top of page

Privacy Policy

Privacy Policy

Zoltán Korpás

Data Protection and Data Management Regulations

contents

  1. Introduction, data of the data controller

  2. Concept definitions

  3. Basic principles

  4. Purpose and scope of the regulations

  5. Measures supporting the rights of the data subject and his rights in relation to the data of the data subject

  6. Data management and ensuring its legality

  7. Internet interfaces

  8. Data management based on legal obligations

  9. General rules on the storage of personal data and information security

  10. Data protection incident

  11. Remedies

Appendices

  1. Introduction, data of the data controller

1.1. Introduction

This regulation establishes rules for the protection of natural persons with regard to the management of personal data and the free flow of personal data. The provisions of the regulations must be applied during specific data management activities, as well as when issuing instructions and information regulating data management.

Furthermore, the important purpose of issuing the regulations is to enable the organization's employees to be able to legally manage the data of natural persons by familiarizing them with and following them.

The Data Controller reserves the right to change the Regulations in order to align them with the legal background and other internal regulations that will be amended in the meantime.

The current version of the data protection policy is a https://www.adhdcoachbudapest.comwebsite.

1.2. Data of the data controller

Zoltán Korpás
registered office: 1113, Budapest, Daróczi út 4
Taxpayer type: Individual entrepreneur (individual)
tax number: 59783738-1-43

registration number: 57827959
phone number: +36202361902
e-mail:  korpas.zoltan@hotmail.com
representative: Zoltán Korpás
(hereinafter: the "Data Controller")

  1. Concept definitions

  • GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union

  • data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

  • data management: any operation or set of operations performed in an automated or non-automated manner on personal data or data files, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;

  • data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

  • personal data: any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified. During data processing, personal data will retain its quality as long as the relationship with the data subject can be restored;

  • special data: especially personal data relating to racial origin, national, ethnic and ethnic affiliation, political opinion or party affiliation, religious or other beliefs, health status, pathological passion, sexual life, and criminal history.

  • third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to handle personal data under the direct control of the data controller or data processor;

  • the consent of the data subject: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

  • restriction of data management: marking of stored personal data for the purpose of limiting their future management;

  • aliasing: processing of personal data in a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately and technical and organizational measures are taken to ensure that this personal data cannot be linked to identified or identifiable natural persons;

  • profiling: any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics of a natural person, in particular characteristics related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict

  • registration system: a file of personal data divided in any way - centralized, decentralized or according to functional or geographical aspects - which is accessible based on specific criteria;

  • User or Data Subject: any natural person identified or - directly or indirectly - identified on the basis of personal data;

  • protest: the statement of the data subject objecting to the handling of his personal data and requesting the termination of the data processing or the deletion of the processed data;

  • data transfer: if the data is made available to a specific third party;

  • data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;

  • data destruction: complete physical destruction of the data carrier containing the data;

  • disclosure: if the data is made available to anyone;

  • data deletion: making data unrecognizable in such a way that their recovery is no longer possible;

  • data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;

  • website: a https://www.adhdcoachbudapest.com portal and all its subpages operated by Wix.

  • facebook page: a https://www.facebook.com/profile.php?id=100086532999394 which is managed by the Data Controller.

  • The data controller's center of activity within the Union: the place of its central administration within the Union -

 

  1. Basic principles

  1. Principle of legality and fair procedure:

The processing of personal data must be legal and fair. Data may only be obtained and processed fairly and lawfully. In order for the processing of personal data to be legal, it must be based on the consent of the data subject or have some other legal basis established by law. The collection and processing of data is considered lawful, especially if the data subject has given his consent to the processing of his personal data for one or more specific purposes, if it is necessary in the context of a contract or intention to enter into a contract, if the data processing is necessary to fulfill the legal obligation of the data controller; or if the legitimate interest of the data controller or a third party creates a legal basis.

  1. Principle of transparency:

It must be transparent for natural persons how their personal data concerning them is collected, used, how they are consulted or in what other way it is handled, as well as in connection with the extent to which the personal data is or will be handled and appropriate information must be provided to the about the fact, purposes and duration of data processing and its consequences. The principle of transparency requires that the information provided to the public or the data subject be concise, easily accessible and easy to understand, as well as that it be formulated in clear and understandable language and, if necessary, also displayed visually. Information related to the handling of personal data must be provided to the data subject at the time of data collection.

  1. Purpose-bound principle:

Personal data should only be collected for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes.

  1. Data saving principle:

Personal data must be adequate and relevant for the purposes of data management and must be limited to what is necessary.

  1. Principle of volunteering:

Data provision by the data subject is voluntary. The Data Controller processes personal data with the consent of the data subject. Data processing may only take place if the data subject gives his voluntary, specific, informed and clear consent to the processing of personal data concerning the natural person by means of a clear affirmative act, for example a written – including electronically – or oral statement. Such consent is also considered if the data subject ticks a relevant box when viewing an internet website, makes relevant technical settings when using services related to the information society, as well as any other statement or action that, in the given context, constitutes the consent of the data subject clearly indicates the planned handling of your personal data.

  1. The principle of data accuracy and completeness:

The data must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to ensure that inaccurate personal data for the purposes of data management are immediately deleted or corrected, and that the data subject can only be identified for the time necessary for the purpose of data management.

  1. The principle of limited storage: It must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management.

  1. The principle of integrity and confidentiality: The handling of data must be carried out in such a way that adequate security of personal data is ensured by the application of appropriate technical or organizational measures.

  1. The principle of accountability: The data controller is responsible for compliance with the basic principles, and must also be able to prove this compliance.

 

  1. Purpose and scope of the regulations

4.1. Purpose of the policy

The primary purpose of these regulations is to define and adhere to the basic principles and provisions for handling the data of natural persons, customers, and customers who come into contact with the Data Controller in order to ensure that the private sphere and data of natural persons are protected in accordance with the relevant legal regulations.

The purpose of these regulations is to ensure that the data controller complies in all respects with the data protection provisions of the applicable legislation, so in particular, but not exclusively

- Regulation (EU) 2016/679 of the European Parliament and of the Council  On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC

- CXII of 2011 on the right to information self-determination and freedom of information. Provisions of law.

Therefore, the Data Controller considers it of utmost importance and is also committed to protecting the data provided by the data subject via the website or other forum, in person or in any other way, defined by the above legislation, and to respect the data subject's right to self-determination of information.

4.2. Scope of the policy

4.2.1. Temporal effect: These Regulations are effective from November 4, 2022, until further notice or withdrawal.

4.2.2. Personal scope: The scope of these Regulations covers the Data Controller, the persons whose data is included in the data processing covered by these Regulations, and also the persons whose rights or legitimate interests are affected by the data processing.

4.2.3. Subject scope: This regulation shall be applied to the processing of all personal data carried out in all organizational units of the Data Controller in a partially or fully automated manner, as well as to the processing of personal data in a non-automated manner that are part of a registration system or that are intended to be part of a registration system to do.

 

  1. Measures supporting the rights of the data subject and his rights in relation to the data of the data subject

5.1. Provisions supporting the enforcement of the rights of the data subject:

5.1.1. The data controller takes appropriate measures to provide the data subject with all information and every piece of information regarding the processing of personal data in accordance with the law in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, especially in the case of any information addressed to children. You provide the information in writing or in another way, including, where applicable, the electronic way. Verbal information can also be provided at the request of the data subject, provided that the identity of the data subject has been verified in another way. The information must be provided free of charge.

5.1.2. The data controller facilitates the exercise and enforcement of the rights of the data subject.

5.1.3. The data controller informs the data subject of the measures taken following the request without undue delay, but in any case within one month from the receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information must be provided electronically, if possible, unless the data subject requests otherwise.

The measure must be provided free of charge.

The data controller is entitled to charge a fee or to refuse the measure if the data subject's request is clearly unfounded or - especially due to its repetitive nature - excessive.

  • The rights of the data subject

  • Right to information

5.2.1.1. If the data controller collects the personal data relating to the data subject from the data subject, it will provide the data subject with the following data at the time of obtaining the personal data:

  1. a) the identity and contact information of the data controller and, if any, the representative of the data controller;

  2. b) the purpose of the planned processing of personal data,

  3. c) the legal basis of data management;

  4. d) legitimate interests of the data controller or a third party;

  5. e) where appropriate, recipients of personal data, or categories of recipients, if any;

  6. f) on the period of storage of personal data, or if this is not possible, on the criteria for determining this period;

  7. g) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of such personal data,

  8. h) about the data subject's right to data portability;

  9. i) the right to withdraw consent at any time, which does not affect the legality of data processing carried out on the basis of consent before the withdrawal;

  10. j) on the right to submit a complaint to the supervisory authority;

  11. k) whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide the personal data, and the possible consequences of failure to provide data;

  12. l) that the data controller intends to carry out further data processing on the personal data for a purpose other than the purpose of their collection, the other purpose and all relevant additional information according to the law.

  • If the data controller did not obtain the personal data from the data subject, it will provide the data subject with the following information:

  1. a) the identity and contact details of the data controller and, if any, the representative of the data controller;

  2. b) contact details of the data protection officer, if any;

  3. c) the purpose of the planned processing of personal data and the legal basis of data processing;

  4. d) categories of personal data concerned;

  5. e) recipients of personal data, or categories of recipients, if any;

  6. f) where applicable, the fact that the data controller wishes to forward the personal data to a recipient in a third country or to an international organization, and the existence or absence of the Commission's compliance decision,

  7. g) the period of storage of personal data, or if this is not possible, the criteria for determining this period;

  8. h) if necessary, about the legitimate interests of the data controller or a third party;

  9. i) the right of the data subject to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of personal data,

  10. j) the data subject's right to data portability;

  11. k) the right to withdraw consent at any time, which does not affect the legality of data processing carried out on the basis of consent before the withdrawal;

  12. l) the right to submit a complaint addressed to a supervisory authority;

  13. m) the source of the personal data and, where applicable, whether the data comes from publicly available sources;

  14. n) that the data controller intends to carry out further data processing on the personal data for a purpose other than the purpose of their collection, the other purpose and all relevant additional information according to the law.

  • Method of providing information

The data controller provides the information as follows:

  1. a) taking into account the specific circumstances of the handling of personal data, within a reasonable period of time from the acquisition of the personal data, but within one month at the latest;

  2. b) if the personal data is used for the purpose of contacting the data subject, at least during the first contact with the data subject;

  3. c) if it is expected that the data will be communicated to another recipient, at the latest when the personal data is communicated for the first time.

5.2.2. Access right

The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information:

  1. a) the purposes of data management;

  2. b) categories of personal data concerned;

  3. c) recipients or categories of recipients to whom or to whom the personal data has been or will be disclosed,

  4. d) where appropriate, the planned period of storage of personal data, or if this is not possible, the criteria for determining this period;

  5. e) the right of the data subject to request from the data controller the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data;

  6. f) the right to submit a complaint addressed to a supervisory authority;

  7. g) if the data were not collected from the data subject, all available information about their source;

  8. h) if personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees regarding the transfer.

  9. i) the data controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

If the data subject submitted the request electronically, the information must be provided in a widely used electronic format, unless the data subject requests otherwise.

5.2.3. Right to rectification and erasure

5.2.3.1. Right of rectification and addition

The data subject has the right to request that the data controller correct inaccurate personal data relating to him without undue delay, or to request the addition of incomplete personal data.

5.2.3.2. Right of erasure

The data subject has the right to request that the data controller delete the personal data concerning him without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:

  1. a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed;

  2. b) the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;

  3. c) the data subject objects to data processing and there is no overriding legal reason for data processing,

  4. d) personal data were handled unlawfully;

  5. e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;

5.2.4. Right to limitation

The data subject has the right to have the data controller restrict data processing at his request if one of the following conditions is met:

  1. a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;

  2. b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;

  3. c) the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession

  4. d) the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

5.2.5. Right to protest

The data subject has the right to object at any time to the processing of his personal data, including profiling, for reasons related to his own situation. In this case, the data controller may not process the personal data further, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are necessary for the presentation, enforcement or defense of legal claims. are connected.

5.2.6. Right to data portability

The data subject has the right to receive the personal data concerning him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller or, if this is technically feasible, request the direct transfer of personal data between data controllers.

5.2.7. Automated decision making

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.

Except:

  1. a) necessary for the conclusion or fulfillment of the contract between the data subject and the data controller;

  2. b) it is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject;

  3. c) is based on the express consent of the data subject.

In cases a) and c), the data controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his point of view and to submit an objection to the decision .

5.2.8. Right to a remedy

Without prejudice to other administrative or judicial remedies, all data subjects have the right to complain to a supervisory authority - in particular in the Member State of their usual place of residence, place of work or suspected infringement - if, in the opinion of the data subject, the processing of their personal data violates e GDPR regulation.

Without prejudice to other administrative or non-judicial remedies, all natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority.

Without prejudice to other administrative or non-judicial remedies, all affected persons are entitled to effective judicial remedies if the competent supervisory authority does not deal with the complaint or does not inform the affected person of the procedural developments related to the complaint or its result within three months.

Without prejudice to the available administrative or non-judicial legal remedies, including the right to file a complaint with the supervisory authority, each person concerned is entitled to an effective judicial remedy if, in his opinion, his rights according to this regulation have been violated as a result of the processing of his personal data not in accordance with this regulation.

5.2.9. Right to compensation

Any person who has suffered material or non-material damage as a result of a violation of the GDPR regulation is entitled to compensation from the data controller or data processor for the damage suffered.

All data controllers involved in data processing are responsible for any damage caused by data processing that violates the   GDPR regulation.

The data processor is only liable for damages caused by data processing if it has not complied with the obligations specifically imposed on data processors specified in the decree, or if it has ignored or acted contrary to the legal instructions of the data controller.

The data controller or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.

 

  1. Data management and ensuring its legality

6.1. In the case of data management based on consent, the data subject's consent to the processing of his personal data is obtained in accordance with Art. 1 no. it must be requested on the data request form according to the attachment.

6.2. Consent is also considered if the data subject ticks a box designed for this purpose on the website or Facebook page, makes relevant technical settings when using services related to the information society, or performs any other action that, in the given context, the data subject clearly indicates its contribution.

6.3. Consent covers all data management activities carried out for the same purpose.

6.4. The conclusion and fulfillment of the contract cannot be tied to the provision of personal data or data management consent that are not necessary for this.

6.5. In the absence of a different provision of the law, the data manager will continue to use the collected data for the purpose of fulfilling the relevant legal obligations, without further separate consent or even in case of withdrawal of consent. can handle.

6.6. For withdrawal of consent, no. 2 it is possible by filling out the declaration according to the attachment.

6.7. The data management regulations are published on the website for the affected parties, and are also available in printed form at the business premises of the data controller, and are also handed over to employees in printed form.

6.8. Data collection and processing and transmission carried out in order to fulfill the legal obligation is independent of the consent of the data subject, as it is defined by law. The data subject must be informed in detail about this kind of data collection, handling, and transmission before it begins.

 

  1. Internet interfaces

7.1. Facebook page

  1. The data controller is available on the Facebook social portal.

  2. The purpose of data management is to share the content on the website. With the help of the Facebook page, the visitor can find out about the latest promotions.

  3. By clicking on the "like" link on the Data Controller's Facebook page, the data subject consents to the publication of the Data Controller's news and offers on his own message board.

  4. The data controller also publishes pictures/films about various events etc. on his Facebook page.

  5. You can get information about the data management of the Facebook page from the data protection guidelines and regulations on the Facebook website at www.facebook.com.

  6. The Visitor can subscribe to the news feed published on the message wall on the Facebook page by clicking on the "like" link on the page, and unsubscribe by clicking on the "dislike" link on the same page.

7.2. Website visit data

  1. The Data Controller's website may also contain links that are not operated by the Data Controller and are only for the information of visitors. The Data Controller has no influence on the content and security of websites operated by partner companies, so it is not responsible for them.

  2. Please review the data management regulations and data protection declarations of the pages you visit before entering your data in any form on that page.

  3. The Data Controller uses an analytical tool to monitor its websites, which creates a series of data and monitors how visitors use the Internet pages. The system creates a cookie when you view the page, with the aim of recording information related to the visit (visited pages, time spent on our pages, browsing data, exits, etc.), which, however, cannot be linked to the person of the visitor. This tool helps to improve the ergonomics of the website, to create a user-friendly website, in order to enhance the online experience of the visitors. The Data Controller does not use analytical systems to collect personal information. Most Internet browsers automatically accept cookies, but visitors have the option to delete them or refuse them automatically. Since every browser is different, the visitor can set their cookie preferences individually using the browser toolbar. You may not be able to use certain features on our website if you choose not to accept cookies.

 

  1. Data management based on legal obligations

8.1. Data management for the purpose of fulfilling tax and accounting obligations

The data controller processes the personal data of its employees and other contractual and business partners and their representatives as defined by law in order to fulfill its legal obligations for the performance of tax and accounting duties prescribed by law.

8.1.2. The range of processed data: name, residential address, tax number or tax identification number, business card number, voucher issuer, receiver, payer, inspector.

8.1.3. The period of storage of personal data: the period specified in data management and other legislation, or the period until the storage and processing of the data is necessary for the enforcement of a legitimate interest.

8.1.4.  Recipients of personal data: the company's senior officer, employees performing tax, payroll, accounting and social security tasks or their representatives performing such tasks based on a legal relationship of commission.

8.2. Payer data management

8.2.1. The data controller processes the legally required data of the data subjects with whom it has a payment relationship under the legal title and for the purpose of fulfilling its legal obligations as a payer (tax, pension and contribution) prescribed by law.

8.2.2. The scope of processed data is determined by Art. If the tax laws attach legal consequences to this, the data controller can manage the data on the employees' health and trade union membership in order to fulfill tax and contribution payment obligations.

8.2.3. The period of storage of personal data: the period specified in data management and other legislation, or the period until the storage and processing of the data is necessary for the enforcement of a legitimate interest.

8.2.4.  Recipients of the personal data: the company's senior officer, employees performing tax, payroll, accounting and social security tasks, or their representatives performing such tasks based on a legal relationship of commission.

8.3. Data management for the purpose of fulfilling anti-money laundering obligations

8.3.1. The data manager manages the legally defined data of its customers, their representatives and beneficial owners for the purpose of fulfilling its legal obligations prescribed by law, and for the purpose of preventing and preventing money laundering and terrorist financing.

8.3.2. The range of processed data: name, year of birth, citizenship, place of birth, time, mother's name, address or place of residence, type and number of your identification document, address card number, copies of documents with your signature.

8.3.3. The period of storage of personal data: the period specified in data management and other legislation, or the period until the storage and processing of the data is necessary for the enforcement of a legitimate interest.

8.3.4.  Recipients of personal data: the company's senior official, customer relations employee.

8.4. Data management according to the Archives Act

8.4.1. The data controller manages its documents considered to be of permanent value according to the provisions of the Archives Act (Act LXVI of 1995) under the legal title of fulfilling its legal obligations prescribed by law. and be accessible.

8.4.2. The scope of the managed data: a document considered to be of permanent value in the Archives Act.

8.4.3. Period of storage of personal data: until transfer to the public archive

8.4.4.  The recipients of personal data and other rules of data management are determined by law.

 

  1. General rules on personal storage and information security

  2. Personal data can only be handled in accordance with the activities recorded in each chapter, according to the purpose of data management.

  3. The purpose of data management: establishing contact and maintaining contact with the data subject, marketing, increasing the level of service that fits the profile of the Data Controller, market research and survey of consumer habits.

  4. Legal basis for data management: voluntary consent of the data subject based on prior information from the Data Controller.

  5. Duration of data management: up to 15 working days from the termination of the customer relationship, if they do not need to be used to enforce the rights and obligations arising from the customer relationship, or until the data subject's request is deleted or until the permission to process their data is revoked.

  6. It is possible to modify and delete personal data, withdraw voluntary consent, and request information about the processing of personal data by sending a notification to the contact address.

  7. The Data Controller provides the IT environment used for the management of personal data during the provision of the service in such a way that

- connect the personal data provided by the data subject only and exclusively with the data and in the manner specified in these regulations.

- ensures that only employees of the Data Controller have access to personal data for whom this is absolutely necessary for the performance of their duties arising from their job duties.

- all changes to the data are made by indicating the date of the change.

- incorrect data will be deleted within 48 hours based on the request of the data subject.

- the data is backed up.

  1. The Data Controller provides the required level of protection during the processing of the data - especially their storage, correction, deletion - when requesting information or protesting.

  2. Data transmission takes place with the consent of the data subject, without prejudice to his interests, confidentially, with the provision of a fully adequate IT system, and in compliance with the purpose, legal basis and principles of data management. The Data Controller will not forward the data subject's personal data or make them available to third parties without their consent, unless this is required by law.

  3. In order to ensure that the storage of personal data is limited to the necessary period, the data controller conducts a regular review every two years. The data controller will take all reasonable steps to correct or delete inaccurate personal data.

  1. In order to prove compliance with this regulation, the data manager or the data processor shall keep a record of the data management activities carried out under its authority.

In order to maintain security and prevent data processing that violates this regulation, the data controller or data processor evaluates the risks arising from the nature of data processing and applies measures to reduce these risks, such as encryption.

  1. The other data concerned, which cannot be linked directly or indirectly, and cannot be identified - hereafter anonymous - are not considered personal data.

 

  1. Data protection incident

10.1. Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

10.2. Data protection incident management: The prevention and management of data protection incidents and compliance with the relevant legal regulations are the responsibility of the company manager.

10.3. The company's employees are obliged to report immediately if they notice a data protection incident during their activities.

10.4. A data protection incident can be reported to the company's central email address or phone number, either by employees, contractual partners, or by anyone involved.

10.5. After reporting a data protection incident, the head of the company immediately examines the report, identifies the incident, determines its severity and the necessary measures.

10.6. A separate record must be kept of the data protection incident, which must be kept for five years and in which the following must be recorded:

– the date of the data protection incident,

- the description and circumstances of the incident

- the scope and number of those involved,

– the range of personal data concerned,

– the measures taken to prevent and remedy the incident,

- other data required by law.

10.7.  Az adatvédelmi incidens bejelentését  követően a  társaság  vezetője_cc781905-5cde-3194-bb3b- 136bad5cf58d_ without undue delay, and if possible, no later than 72 hours after becoming aware of the data protection incident, you must report it to the competent supervisory authority, unless you can prove, in accordance with the principle of accountability, that the data protection incident is not likely to pose a risk to natural persons regarding your rights and freedoms. If the notification cannot be made within 72 hours, the reason for the delay must be indicated, and the required information can be provided in detail without further undue delay.

10.8. The data controller informs the data subject without undue delay if the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, in order to be able to take the necessary precautions. The information must include a description of the nature of the data protection incident, as well as suggestions for the affected natural person aimed at mitigating possible adverse effects.

 

  1. Remedies

  2. The data subject can request information about the management of his personal data, as well as request the correction of his personal data, or - with the exception of the data management mandated by law - the deletion or blocking of his personal data at the e-mail address, as well as among the individual activities involved in the data management, according to what is recorded there.

  3. At the request of the data subject, the Data Controller provides information on the data it handles, the purpose, legal basis, duration of data processing, data processor data, if a data processor has been used, the circumstances and effects of the data protection incident and the measures taken to prevent it, and - in the case of forwarding the personal data of the data subject - the the legal basis, purpose and recipient of data transfer.

  4. The Data Controller corrects or deletes inaccurate personal data if:
    the. handling is illegal;
    b. the data subject requests;
    c. is incomplete or incorrect - and this state cannot be legally remedied - provided that deletion is not precluded by law;
    d. the purpose of data management has ceased, or the statutory period for data storage has expired;
    e. it was ordered by the court or the National Data Protection and Freedom of Information Authority.

  5. The Data Controller will notify the data subject of the correction and deletion, as well as all those to whom the data was previously transmitted for the purpose of data management. The notification can be omitted if this does not harm the legitimate interests of the data subject in view of the purpose of the data management.

  6. The data subject may object to the processing of his personal data if
    the. the processing (forwarding) of personal data is necessary only to enforce the rights or legitimate interests of the data controller or the data recipient, except in the case of mandatory data processing;
    b. personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research;
    c. the exercise of the right to protest is otherwise permitted by law.

  7. The Data Controller examines the objection as soon as possible, but no later than 15 working days after the submission of the application, with the simultaneous suspension of data management, and informs the applicant of the result in writing. If the applicant's objection is well-founded, the Data Controller shall terminate the data management, including further data collection and transmission, and block the data, and shall notify all those to whom the personal data affected by the objection was previously transmitted of the objection and the measures taken based on it, and who are obliged to take measures to enforce the right to protest.

  8. If the person concerned does not agree with the Data Controller's decision, or if the Data Controller misses the deadline referred to in point 6, he has the right to appeal to the court within 30 days of its notification.

  9. Legal enforcement: The data subject can go to court in the event of a violation of his rights. The court acts out of sequence in the case. The Data Controller is obliged to prove that the data management complies with the provisions of the law.

  10. In the event of a violation of your right to self-determination of information, you can file a report or complaint:
    National Data Protection and Freedom of Information Authority, Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
    Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410, www: http://www.naih.hu, email: ugyfelszolgalat@naih.hu

  1. In the case of violation of the rights of a deceased person with offensive, hateful, or exclusionary content, rectification, or violation of the rights of a deceased person, you can file a report or complaint:

National Media and Communications Authority, Address: 1015 Budapest, Ostrom u. 23-25.
Mailing address: 1525. Pf. 75, Tel: (06 1) 457 7100, Fax: (06 1) 356 5520, E-mail: info@nmhh.hu

Other provisions

Zoltán Korpás is authorized to establish and amend these regulations.

The regulations must be introduced to all employees, contractual partners and all other stakeholders of the company.

These regulations will enter into force on November 4, 2022.

Budapest, November 4, 2022.

Zoltán Korpás

bottom of page