Privacy policy

MDE Research, Development and Production of Medical Biology Ltd.

For visitors to the Controller’s website

Data controller’s data:

Name of data controller: MDE Research, Development, Production of Medical Biology Ltd.

Data Controller’s registered office: 1119, Budapest, Fehérvári út 83., Hungary

E-mail address of the controller: info@mdegmbh.eu

Last modified date: 2025.09.03.

INTRODUCTION:

The processing of personal data of data subjects visiting the website is essential for the operation of the Data Controller.

The data subjects of such processing activities may be primarily visitors to the website of the Data Controller, the Data Controller’s customers, representatives and contacts of its customers, but in some cases also business partners, their representatives and contacts of the Data Controller.

The purpose of this Privacy Notice is to provide you, as the data subject of the processing operation, with information on the processing of your personal data in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of 29 June 2016 on the protection of individuals with regard to the processing of personal data (the “GDPR”) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (the “Information Act”).

The Data Controller shall treat the personal data of visitors to its website confidentially and in accordance with the applicable legal provisions, ensure their security, take the technical and organisational measures and establish the procedural rules necessary to enforce the relevant legal provisions and other recommendations.

The current version of the Privacy Notice is always available here, publicly posted on the website.

The main legislation on which data processing is based:

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Info. tv.),
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: Regulation or GDPR),
Act V of 2013 on the Civil Code (hereinafter: Civil Code).

The Data Controller processes personal data in accordance with all applicable laws, but in particular with the above-mentioned legislation.

General data protection policy and data quality:

Personal data may be processed only for specific purposes, for the exercise of rights and the performance of obligations. At all stages of processing, the processing must be compatible with the purpose of the processing.

In the course of data processing, only personal data that is indispensable for the purpose of the processing and is suitable for achieving the purpose may be processed. The processing shall only be carried out to the extent and for the duration necessary to achieve the purpose.

Personal data may only be processed in the cases provided for in Article 6 of the GDPR. Personal data will retain this quality during processing for as long as the relationship with the data subject can be re-established. The link with the data subject can be re-established if the controller has the technical conditions necessary for the re-establishment.

In addition to the purpose of the processing, clear information must be disclosed about who will process the data.

The data must be stored in a secure manner and for a period of time adequate for the purposes for which the data are processed.

The data controller and the data processor shall ensure the security of the data and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the relevant legal provisions.

Requirements for personal data during processing:

(a) the data must be obtained and processed fairly and lawfully,

(b) the data must be stored only for specified and legitimate purposes and must not be used for any other purposes,

(c) the data must be proportionate to, and adequate for, the purpose for which they are stored and not excessive in relation to that purpose,

d) the data must be accurate and, where necessary, timely,

(e) the data must be stored in a manner which permits identification of the data subject for no longer than is necessary for the purposes for which the data are stored.

Data subjects’ rights in relation to data processing:

The right to prior information (Article 13 GDPR):

The data subject has the right to be informed of the facts relating to the processing before the processing starts, which right is exercised by means of this notice.

Right of access (Article 15 GDPR):

The data subject has the right to obtain from the Data Controller, through the contact details provided above, information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to be informed that:

Data Controller

– what personal data;

– on what legal basis;

– for what purpose;

– from what source,

– for how long

manages; and that

To whom, when, under which law, to which personal data, to whom the controller has given access or to whom the controller has transferred the personal data;

whether the controller uses automated decision-making and its logic, including profiling.

The controller shall comply with the data subject’s request to exercise his or her rights within a maximum of one month from the date of receipt of the request. The date of receipt of the request shall not count towards the time limit.

The controller may, where necessary, taking into account the complexity of the request and the number of requests, extend this period by a further two months. The Data Controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.

The controller shall provide the data subject with a copy of the personal data processed free of charge for the first time upon the data subject’s request, and may charge a reasonable fee based on administrative costs thereafter.

In order to meet data security requirements and to protect the rights of the data subject, the Data Controller is obliged to verify the identity of the data subject and the person who wishes to exercise his or her right of access, and to this end, the provision of information, access to data and the issue of copies thereof are also subject to the identification of the data subject.

The right to rectification (Article 16 GDPR):

The data subject may request that the Data Controller modify any of his or her personal data through the contact details provided above. If the data subject can credibly demonstrate the accuracy of the corrected data, the Data Controller shall comply with the request within a maximum of one month and shall notify the data subject thereof using the contact details provided by the data subject.

The right to erasure (“right to be forgotten”) (Article 17 GDPR):

In connection with the processing described in the prospectus, the data subject may also request the erasure of his or her data, provided that there are no legal obstacles to this, in which case the Data Controller shall comply with the request without delay, otherwise the Data Controller shall inform the data subject of the reasons for refusing erasure within one month.

The right to blocking (restriction of processing) (Article 18 GDPR):

The data subject may request, through the contact details provided above, that the Controller restricts the processing of his or her personal data (by clearly indicating the restriction and ensuring that the processing is kept separate from other data) where.

– contests the accuracy of your personal data (in which case the Data Controller will limit the processing for the period of time necessary to verify the accuracy of the personal data);

– the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

– the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or

– the data subject has objected to the processing (in which case the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject).

The right to data portability (Article 20 GDPR):

Where the legal basis for processing is voluntary consent or contractual and the processing is automated, the data subject shall have the right to receive the personal data relating to him or her that he or she has provided to the Controller in a structured, commonly used, machine-readable format.

In exercising the right to data portability, the data subject has the right to request, where technically feasible, the direct transfer of personal data between controllers. The exercise of this right must not affect the rights and freedoms of others (Article 20(4) GDPR).

The right to object (Article 21 GDPR):

The data subject may object to the processing at any time on grounds relating to his or her particular situation, using the contact details provided above, if he or she considers that the Controller is processing his or her personal data inappropriately for the purposes specified in this privacy notice. In such a case, the Controller must demonstrate compelling legitimate grounds for the processing of the personal data which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Information on legal remedies:

If your rights to the processing of your personal data are infringed, you have the following remedies:

You can contact the Data Controller or the Data Protection Officer directly using the contact details provided above.
You can lodge a complaint with the supervisory authority:

National Authority for Data Protection and Freedom of Information (NAIH) (at 1363 Budapest, Pf.: 9.; postal or e-mail: ugyfelszolgalat@naih.hu; telephone: +3613911400; web: www.naih.hu

You may bring an action against the Data Controller.

You have the right to take legal action against unlawful processing of your data. About the jurisdiction of the court and for contact details, please visit the website: www.birosag.hu

Cookies used when you visit our website (hereinafter referred to as cookies):

Cookies are files that are stored on your computer (or other internet-enabled device) when you visit a website. A cookie generally contains the name of the website it came from, its lifetime (i.e. how long it stays on your device) and its value, which is usually a randomly generated unique number. Based on expiry, the Data Controller uses two types of cookies on its website: so-called session cookies and convenience cookies.

Session cookies are temporary, meaning they stay on your device until you leave the website.

These convenience cookies will remain on your device for longer, possibly until you manually delete them.

Based on the above, some of the cookies used by the data controller are temporary and disappear when you close your browser, while there are convenience cookies that are stored on your computer for longer. If you visit our website regularly, your browser will remember the settings you have previously used, so you do not need to accept the controller’s cookie information or regularly set filtering conditions according to your needs each time you visit.

Because we respect your rights to the protection of your personal data, it is up to you as a visitor to decide whether to allow the use of certain types of cookies. You can set your cookie preferences when you first visit our website. If you would like to change these settings in the future, you can do so by clicking on Cookie settings.

Session cookies

Session cookies are necessary for browsing the website and using its features, including allowing you to note actions taken by a visitor on a particular page, feature or service. Without the use of “session cookies”, a smooth use of the website cannot be guaranteed. They are valid for the duration of the visit and are automatically deleted at the end of the session or when the browser is closed.

Comfort cookies

These cookies allow the website of the data controller to remember which mode of operation you have chosen (for example: accepting the cookie notice and the ordering of the results in the search results list), so that you do not have to accept the cookie notice again and again on your next visit or to choose the ordering principle according to which you want to view the content displayed on the site. Without the information contained in the cookies that store your preferences, our website may function less smoothly.

We do not record any personal data in the convenience cookies, we only store an identification number which informs the site that the cookie policy has been previously accepted.

Setting and disabling cookies

Modern browsers allow you to change your cookie settings. In addition to the settings above, browsers give you the option to change your cookie settings. Most browsers automatically accept cookies by default, but this can be changed to prevent automatic acceptance once set.

To find out more about changing your browser settings, check your browser instructions or help.

You can find out about cookie settings for the most popular browsers by following the links below:

Cookie types	Duration of data processing	Legal basis for processing
To operate the website of the Data Controller in a secure manner, to provide navigation functions.	Until the end of the session	Pursuant to Article 6(1)(a) of the GDPR
Session cookies (session)	The relevant until the end of the visitor session lasting period	Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.), Section 13/A (3)
Permanent or saved cookies	until the deletion of the data subject	Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.), Section 13/A (3)
Statistical, marketing cookies	1 month – 2 years	Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.), Section 13/A (3)

Google Analytics:

The website of the Data Controller uses “Google Analytics”, a web analytics service provided by Google Inc. (hereinafter “Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the Controller’s website. The usage information generated by the cookie is transmitted to and stored by Google on its own servers. The anonymisation of the IP address is active on the website of the controller, so that in the Member States of the European Union or in contracting states of the European Economic Area, Google renders the IP address non-identifiable before transmission. The IP address transmitted by the browser via Google Analytics is not linked to any other data from Google. You can prevent cookies from being stored on your device by configuring your browser accordingly.

The validity of the cookies used by the Google Analytics service may vary. There are some cookies that expire when you close the page in your web browser, and some that expire for even less time (1 minute) or possibly significantly longer (e.g. 24 hours or 2 years). However, the content of these longer cookies can only be accessed by our website – and therefore by Google Analytics – if you visit our website again from the same device and these cookies have not been deleted in the meantime.

Please note, however, that if you do so, you may not be able to take full advantage of all the features of the Controller’s website. You can also prevent Google from collecting and processing the data generated by the cookies about your use of this website by downloading and installing the plug-in at the following link: http://tools.google.com/dlpage/gaoptout

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Personal data processed in connection with your visit to the website:

Personal data provided by you (on the basis of the legal basis of voluntary consent pursuant to Article 6(1)(a) of the GDPR):

When you visit our website, the Data Controller may collect the following data that you may voluntarily provide, for example, when you contact the Data Controller through the online contact form (or other contact details provided by the Data Controller), participate in surveys or events organised by the Data Controller, or consent to the taking of pictures or videos of you.

The Data Controller collects or may collect the following information about you as described above:

Name,
Contact details, such as email address, telephone number, or home address,
Other information you voluntarily provide that is relevant to a customer survey or similar research,
Your photo when attending an event,
With your explicit consent, your likeness.

We will delete your personal data immediately upon your request – or earlier if required by law. Unless consent is withdrawn, the relevant personal data will be retained by the Data Controller for 5 years (pursuant to Section 6:22 (1) of Act V of 2013 on the Civil Code (“Civil Code”), 2013), for the purposes of the Data Controller’s possible civil claims and to defend against possible civil claims of the data subjects.

Purpose of processing:

The Data Controller may process your voluntarily provided data (contact details) for the purpose of identifying and contacting you,
The Data Controller may process personal data (your image) that you have voluntarily provided for the purpose of presenting and developing our activities and services and for the purpose of promoting them,
The Data Controller may process personal data voluntarily provided by you (contact details) for the purpose of providing marketing and communication tools
The Controller may also process the personal data you have voluntarily provided for other purposes for which you have provided them to the Controller and for which you have made them known.

Data transmission:

In principle, the personal data you have voluntarily provided will not be transferred.

Data security measures in place

This section summarises the data security measures generally applied by the Data Controller. These measures include administrative, technological, physical and technical procedures designed to protect personal data against unauthorised use, access or disclosure, loss, destruction or alteration.

Data security covers the physical and logical devices, their use and management, and the policies and procedures related to security. We ensure that the data we process cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons.

The data security risk

Accidental or unlawful destruction, unauthorised disclosure or access, loss, alteration of personal data, all pose a data security risk.

Data security measures of the data controller

The Data Controller pays particular attention to the confidentiality, integrity, availability and resilience of systems and procedures. The Data Controller shall make every effort, through the use and control of the technologies it employs, to avoid the pseudonymisation and encryption of personal data, and to achieve the restoration of access and availability in the event of an incident.

The controller operates its IT systems and tools in such a way that personal data are accessible only to those authorised to access them (availability); their authenticity and authentication are ensured (authenticity of processing); their integrity is verifiable (data integrity); they are protected against unauthorised access (data confidentiality).

Personal data management in the context of data security:

Personal data may only be accessed in accordance with the relevant contractual provisions, applicable laws and internal regulations in force, by employees of the Data Controller who are authorised and have appropriate access.

The Data Controller will only allow access to your data to the extent necessary for its employees involved in the processing of the data in the performance of their duties.

Dated: Budapest, 3 September 2025.