Privacy Notification on the personal data management of the data subjects downloading and using the ‘ÉletMentő’, the official emergency call mobile application of the National Ambulance Service
The National Ambulance Service takes the data protection, the data security and the compliance to the actual data protection legislation seriously.
In this Privacy Notification we explain how we process and protect your personal data when using the ÉletMentő application, and how you can contact us if you have any question related to your personal data.
This Privacy Notification has been prepared according to the (EU) 2016/679 regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR) and the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information and the provisions of other legal acts. This notification includes the details of the personal data processing of the subjects downloading and using the official ÉletMentő application of the National Ambulance Service.
- Name and contact details of the controller:
Name of data controller: National Ambulance Service (hereinafter referred to as: ‘National Ambulance Service’ vagy ‘data controller”)
Registered office: 1055 Budapest, Markó utca 22.
Represented by: Dr. Csató Gábor
- Scope of personal data processed, legal basis, objective and duration of data processing
With the ÉletMentő mobile application the user can quickly contact with the National Ambulance Service. The National Ambulance Service, regarding the data processing in this notice processes the data of the data subject natural persons (‘User’) downloading and using the application for the purpose, on the legal basis and for the duration listed below.
|Personal Information processed||The purpose of data processing||Legal basis of data processing||Duration of data processing|
|full name, contact phone of registered User||registration||According to GDPR Article 6, paragraph (1), point b)||until the deletion of the application necessary for the completion of the service|
|birth year, address, social insurance/health insurance identification number||contacting, access of data entered into medical data filing system (profile generation)||The consent of data subject according to GDPR Article 6, paragraph (1), point b)||revoking consent or the date specified as deletion time when the data are automatically deleted|
|mother tongue, phone number of 2 direct relatives
|sending emergency notification (profile generation)||The consent of data subject according to GDPR Article 6, paragraph (1), point b)||revoking consent or the date specified as deletion time when the data are automatically deleted|
|giving medical personal data by choosing YES/NO answers (diabetic, heart diseases, lung diseases, deafness, blindness), other medical personal data in textual form (for example medicines prescribed, allergic conditions, the current medical conditions of the user, his acute diseases, etc.), current location, other information facilitating the identification of the user in case of a rescue
|information for the purpose of ensuring and facilitating medical rescue, access of data entered into medical data filing system (profile generation)||The consent of data subject according to GDPR Article 6, paragraph (1), point b)||revoking consent or the date specified as deletion time when the data are automatically deleted|
|GPS coordinates for the User’s mobile phone location, the charge status of the User’s mobile phone||information for the purpose of ensuring and facilitating medical rescue||necessary for the completion of the service according to GDPR Article 6, paragraph (1), point b)||until the deletion of the application|
|e-mail address||sending of newsletter||The consent of data subject according to GDPR Article 6, paragraph (1), point b)||revoking consent or the date specified as deletion time when the data are automatically deleted|
With accepting the terms and conditions of the application you are giving your consent to the ambulance service to use the personal data provided during the registration by the User, the GPS data bound to the location of the User’s mobile phone and the personal data voluntarily provided under ‘My Profile’ section for the purposes defined above. The Users are able to edit, correct, delete the personal data provided under ‘My Profile’ section.
The User may provide exclusively his/her own personal data. If the User provides not his/her own personal data, then the data provider is obliged to acquire the consent of the data subject.
- Personal data transmission for third party
If the National Ambulance Service uses the contribution of a third party for certain components of personal data processing, it is contracting exclusively with such data processor which provide warranties – especially regarding the expertise, reliability and resources – equivalent to its own data processing for the processing compliant to the data protection legislation and the provision and execution of the appropriate technical and organizational measures providing the protection of the data subjects’ rights.
Following registration, the application sends a registration code to the contact mobile number provided, upon the entering of this code into the application, the application is activated.
The contact phone number provided at registration will be recorded by the National Ambulance Service following registration. Additionally, the personal data entered by the registered Users are stored by the mobile application, it transmits them via secure data transmission or SMS to the rescue control center of the National Ambulance Service only if the User presses the red Emergency button in the ‘Alert’ module. If the User presses and holds the emergency button for 3 seconds, the application sends an emergency message which contains all the data entered by the user in the ‘My Profile’ section. The emergency message also transmits the User’s location to the National Ambulance Service by sending the GPS coordinates associated to the position provided by the mobile phone. The charge status of the user’s mobile phone is automatically included in the transmitted data.
Based on the GPS coordinates defined by the mobile phone transmitting the emergency message, the information included in the emergency message is transmitted to the appropriate rescue control center (units of integrated rescue organizations of Hungary, Czech Republic or Austria). By being transmitted to the database of the National Ambulance Service, the data included in the emergency message, the user data provided in the ‘My Profile’ section will become part of the medical database and will be subject to the legislation applicable to it. The qualification of the information transmission in the emergency message is the same as when the personal data are provided during calling the emergency number. The User may not send emergency message without prior registration, but the National Ambulance Service is still available on the emergency number. Upon pressing the emergency button, the User’s phone automatically dials the emergency line in all cases where the rescue operator initiates conversation with the User able to speak.
The National Ambulance Service shares the personal data included in the emergency message with third party (e.g. disaster management, police) only for the necessity of the rescue.
The National Ambulance Service may use the personal data transmitted into the system of the National Ambulance Service for the purpose of anonymized data and statistical processing.
- The User’s rights related to their processed data
At the time when personal data are obtained, the National Ambulance Service provides you with the following information:
- a) the identity and the contact details of the controller and of its representative;
- b) the contact details of the data protection officer;
- c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
- d) in case of data processing based on legitimate interest, the legitimate interests pursued by the controller or by a third party;
- e) the recipients or categories of recipients of the personal data, if any;
- f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the European Committee, the warranties for data transmission;
- g) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- h) your right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing such personal data as well as your right to data portability;
- i) in case of data processing based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- j) the right to lodge a complaint with a supervisory authority;
- k) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data.
- Right of access by the data subject
You shall have the right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information:
- a) the purposes of the data processing;
- b) the categories of personal data concerned;
- c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
- d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- e) your right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
- f) the right to lodge a complaint with a supervisory authority;
- g) where the personal data are not collected from you, any available information as to their source;
- h) the existence of automated decision-making, including profiling, and in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Right to rectification
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed.
- Right to erasure (‘right to be forgotten’)
You shall have the right to obtain from the controller the erasure of personal data concerninghim or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- b) you withdraw the consent on which the processing is based there is no other legal ground for the processing;
- c) you object to data processing;
- d) the personal data have been unlawfully processed;
- e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- f) the personal data have been collected in relation to the offer of information society services.
- Right to restriction of data processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
- a) the accuracy of the personal data is contested by you, in this case the restriction applies for a period enabling the controller to verify the accuracy of the personal data;
- b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- c) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- d) you have objected to processing, in this case the restriction applies for the period of verification whether the legitimate grounds of the controller override those of you.
- Right to data portability
You shall have the right to receive the personal data concerning you, which you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, providing that the data processing is based on consent or contract and the data processing is done in an automated way.
- Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on point (e) or (f) of Article 6 (1) of the General Data Protection Regulation, including profiling based on those provisions. In this case the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Data Security
The National Ambulance Service obliges itself to ensure the security of the data, takes the appropriate technical and organizational measures and establishes the procedural rules which it will use to manage the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
The data controller prescribes the above commitment for the employees participating in the data processing and for the data processors operating under the assignment of the data controller, and shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller.
The National Ambulance Service shall have its systems and data processing procedures checked and inspected from the point of view of both data security and quality assurance, and shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial actions taken.
Upon detecting personal data breach, the National Ambulance Service immediately notifies the National Media and Infocommunications Authority. The National Ambulance Service should report the data protection incident to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, to the National Authority for Data Protection and Freedom of Information, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the National Ambulance Service shall communicate the personal data breach to the clients without undue delay.
- Right enforcement possibilities:
You may exercise the above rights of the data subjects, revoke your consent given in privacy statements or request its modification, and may file a complaint to:
- the data protection officer of the National Ambulance Service at the email@example.com electronic address, or
- the National Ambulance Service at any of the following contacts:
- postal address: 1055 Budapest, Markó utca 22.
- phone number: 06-1/350-3737
- e-mail address: firstname.lastname@example.org
You may file a complaint related to the processing of your personal data besides the National Ambulance Service to:
- the National Authority for Data Protection and Freedom of Information (NAIH, 1125 Budapest, Szilágyi Erzsébet fasor 22/c, 1530 Budapest, P.O. Box: 5.).
The User may apply to a court of jurisdiction and competence (birosag.hu) in case of breach of his/her rights concerning the processing and protection of his/her personal data, and may claim damages.
The Mobile App’s General Terms and Conditions of Use:
You can use the Záchranka mobile app to quickly contact the emergency medical rescue services. When you press the red emergency button, your exact location is sent and your mobile phone will dial the 155 emergency line. To send an emergency message with your exact location, you must first register your mobile phone number. You cannot send an emergency message with your exact location without prior registration. EMS is still contacted in the standard way as your mobile will automatically dial the 155 emergency line. The Czech Republic’s Emergency Medical Services have a legal obligation to respond only to emergency calls. To make a successful call for help, always wait for your phone to be connected with the emergency operator after pressing the emergency button. The emergency message only serves as additional information and is therefore not a substitute for making an emergency call. The contents of the emergency message are: your geographical location, your full name, your mobile phone’s battery status, and any other information entered in the app’s ‘My Profile’ section. By registering the app, you consent to sharing this information with the emergency rescue services when activating an emergency medical emergency call. The rescue services guarantee that such data will only be used in the event of activating an emergency call and only to identify and locate the patient during a rescue operation. Data will only be transmitted and shared with third parties (such as the Fire and Rescue services) for the purpose of rescue operations. Social Security/Health Insurance numbers may be used by EMS to retrieve information stored in the ZDRAVEL electronic medical records system. This data is used only when the caller is the actual intended patient. Emergency location messages are sent by data transmission or SMS. The data connection or SMS will be charged according to your mobile operator’s tariff. The user hereby acknowledges that the success of a rescue operation is influenced by numerous factors, and the length of the rescue units’ response times may vary depending on the location of the incident and other such factors.
MISUSE OF THIS MOBILE APP IS A PUNISHABLE OFFENCE.