1. PURPOSE OF THE PRIVACY NOTICE
Alexandra Szatmári, sole proprietor (address: 1025 Budapest, Zöldkert út 6/C/1., tax number: 76318230-1-41, Registration number: 52877643) as data controller, acknowledges the contents of this legal notice as binding on her.
You undertake to ensure that all data processing in relation to your activities complies with the requirements set out in this Policy and in the applicable national legislation and Regulation (EU) 2016/679 of the European Parliament and of the Council (the Regulation).
This privacy policy applies to the following domain and its subdomains: obudamatek.hu
A privacy policy relating to the data processing activities of the Data Controller is available on https://www.obudamatek.hu/adatkezelesi-takekoztato/.
The Data Controller reserves the right to amend this notice at any time. Changes will be notified to the data subjects in due time.
If you have any questions about this communication, please contact us and we will answer them.
The Data Controller is committed to protecting the personal data of its customers and partners, and attaches the utmost importance to respecting the right to information self-determination of its customers. The Data Controller treats personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data. The Data Controller describes its data management practices below.
2. THE DATA CONTROLLER'S DATA
If you would like to contact the company, you can do so by contacting oktatas@obudamatek.hu at +36 20 9248 006.
The short name of the company is Szatmári Alexandra EV
Company name: Szatmári Alexandra egyéni vállalkozó
The company is located at 1025 Budapest, Zöldkert út 6/C/1.
Registration number: 52877643
Tax number: 76318230-1-41
2.1 DATA PROTECTION OFFICER
The Data Controller does not carry out any activities that would justify the appointment of a Data Protection Officer.
3. THE SCOPE OF THE PERSONAL DATA PROCESSED
3.1. TECHNICAL DATA
The Data Controller shall select and operate the IT tools used to process personal data in the course of providing the service in such a way that the processed data:
- accessible to authorised persons (availability)
- authenticity and verification (authenticity of data processing)
- verified to be unchanged (data integrity)
- be protected against unauthorised access (data confidentiality)
The Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction and against accidental destruction.
The controller shall ensure the security of processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.
The data controller shall, in the course of processing, preserve confidentiality: protect the information so that only those who are entitled to have access to it can do so; integrity: protect the accuracy and completeness of the information and the method of processing; availability: ensure that the information can be accessed and the means to do so are available when the authorised user needs it.
3.2 COOKIES (COOKIES)
3.2.1 THE ROLE OF COOKIES
Cookies collect information about visitors and their devices; they remember visitors' individual preferences, which are used, for example, when making online transactions, so that they do not have to be re-entered; they facilitate the use of the website; they provide a quality user experience; and they are used to collect some statistical information about visitors.
In order to provide a personalised service, a small piece of data called a cookie is placed on the user's computer and read back during a subsequent visit. When the browser returns a previously saved cookie, the cookie provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.
Some of the cookies do not contain any personally identifiable information about the individual user, while others contain a secret, randomly generated sequence of numbers that are stored on the user's device and ensure the user's identity.
3.2.2 STRICTLY NECESSARY SESSION COOKIES
The purpose of these cookies is to allow visitors to browse the obudamatek.hu website, use its functions and services fully and smoothly. The validity period of this type of cookie lasts until the end of the session (browsing), and when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.
3.2.3. LEGAL BASIS FOR COOKIE PROCESSING
The legal basis for cookie processing is the consent of the website visitor, pursuant to Article 6(1)(a) of the relevant Regulation.
If you do not accept the use of cookies, certain features of the websites listed in section 3.2.3 may not be available when you use the websites, or certain features may not function properly.
For more information on deleting cookies for more common browsers, please see the links below:
- Firefox: delete cookies placed by websites from your computer
- Chrome: Clear cache & cookies or enter the following in your browser address bar: chrome://settings/siteData
- Safari: Manage cookies and website data in Safari on Mac
3.2.4. LIST OF COOKIES ON THE CONTROLLER'S WEBSITES
Name | Service provider | Detailed description | Statute of limitations | Jelleg |
Google Analytics by MonsterInsights | Google.com | The cookie is used to collect site statistics and track conversion rates. | 2 years | does not collect personal information |
4. GENERAL DATA PROCESSING POLICY, NAME OF DATA PROCESSING, USE, LEGAL BASIS AND RETENTION PERIOD
The data processing of the Data Controller's activities is based on voluntary consent or on legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any time during the processing.
In some cases, the processing, storage and transmission of some of the data provided is required by law, and we will notify our customers separately. We draw the attention of data controllers to the fact that, if they do not provide their own personal data, the data controller is obliged to obtain the consent of the data subject. The principles of data management are in accordance with the applicable legislation on data protection, in particular Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.); Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR); Act No. Act V of 2013 - on the Civil Code (Civil Code); Act C of 2000 - on Accounting (Accounting Act); Act LIII of 2017 - on the Prevention and Combating of Money Laundering and Terrorist Financing (Money Laundering Act); Act CCXXXVII of 2013 - on Credit Institutions and Financial Undertakings (Credit Institutions and Financial Undertakings Act).
The data controller has prepared a data mapping, on the basis of which the scope of the data processed, their use, legal basis and retention period have been defined.
4.1 DATA REQUESTED WHEN APPLYING FOR A LICENCE
It is possible to register via the website, using the personal data requested when placing an order:
Name (required field)
Email address (required)
Postal code
Phone number (required field)
Age of the student
Subject(s)
Contact is possible after you have read and accepted the Privacy Policy. Acceptance of the Privacy Policy is done by accepting a mandatory checkbox that has not been completed in advance.
Purpose of processing, intended use of the data processed: the data will be used for the purpose of contacting you.
The legal basis for data processing is voluntary consent.
Retention period: according to the GTC or request for cancellation.
4.2 DATA REQUESTED WHEN ORDERING A SERVICE
Personal data requested when ordering the service:
Name (required field)
Company name
Address (required field)
Phone number (required field)
Email address (required)
You can place an order after having read and accepted the Privacy Policy. Acceptance of the Privacy Policy is done by accepting a mandatory checkbox that has not been completed in advance.
Purpose of the processing, intended use of the data processed: the data are processed for the purposes of issuing invoices, enabling payment and accounting of economic events.
The legal basis for data processing is voluntary consent.
Retention period: according to the GTC or request for cancellation.
4.3 DATA REQUESTED WHEN BOOKING AN APPOINTMENT
Personal data requested when ordering the service:
Name (required field)
Email address (required)
Phone number (required field)
Address (required field)
You can book an appointment after you have read and accepted the Privacy Policy. Acceptance of the Privacy Policy is done by accepting a mandatory checkbox that has not been completed in advance.
Purpose of the processing, intended use of the data processed: the data are processed for the administration of the students' and teachers' appointments, accounting of the hours purchased and used.
The legal basis for data processing is voluntary consent.
Retention period: according to the GTC or request for cancellation.
5. PHYSICAL STORAGE LOCATIONS OF THE DATA
We may process your personal data (that is, data that can be associated with you personally) in the following ways:
- on the one hand, in connection with the maintenance of the Internet connection, technical data relating to the computer, browser program, Internet address and pages visited in the obudamatek.hu domain are automatically generated in our computer system,
- on the other hand, you can also provide your name, contact details or other information if you wish to contact us personally when using the website. Data technically collected in the course of the operation of the system.
The data that is automatically recorded is automatically logged by the system on entry and exit, without any declaration or action by the data subject. This data cannot be linked to other personal user data, except in cases required by law. Access to the data is limited to obudamatek.hu and its subdomains.
6. DATA TRANSFER, DATA PROCESSING, DATA SUBJECTS
The Data Controller uses the following data processors as part of its business activities:
Shared space service:
Company name: Rackforest Zrt.
Headquarters: 1132 Budapest, Victor Hugo utca 11. 5. em. B05001..
Company registration number: 01-10-142004
Scope of data collected: obudamatek.hu and its subdomains
Accounting: Ágnes Pénzes EV
Payment service
Stripe, Inc.
Address: 354 Oyster Point Blvd South San Francisco, CA, 94080-1912 United States
Scope of data collected: customer name and email address
7. DATA SUBJECT'S RIGHTS AND MEANS OF ENFORCEMENT
The data subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory data processing, and may exercise his or her right to data portability and objection in the manner indicated when the data were collected, or by contacting the controller at the above contact details.
7.1 RIGHT TO INFORMATION
The controller shall take appropriate measures to provide data subjects with all the information on the processing of personal data referred to in Articles 13 and 14 of the GDPR and each of the disclosures referred to in Articles 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
7.2 RIGHT OF ACCESS OF THE DATA SUBJECT
The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations
- the intended duration of the storage of personal data
- the right to rectification, erasure or restriction of processing and the right to object
- the right to lodge a complaint with a supervisory authority
- information on data sources
- the fact of automated decision-making, including profiling, as well as the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
The controller shall provide the information within a maximum of one month from the date of the request.
7.3 RIGHT OF RECTIFICATION
The data subject may request the correction of inaccurate personal data concerning him or her processed by the Controller and the completion of incomplete data.
7.4 RIGHT TO CANCELLATION
If one of the following grounds applies, the data subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data concerning him or her without undue delay: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing; the data subject objects to the processing and there is no overriding legitimate ground for the processing; the personal data have been processed unlawfully; the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject; the personal data were collected in connection with the provision of information society services.
The erasure of data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
7.5 RIGHT TO RESTRICTION OF PROCESSING
At the request of the data subject, the Data Controller shall restrict processing if one of the following conditions is met: the data subject contests the accuracy of the personal data, in which case the restriction shall be for a period which allows the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the erasure of the data and requests instead that its use be restricted; the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or the data subject has objected to the processing; in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Where processing is restricted, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.
7.6 RIGHT TO DATA RETENTION
The data subject has the right to receive personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit these data to another controller.
7.7 RIGHT TO OBJECT
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
7.8 AUTOMATED DECISION-MAKING ON INDIVIDUAL CASES, INCLUDING PROFILING
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
7.9 RIGHT OF WITHDRAWAL
The data subject has the right to withdraw his or her consent at any time.
7.10 RIGHT TO APPLY TO THE COURTS
The data subject may take the controller to court if his or her rights are infringed. 8.11 Data protection authority procedure Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:
Name:National Authority for Data Protection and Freedom of Information Headquarters:1055 Budapest, Falk Miksa utca 9-11.Postal address:1363 Budapest, Pf.: 9: 0613911400 Fax: 0613911410
E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
8. OTHER PROVISIONS
Information about data processing not listed in this notice is provided at the time of collection. We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data, or to provide documents. The controller shall disclose to the authorities - provided that the authority has indicated the precise purpose and scope of the data - personal data only to the extent and to the extent strictly necessary for the purpose of the request.