INFORMATION ON DATA MANAGEMENT

RED index Real Estrogen Dominance ^TM

Data of the Data Controller:

Name: Gold Medicina Kft. (hereinafter referred to as: Data Controller) Registered office: 1094 Budapest, Viola utca 27-29.

Registration number: 01-09-989202

Tax number: 23777701-2-43

E-mail: info@infravizsgalat.hu

Phone number: +36 70 23 89,689

Representative: Dr. Zoltán Pusztai

The purpose of data management

The purpose of data management is to conduct the assessment of your real estrogen dominance level (RED index Real Estrogen Dominance).

The legal basis for data management

The legal basis for data management is the free and explicit expression of your will based on appropriate information pursuant to point a) of section (1) of Article 6 of the General Data Protection Regulation, through which you consent to the management of your personal data detailed below.

You can give your consent by ticking the appropriate checkbox on the online platform.

The consent can be revoked anytime. The revocation does not affect the legality of data management carried out on the basis of the consent prior to the revocation.

You shall be entitled to request the revocation of your consent through the aforementioned contact details of the data controller.

The scope of data management

The RED index Real Estrogen Dominance operated by the Data Controller calculates the percentage of real estrogen dominance from the available laboratory results and data. On the basis of this value, it defines the gravity of the condition, the possible implications and therapeutic possibilities, in the form of hormonal counselling upon request. The result of the RED index Real Estrogen Dominance does not have any consequences or does not give rise to any obligations for you.

The assessment is conducted on the basis of the algorithm considered to be the know-how (proprietary knowledge) developed by Dr. Zoltán Pusztai, based on his experience of several years.

For the purpose above, the Data Controller manages the following personal data submitted by you:

• Personal data required for identification and invoicing:
  • Name (required for identification)
  • e-mail address (required for implementation and sending the invoice)
  • billing address (required for issuing the invoice)
• Personal data belonging to the special data category specified by Article 9 of the GDPR, required for the calculation of the RED index Real Estrogen Dominance:
  • body weight
  • body height
  • age
  • Estradiol level
  • Progesterone level
  • Cortisol level
  • Testosterone level
  • Prolactin (Total prolactin) level

The answers given to the following questions about your medical condition:

• • Were you using hormonal contraception at the time of the blood test?
  • Do you have/ Have you had any of the following problems:
    • Irregular menstrual cycles?
    • Brown spotting before your menses?
    • Frequent or recurrent ovarian cysts? Crampy menstruation?
    • Endometriosis or a previous operation because of endometriosis?
    • Myoma and/or gynecologic polyp? Menstrual clots?
    • PCOS ?
    • Stronger growth of facial hair and/or body hair
    • Spots on the face and/or on the back?
    • Increased breast sensitivity and/or tightness before the menses?
    • Sleep disorder at night?
    • Fattening around your hips?
    • Mood changes, perhaps irritability?
    • Frequent headaches or migraine?
    • Increased hair loss?
    • A failed in vitro fertilization treatment within 2 years or several failed in vitro fertilization treatments within 4 years?
    • Infertility?
    • Recurrent miscarriage?
    • Bile problems and/or intestinal tympany?
    • Liver and/or kidney function disorders?
    • Decreased libido?
    • Osteoporosis?
    • Breast cancer or ovarian cancer or endometrial cancer?

The duration of data management

Pursuant to Section 169 (2) of Act C of 2000 on Accounting, the Data Controller shall store your personal data required for invoicing for 8 years.

The Data Controller shall not store any special-category personal data needed for hormone calculation.

Such data are used by the IT system only for conducting and sending the calculation immediately after the completion of the session. Subsequently, these data, including the result of the calculation, as well, are deleted, therefore the Data Controller will not be able to make them available to you again.

The recipients of the personal data

The Data Controller shall forward the personal data submitted by you to the following recipients working as data processors:

• Márkaépítés Profin Kft.
  • 6000 Kecskemét, Munkácsy utca 37.

• 3 in 1 Hosting Bt.
  • 2310 Szigetszentmiklós, Brassó utca 4/A.
• OTP Mobil Szolgáltató Kft. (SimplePay)
  • 1093 Budapest, Közraktár u. 30-32.
• KBOSS.hu Kft. (Számlázz.hu)
  • 1031 Budapest, Záhony utca 7.

Data forwarding abroad

The Data Controller shall not forward your personal data abroad or to a third party.

Your rights and the possibilities to enforce them

In the following part, we will inform you about the most important provisions of the General Data Protection Regulation (GDPR) related to your rights and possibilities to enforce them.

Should you have any comments or questions in connection with the present Information on Data Management or its content, please turn to the Data Controller through any of the contact details listed above. The right of access to information or to receive information pursuant to the GDPR

Based on this right, you shall be entitled to receive information from us about whether the processing of your personal data is in progress. If such data processing is in progress, you shall be entitled to have access to and receive information about your personal data subject to data processing:

• the purposes of data management;
• the categories of the personal data concerned,
• the recipients or recipient categories, including recipients in third countries or international organizations which the personal data were disclosed to by the Data Controller,
• the duration of the storage of personal data, or, if such information is not available, the criteria for the definition of this duration,
• you shall also be entitled to request the Data Controller to correct or delete your personal data or restrict their management and object to the management of your personal data,
• you shall be entitled to file a complaint with the supervisory authority if the Data Controller did not receive the data from you, you shall have to right to request all the available information about the source of the personal data,
• the automated decision-making process, provided the Data Controller applies this data processing method in terms of your data, the fact of automated decision-making, including profiling, clear and obvious information about the applied logic, as well as information on the importance of such data management and its expected implications for you.

• If the personal data are forwarded to a third country, you shall be entitled to receive information about the guarantees of conformity regarding the forwarding of such data.
• You shall be entitled to claim a copy of the personal data subject to data management. We shall place such a copy at your disposal if no legal obstacles exist. If you submitted your claim electronically, the information shall be made available to you in a widely-used electronic format in accordance with the rules laid down in the GDPR unless you requested it otherwise.

Right of correction

Pursuant to the GDPR, you shall be entitled to request the Data Controller to correct any incorrect personal data about you and any personal data about you which require further clarification without undue delay. In addition, you shall have the right to request the completion of the incomplete personal data.

Right of deletion, right to be forgotten

On the basis of this right, pursuant to the GDPR, you shall be entitled to request the deletion of your personal data without undue delay if any of the following reasons exists:

• the purpose for which the Data Controller recorded your personal data or processed them in any other manner has ceased to exist;
• you have revoked your consent to data management, therefore the data management has not other legal basis;
• You object to the management of your data and in the given situation, there is no other justifiable priority reason for data management;
• we have managed your personal data in an illegal way;
• the personal data shall be deleted because of the fulfilment of a legal obligation prescribed by a law of the EU or a Member State that applies to the Data Controller.
• the personal data were collected in connection with the provision of services for the information society.

If data management is necessary for the reasons below specified in the GDPR, your personal data cannot be deleted or forgotten, in particular in the following cases:

• for the purpose of exercising the right to the freedom of expression and information;
• for the purpose of fulfilling a legal obligation specified by a law of the EU or a Member State that prescribes the management of personal data and applies to the Data Controller;
• for the purpose of archiving of public interest, scientific ad historical research or for statistical purposes if deletion or the right to be forgotten probably made data management impossible or seriously threatened it; or
• data management is required for the submission, enforcement or defense of legal claims.

Right to limit data management

Pursuant to the provisions of the GDPR, you shall be entitled to request the limitation of data management in any of the following cases:

• If you contest the accuracy of the processed personal data, the limitation shall apply to the period which enables us to check the personal data you deem to be inaccurate or incomplete,
• despite the fact that data management is illegal, you object to the deletion of the data and request their limitation instead,
• the Data Controller does not need the personal data for the purpose of data management anymore, but you need them for the submission, enforcement or defense of legal claims; or
• if you objected to data management, the limitation shall apply to the period by the end of which it is established that the legitimate interests of the Data Controller have priority over your legitimate interests.

If the data management is subject to limitation based on the above, such personal data can be managed, except for storage, only with your consent or for the purpose of the submission, enforcement or defense of legal claims or for defending the rights of other natural persons or legal entities or for the protection of the important public interest of the EU or any Member State. The Data Controller shall inform you about lifting the restrictions on data management in advance.

The Data Controller shall inform each recipient to whom the personal data have been disclosed about all cases of correction, deletion or limitation of data management unless it proves impossible or involves disproportionate effort. At your request, we will inform you about such recipients. Right of data portability

Pursuant to the GDPR, you shall be entitled to receive your personal data, which you made available to the Data Controller, in a widely-used, well-structured machine-readable format. You shall also have the right to forward such data to another data controller without being inhibited by the Data Controller in any way.

You shall be entitled to exercise the right of data portability in the following cases:

• if the data management is based on consent or a contract, and
• it is automated.

When exercising the right of data portability, you shall be entitled to request the Data Controller to forward your personal data to the data controller named by you (if technically possible).

Right of objection

Pursuant to the GDPR, you shall be entitled to object to the management of your personal data based on legitimate interest, including profiling, for reasons related to your situation anytime. In this case, the Data Controller shall not continue the management of your personal data unless it has been proven that the data management is justified by compelling legitimate grounds which have precedence over your interests, rights and freedoms or are closely related to the submission, enforcement or defense of legal claims.

If the management of personal data is carried out for the purposes of direct marketing, you shall be entitled to object to the management of your personal data for such purposes, including profiling, provided it is directly related to direct marketing.

If you object to the management of your personal data for the purposes of direct marketing, your personal data shall not be managed for such purposes any longer.

In connection with using the services related to the information society and by way of derogation from Directive 2002/58/EC, you shall be entitled to exercise the right of objection even through automated devices based on technical specification.

If your personal data are managed for scientific and historical research or for statistical purposes, you shall be entitled to object to the management of your personal data for reasons related to your own situation, unless the data management is required for the completion of a task of public interest.

Right to file a complaint with the supervisory authority

You shall be entitled to file a complaint with the supervisory authority, in particular in the Member State of your place of habitual residence, workplace or the place of the presumed infringement, if you consider that the management of your personal data infringes the provisions of the GDPR.

In Hungary, the competent supervisory authority is the following: National Agency for Data Protection and the Freedom of Information (http://naih.hu/; 1530 Budapest, Pf.: 5.; phone: +36-1-3911400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu).

You shall have the right to seek effective judicial remedy against the legally binding decision taken by the supervisory authority in your case.

National Agency for Data Protection and the Freedom of Information

Postal address: 1530 Budapest Pf.: 5.
Address: 1125 Budapest Szilágyi Erzsébet fasor 22/C.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu