Privacy Policy

The data of our visitors to this website and the pages of the related services accessible from here and operated by us are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter GDPR), as well as Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as Information Act), Act CLIV of 1997 on Health Care (hereinafter referred to as Health Act) and the EMMI Decree 39/2016 (XII 21) on the detailed rules of the Electronic Health Service Space, PHARMAFLIGHT, as Data Controller, provides the following information on the processing of personal data:

What do these rules apply to?   These rules apply to the website operated by PHARMAFLIGHT PLC: They do not apply to one-click websites operated by others on their own terms.

If for any reason this policy is important to you in the future, please review it again, as we reserve the right to change this policy in the future to meet changing needs.

Information on the data controller

Name of data controller: PHARMAFLIGHT PLC. (hereinafter referred to as Data Controller)

Address of data controller: Hungary, 4030 Debrecen, Szatke Ferenc str. 1.

Phone number of data controller: +36 52 870 270

Email address of data controller:

General information on data processing and data collected

What information do we process and why?

When you visit our website, data such as your IP address (the Internet Protocol (IP) address of your computer's network), the time, the pages you visit and other technical data are also logged. All this is done anonymously, so it cannot be linked to you personally now or in the future. The data is not analysed and is used for statistical purposes only. After statistical analysis - which we use to see how many visitors we have and how we can ensure that our sites are working properly and quickly - the data is deleted.

If you would like to know more about this, you can request more detailed information in writing using one of the contact details at the end of this Policy and we will be happy to respond.

What is personal data?

Personal data is any data that can be associated with the data subject, in this case you (e.g. name, address, telephone number).

What is health data?

Data relating to the physical, mental or psychological state, pathological condition or addiction of the person concerned, the circumstances of the illness or death, the cause of death, communicated by him or her or by another person, or detected, tested, measured, mapped or derived by the healthcare network, and any data relating to or affecting the foregoing.

Purpose of data processing:

Issue invoices in accordance with the law and fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Tax Act, companies must keep accounting documents that directly and indirectly support the accounting.

The scope of the data processed:

  • first name, last name
  • permanent address / registered seat
  • email address
  • phone number
  • tax number (in case of companies)

Duration of data processing:

Invoices issued must be kept for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Tax Act. Please be informed that if you withdraw your consent to the issuing of an invoice, the Data Controller is entitled to retain your personal data obtained during the issuing of the invoice for 8 years pursuant to Section 6 (5) a) of the Information Act.

 Purpose of data processing

When using some of our services (booking an appointment, enquiry, request for proposal, job application, etc.), you may voluntarily provide the following information.

Scope of the data processsed:

  • first name, last name
  • permanent address
  • email address
  • phone number
  • unique identifier

For job applications, we need the following information:

  • CV (curriculum vitae)

Duration of the data processing:

The above data will be kept for 5 years. Your CV will be deleted from our system within 5 working days after an unsuccessful interview.

Purpose of data processing

The purpose of the processing of health and personal data is to promote the preservation, improvement and maintenance of health, to facilitate the effective treatment of patients by the healthcare provider, including the supervision of the professional, to monitor the health status of the person concerned, to take measures necessary in the interests of public health, public health and epidemiology, and to enforce patients' rights. In addition to the above, health and personal identification data may also be processed in accordance with Article 4(2) of the Health Act. Accordingly, personal data may be processed for purposes such as public health, epidemiology, scientific research, financial control or investigation.

To apply for the areomedical certifying service, we need the following information:

  • place and date of birth
  • expiration date of medical certificate
  • chosen aeromedical certificate class
  • health condition, illness
  • regularity of medications, type of medications, dosage
  • treatment history

You can also provide us with the following details to book the aeromedical certifying service:

  • total hours flown
  • type of flight
  • Wizz Air ID card number

Duration of the data processing:

According to § 30 of the Health Act: medical records must be kept for at least 30 years from the date of recording; final reports must be kept for at least 50 years, imaging diagnostic images must be kept for 10 years from the date of recording, and the findings of the imaging must be kept for 30 years from the date of recording.

Other data processing

If the Data Controller intends to carry out further processing, it shall provide prior information on the material circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing.

You are informed that the Data Controller must comply with written requests for data from public authorities based on a legal mandate. The Data Controller shall keep a record of the data transfers in accordance with Article 15 (2)-(3) of the Data Protection Act (to which authority, what personal data, on what legal basis, when the Data Controller transferred the data), the content of which the Data Controller shall provide information on request, unless the provision of information is excluded by law.

Legal grounds for processing

Processing is lawful if:

a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Conditions for consent

Where the processing of personal data is not governed by the law of a Member State and other legal bases provided for by the legislation referred to do not apply, personal data may only be processed on the basis of the consent of the data subjects. Such processing may include, for example, the provision of contact details or eating habits. Consent is a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her. The data subject has the right to withdraw his or her consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal.

 <<h2>> Can my data be transferred to another organisation or person?

The data management of your activities is based on voluntary consent. Your data will be processed solely by us as described herein and in no case will it be transferred to any third party, be it a company, organisation or other institution.

In certain cases, however, the processing, storage and transmission of some of the data provided is required by law, and we will inform our audience about this separately. The data you provide in relation to the medical fitness assessment are also stored in the EMPIC FCLM application for the management of medical certificates for aircrew, which is operated by the central provider, and your name, date of birth and the flight medical assessment class are transmitted in an encrypted e-mail format to the Aviation Authority. As well as the use of EESZT, to which all medical data is uploaded, and the medical data obtained during the aero-medical examination, which is recorded on a JAVA-based central server at the Aviation Authority, including copies of personal documents!

How long do we process the data and where do we store it?

The data will be processed until the time limits described above or until consent is withdrawn. We will delete your statistical, visit data during the following month.

The technical data collected is stored on PHARMAFLIGHT PLC's own servers in a highly secure, appropriately protected IT environment.

What technologies do we use?


"Cookies" are small pieces of text information that your browser stores. They are used so that we can recognise you without identifying you the next time you return to us, or more specifically, the next time you visit us using the browser you are currently using. This way you can, for example, resume an interrupted visit or procedure on our pages. We also use this for visitor statistics and to improve the way our sites work. Importantly, it does not allow us to know your identity. If you do not want us to use these "cookies", you can disable them in your browser program - please consult your browser program's help for details.

Legal background and legal basis for cookies:

Data processing is based on the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("Information Act") and Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. The legal basis for data processing is your consent in accordance with Article 5 (1) (a) of the Information Act.

Google Analytics

This site uses a traffic analysis system called Google Analytics. This is provided to us by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics also uses "cookies" to help it work. The content of the cookies may be transferred to Google, but your IP address will be deleted from the transmitted data even on systems operating in the EU. Google processes the data for PHARMAFLIGHT PLC and makes it available to us.

More information can be found here: (Google Analytics Privacy Policy).

Your rights during processing

For the duration of the processing, you are entitled to:

  • the right to information,
  • the right to rectify data,
  • the right to erase data,
  • the right to block data,
  • the right to object.

You may request information from the Data Controller about the processing of your personal data free of charge within the period of processing. The Data Controller shall inform you in writing, in an intelligible form, of the data processed, the purposes, legal basis and duration of the processing, as well as, where the data have been further processed, the persons to whom and for what purposes the data are or have been disclosed, as soon as possible after the request, but not later than 25 days. You will receive a copy of the data processed.

You may request that the Controller rectify or complete your personal data within the period of processing. The Controller shall comply with your request within 15 days at the latest.

You have the possibility to request the deletion of your personal data, which the Data Controller will comply with within 15 days at the latest. The right to erasure does not apply if the Controller is obliged by law to store the data further, nor does it apply if the Controller is entitled to further process the personal data in accordance with Article 6(5) of the Information Act (e.g. in connection with billing).

You may request that the Controller block the personal data if the final deletion of the data would harm the legitimate interests of the data subject. Personal data blocked in this way may be processed only for as long as the purpose which precluded the deletion of the personal data continues to exist.

You may object to the processing of your personal data:

  • if the processing or transfer of personal data is necessary solely for compliance with a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests pursued by the Data Controller, the data subject or a third party, except in the case of mandatory processing and in the case provided for in Article 6(5) of the Information Act;
  • if the personal data is used or disclosed without your consent for direct marketing, public opinion polling or scientific research.

The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform you in writing of its decision. If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall, within 25 days of receipt of the request, communicate in writing or, with the data subject's consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure.

Handling of complaints

You can complain to us about the processing, or any aspect of it, by sending a complaint to the Data Protection Officer, who will respond as soon as possible. The contact details of our Data Protection Officer can be found at the end of this policy. If you want to report your concerns elsewhere, you can contact the data protection authority in your country within the European Union or the National Authority for Data Protection and Freedom of Information (postal address: 1530 Budapest, PO Box 5, address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Phone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 Email:

Contact us

Postal address: Hungary, 4030 Debrecen, Szatke Ferenc str. 1.
Phone: +36 52 870 270

Contact details for requests specifically related to data management:  

Downloadable formats


Privacy Policy / GDPR

This website uses cookies. Please read the privacy policy and if you agree with it, accept it by clicking the OK button.

Detailed list of cookies

This website uses cookies. Please read the Privacy Policy and if you agree with it, accept it by clicking the OK button.

Used for internal PHP usage. Session ID that expires when the browser is closed.

Language of the website. This value is always HU or EN on the website. Used by the administration system. Expires after 1 month.

GDPR acceptance status. Expires after 3 months.

For registered users who are logged in for a long period of time, this contains a unique identifier that can be used to log in the user every time the browser is reopened (or when the session expires).