Privacy and Data-Processing Notice and Information Relating to the Use of the Website (hereinafter: the Notice)
BIOCORIX Kft. (registered office: 7030 Paks, Kilátó u. 2.; company registration number: 17-09-014118) as Data Controller (hereinafter: the Data Controller) respects the security of the personal data of visitors to its website and recognises the provisions of this Privacy and Data‑Processing Notice (hereinafter: the Notice) as binding upon itself. The Data Controller undertakes that, in the course of operating its website (https://www.biocorix.eu) (hereinafter: the Website), it will process any Personal Data that come into its possession in accordance with this Notice and with the applicable legislation.
The purpose of this Notice is to set out the framework and rules governing the Data Controller’s processing activities, to ensure that such processing is lawful and that data‑security requirements are observed. This Notice applies to processing carried out on the Website and to any processing that occurs when you contact BIOCORIX Kft. via the Website or by other means, submit enquiries, or use Services accessible through the Website or any website operated by BIOCORIX Kft.
This Notice has been prepared in accordance with applicable data‑protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation — GDPR), and Act CXII of 2011 on the Right of Informational Self‑Determination and on Freedom of Information (Hungary).
The Data Controller is entitled to unilaterally amend this Notice from time to time without prior notice, in particular to reflect updates and improvements. You are therefore advised to review the Website regularly and to monitor whether changes are acceptable to you.
For the purposes of this Notice, the following terms shall have the meanings set out below:
Authority means the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság — NAIH), established pursuant to the Fundamental Law of Hungary to oversee and promote compliance with informational self‑determination, freedom of information and personal‑data protection rules.
Consent means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the Processing of Personal Data relating to them.
Data Controller means the natural or legal person, or organisation without legal personality, who or which alone or jointly with others determines the purposes and means of Processing of Personal Data and who or which makes and implements decisions regarding Processing (including decisions concerning the tools used).
Data Processing means the performance of any technical tasks related to data‑processing operations, irrespective of the methods, tools or location used, provided that the technical task is performed on the data.
Data Processor means any natural or legal person, or organisation without legal personality, who or which processes Personal Data on behalf of the Data Controller under a contract (including contracts required by law).
Data Subject means an identified or identifiable natural person to whom Personal Data relate.
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data.
Personal Data means any information relating to an identified or identifiable natural person.
Processing means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as any act aimed at preventing further use of the Personal Data; it also includes the taking of photographic, audio or visual recordings and the recording of physical characteristics suitable for identifying a person (e.g. fingerprints, palm prints, DNA samples, iris images).
Services means the services operated or provided by the Data Controller that are accessible via the Website.
Third Party means any natural or legal person, or organisation without legal personality, who or which is not the Data Subject, the Data Controller or the Data Processor.
Transfer or Disclosure means making Personal Data available to a specified third party.
Some Services accessible on the Website, certain pages/links and means of contacting us may require that visitors (Visitors or Data Subjects) voluntarily provide Personal Data and/or special categories of Personal Data. Please read this Notice carefully. Providing data to us when contacting us shall be regarded as voluntary acceptance of the terms of this Notice.
Examples of such Services include, without limitation, those described on the Website.
When you visit the Website, the Data Controller’s web server automatically records your IP address, the type of operating system of your computer and the time of the visit. The Data Controller monitors visits to the Website by reviewing server logs.
If a Visitor contacts the Data Controller by e‑mail in connection with any Service, the Data Controller records the Visitor’s e‑mail address, which shall be processed to the extent and for the duration necessary to provide that Service.
The Website contains links to external sites which may be useful to Visitors. This Notice does not apply to external sites; the Data Controller is not responsible for the content of external sites, nor for any loss or damage that may result from visiting or using those external sites.
The Data Controller shall process Personal Data in good faith, fairly and transparently and in accordance with applicable law and the provisions of this Notice.
Personal Data that are strictly necessary for the provision of Services will be processed on the basis of the Data Subject’s Consent and solely for the specified purpose.
The Data Controller processes Personal Data only for the purpose(s) set out in this Notice or as required by law. The scope of Personal Data processed shall be proportionate to the purpose of Processing and shall not exceed what is necessary for that purpose.
If the Data Controller intends to use Personal Data for a purpose other than that for which the data were originally collected, the Data Controller will inform the Data Subject and obtain their prior, explicit Consent or give the Data Subject the opportunity to prohibit such further use.
The Data Controller does not verify the accuracy of Personal Data provided by Visitors; the person who supplies the data is solely responsible for their accuracy.
The Data Controller shall implement appropriate technical and organisational measures and procedures to ensure the security of Personal Data and to prevent accidental loss, unlawful destruction, unauthorised access, unauthorised use, unauthorised alteration or unauthorised disclosure. The Data Controller shall impose the same obligations on any third parties to whom it discloses Personal Data.
The Data Controller processes Personal Data for the following purposes:
The information on the Website is not intended for minors. You may provide Personal Data only in accordance with the applicable data‑protection legislation and you warrant that you possess the necessary informed consent to provide such information. By providing information, you represent and warrant that you are legally competent to do so. If you are legally incapacitated or partially incapacitated and are not authorised to make declarations in this respect, you must obtain the consent of the appropriate third parties (e.g. a legal representative or guardian) before providing information. You must consider whether a third party’s consent is required in relation to the information you provide.
If the Data Controller becomes aware that a child has provided information on the Website without parental or guardian consent, the Data Controller will make reasonable efforts to delete such information and to ensure that such information is not further disseminated or used. Please notify us immediately if you become aware that a child has provided Personal Data on the Website without parental or guardian consent.
A cookie is an information packet sent by the Website to your computer when you visit the Website in order to make certain features of the Website more convenient for you.
You may enable or disable cookies at any time via the settings or preferences of your web browser, and you may configure your browser to warn you before a cookie is stored. Many guides on cookie management are available online.
We use cookies on the Website for the following purposes:
You can enable or disable cookies by changing your browser settings. Browser options vary; please consult your browser’s Help menu or contact us for assistance.
The legal basis for Processing Personal Data is the Data Subject’s voluntary, prior and informed Consent. A Data Subject may withdraw Consent at any time; withdrawal shall not affect the lawfulness of Processing carried out prior to withdrawal.
By using the Website and providing Personal Data you declare that you have read the then‑current version of this Notice and that you voluntarily and explicitly consent to the Processing of the Personal Data you provide and any Personal Data generated about you.
The Data Controller records Visitors’ IP addresses upon entry to the Website on the basis of the Data Controller’s legitimate interest and for the lawful provision of the Service, without requiring separate Consent from the Data Subject.
Processing carried out within the framework of content provision and related activities may also be based, in addition to the Data Subject’s voluntary Consent, on the Data Controller’s compelling legitimate interest and on the exercise of fundamental rights of information and expression, to the extent permitted by law. Where Processing is based on the Data Controller’s legitimate interest, the Data Controller shall carry out — and may in the future carry out — a balancing test in accordance with the GDPR demonstrating that the Data Controller’s legitimate interest outweighs the rights and freedoms of the Data Subject. Upon request, the Data Controller will provide information to the Data Subject regarding the balancing of interests referred to in this paragraph in accordance with this Notice.
The Data Controller shall retain Personal Data for as long as required to achieve the purposes described above, until the Data Subject withdraws Consent, or until the Data Subject requests deletion.
Automatically and technically recorded data generated by system operation shall be stored for the period that is necessary to ensure the operation of the system. The Data Controller shall ensure that such automatically recorded data are not linked to other Personal Data — except where legally required.
If a court or competent authority orders the deletion of Personal Data by final decision, the Data Controller shall comply with such deletion. Instead of deletion, and with notice to the Data Subject, the Data Controller may restrict the use of Personal Data if the Data Subject requests restriction or if available information indicates that deletion would prejudice the Data Subject’s legitimate interests. Personal Data will not be deleted so long as the purpose that precludes deletion continues to exist.
Where Processing is carried out on behalf of the Data Controller by another party, the Data Controller shall use only Data Processors that provide adequate guarantees that they will implement appropriate technical and organisational measures to meet the requirements of the GDPR and to protect the rights of Data Subjects. A Data Processor may not engage another processor without the Data Controller’s prior written, occasional or general authorisation.
Further information about the Data Processors engaged by the Data Controller is available at Contact Us.
The Data Controller is entitled and obliged to disclose any Personal Data lawfully held by it to competent authorities where required by law or pursuant to a final and binding administrative or judicial order. The Data Controller cannot be held responsible for any consequences arising from such mandatory disclosures.
Except in cases of legally required disclosure, your data shall not be transferred to Third Parties.
We take appropriate measures to protect Personal Data and any special categories of Personal Data transmitted from your computer against unauthorised access, alteration, disclosure, deletion, destruction, accidental loss or damage, and against becoming inaccessible due to changes in technology. Where records are kept in electronic form, adequate technical safeguards shall be implemented to ensure that stored data — except where permitted by law — cannot be directly linked to and attributed to an identifiable Data Subject.
We use networks protected by appropriate firewall and password security; however, please note that internet transmission cannot be guaranteed to be completely secure or error‑free. You are responsible for keeping your passwords, identifiers and any other special access credentials secure, except where damage is caused by the Data Controller’s unlawful Processing or failure to meet data‑security requirements.
The list of Data Processors and sub‑processors acting on behalf of the Data Controller:
The Website’s current hosting provider, Vercel Inc. (registered office: 440 N Barranca Avenue #4133, Covina, CA 91723, United States; https://vercel.com/), operates servers located in the United States (California). Accordingly, personal data entered on the Website are stored on and transmitted via those servers.
On 10 July 2023 the European Commission adopted an adequacy decision concerning the EU‑US Data Privacy Framework pursuant to Article 45(1) of the GDPR. As a result, organisations or companies in the United States that are publicly listed as participants in the Data Privacy Framework self‑certification (as data importers) provide an adequate level of protection for data transfers (see https://www.dataprivacyframework.gov/s/participant-search).
The technical data‑processing solutions we employ are GDPR‑compatible, and the data are not used for purposes beyond those set out in this statement.
You may request information regarding the Processing by sending an e‑mail at Contact Us or by sending a registered or recorded‑delivery letter to the Data Controller at the address stated above.
You have the right to obtain confirmation as to whether the Data Controller is processing Personal Data concerning you and, where that is the case, to request access to the Personal Data processed. A request for information may cover, inter alia, the categories of Personal Data processed, their source, the purpose, legal basis and duration of the Processing, identification of Data Processors, and the activities related to Processing.
You may request rectification or amendment of Personal Data processed by the Data Controller. In light of the purpose of the Processing, you may also request the completion of incomplete Personal Data.
You may request the erasure of Personal Data processed by the Data Controller. Erasure may be refused where (a) it is necessary for the exercise of the right to freedom of expression and information, (b) the Processing is permitted by law, or (c) retention is necessary for the establishment, exercise or defence of legal claims. The Data Controller will inform you of any refusal to erase and will indicate the reasons for the refusal. Once deletion is effected, previously deleted data cannot be restored. Newsletters sent by the Data Controller may be unsubscribed via the unsubscribe link contained in them; after unsubscribing, the Data Controller shall delete your Personal Data from the newsletter database.
You may request restriction of Processing where you contest the accuracy of the Personal Data; restriction shall apply for the period necessary to enable the Data Controller to verify the accuracy of the Personal Data. The Data Controller shall mark the Personal Data it processes where a Data Subject contests their accuracy and accuracy cannot be conclusively established. You may request restriction of Processing where the Processing is unlawful and you oppose deletion and instead request restriction, or where the Data Controller no longer requires the Personal Data for the purposes of Processing but you require their retention for the establishment, exercise or defence of legal claims.
You may request that the Data Controller provide you with Personal Data that you have provided to the Data Controller and which are processed by automated means, in a structured, commonly used and machine‑readable format, and you may request transmission of such Personal Data to another controller where technically feasible (data portability).
You have the right to object to the Processing of your Personal Data:
The Data Controller will examine the lawfulness of the objection and, if it determines that the objection is well founded, will terminate the Processing and block the relevant Personal Data and notify those to whom the Personal Data have previously been disclosed about the objection and the measures taken in response.
We recommend that you first contact the Data Controller at Contact Us with any questions, comments or complaints regarding Processing before seeking administrative or judicial remedies.
If your rights under data‑protection law have been infringed, you have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) at the following contact details:
NAIH, 1055 Budapest, Falk Miksa u. 9–11.; telephone: +36 (1) 391‑1400; fax: +36 (1) 391‑1410; e‑mail: ugyfelszolgalat@naih.hu.
You also have the right to bring proceedings before the courts in respect of alleged infringements of your rights. Actions fall within the competence of the regional courts (törvényszék), and may be brought before the court of the Data Subject’s place of residence or habitual residence at the Data Subject’s option.