Puskás Krisztina Katalin e.v.

Data protection regulation

INTRODUCTION

Katalin Krisztina Puskás e.v. (hereinafter: Service provider, data manager) is subject to the following regulations:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.), we provide the following information.

This data protection policy regulates the data management of the following pages: www.tevagyajel.hu

The data protection policy is available at the following location: www.tevagyajel.hu in the footer.

Amendments to the regulations will come into effect upon publication at the above address.

THE DATA MANAGER AND ITS CONTACTS:

Name: Krisztina Katalin Puskás e.v.

Headquarters: 1221 Budapest, Ady Endre út 141/A Bldg.

Tax number: 56807910-1-43

Registration number: 55495334

Email: info@tevagyajel.hu

Telephone: +36-20-93-69-814

TERM DEFINITIONS

1. “personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

2. “data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or by making it available in other ways, coordinating or connecting, limiting, deleting or destroying;

3. “data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

4. “data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

5. “Recipient”: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

6. “consent of the data subject”: a voluntary, specific and well-informed and clear declaration of the will of the data subject, with which the data subject indicates by means of a statement or an unmistakable act of confirmation that he/she consents to the processing of personal data concerning him/her;

7. “data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

PRINCIPLES REGARDING THE HANDLING OF PERSONAL DATA

Personal data:

a) it must be handled legally and fairly, as well as in a transparent manner for the data subject (“legality, fair procedure and transparency”);

b) it is collected only for specific, clear and legitimate purposes, and they are not handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose (“purpose limitation”);

c) they must be appropriate and relevant from the point of view of the purposes of data management, and must be limited to what is necessary (“data economy”);

d) they must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (“accuracy”);

e) it must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms (“limited storage capacity”);

f) must be handled in such a way that adequate security of personal data is ensured by applying appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (“integrity and confidentiality”).

The data controller is responsible for compliance with the above, and must also be able to prove this compliance (“accountability”).

The data controller declares that its data management is carried out in accordance with the basic principles contained in this point.

DATA MANAGEMENT

SHOW IT NOW! IF FREE OPTION IS SELECTED

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Surname and first name For contact, identification, and recording of the application.

E-mail address Keeping in touch, sending confirmations and notifications.

Date of application Technical operation execution.

IP address at the time of application Execution of a technical operation.

In the case of the e-mail address, it is not necessary that it contain personal data.

2. Scope of stakeholders: All stakeholders who select a given package through the website.

3. Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it lasts until the data subject’s request for deletion. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, since these data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. The contractual data of the person concerned can be deleted after the expiration of the civil law limitation period.

The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

4. Person of possible data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller and the data processors performing data management on its behalf in compliance with the principles contained in these regulations.

5. Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, its deletion, modification, or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu

– by phone at +36-20-93-69-814.

7. Legal basis for data management:

7.1. Article 6(1)(b) and (c) GDPR,

7.2. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

8. We inform you that

data management is necessary to fulfill the contract and submit an offer.

you must provide personal data so that we can fulfill your order.

failure to provide data will result in us not being able to process your order.

BE SIGNIFICANT! IN CASE OF BUYING A PACKAGE (MONTHLY, SEMI-ANNUAL, ANNUAL, FOR PRIVATE PERSONS)

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Package selection (monthly, half-yearly, yearly) Necessary to provide the service

Surname and first name Necessary for contacting, identification, recording the purchase and issuing a regular invoice.

E-mail address Keeping in touch, sending confirmations and notifications.

Telephone number. Keeping in touch, more effective negotiation of questions related to the purchase.

Address (country, zip code, city, name of public area, house number) Creation of the contract, definition of its content, modification, monitoring of its fulfillment.

Billing name and address Issuance of the regular invoice, as well as the creation of the contract, definition of its content, modification, monitoring of its performance, invoicing of the resulting fees, and enforcement of related claims.

Note Use of discounts is required to customize the service.

Date of application Technical operation execution.

IP address at the time of application Execution of a technical operation.

In the case of the e-mail address, it is not necessary that it contain personal data.

2. The scope of those affected: The individual who subscribes to the given package through the website.

3. Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it lasts until the data subject’s request for deletion. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as this data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. The contractual data of the person concerned can be deleted after the expiration of the civil law limitation period.

The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

1. The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data may be processed by the data controller and the data processors performing data management on its behalf in compliance with the principles contained in these regulations.

2. Description of the data processing rights of the data subjects:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

3. The data subject can initiate access to personal data, their deletion, modification, or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu,

– by phone at +36-20-93-69-814.

4. Legal basis for data management:

5.1. Article 6(1)(b) and (c) GDPR,

5.2. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

5.3. In case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).

5.4. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. according to § 5 years.

6:22 a.m. § [Prescription]

(1) If this law does not provide otherwise, claims become time-barred within five years.

(2) The statute of limitations begins when the claim becomes due.

(3) The agreement to change the limitation period must be in writing.

(4) An agreement excluding the limitation period is void.

5. We inform you that

data management is necessary to fulfill the contract and submit an offer.

you must provide personal data so that we can fulfill your order.

failure to provide data will result in us not being able to process your order.

THE HAND TALKS! IN CASE OF PURCHASING A PACKAGE (MONTHLY, SEMI-ANNUAL, ANNUAL, FOR INSTITUTIONS)

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Package selection (monthly, half-yearly, yearly) Necessary to provide the service

Name of the institution Necessary for contacting, identifying, recording the purchase and issuing a regular invoice.

Address of the institution (country, postal code, city, name of public area, house number) Creation of the contract, definition of its content, modification, monitoring of its fulfillment.

Institution’s tax number Creation of the contract, definition of its content, modification, monitoring of its performance.

The institution’s e-mail address Keeping in touch, sending confirmations and notifications.

The institution’s phone number. Keeping in touch, more effectively negotiating questions related to purchases.

Contact person’s last and first name.

Contact person’s e-mail address Keeping in touch, sending confirmations and notifications.

Contact person’s phone number. Keeping in touch, more effectively negotiating questions related to the purchase.

Note Use of discounts is required to customize the service.

The number of employees. Monitoring the fulfillment of the contract.

Employee data Keeping in touch, sending confirmations and notifications. These data make it possible to identify employees who register later from the institution.

Date of application Technical operation execution.

IP address at the time of application Execution of a technical operation.

In the case of the e-mail address, it is not necessary that it contain personal data.

1. Scope of the affected parties: Employees employed by the institution subscribing to the given package through the website.

2. Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR is met, it lasts until the data subject’s request for deletion. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, as this data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. The contractual data of the person concerned can be deleted after the expiration of the civil law limitation period.

The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

3. The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data may be processed by the data controller and the data processors performing data processing on its behalf in compliance with the principles contained in these regulations.

4. Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

1. The data subject can initiate access to personal data, its deletion, modification, or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu,

– by phone at +36-20-93-69-814.

2. Legal basis for data management:

2.1. Article 6(1)(b) and (c) GDPR,

2.2. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

2.3. In case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).

2.4. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. according to § 5 years.

6:22 a.m. § [Prescription]

(1) If this law does not provide otherwise, claims become time-barred within five years.

(2) The statute of limitations begins when the claim becomes due.

(3) The agreement to change the limitation period must be in writing.

(4) An agreement excluding the limitation period is void.

3. We inform you that

data management is necessary to fulfill the contract and submit an offer.

you must provide personal data so that we can fulfill your order.

failure to provide data will result in us not being able to process your order.

SHOW ME! IN CASE OF PURCHASING PRODUCTS (CARD, POSTER).

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Surname and first name Necessary for contacting, identification, recording the purchase and issuing a regular invoice.

E-mail address Keeping in touch, sending confirmations and notifications.

Telephone number. Keeping in touch, more effective negotiation of questions related to the purchase.

Address (country, zip code, city, name of public area, house number) Creation of the contract, definition of its content, modification, monitoring of its fulfillment.

Billing name and address Issuance of the regular invoice, as well as the creation of the contract, definition of its content, modification, monitoring of its performance, invoicing of the resulting fees, and enforcement of related claims.

Posting name and address Entering the data necessary for smooth delivery.

Note Use of discounts, negotiation of information about delivery, communication of other information about purchases.

Date of application Technical operation execution.

IP address at the time of application Execution of a technical operation.

In the case of the e-mail address, it is not necessary that it contain personal data.

1. The scope of those affected: The individual who subscribes to the given package through the website.

2. Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR is met, it lasts until the data subject’s request for deletion. Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject’s deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided. Except in the case of accounting documents, since these data must be kept for 8 years based on § 169 (2) of Act C of 2000 on accounting. The contractual data of the person concerned can be deleted after the expiration of the civil law limitation period.

The accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years, in a way that can be retrieved by reference to the accounting records.

3. The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data may be processed by the data controller and the data processors performing data processing on its behalf in compliance with the principles contained in these regulations.

4. Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

5. The data subject can initiate access to personal data, its deletion, modification, or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu,

– by phone at +36-20-93-69-814.

PUSKÁS KRISTI HAND RECREATION SERVICE IN CASE OF REQUEST

The completed documents related to the fine motor measurement shall be delivered by the Contractor in a sealed envelope with a code in person or by registered mail to the person designated in advance by the Customer. It is important that the Contractor does not handle health or other personal data in connection with the measurement, and is accordingly not considered a data controller. For the employees, the sealed envelopes are distributed by the Customer’s designated employee based on the previously defined codes. Sealed envelopes with a code ensure that everyone can only access their results.

1. Legal basis for data management:

1.1. Article 6(1)(b) and (c) GDPR,

1.2. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):

For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.

1.3. In case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).

1.4. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. according to § 5 years.

6:22 a.m. § [Prescription]

(1) If this law does not provide otherwise, claims become time-barred within five years.

(2) The statute of limitations begins when the claim becomes due.

(3) The agreement to change the limitation period must be in writing.

(4) An agreement excluding the limitation period is void.

2. We inform you that

data management is necessary to fulfill the contract and submit an offer.

you must provide personal data so that we can fulfill your order.

failure to provide data will result in us not being able to process your order.


METHODS OF PAYMENT

1. Payment by bank card

2. SimplePay integration

Transfer

In this case, enter the billing data:

Account holder: Puskás Krisztina Katalin E.V.

Name of account managing bank: OTP Bank Nyrt.

Bank account number: 11711010-21456602

Notice:

o Own name / Institution name _Subscription (monthly, half-yearly, yearly)

o Own name / Institution name_Muti_meg_card

o Own name / Institution name_Muti_meg_plakát

In the case of a transfer from abroad:

IBAN code: HU57-11711010-21456602-00000000

SWIFT code: OTPVHUHB

Bank address: 1051, Budapest, Nádor utca 16.

OTP SIMPLEPAY BANK CARD PAYMENT PROCESS

When shopping, you can pay for your order on the SimplePay interface. Payment is made directly on the site operated by OTP Bank, which operates in accordance with the rules and security regulations of international card companies, and not on the website of the online store. The online store is not in possession of the data, number, or expiration date of the card or the underlying account in any form, and cannot gain insight into it.

SIMPLEPAY ONLINE PAYMENT SOLUTIONS

The Simple payment process is the same as the procedure offered by similar services of banks: during online payment, you can select the SimplePay option and then enter your bank card details to pay the purchase price of the product. Keeping in mind the user’s cardholder security, SimplePay constantly monitors transactions, thus guaranteeing the security of the online payment process.

What are the steps of the transaction?

By clicking the “Send order” button, you will be taken to the SimplePay payment page, where the transaction will start by entering your bank card details.

After entering the card data, please check the correctness of the data.

The processing of the transaction starts in the bank’s processing systems.

You will also be notified by e-mail about the result of the payment, and you will be redirected to our site.

You will need the following bank card details:

Card number (13-19-digit number printed or embossed on the front of the card.)

Expiry date (The number in mm/yy format, embossed or printed on the front of the card.)

Validation code (The last three digits {CVV2 or CVC2} of the number line on the signature panel on the back of the card. If your card does not have such a code, it is located on the payment side, leave the corresponding field empty!)

SIMPLEPAY MOBILE APPLICATION

The Simple mobile app can be downloaded for free on smartphones. During mobile shopping, you can pay for services in the application with MasterCard, Maestro, VISA and AMEX cards issued by any bank. The bank card can be saved for quick purchases later.

How can you use it?

For users who do not yet have a Simple account, you can register as follows:

Enter the details of the bank card you want to pay with.

Tick the “I’m registering…” box.

Create your Simple account with a Facebook or Google account or by entering an email address.

To register and pay, you need to set a Simple password, which you can use to access your Simple account in the future.

Confirm your Simple account registration in the email sent to the specified email address. If you register with a Facebook or Google account, you will receive a confirmation email to the e-mail address associated with your Facebook or Google profile.

For users with a Simple account:

Select the “I pay with a bank card registered in Simple” option.

Log in to your Simple account with your connected Facebook or Google account, or with your registered email address.

Select your previously saved bank card or register a new card with which you want to pay.

Enter your Simple password and press the “Pay” button. If Facebook or Google

you have registered with an account and have not set a password before, you can do this on www.simple.hu or in the Simple application.

Redemption information

14 DAYS WITHDRAWAL

The right of withdrawal is 14 days, which means that within 14 calendar days, we will take back the product purchased online, even without reason, if you change your mind.

ON WITHDRAWAL FROM THE PURCHASE

A customer who is considered a consumer may withdraw from the contract within 14 calendar days (including the 14th calendar day) without reason. 45/2014 on the detailed rules of contracts between the consumer and the business. (II. 26.) Government Decree provides. The consumer can exercise his right of withdrawal from the day he received the goods. In accordance with the law, the consumer can exercise this right between the time of ordering the product and receiving the goods.

The buyer has the opportunity to validate his declaration of withdrawal at the indicated postal or e-mail address.

PRODUCT RETURN

1. Download and print the Declaration of Withdrawal.

2. Carefully pack the product together with all its accessories.

3. Place the completed declaration inside the package.

4. Mail the package to 1221 Budapest, Ady Endre út 141/A. The intact. to (authorized: individual entrepreneur Katalin Krisztina Puskás)

In case of exercising the right of withdrawal, the buyer must arrange for the return of the product at his own expense! The product affected by the cancellation cannot be returned by cash on delivery, we are unable to accept cash on delivery. In the event of cancellation, we can demand compensation from the consumer for damages resulting from improper use of the goods! Apart from these, the customer will not be charged any other costs in connection with the cancellation.

CONTACT

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Name Identification

E-mail address Keeping in touch, sending reply messages

Subject Delimitation of the message

Message content Required to reply

Time of contact Implementation of a technical operation.

The IP address at the time of contact Execution of a technical operation.

In the case of the e-mail address, it is not necessary that it contain personal data.

2. Scope of stakeholders: All stakeholders who send messages via the contact form.

3. Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it lasts until the data subject’s request for deletion.

4. Person of possible data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller and the data processors performing data management on its behalf in compliance with the principles contained in these regulations.

5. Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, its deletion, modification, or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu,

– by phone at +36-20-93-69-814.

7. Legal basis for data management: consent of the data subject, Article 6 (1) points b) and c) If you contact us, you agree that your personal data (name, phone number, e-mail address) provided to us during the contact process will be handled in accordance with these regulations.

8. We inform you that

this data management is based on your consent, or is necessary for the submission of an offer or is based on a legal obligation (cooperation) in the case of a contractual relationship.

you are required to provide personal data in order to contact us.

failure to provide data results in the inability to contact the Service Provider.

CUSTOMER RELATIONSHIP

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Name, e-mail address, telephone number. Contact, identification, fulfillment of rights and obligations arising from your contract, business purpose.

2. Scope of stakeholders: All stakeholders who are in contact with the data controller by phone/e-mail/in person, or who were/are in a contractual relationship.

3. Duration of data management, deadline for data deletion: If one of the conditions set forth in Article 17, paragraph (1) of the GDPR exists, it lasts until the request for deletion by the data subject or, in the case of a contractual relationship, until the expiration of the civil law statute of limitations.

4. The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data can be handled by the authorized employees of the data controller, in compliance with the above principles.

5. Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, its deletion, modification or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu,

– by phone at +36-20-93-69-814.

7. Legal basis for data management:

7.1. Article 6(1)(b) and (c) of the GDPR.

7.2. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. according to § 5 years.

6:22 a.m. § [Prescription]

(1) If this law does not provide otherwise, claims become time-barred within five years.

(2) The statute of limitations begins when the claim becomes due.

(3) The agreement to change the limitation period must be in writing.

(4) An agreement excluding the limitation period is void.

8. We inform you that

data management is necessary to fulfill the contract and submit an offer.

is obliged to provide personal data so that we can fulfill your request/other request.

failure to provide data will result in us not being able to process your request/request.

DATA PROCESSORS REQUIRED

Hosting provider

1. Activity provided by data processor: Storage service

2. Name and contact information of data processor:

Name: 3 in 1 Hosting Bt.

Contact: +36 21 200 00 40.

3. The fact of the data management, the scope of the managed data: All personal data provided by the data subject.

4. Scope of stakeholders: All stakeholders using the website.

5. Purpose of data management: Making the website available and operating it properly.

6. Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data manager and the storage provider, or until the deletion request addressed to the storage provider by the data subject.

7. Legal basis for data processing: GDPR, Article 6, paragraph (1), point f), and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of § The legitimate interest of the data controller is secure access to the content under the www.tevagyajel.hu domain.

8. Rights of the data subject:

the. You can find out about the conditions of data management,

b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing.

c. You have the right to receive your personal data in a segmented, widely used, machine-readable format.

d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

e. You can object to the processing of your personal data.

Website operation

1. Activities provided by the data processor: website operation (checking, technical updates, security system development, other developments, repair tasks)

2. Name and contact information of data processor:

Name: Krisztina Katalin Puskás e.v.

Address: 1221, Budapest, Ady Endre út 141/A Bldg.

Email: info@tevagyajel.hu

Telephone: +36-20-93-69-814

3. The fact of the data management, the scope of the managed data: All personal data provided by the data subject.

4. Scope of stakeholders: All stakeholders who use the website’s services or register/place an order on the website.

5. Purpose of data management: Operation of the website (development, control, error corrections)

6. Duration of data management, deadline for data deletion: It lasts until the termination of the agreement between the Service Provider and the website operator, or until the deletion request addressed to the website operator by the data subject.

7. The legal basis for data processing: GDPR Article 6 (1) point f) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of § The legitimate interests of the data controller include the maintenance and development of the content under the www.tevagyajel.hu domain.

8. Rights of the data subject:

the. You can find out about the conditions of data management,

b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing.

c. You have the right to receive your personal data in a segmented, widely used, machine-readable format.

d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

e. You can object to the processing of your personal data.

Accounting tasks, invoicing

1. Activity provided by data processor: Accounting tasks and invoicing

2. Name and contact information of data processor:

Invoicing:

Name: Krisztina Katalin Puskás e.v.

Entrepreneur number: 55495334

Address: 1221, Budapest, Ady Endre út 141/A Bldg.

Tax number: 56807910-1-43

Email: info@tevagyajel.hu

Booking:

Company name: ATC PERFECT Kft.

Company registration number: 01 09 884930

Address: 1116 Budapest, Építéz utca 8-12. 3rd floor 306.

Tax number: 13079545143

E-mail: iroda@atcperfect.hu

3. The fact of the data management, the scope of the managed data: Name, billing name, billing address.

4. Scope of stakeholders: All stakeholders applying for a course on the website.

5. Purpose of data management: Issuance of electronic invoices/accounting tasks

6. Duration of data management, deadline for data deletion: 8 years based on Section 169 (2) of Act C of 2000 on accounting.

7. Legal basis for data processing: Article 6 (1) point c) of the GDPR, and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

8. Rights of the data subject:

the. You can find out about the conditions of data management,

b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing.

c. You have the right to receive your personal data in a segmented, widely used, machine-readable format.

d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

Online marketing services

1. Activity provided by data processor: online marketing

2. Name and contact information of data processor:

Name: Krisztina Katalin Puskás e.v.

Entrepreneur number: 55495334

Address: 1221, Budapest, Ady Endre út 141/A Bldg.

Tax number: 56807910-1-43

Email: info@tevagyajel.hu

3. The fact of the data management, the scope of the managed data: Name, E-mail address, visitor data

4. Scope of stakeholders: All stakeholders who use the website and subscribe to the newsletter.

5. The purpose of data management: To promote and advertise the products available on the website, to increase website traffic.

6. Duration of data management, deadline for deletion of data: It lasts until the termination of the agreement between the Service Provider and the data processor specified in this point, or until the deletion request addressed to this data processor by the data subject.

7. Legal basis for data processing: User’s consent, Infotv. Section 5 (1), Article 6 (1) point a) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §

8. Rights of the data subject:

the. You can find out about the conditions of data management,

b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing.

c. You have the right to receive your personal data in a segmented, widely used, machine-readable format.

d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

ADDRESSES TO WHOM PERSONAL DATA IS COMMUNICATED (CASE OF DATA TRANSFER):

Debt management

1. Activity performed by the Recipient: Debt management.

2. Recipient’s name and contact information: The debt management company used by the data controller.

3. The fact of the data management, the scope of the managed data: Family name, first name, home address, telephone number, e-mail address.

4. Scope of stakeholders: All stakeholders belonging to the data controller.

5. Purpose of data management: Validation of claims.

6. Duration of data management, deadline for deletion of data: Data management lasts until the claim is collected or the debt is settled.

7. Legal basis for data processing: Article 6, paragraph (1), points c) and f) GDPR. In addition to the enforcement of the rights arising from the contract, the data controller has a legitimate interest in the enforcement of claims.

8. Rights of the data subject:

the. You can find out about the conditions of data management,

b. You have the right to receive feedback from the data controller as to whether your personal data is being processed, and you have the right to access all information related to data processing.

c. You have the right to receive your personal data in a segmented, widely used, machine-readable format.

d. You are entitled to have your inaccurate personal data corrected without undue delay upon your request.

e. You can object to the processing of your personal data.

MANAGEMENT OF COOKIES

1. The website used cookies, such as “security cookies”, “necessary cookies”, “functional cookies” and “cookies responsible for the management of website statistics” for the use of which it is not necessary to request prior consent from the data subjects.

2. The fact of the data management, the scope of the managed data: Unique identification number, dates, times

3. Scope of stakeholders: All stakeholders visiting the website.

4. Purpose of data management: Identification of users and tracking of visitors.

5. Duration of data management, deadline for data deletion:

Type of cookie Legal basis for data management Data management

duration Managed data circle

Session cookies

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. Paragraph (3) of § The relevant

period until the end of the visitor session

connect.sid

Persistent or saved cookies

CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. § (3) until the data subject is deleted

Statistical cookies CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. Paragraph (3) of § 1-2 months

6. The person of the possible data controllers entitled to access the data: The data controller does not manage personal data by using the above cookies.

7. Description of the rights of data subjects related to data management: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data protection menu item.

8. Legal basis for data management: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.

USE OF GOOGLE ADWORDS CONVERSION TRACKING

1. The data controller uses the online advertising program called “Google AdWords”, and also uses Google’s conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).

2. When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.

3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.

4. Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.

5. The information – obtained with the help of conversion tracking cookies – serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.

6. If you do not want to participate in conversion tracking, you can reject it by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.

7. Further information and Google’s privacy policy are available on the following page: www.google.de/policies/privacy/

USE OF GOOGLE ANALYTICS

1. This website uses the Google Analytics application, which is a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.

2. The information created by cookies related to the website used by the User is usually sent to and stored on one of Google’s servers in the USA. By activating IP anonymization on the website, Google shortens the User’s IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.

3. The full IP address will only be transmitted to Google’s server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.

4. Within the framework of Google Analytics, the IP address transmitted by the User’s browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User’s website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en

Facebook pixel

1. The Facebook pixel is a code with the help of which a report is prepared on the website about conversions, target audiences can be compiled, and the owner of the page receives detailed analysis data about the visitors’ use of the website. With the help of the Facebook remarketing pixel tracking code, you can display personalized offers and advertisements on the Facebook interface to website visitors. The Facebook remarketing list is not suitable for personal identification. More information about the Facebook Pixel can be found here: https://www.facebook.com/business/help/651294705016616

COMPLAINT HANDLING

1. The fact of data collection, the scope of processed data and the purpose of data management:

Personal data Purpose of data management

Surname and first name Identification, contact.

E-mail address Contact.

Phone number Contact.

Billing name and address Identification, handling of quality objections, questions and problems arising in connection with the ordered products.

2. Scope of stakeholders: All stakeholders who use the service and complain about quality.

3. Duration of data management, deadline for deletion of data: Copies of the minutes, transcripts and responses to the objection are provided in the CLV of 1997 on consumer protection. Act 17/A. § (7) must be kept for 5 years.

4. The person of the possible data controllers entitled to access the data, the recipients of the personal data: The data controller manages the personal data in compliance with the above principles.

5. Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and

the data subject has the right to data portability and to withdraw consent at any time.

6. The data subject can initiate access to personal data, its deletion, modification or limitation of processing, data portability in the following ways:

– by post to 1221, Budapest, Ady Endre út 141/A A ed. at

– by e-mail at the e-mail address info@tevagyajel.hu,

– by phone at +36-20-93-69-814.

7. Legal basis for data management: Article 6 (1) point c) and CLV of 1997 on consumer protection. Act 17/A. (7) of §

8. We inform you that

the provision of personal data is based on a legal obligation.

the processing of personal data is a prerequisite for the conclusion of the contract.

you must provide personal data so that we can handle your complaint.

failure to provide data will result in us not being able to handle your complaint.

 

COMMUNITY SITES

1. The fact of the data collection, the scope of the processed data: Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. the name registered on social networking sites and the user’s public profile picture.

2. Scope of stakeholders: All stakeholders who have registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc. on social media sites and “liked” the Service Provider’s social media site, or contacted the data controller via the social media site.

3. Purpose of data collection: Sharing, “liking”, following and promoting certain content elements, products, promotions or the website itself on social networks.

4. The duration of data management, the deadline for data deletion, the identity of possible data managers entitled to access the data and the description of the rights of the data subjects: The data subject can find out about the source of the data, its management, the method of transfer and its legal basis on the given social media page. Data management takes place on social networking sites, so the duration and method of data management, as well as the options for deleting and modifying data, are governed by the regulations of the respective social networking site.

5. The legal basis for data management: the voluntary consent of the concerned person to the management of his personal data on social networking sites.

CUSTOMER RELATIONS AND OTHER DATA MANAGEMENT

1. If a question arises during the use of our data controller services, or if the data subject has a problem, he can contact the data controller using the methods provided on the website (telephone, e-mail, social media sites, etc.).

2. The data controller processes received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.

3. We provide information on data management not listed in this information when the data is collected.

4. The Service Provider is obliged to provide information, communicate and transfer data, or make documents available in the case of an exceptional official request, or in the case of requests from other bodies based on the authorization of the law.

5. In these cases, the Service Provider only releases personal data to the requester – if he has specified the exact purpose and the scope of the data – to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

RIGHTS OF THE DATA PARTIES

1. Right of access

You have the right to receive feedback from the data controller as to whether your personal data is being processed, and if such data processing is underway, you are entitled to access the personal data and the information listed in the regulation.

2. Right to rectification

You have the right to have inaccurate personal data corrected without undue delay upon your request. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

3. Right to erasure

You have the right to request that the data manager delete your personal data without undue delay, and the data manager is obliged to delete your personal data without undue delay under certain conditions.

4. The right to be forgotten

If the data controller has disclosed the personal data and is required to delete it, it will take reasonable steps, including technical measures, taking into account the available technology and the costs of implementation, to inform the data controllers that you have requested the personal data in question. the deletion of links or duplicates of these personal data.

5. The right to restrict data processing

You have the right to have the data controller restrict data processing at your request if one of the following conditions is met:

You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;

the data processing is illegal and you object to the deletion of the data and instead request the restriction of its use;

the data controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims;

You objected to data processing; in this case, the limitation applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over your legitimate reasons.

6. The right to data portability

You have the right to receive the personal data concerning you that you have provided to a data controller in a segmented, widely used, machine-readable format, and you are also entitled to transmit this data to another data controller without being hindered by the data controller whose provided personal data to (…)

1. The right to protest

In the case of data processing based on legitimate interest or public authority as legal grounds, you have the right to object at any time to the processing of your personal data for reasons related to your own situation, including profiling based on the aforementioned provisions.

2. Protest in the event of direct business acquisition

If personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for direct business purposes, then the personal data may no longer be processed for this purpose.

3. Automated decision-making in individual cases, including profiling

You have the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on you or would similarly significantly affect you.

The previous paragraph does not apply if the decision:

Necessary to conclude or fulfill the contract between you and the data controller;

its execution is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures for the protection of your rights and freedoms, as well as your legitimate interests; obsession

Based on your express consent.

ACTION DEADLINE

The data controller will inform you of the measures taken following the above requests without undue delay, but in any case within 1 month from the receipt of the request.

If necessary, this can be extended by 2 months. The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request.

If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

SECURITY OF DATA MANAGEMENT

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where applicable:

a) pseudonymization and encryption of personal data;

b) ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;

c) in the event of a physical or technical incident, the ability to restore access to personal data and the availability of data in a timely manner;

d) a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

NOTIFICATION OF THE DATA PROTECTION INCIDENT

If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and the name and contact details of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data breach, in particular those measures – such as the use of encryption – that make them unintelligible to persons not authorized to access personal data the data;

after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;

providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

REPORTING A DATA PROTECTION INCIDENT TO THE AUTHORITY

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

OPPORTUNITY TO COMPLAINT

You can file a complaint with the National Data Protection and Freedom of Information Authority against possible violations of the data controller:

National Data Protection and Freedom of Information Authority

1055 Budapest, Falk Miksa utca 9-11.

Mailing address: 1363 Budapest, Pf.: 9.

Telephone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

CLOSING WORD

During the preparation of the information, we paid attention to the following legislation:

– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (2016 April 27)

– CXII of 2011. Act – on the right to informational self-determination and freedom of information (hereinafter: Infotv.)

– CVIII of 2001 Act – on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)

– XLVII of 2008 law – on the prohibition of unfair trade practices towards consumers;

– XLVIII of 2008 Act – on the basic conditions and certain limitations of economic advertising (especially § 6.a)

– 2005 XC. Act on Electronic Freedom of Information

– Act C of 2003 on electronic communication (specifically § 155.a)

– 16/2011. s. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising

– The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information

– Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC

January 22, 2024

Katalin Krisztina Puskás e.v.