1. Object of this Privacy Notice
Diatron Medical Instruments Limited (hereinafter “Diatron”) is delighted by your interest in the Diatron Document Library (hereinafter “DDL”), available at diatron-library.com. Protecting your personal data (hereinafter “data”) is an absolute priority for us. In this Privacy Notice, we inform you, as the user of the DDL, about which data are collected when you visit the website and use its features – in particular registration, product subscriptions, document notifications, and the marketing newsletter – and about how we subsequently process and use this data. We also inform you about the accompanying technical and organisational safeguards we have introduced to protect this data.
This Privacy Notice is regularly reviewed to ensure that it is up to date and accurate and may therefore be subject to amendment. The date of the most recent update can be found in the header of this Privacy Notice. We recommend you visit this page regularly to ensure that you are informed of any potential updates.
2. Responsible body and data protection contact
The responsible body within the meaning of the General Data Protection Regulation (GDPR) is:
Diatron Medical Instruments Limited
Registered seat: H-1097 Budapest, Táblás utca 39, Hungary
Company registration number: 01-10-045581
Tax number: HU 13863326-2-43
Phone: +36 (1) 436 9800
Any questions or comments regarding this Privacy Notice, or concerning data protection in general, should be addressed to: marketing [kukacka] diatron [pontocska] com
3. Processing, purposes and legal basis for processing your personal data
When you use the DDL, Diatron processes your data as set out below.
a) Use of the website (server log files)
When you visit the DDL, due to technical reasons your browser communicates specific data to our web server. For security reasons (e.g. investigation of abuse or fraudulent actions), the information in the log files is stored for a maximum duration of seven days and subsequently deleted. Data requiring further storage for documentary purposes is excluded from deletion through to definitive clarification of the respective matter.
The following data may be processed (so-called server log files):
- IP address (anonymised)
- Date and time of inquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific page)
- Operating system and its access status / HTTP status code
- Volume of data transferred
- Website from which the request comes (referrer URL)
- Browser, language, and version of browser software
These data are processed for the following purposes: to enable the visit to the website, to enhance and accelerate the presentation of the website, to ensure compliance with our terms of use, and to defend against and prevent any fraudulent or similar actions, including attacks on our IT infrastructure. The legal basis for this processing is the protection of Diatron’s legitimate interests as the operator of the website (Art. 6 (1) lit. f GDPR).
b) User account and registration
Access to the documents stored in the DDL is restricted to registered users. To create an account you provide the following data:
- First name and last name
- Job title
- Company (required)
- E-mail address (required)
- Country
- Preferred language and, optionally, secondary preferred language
Your e-mail address is verified through a double opt-in procedure: registration is only completed after you confirm your e-mail address by clicking the link sent to you. The data are processed to identify you as a user, to make the documents associated with your registered products available to you, to enable communication with you in connection with your account (e.g. password reset, account-related notifications), and to manage the contractual relationship arising from the use of the DDL. The legal basis for this processing is the performance of the user agreement governing the use of the DDL (Art. 6 (1) lit. b GDPR).
You may at any time edit your account data, change your password, and delete your account. Deleting your account permanently removes your personal data, your registered products and your notification settings from the DDL, except where retention is required by applicable law (e.g. for tax or audit purposes) or where data must be retained for the establishment, exercise or defence of legal claims.
c) Document notifications
After registration you may add one or more Diatron products to your profile. For each registered product you can individually opt in to receive an e-mail notification when a new document is uploaded for that product. The notification e-mail contains the product name, the document type and the language of the new document, together with a link to the DDL where you can view and download it.
To provide this service, Diatron processes your e-mail address, your first name, and the list of products you have added to your profile. The legal basis is your consent (Art. 6 (1) lit. a GDPR), expressed by activating the notification checkbox for the respective product. You may withdraw your consent at any time by deactivating the notification setting in your profile or by removing the product from your profile. Withdrawing your consent does not affect the lawfulness of processing carried out beforehand.
d) Marketing newsletter
During registration, or later in your profile, you may opt in to receive the Diatron marketing newsletter by ticking the relevant checkbox. The checkbox is not pre-ticked.
For the purpose of the marketing newsletter, Diatron processes the e-mail address and the name you provided at registration. The DDL forwards the subscriber list to the marketing system operated by Diatron, where the newsletter is composed and dispatched. Further information about the processing of your data in the Diatron marketing system is provided at the point of dispatch.
The legal basis for processing your data in connection with the marketing newsletter is your consent (Art. 6 (1) lit. a GDPR). You may at any time withdraw your consent with effect for the future, either by deactivating the newsletter setting in your DDL profile or by clicking the unsubscribe link contained in any newsletter we send. Withdrawing your consent does not affect the lawfulness of processing carried out beforehand.
e) Activity logging
To ensure the security and integrity of the DDL and to be able to provide evidence in case of security incidents, Diatron logs the following user activities:
- Login events (user, date and time)
- Document downloads (user, document, date and time)
These logs are processed on the basis of Diatron’s legitimate interest in the security and integrity of the DDL (Art. 6 (1) lit. f GDPR).
f) Web analysis
Keeping the DDL up to date and making it more user-friendly is important to us. This requires us to evaluate the use of the website and compile reports on activities within it. The DDL uses Google Analytics, a web analytics service provided by Google LLC.
The data processed may include in particular:
- Truncated IP address
- Information about your browser and device
- Page views and user behaviour
- Referrer URL (previously visited page)
IP anonymisation is activated. Your IP address will be shortened by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area before further processing. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. Data processing is carried out exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR. Consent is obtained via our cookie consent banner and can be withdrawn at any time with effect for the future.
We have concluded a data processing agreement with Google. However, when data is transferred to the United States, it cannot be ruled out that US authorities may gain access to such data. Google relies on appropriate safeguards for such transfers, in particular the standard contractual clauses approved by the European Commission, and on the EU-US Data Privacy Framework. For more information on how Google processes personal data, please visit: https://policies.google.com/privacy
4. Recipients and forwarding of data
If and to the extent that such transfer is required, your data will be forwarded for the purposes set out above to:
- Group companies of Diatron / Stratec SE
- Diatron’s hosting and operations provider: Macroweb Internet Consulting Kft. (registered seat: H-1213 Budapest, Páfrányos út 15/b/1., Hungary; company registration number: 01-09-961663), acting as data processor under a written data processing agreement
- Google LLC, in connection with web analysis (Google Analytics), as further described in section 3 f)
- Other service providers who process personal data in connection with performing services for Diatron (e.g. IT maintenance and support), acting as data processors under written data processing agreements
- Third parties in connection with fulfilling statutory obligations or for establishing, exercising or defending legal claims (e.g. courts, supervisory authorities, attorneys and consultants)
5. Data transfer to third countries
In some cases, we transfer personal data to a third country outside the EU. We have taken due care in each case to ensure an adequate level of protection.
In the case of Google Analytics (USA), an adequate level of protection can be inferred from the adequacy decision adopted by the European Commission on the EU-US Data Privacy Framework and the corresponding participation of Google LLC (Art. 45 (1) GDPR).
6. Use of cookies
We use cookies on the DDL. Cookies are small text files that, when you visit the website, are sent by our web server to your browser and stored by your browser on your device for subsequent retrieval.
The DDL uses three categories of cookies:
- Technical cookies: required for the proper operation of the website (e.g. for maintaining your session and for storing your cookie consent choice). These cookies do not collect personal data for the purpose of profiling and do not transmit personal data to third parties. Their use does not require prior consent.
- Analytical cookies: used to compile statistics on the use of the website (in particular Google Analytics). These cookies may collect personal data and transmit them to third parties (data processors). Their use requires your prior consent in accordance with the GDPR.
- Marketing cookies: typically associated with embedded YouTube videos and with Google services, and may serve advertising purposes. These cookies may collect personal data and transmit them to third parties. Their use requires your prior consent in accordance with the GDPR.
You can determine whether cookies are set and retrieved by amending the settings in our cookie consent banner or in your browser. You can also fully deactivate the storage of cookies, limit this to specified websites, or configure your browser such that it automatically informs you if a cookie is to be set. Due to technical reasons, however, it is necessary to allow the technical cookies if you wish to benefit from the full functionality of the DDL.
The legal basis for the use of technical cookies is Art. 6 (1) lit. f GDPR. The legal basis for the use of analytical and marketing cookies is your consent pursuant to Art. 6 (1) lit. a GDPR. Consent is obtained via our cookie consent banner and can be withdrawn at any time with effect for the future.
The following cookies are used on the DDL:
Category | Name | Purpose | Provider | Validity |
|---|---|---|---|---|
Technical | SESS# | Session cookie required for the operation of the website. | Diatron | 23 days |
Technical | cookie-agreed | Stores the user’s choice regarding the use of cookies. | Diatron | 100 days |
Technical | cookie-agreed-categories | Stores the user’s choice regarding cookie categories. | Diatron | 100 days |
Technical | cookie-agreed-version | Stores the version of the cookie consent given by the user. | Diatron | 100 days |
Technical | Drupal.visitor.autologout_login | Used to automatically log out users after a period of inactivity. | Diatron | 23 days |
Analytical | _ga | Registers a unique ID used to generate statistical data on how the visitor uses the website. | Google / Analytics | 2 years |
Analytical | _ga_# | Registers a unique ID used to generate statistical data on how the visitor uses the website. | Google / Analytics | 2 years |
Marketing | __Secure-1PSID / 3PSID | Builds a user profile and personalises ads across Google services. | Google / Analytics | 2 years |
Marketing | __Secure-1PAPISID / 3PAPISID | Stores authentication data and tracks the user’s advertising preferences. | Google / Analytics | 2 years |
Security / Marketing | __Secure-1PSIDCC / 3PSIDCC | Security verification code that protects user data from unauthorised access. | Google / Analytics | 1 year |
Marketing | __Secure-1PSIDTS / 3PSIDTS | Identifier of the user’s current session for advertising and security purposes. | Google / Analytics | 1 year |
Marketing | __Secure-ENID | Stores advertising settings and provides fraud prevention (e.g. bot detection). | Google / Analytics | 13 months |
Technical | __Secure-BUCKET | Server-side load balancing and management of experimental features (A/B testing). | Google / Analytics | Session / 1 year |
Technical / Security | AEC | Ensures that browser requests actually originate from the user (spam and fraud protection). | Google / Analytics | 6 months |
Marketing | NID | Unique identifier that remembers preferences (e.g. language) and supports advertising profiling. | Google / Analytics | 6 months |
Security / Marketing | HSID / SID / SSID | Digitally signed and encrypted records of the user’s Google account and recent logins. | Google / Analytics | 2 years |
Marketing | APISID / SAPISID | Identifiers generated when using Google Maps and other Google services. | Google / Analytics | 2 years |
Security | SIDCC | Protection cookie against user data theft (session hijacking). | Google / Analytics | 1 year |
Technical | SEARCH_SAMESITE | Helps to prevent CSRF (cross-site request forgery) attacks during Google search requests. | Google / Analytics | 6 months |
7. Data security
We deploy technical and organisational measures to protect incoming or collected personal data, particularly against accidental or intentional manipulation, loss, destruction, or attacks by unauthorised persons. Our security measures are continually enhanced in line with technological developments.
In particular: passwords are stored in hashed form; communication between your browser and the DDL is encrypted using TLS; access to personal data within Diatron is restricted to authorised personnel; and access by data processors is governed by written data processing agreements that include corresponding confidentiality and security obligations.
8. Data retention
We retain personal data only for as long as necessary for the purposes for which they were collected, or as required by applicable law.
- Account data are retained for as long as you maintain a registered account. If you delete your account, the data are removed without undue delay, except where retention is required by law.
- Server log files are retained for a maximum of seven days, as set out in section 3 a).
- Activity logs (login events, document downloads) are retained for as long as needed to fulfil the purpose described in section 3 e), and in any case no longer than is necessary for security and audit purposes.
- Newsletter and document notification subscription data are retained until you withdraw your consent or delete your account.
9. Your rights as a user
The GDPR grants specific rights to you as a user in connection with the processing of your personal data.
a) Right to withdraw consent and object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) lit. f GDPR (data processing to protect legitimate interests), you have the right to object, on grounds relating to your particular situation, at any time to this processing. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If you have provided us with your consent, you may at any time withdraw this consent with future effect.
b) Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you are being processed. Where that is the case, you have the right to access the personal data and the information listed in detail in Art. 15 GDPR.
c) Right to rectification and erasure (Art. 16 and Art. 17 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if applicable, to have incomplete personal data completed. You also have the right to obtain the erasure of personal data concerning you without undue delay if one of the grounds listed in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes for which they were collected.
d) Right to restriction of processing (Art. 18 GDPR)
You have the right to obtain restriction of processing where one of the conditions listed in Art. 18 GDPR is met, e.g. for the duration of any verification if you have objected to processing.
e) Right to data portability (Art. 20 GDPR)
In specific cases listed in detail in Art. 20 GDPR you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to request transmission of these data to a third party.
f) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection requirements. The right to lodge a complaint may be exercised in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement.
In Hungary, the competent supervisory authority is:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Seat: H-1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
E-mail: ugyfelszolgalat [kukacka] naih [pontocska] hu
Website: https://naih.hu