Privacy Policy


I. Information on the website’s Data Controller:

  • Name: HR-PHARMA Research, Development, Consulting and Service Ltd.
  • Registered Office: 5 Bíbic Street, H-6726 Szeged, Hungary
  • VAT Number: 13627430-2-06
  • Representative: Dr. Csaba Varga, Managing Director

II. Legal Background:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as: GDPR)
  • Act No. CXII of 2011 on the right of information self-determination and freedom of information (hereinafter referred to as: Infotv.)
  • Act No. CLIV of 1997 on healthcare (hereinafter referred to as Eütv.)
  • Act No. XLVII of 1997 on the processing and safeguarding of healthcare information and healthcare-related personal data (hereinafter referred to as: Eüak.)
  • MoHR Decree No. 39/2016 (XII.21.) on the detailed rules regarding the Electronic Healthcare Service Space

III. Data Processors:

Our company uses data processors to facilitate the professional provision of our services. The Data Processors perform their tasks based on Data Processing Agreements and a standard operating procedure, in compliance with Article 28 of the GDPR.

The people employed or otherwise engaged by the Data Processors who are authorized to process personal data undertake a confidentiality commitment or perform the data processing tasks in compliance with statutory confidentiality obligations. Data Processors perform their data processing tasks applying adequate technical and security measures to ensure the security and integrity of data, to prevent the deliberate or accidental destruction of and unauthorized access to data.

Name, Address and VAT No. of Data ProcessorData Processor’s Tasks
Name: HR-Pharma LTD. – Registered Office: 5 Bíbic Street, H-6726 Szeged Hungary
VAT No.: 13627430-2-06 Data Controller: Ernő Homolya
Web Hosting Service Provider
VAT No.: 12643510-1-09
Thetis Software Operator, Web Hosting Service Provider

IV. Rights of the Data Subject:

Right to Information

The Data Subject is entitled to information regarding all legal grounds for data processing. The Data Controller provides information to the Data Subject in a concise, easy-to-understand and easy-to-access format, in compliance with the applicable rules under the Eüak.  

Right to Data Portability

The Data Subject shall have the Right to Data Portability where the processing is based on consent or on a contract and the processing is carried out by automated means. The Data Controller shall ensure that the data subject receives the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

V. Data processing related to the website:

Data CategoriesPurposes of ProcessingLegal Basis for ProcessingProcessing Time
Name, Phone Number and Email Address of the Data SubjectRequest for Service, Appointment   Consent of the Data Subject (Article 6 (1)a of the GDPR)5 years from the submission of the Purchase Order

By providing their personal data, the User consents to us processing their personal data for communication purposes. We shall not share these data with third parties for any purposes.

Please note that our company collects information (containing no personal data) on website traffic for statistical purposes. For example the number of visitors, clicks and click-throughs. Our goal with that is to constantly develop the quality of our services. Our website also uses cookies. You have the right to reject them.

The processing of personal data is performed both by electronic means and on paper with the appropriate technical and security measures in place. Location of paper-based data processing: registered seat/site of the Data Controller, and the facility or equipment designated by the Data Processor performing data processing tasks on behalf of the Data Controller. The electronic processing of personal data is done on a server computer and password-protected clients owned by the Data Controller.

Data transfers between the Data Controller and the Data Processor involving the Data Subject’s data only occur to the extent needed to achieve the goal under the Data Processing Agreement (DPA) and until the time defined in the DPA. Data Controller and Data Processor both apply appropriate organisational measures to data transfers in order to protect and safeguard personal data.

Data Subject Rights related to Instances of Data Processing:

  • For data processing based on consent and contract:
    • Right to withdraw consent
    • Right to Information
    • Right of access
    • Right to rectification
    • Right to erasure
    • Right to restriction of processing
    • Right to data portability
  • For data processing based on consent pursuant to Eüak:
    • Based on Eüak Art. 7
  • For data processing based on a legal obligation:
    • Right to Information
    • Right of access
    • Right to rectification
    • Right to erasure
    • Right to restriction of processing

Pursuant to the provisions under Chapter V.

VI. Legal Remedies

The Data Subject may submit oral or written request to exercise their rights.

The Data Subject may submit a complaint regarding the processing of their personal data to the National Authority for Data Protection and Freedom of Information (9-11 Falk Miksa Street, H-1125 Budapest, Hungary; postal address: 1374 Budapest, PO Box: 603.,Tel: +36-1/391-1400; Email:, or they can turn to the competent court.

VII. Contact