forms is responsible for the processing of personal information it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have a privacy or data use concern related to Cognito Forms, please first email us at privacy@cognitoforms.com so we can promptly address the issue. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider JAMS (free of charge to you) at https://www.jamsadr.com/eu-us-privacy-shield.

Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution. This is described in Annex I to the Privacy Shield.

If you're collecting personal information about anyone in the European Economic Area (EEA), you must sign our Data Processing Addendum to be compliant with the General Data Protection Regulations.