Data controller: Béres Pharmaceuticals Private Limited Company
registered office: 1037 Budapest, Mikoviny utca 2-4.
Represented by: Chief Executive Officer Ferenc Major
email: [email protected]
website: beres.hu
(hereinafter: the “Data Controller”)
We only send you newsletters or advertising materials in any other manner with your prior consent. You can subscribe to the newsletter via the following channels, by entering your name and email address:
Legal basis of the data processing: Your consent, which you give by subscribing. [GDPR Article 6(1)(a)]
Purpose of the data processing: To inform you about the latest information, our latest, products and of news about us, and to send you educational articles and materials.
Duration of the data processing: We will only send you our newsletters and advertising materials for as long as you request it. If you do not wish to receive any more newsletters (or advertisements), you can unsubscribe at any time and, if you change your mind, you can subscribe again at any time. When you unsubscribe, we will not send you any more emails and we will delete your personal information. Please be advised that the withdrawal of your consent will not affect the lawfulness of any data processing that took place based on this consent before it was withdrawn.
You can unsubscribe from the newsletters in the following ways:
Data processors:
Rights: 3.1.-3.6.
You can find us on Facebook as Béres Egészségklub (Béres Health Club) and Béres Gyógyszergyár (Béres Pharmaceuticals), on Instagram as Béres Egészség, and on LinkedIn as Béres Pharmaceuticals Ltd. You can also follow us via our YouTube channel.
Legal basis of the data processing: Your consent, which you give by following us. [GDPR Article 6(1)(a)]
Purpose of the data processing: To inform you about the latest information, our latest, products and of news about us, and to send you educational articles and materials.
Duration of the data processing: Our news will only be displayed for you for as long as you want it to be. You can withdraw your consent by unsubscribing. The withdrawal of your consent will not affect the lawfulness of any data processing that took place based on this consent before it was withdrawn.
Data processor:
The Béres Egészségklub Facebook page and Béres Egészség Instagram page are edited by Positive by Hinora Group Korlátolt Felelősségű Társaság (registered office: H-1062 Budapest, Délibáb utca 29.).
Rights: 3.1.-3.6.
The companies operating the social media pages are other data controllers; you can find information about the data processing of those sites in the following places:
Channel | Data controller | Privacy notice |
Facebook
|
Facebook Ireland Ltd. (registered office: 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) | https://www.facebook.com/privacy/explanation
https://www.facebook.com/help/instagram/155833707900388 |
LinkedIn Ireland Unlimited Company (registered office: Wilton Place, Dublin 2, Ireland) | https://www.linkedin.com/legal/privacy-policy | |
YouTube | Google Ireland Limited (registered office: Gordon House, Barrow Street, Dublin 4, Ireland) | https://policies.google.com/technologies/product-privacy?hl=hu |
You can report the side effects of a marketed product manufactured by us directly to our company or through your doctor or pharmacist or the pharmaceutical state administrative body (National Institute of Pharmacy and Nutrition).
Categories of data processed: Name and contact information of the person reporting (email address or phone number or mailing address), monogram, age, gender of person experiencing the side effect (where the reporting person is not the person experiencing the side effect), name of legal representative (in the case of a child), side effect (adverse symptom or effect noticed), other relevant healthcare and medical history data, name or active ingredient of the suspected medication.
Source of data: The person making the report.
Legal basis of the data processing: Fulfilment of a legal obligation. [GDPR Articles 6(1)(c) and 9(2)(h)] Pursuant to Section 18/B of Act XCV of 2005 on Medicinal Products for Human Use and on the Amendment of Other Regulations Related to Medicinal Products, and based on Article 28(3) of Implementing Regulation (EU) 520/2012. The provision of the data is a prerequisite for the investigation and reporting of a side effect.
Purpose of the data processing: Legal compliance in the context of an investigation of an adverse reaction (side effect).
Duration of the data processing: Ten years following expiry of the product’s marketing authorisation, based on Article 12(2) of Implementing Regulation (EU) 520/2012/EU.
Category of recipients:
The side effects you have described will be forwarded anonymously (specifying only the initials of the name and the gender or age of the person that has experienced the side effect) to a common European database (the EudraVigilance system).
Rights: 3.2., 3.3., 3.5.
You can get in touch with us using any of our contact details (by email, via Facebook, via Instagram, by phone, or by post). If you do, you consent to the processing of the personal data that you share with us.
Legal basis of the data processing: Your consent, and in the case of providing health data, your specific consent, which is given by sending the inquiry. [GDPR Article 6(1)(a) and, in the case of a product information service, GDPR Article 9(2)(a)], also taking into account Act on the processing and protection of health data and related personal data.] You can also withdraw your consent at any time by notifying us at one of our contact details specified in point 1, but this will not affect the lawfulness of the data processing that took place prior to the withdrawal.
Purpose of the data processing: To communicate with the person sending the inquiry and answering the question/request/comment/other, as described below. Once the answer has been given, the purpose of retention is traceability, in order to be able to address any future needs and feedback.
Topic | Description | Duration of the data processing |
Non health-related complaint | Non health-related complaints are registered, as required by the internal regulations (SOP 034). | After the investigation of the complaint is completed, we retain the correspondence for 5 (five) years. |
Product information service | [email protected] is the e-mail address of the organisational unit that provides the product information service. If you did not send your health or product information request or question to [email protected], we will forward your inquiry to the product information service. The product information service will then contact you directly in order to respond as effectively as possible to the issues raised in your letter. | The product information service will retain your data for 5 (five) years. |
Other inquiries | We will try to investigate and answer your request or question as soon as possible. | We will keep the messages and the personal data received in this way for 2 (two) years after answering the request or question. |
Rights: 3.1.-3.6.
As part of the contractual or non-contractual relationships with each of our business partners, we share the contact information of our contacts and process the contact persons’ names and contact information (position, email address, telephone number) provided by our business partners.
Legal basis of the data processing: Our legitimate interest in maintaining contact. [GDPR Article 6(1)(f)]. You may object to the data processing at one of our contact addresses or numbers indicated in point 1.
Purpose of the data processing: Maintaining contact, including, e.g. communication related to the fulfilment of a contract, sending greetings messages, etc.
Duration of the data processing: The contact information will be processed during the existence of the business relationship until our business partner notifies us of a change in the contact person.
Rights: 3.2., 3.3., 3.5., 3.7.
We proceed in the same way as above when processing the personal data of members of the press.
We sign contracts with our contractual partners, which, as the document on which the invoice is based, are retained even after the termination of the contract, and so the personal data contained in the contracts is also retained.
Legal basis of the data processing: Fulfilment of a legal obligation. Following invoicing, retention is required due to the tax and accounting regulations. It is not possible to conclude the contract without providing the data. [GDPR Article 6(1)(c)]
Purpose of the data processing: Fulfilment of a legal obligation.
Duration of the data processing: We retain the signed contracts for 8 (eight) years following the expiry of the contract.
Rights: 3.2., 3.3., 3.5.
In connection with the data processing, you have the rights described in points 3.1.-3.7. If you would like to exercise any of these rights, please write to us at one of the addresses below:
address: 1037 Budapest, Mikoviny utca 2-4.
email address: [email protected]
Identification
We must always verify your identity before fulfilling your request. If we are unable to verify your identity, unfortunately we will be unable to fulfil your request.
Replying to requests
Following identification, we will provide information related to the request in writing, electronically or, at your request, verbally. Please note that if you have submitted your request electronically, we will respond via e-mail. Naturally, here too, you have the option of requesting another method.
Administration deadline
We will inform you about the measures taken in response to your request no later than 1 (one) month from the receipt of your request. If the complexity of the request and the number of requests involved warrant it, this deadline may be extended by an additional 2 (two) months, which we will inform you about within the 1 (one) month administration deadline.
We are also obliged to inform you of any failure to take action within the one-month administration deadline. You may lodge a complaint against this with the NAIH (point 4.1) and turn to the court (point 4.2).
The fee for administration
The requested information and measure(s) taken are free of charge. An exception is where the request is clearly unjustified or – especially due to its repetitive nature – excessive. If this is the case, we may charge you a fee for the work, or refuse to fulfil the request.
In the case of data processing based on your consent, you may withdraw your consent at any time. As soon as we receive such notification from you, we will delete your personal data related to the data processing concerned.
You may request information on whether your personal data is being processed and, if so:
You may request that we rectify or supplement any of your personal data that was recorded inaccurately or incompletely.
You may request that your personal data be deleted if:
We cannot delete personal data if it is needed:
You may request that we restrict your data processing if one of the following is true:
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest in the EU or a Member State. We will inform you in advance of any lifting of the restriction.
You have the right to receive the personal data we process in a machine-readable format, and you have the right to transfer or – upon your request – to have us transfer this data to another data controller if the data processing is based solely on your consent or on a contract with you, or signed in your interest, and is automated.
That right shall not apply in cases where the processing is necessary for the performance of a task carried out in the public interest. It shall not infringe the right to erasure and shall not adversely affect the rights and freedoms of others.
You may object to the processing of your personal data if:
If you object to the processing of your personal data, we will delete your personal data. An exception is where the processing is justified for compelling legitimate reasons, including the public interest or where the processing is necessary for the establishment, exercise or defence of legal claims.
If you believe that the processing of your personal data is contrary to the provisions of the General Data Protection Regulation, you have the right to lodge a complaint with the National Data Protection and Information Security Authority (NAIH).
NAIH
President: Dr. Attila Péterfalvi
postal address: H-1363 Budapest, PO Box 9
address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
web: http://naih.hu
email: [email protected]
If you believe that the processing of your personal data is contrary to the provisions of the General Data Protection Regulation (GDPR), and that your rights specified in the GDPR have been violated, you have the right to take the matter to court.
The case falls within the jurisdiction of the regional courts. The matter may – depending on the choice of the data subject – be filed at the regional court with authority at the permanent address or the temporary (registered) address of the data subject. A party who does not otherwise have legal capacity to sue may also be a party to the lawsuit. The Authority may choose to intervene in the case in support of the data subject.
The court proceedings will be governed by the provisions of the GDPR, as well as Act V of 2013 on the Civil Code, Book Two, Part Three, Title XII (Sections 2:51–2:54) and other legal provisions applicable to court proceedings.
If the Controller causes damage or violates the data subject’s privacy through any unlawful processing of his or her data, aggravated damages may be demanded from the Controller. The data controller shall be exempt from liability for any loss caused and from the obligation to pay compensation for distress if it can prove that the loss was caused or the data subject’s privacy rights were violated for an unavoidable reason outside the scope of the data processing.
We do everything we can, taking into account the latest developments in science and technology, the costs of implementation and the nature of the data processing concerned, as well as the risk presented to the rights and freedoms of the natural persons involved, to implement adequate technical and organisational measures so as to ensure a level of data security appropriate for the risk.
We always treat the personal data confidentially, restricting access to it, using encryption and maximising resilience, ensuring it can be recovered in the event of a problem. We regularly test our systems to guarantee security. In assessing the appropriate level of security, we take into account the risks that are presented by data processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.
We do everything we can to ensure that any natural person acting under our authority who has access to personal data does not process it except on our instructions unless he or she is required to do otherwise by EU or Member State law.
We use access control and camera systems as physical security measures, and we apply logical security measures as follows: firewall, use of antivirus and security software (workstation, file server protection, web monitoring, device monitoring, application monitoring, patch management, WSUS, NAC), software updates, creating backups, access control, automatic device locking, encryption of portable devices, secure remote access over a VPN connection. In the case of the website: We use an SSL-encryption, CDN and WAF (Web Application Firewall) service.
The Data Controller is entitled to amend the contents of this Data Privacy Notice at any time. Any change will take effect at the same time as it is published on the website, and the change will be announced in a pop-up window on the website.
Last updated: 01 October 2022