Privacy Policy

The purpose of this Notice is to set out the data protection and data processing principles applied by RADAYDRUG Ltd., and to provide information regarding the processing of Personal Data collected on the Data Controller’s website (www.radaydrug.com) and provided by Users.

 

I. Definitions

1.1 Data Processing: Any operation or set of operations performed on Personal Data, regardless of the method used, including but not limited to collection, recording, organization, structuring, storage, transformation, alteration, retrieval, consultation, disclosure, transmission, dissemination or otherwise making available, publication, alignment or combination, restriction, erasure, and destruction.

1.2 Data Controller: The entity that determines the purposes and means of Data Processing, either independently or jointly with others. For the services referenced in this Notice, the Data Controller is:

RADAYDRUG Ltd.
Address: Rózsavölgy u 151., H-4225 Debrecen, Hungary
Email: info@radaydrug.com
Represented by: Gábor Ráday, MD, MBA managing director.

1.3 Data Processor: A service provider that processes Personal Data on behalf of the Data Controller. For the services referenced in this Notice, Data Processors may include:
a) Hosting provider: LinuxWeb Informatikai Kft. (Sólyom utca 28., H-4034 Debrecen, Hungary)
b) IT service provider: INFOLINK Szervíz Kft. (Rákóczi utca 42., H-4024 Debrecen, Hungary)
c) Analytics provider: Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: “Google”).

1.4 Personal Data or Data: Any data or information that can identify a natural person Client, either directly or indirectly.

1.5 Notice: This privacy notice issued by the Data Controller.

1.6 Client: A natural person (including the representative of a non-natural person Client) who visits the Data Controller’s website and provides the data listed in Section II.

1.7 Website: The www.radaydrug.com website through which the Client provides Personal Data to the Data Controller.

 

II. Scope of Personal Data Processed

2.1 During the visit to the Website, the Client may provide the following Personal Data: name, email address, phone number.

2.2 The Data Controller’s system does not automatically record the Client’s IP address during website visits.

2.3 The Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies” stored on the User’s computer to analyze website usage. Google uses this information for statistical purposes to evaluate how the User interacts with the website, to compile reports on website activity for the website operator, and to provide other services related to website and internet usage. Google does not associate the IP address transmitted by the Client’s browser with other Google data, and the data does not contain any Personal Data, thus the Client cannot be identified or tracked.

 

III. Purpose and Legal Basis of Data Processing

3.1 The purposes of Data Processing by the Data Controller are:
a) Client identification and communication;
b) Handling and managing Client inquiries;
c) Conclusion and performance of contracts between the Client and the Data Controller;
d) Issuance of invoices and fulfillment of accounting obligations;
e) Statistical analysis of Website traffic and Client behavior.
If the Data Controller intends to process data for purposes other than those specified above, the Client will be informed in advance.

3.2 By completing the contact forms on the Website, the Client acknowledges that without providing the requested data, they cannot establish contact with the Data Controller through the form. The legal basis for processing Personal Data provided during the order process is the conclusion and performance of a contract.

3.3 Data transfer to the Data Processors specified in this Notice may be carried out without the Client’s separate consent. Disclosure of Personal Data to other third parties requires the Client’s prior explicit consent.

 

IV. Principles and Methods of Data Processing

4.1 The Data Controller processes Personal Data in accordance with the principles of good faith, fairness, and transparency, as well as applicable laws and the provisions of this Notice.

4.2 The Data Controller uses Personal Data strictly for the purposes necessary to provide the service.

4.3 The Data Controller processes Personal Data only for the purposes specified in this Notice and relevant legislation. The scope of processed Personal Data is proportionate to the purpose of processing and does not exceed it. If the Data Controller intends to use Personal Data for purposes other than the original purpose of collection, the Client will be informed and their prior explicit consent will be obtained, or they will be given the opportunity to prohibit such use.

4.4 The Data Controller ensures the security of Personal Data by implementing technical and organizational measures and establishing procedural rules to protect the collected, stored, and processed data, and to prevent accidental loss, unlawful destruction, unauthorized access, use, alteration, or dissemination. The Data Controller requires all third parties to whom Personal Data is transferred to comply with these obligations.

 

V. Duration of Data Processing

5.1 Personal Data provided by the Client during communication will be deleted by the Data Controller after:
• 15 days from the termination of the contract (e.g., withdrawal by the Client);
• 8 years.

 

VI. Client Rights and Enforcement

6.1 The Client may request information from the Data Controller regarding whether their Personal Data is being processed and, if so, access to such data. Requests may be submitted in writing to the Data Controller’s address or via email. Written requests are considered authentic if the Client can be clearly identified. Email requests are considered authentic only if sent from the Client’s registered email address, although the Data Controller may verify identity by other means. The request may cover the data processed, its source, purpose, legal basis, duration, names and addresses of Data Processors, activities related to Data Processing, and recipients of data transfers.

6.2 The Client may request the rectification or modification of their Personal Data. Considering the purpose of Data Processing, the Client may also request the completion of incomplete data.

6.3 The Client may request the erasure of their Personal Data. Erasure may be refused:
a) for exercising the right to freedom of expression and information;
b) if processing is authorized by law;
c) for the establishment, exercise, or defense of legal claims.

The Data Controller will inform the Client of any refusal to erase data, stating the reason. Once erased, data cannot be restored.

6.4 The Client may request the restriction of Data Processing if they dispute the accuracy of the data. Restriction applies for the period necessary to verify accuracy. The Data Controller will mark the disputed data if its inaccuracy cannot be clearly established. Restriction may also be requested if processing is unlawful but the Client opposes erasure, or if the purpose of processing has been fulfilled but the Client requires continued processing for legal claims. Restriction cannot be requested during the term of a contract.

6.5 The Client has the right to withdraw consent for data processing based on consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

6.6 The Client may request that the Data Controller transfer their Personal Data provided and processed by automated means in a structured, commonly used, machine-readable format to themselves or another data controller.

 

VII. Data Processing

7.1 The Data Controller uses the Data Processors named above to perform its activities.

7.2 Data Processors do not make independent decisions and may act only within the scope of their legal relationship with the Data Controller and according to instructions. They process Personal Data in accordance with legal requirements and provide declarations to the Data Controller.

7.3 The Data Controller monitors the activities of Data Processors.

7.4 Data Processors may engage additional processors only with the Data Controller’s consent.

 

VIII. Legal Remedies

8.1 For any questions or comments regarding data processing, the Data Controller’s staff may be contacted at info@radaydrug.com email address.

8.2 The Client may submit complaints regarding data processing directly to the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36 (1) 391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu).

8.3 In case of violation of rights, the Client may initiate legal proceedings. Jurisdiction lies with the competent court. The lawsuit may be filed at the court. This shall be governed by and interpreted in accordance with the laws of Hungary. The place of arbitration shall be Budapest, Hungary. Upon request, the Data Controller will provide information on available legal remedies.

Debrecen, 21 August 2025

RADAYDRUG Ltd.