The purpose of this Data Processing Information is to draw your attention to the data processing activities related to radiological examinations.
Who Can You Contact?
Regarding data processing related to radiological examinations, the University of Szeged is the data controller, but specific data processing is carried out through the following organizational unit:
University of Szeged
Szent-Györgyi Albert Clinical Center
Department of Radiology
as the data processing organizational unit
Contact Name: Dr. Angéla Csomor
Mailing Address: 6724 Szeged, Semmelweis u. 6.
Phone: +36 (62) 54-68-47
Email: office.radio@med.u-szeged.hu
Website: https://u-szeged.hu/szakk/radiology
The name and contact information of the data protection officer can be found in sections 11.1 and 11.2 of this Data Processing Information.
Please feel free to contact us using any of the above contact details if you have any questions regarding data processing.
What Legal Frameworks Do We Follow?
We inform you that your personal data is processed by the University of Szeged, as the data controller, in accordance with the following legal frameworks:
Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC, as well as
Act CXII of 2011 on Informational Self-Determination and Freedom of Information, and
Act XLVII of 1997 on the processing and protection of health-related personal data (hereinafter referred to as Health Data Act, Eüak.), and
Act CLIV of 1997 on healthcare (hereinafter referred to as Healthcare Act, Eütv.).
Does the University of Szeged Have a Data Protection Policy?
Yes.
The University of Szeged's Data Protection Policy can be accessed at the following link: http://www.u-szeged.hu/szabalyzatok
The Data Protection Policy of the University of Szeged's Szent-Györgyi Albert Clinical Center can be accessed at the following link: http://www.klinikaikozpont.u-szeged.hu/hu/adatvedelem.html
What Data Processing Activities Do We Perform?
During radiological examinations, the following data processing activities are carried out: 1. patient registration, 2. patient examination, 3. medical research.
Patient Registration
|
What data is involved?
|
Why do we record it?
|
On what legal basis do we process it?
|
How long do we store it?
|
|
Name
|
Identification
|
Voluntary consent
|
Until the withdrawal of voluntary consent, but for a maximum of three months after the examination
|
|
National Insurance Num.
|
Identification
|
|
Phone number
|
Contact
|
|
Examination modality
|
For coordination
|
|
Planned examination date
|
Voluntary consent can be withdrawn at any time. Please note that the withdrawal of consent does not affect the legality of data processing prior to withdrawal. The information requested in the application is the same as what was requested for obtaining consent for identification purposes.
Patient Examination
Data Processing in the Hospital Information System (eMedSolution)
|
What data is involved?
|
Why do we record it?
|
On what legal bases do we process it?
|
How long do we store it?
|
|
Name
|
Identification
|
Fulfillment of legal obligations
(Eüak. 28. § and Eütv. 136. §)
|
Mandatory retention period as specified in Eüak. 30. §:
Final report: 50 years
Diagnostic imaging findings: 30 years
Other healthcare documentation: 30 years
|
|
Date and place of birth
Mother's name
National Insurance No.
|
Identification
|
|
Phone number
Email address
Place of residence
|
Contact
|
|
Next of kin and contact information
|
For documentation of medical treatment obligations
|
|
Details of healthcare events
|
|
Radiological report
|
Radiological Image Acquisition and Storage (Medical Image Archiving and Processing System – eRAD)
|
What data is involved?
|
Why do we process it?
|
On what legal bases do we process it?
|
How long do we store it?
|
|
Date and place of birth
Mother's name
National Insurance No.
|
Identification
|
To fulfill legal obligations
(Eüak. 28. § and Eütv. 136. §)
|
Mandatory retention period as specified in Eüak. 30. §:
Diagnostic imaging findings: 10 years
|
|
Referal tex
|
For documentation of medical treatment obligations
|
|
Radiological image requested for the examination
|
|
Examination data
(e.g., contrast agent quantity and type, radiation dose, observations made during the examination)
|
Medical Research
Information about medical researches
|
What data is involved?
|
Why do we process it?
|
On what legal basis do we process it?
|
How long do we store it?
|
|
Contact data recorded in eMedSolution
|
Used for sending information about medical research
|
Based on legitimate interests
|
Contact data is not stored independently during the information sending process; it is stored by e-MedSolution for the mandatory retention period specified in Eüak. 30. §.
|
You will be personally informed about the possibility of participating in research related to your health status. Your previously recorded contact information (email address or place of residence) will be used for this purpose. Your response to our inquiry is entirely voluntary, and you are free to decide whether to participate in a particular medical research or not.
Please note that you can object to such requests. Your objection will not affect your medical treatment; however, it will result in you not receiving any information about new therapeutic procedures or medical research related to your health condition conducted at our institution from that point on. If you choose to participate in the research, you can confirm your consent in writing by filling out the form titled "Voluntary Consent," which is based on the data categories specified in accordance with Section 4(5) of Government Decree No. 23/2002 (V. 9.). The completed form will be processed until the withdrawal of your consent but for a maximum of 10 years after the completion of the research project.
Data Processing for Medical Research
Data processing for research (data categories, purpose of processing, legal basis, retention period) is always determined by the specific research. All research projects require official authorization, which includes ethical and data protection considerations. You can inquire about our current research projects by contacting the designated representative (see section 1 of this Data Processing Information) or by visiting the following website: http://www.klinikaikutatas.hu/hu/kutatasetika/jovahagyott-vizsgalatok-koezerdeku-adatai.html
To whom do we transfer/forward the data?
Data Transfer Within the Organization
We transfer the data to the care units of the Szent-Györgyi Albert Clinical Center of the University of Szeged for the purpose of internal organization and legitimate interests. During data transfer, we ensure the full application of information security principles.
Data Forwarding Outside the Organization
To operate the healthcare information system of the University of Szeged, we engage data processors. We always inform our patients about the identity and tasks of these data processing organizations.
The University of Szeged only shares data with third parties for medical research purposes after informing you in advance about the participating partner organizations, before seeking your consent to participate in the research.
Do we use a data processor?
The University of Szeged uses data processors to organize the management of healthcare data.
Name of the data processor:
T-Systems Kft., Budapest
Description of data processing operations:
-Hosting services, data backup
-Provision of hospital information system software
Do we collect data about you from other individuals?
As a general rule, we obtain data about you directly from you. We also collect data from other sources, such as national healthcare databases (e.g., NEAK, EESZT), and from the data of the care provided in other Clinical Units of the University of Szeged for the purpose of your treatment.
You can prohibit access to your data held by the treating physician through the Customer Portal (Ügyfélkapu) or by postal means. You can regulate access to data in EESZT on the public portal (http://eeszt.gov.hu): you can either prohibit or allow access to your doctors. You can make requests concerning access to data stored in the IT system of SZTE SZAKK.
Is there automated decision-making during data processing?
No.
What are the legal consequences of not providing data?
If data provision is based on voluntary consent, then the failure to provide data will not have any adverse legal consequences; it simply means we cannot offer you the opportunity you have provided.
If data processing is based on the fulfillment of legal obligations, we inform you that without the relevant data, the service cannot be provided to you.
What rights do you have regarding the program?
Regarding radiological examinations, you have the following rights:
Right to information – you can request information about the processing of your personal data.
Right of access – you can access your personal data processed by us.
Right to rectification – if you notice inaccuracies in your personal data processed by us, you have the right to request corrections.
Right to withdraw consent and right to erasure – voluntary consent can be withdrawn at any time. We inform you that the withdrawal of consent does not affect the legality of data processing prior to withdrawal. If data processing is based on voluntary consent and there is no other legal basis for data processing, and in the case of data processing based on legitimate interests, following a submitted objection, if there is no other prevailing legitimate reason for further data processing, you can request the erasure of your personal data.
Right to object – you can object to data processing based on legitimate interests at any time.
Right to restriction – you can request the restriction of your data, for example, when you dispute the accuracy of the data processed by SZTE until their accuracy is verified, or for the enforcement of legal claims.
Right to remedy – if your rights are violated, you have the right to seek legal remedy.
What legal remedies are available to you?
You can contact the internal data protection officer of the Szent-Györgyi Albert Clinical Center at the following contact details:
Dr. Alexin Zoltán
Address: University of Szeged, Faculty of Science and Informatics, Department of Software Development
6720 Szeged, Dugonics tér 13., 1st floor, room 149
Tel.: +36 (62) 544-130
Email: alexin@inf.u-szeged.hu
You can contact the data protection officer of the University of Szeged at the following contact details:
Dr. Lajkó Dóra
Address: University of Szeged, Rector's Office, Data Protection Office
6720 Szeged, Dugonics tér 13., 3rd floor, room 304
Tel.: +36 (62) 342-376, +36 (62) 544-000/2376
Email: dpo@gmf.u-szeged.hu
You can contact the National Authority for Data Protection and Freedom of Information at the following contact details:
National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
Tel.: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
You can initiate legal proceedings.
Depending on the nature of the unlawful data processing you have experienced, you can initiate legal proceedings, even against the Authority. You can find information about the possibility, procedure, and forums for initiating legal proceedings on the following website: https://birosag.hu/birosagi-szervezetek
Does the University of Szeged have a data protection officer?
Yes. You can find the contact details of the data protection officer of the University of Szeged above. The data protection officer serves as a point of contact between you and the data controller. They also supervise compliance with legal requirements and our internal regulations in the context of data processing for radiological examinations and other purposes.
