Legjobb Formám Stúdió Owner: Legjobb Énünk Kft., 4027 Debrecen Péterfia utca 18., tax number: 32662234-2-09, e-mail address: legjobbformamstudio.hu, phone: +36307272720 hereinafter referred to as the Service Provider, data controller, is subject to the following information.
According to Article 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of
Information, the data subject (in this case the website user, hereinafter referred to as the “user”) must be informed before the processing of the data starts whether the processing is based on consent or whether it is mandatory.
The data subject must be informed in a clear and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor and the duration of the processing, before the processing starts.
The data subject shall also be informed, pursuant to Article 6(1) of the Info Act, that personal data may also be processed if obtaining the data subject’s consent would be impossible or would involve disproportionate costs and the processing of the personal data would necessary for compliance with a legal obligation to which the controller is subject; or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.
The information should also cover the rights and remedies of the data subject in relation to the processing.
Where it would be impossible or disproportionate to provide personal information to data subjects (such as in the presentcase on a website), the information may be provided by disclosing the following information:
the fact of collection,
the data subjects concerned,
the purpose of the data collection,
the purpose of the data processing,
the duration of the data processing,
the identity of the potential data controllers who are entitled to access the data,
a description of the rights and remedies of the data subject in relation to the processing and,
where the processing is subject to registration,
the registration number of the processing.
This privacy notice governs the processing of data on the website https://ateszepsegszalonod.hu and is based on the above content. The notice is available at: https://ateszepsegszalonod.hu/adatvedelem
Amendments to this notice will enter into force upon publication at the above address.
Defined terms
Data Subject/User: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific
personal data;
personal data: data that can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from the data concerning the data subject;
controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the
purposes for which the data are to be processed, takes and implements decisions regarding the processing
(including the means used) or has them implemented by a processor on its behalf;
‘processing’ means any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of further use, taking of photographs, sound recordings or images and physical features which permit identification of a person (e.g.fingerprints, palm prints, DNA samples, iris scans);
data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
data processor: a natural or legal person or unincorporated body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision; ‘personal data breach’ means unlawful processing or processing of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage.
Processing of cookies (cookie)
Pursuant to Article 2(1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information,
the following shall be defined in the context of the processing of cookies on this website:
The fact of processing, the scope of the data processed: unique identifier, dates, times
The data subjects: all data subjects visiting the website.
Purpose of processing: to identify users and track visitors.
Duration of data processing, time limit for deletion of data: the duration of data processing for session cookies is until the end of the visit to the websites.
Who are the potential controllers of the data: no personal data are processed by the controller through the use of cookies.
Description of data subjects’ rights in relation to data processing.
Legal basis for processing: no consent is required from the data subject where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the service provider strictly needs the cookies to provide an information society service explicitly requested by the subscriber or user.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer to help the website analyze how users use the website. The information generated by the cookie about the website you use is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the User’s IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet
Usage. The IP address transmitted by the User’s browser within the framework of Google Analytics will not be merged with other data held by Google. The storage of cookies can be prevented by the User by setting the appropriate settings on his browser, but please note that in this case it is possible that the storage of cookies may be blocked. website may not be fully functional. You may also prevent Google from collecting and processing information about your use of the website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=hu
Newsletter, DM activity
Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, the User may expressly consent in advance to being contacted by the Service Provider with advertising offers and other mailings at the contact details provided.
In addition, the Customer may, subject to the provisions of this notice, consent to the processing of personal data by the Service Provider necessary for the sending of advertising messages.
The Service Provider shall not send unsolicited commercial messages and the User may unsubscribe from receiving such offers free of charge, without any restriction and without giving any reason. In this case, the Service Provider shall delete all personal data necessary for sending advertising messages from its records and shall not contact the User with further advertising offers. The User may unsubscribe from advertising by clicking on the link in the message.
Pursuant to Article 2 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the data processing of the newsletter:
The fact of processing, the data processed: name, nickname, e-mail address, date, time. Data subjects: all data subjects subscribing to the newsletter.
Purpose of processing.
Duration of data processing, deadline for deletion of data: until the consent is withdrawn, i.e. until the unsubscription.
Potential data controllers who may access the data: personal data may be processed by the controller’s staff, in compliance with the principles set out above.
Description of the data subjects’ rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge.
Legal basis for data processing: the data subject’s voluntary consent, the Infotv. Article 5 (1) of the Act on the
Fundamental Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008), Article 6 (5):
The advertiser, the advertising service provider or the publisher of advertising shall keep a record of the personal data of the persons who have given their consent within the scope specified in the consent. The data recorded in this register – relating to the recipient of the advertising – may be processed only in accordance with the consent given in the consent form, until the consent is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
Community sites
Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the scope of the processing of data on social networking sites:
Data confidentiality and security
The Data Controller shall treat personal data confidentially, and shall take all IT and other security measures related to data storage and processing in order to ensure data security.
Your rights
Please be informed that you may exercise your rights under the law by sending an email toinfo@bodylab.hu , where you may, within the limits specified by law:
Request access to or a copy of the personal data we process about you.
You may request information on the main characteristics of the processing (purpose, scope of the data processed, data processors involved, duration of the processing).
withdraw your consent at any time.
request that inaccurate personal data concerning you be corrected without undue delay or that incomplete personal data be completed.
request the deletion of personal data concerning you without undue delay. request the restriction
of the use of your data.
request to receive the personal data you have provided in a commonly used machine-readable format or to transmit it directly to another controller.
take action before the supervisory authority of the place where you reside, work or where the alleged infringement occurred.
Other processing
If the data controller has any questions or concerns about your use of our services, you can contact the data controller using the methods provided on the website (telephone, e-mail, social networking sites, etc.).
The data controller will delete the received e-mails, messages, data provided by telephone, Facebook, etc., together with the name and e-mail address of the interested party and other personal data voluntarily provided by the interested party, after a maximum of 2 years from the date of the communication.
Information about data processing not listed in this notice is provided at the time of collection.
In exceptional cases, the Service Provider is obliged to provide information, disclose data, hand over data or provide documents in response to a request from a public authority or other bodies authorised by law.
In such cases, the Service Provider shall only disclose personal data to the requesting party – provided that the latter has indicated the precise purpose and scope of the data – to the extent and to the extent that is indispensable for the purpose of the request.
Data security
The controller shall design and implement data processing operations in such a way as to ensure the protection of the privacy of data subjects.
The controller shall ensure the security of the data (SSL encryption), take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.
The controller shall take appropriate measures to protect the data, in particular against unauthorised access,
alteration, transmission, disclosure to the public, erasure or destruction, accidental destruction or accidental damage, inaccessibility resulting from changes in the technology used.
The controller shall ensure, by appropriate technical means, that the data stored in the records cannot be directly linked and attributed to the data subject.
In order to prevent unauthorised access to personal data, alteration and unauthorised disclosure or use of the
data, the controller shall ensure: the establishment and operation of an appropriate IT and technical environment, the controlled selection and supervision of the staff involved in the provision of the service, the
issuing of detailed operating, risk management and service provision procedures.
On the basis of the above, the service provider shall ensure that the data it processes are available to the right holder, its authenticity and authentication are ensured and its integrity is verified, verifiable.
The IT system of the Data Controller and its hosting provider protects against, inter alia,
computer fraud,
espionage,
computer viruses,
spam,
hacks
and other attacks.
Rights of data subjects
Data subjects may request the Service Provider to provide them with information about the processing of their personal data, request the rectification of their personal data, and request the erasure or blocking of their personal data, except for mandatory processing.
At the request of the data subject, the controller shall provide information about the data of the data subject processed by the controller or by a processor to whom the controller or the processor has delegated the processing, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities of the processor in relation to the processing, the circumstances of the personal data breach, its effects and the measures taken to remedy it, and, in the case of the transfer of the data subject’s personal data, the legal basis and the recipient of the transfer.
The controller shall, where it has an internal data protection officer, through the internal data protection officer, keep a register for the purpose of monitoring the measures taken in relation to the personal data breach and informing the data subject, which shall include the scope of the personal data concerned, the number and type of data subjects affected by the personal data breach, the date, circumstances, effects and measures taken to remedy the personal data breach and other data specified in the legislation providing for the processing.
For the purposes of monitoring the lawfulness of the transfer and informing the data subject, the controller shall keep a record of the transfer, which shall include the date of the transfer of personal data processed by the controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation providing for the processing.
At the User’s request, the Service Provider shall provide information on the data processed by it, their source, the purpose, legal basis and duration of the processing, the name and address of any data processor and its activities related to the processing, and, in the case of the transfer of personal data of the data subject, the legal basis and the recipient of the transfer. The service provider shall provide the information in writing and in an intelligible form within the shortest possible time from the date of the request, but not later than 25 days. The information shall be provided free of charge.
If the personal data is inaccurate and the correct personal data is available to the controller, the service provider shall correct the personal data.
Instead of deletion, the Service Provider shall block the personal data if the User requests this or if, based on the information available to it, it can be assumed that deletion would harm the legitimate interests of the User. The blocked personal data may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists.
The Service Provider shall delete the personal data if its processing is unlawful, the User requests it, the processed data is incomplete or incorrect – and this situation cannot be lawfully remedied – provided that deletion is not excluded by law, the purpose of the processing has ceased to exist, or the statutory period for storing the data has expired, or the court or the National Authority for Data Protection and Freedom of Information has ordered it.
The controller shall mark the personal data that it processes if the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established.
Rectification, blocking, flagging and erasure must be notified to the data subject and to all those to whom the data were previously disclosed for processing. Notification may be omitted if this does not undermine the legitimate interests of the data subject having regard to the purposes of the processing.
If the controller does not comply with the data subject’s request for rectification, blocking or erasure, it shall, within 25 days of receipt of the request, provide in writing the factual and legal reasons for refusing the request for rectification, blocking or erasure. In the event of refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of judicial remedy and of recourse to the Authority.
Legal remedies
A user may object to the processing of his or her personal data if the processing or transfer of the personal data is necessary solely for the performance of a legal obligation to which the Service Provider is subject or for the purposes of the legitimate interests pursued by the Service Provider, the data importer or a third party, unless the processing is required by law; the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes; in other cases specified by law.
The Service Provider shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision. If the Service Provider establishes that the objection of the data subject is justified, it shall terminate the processing, including further recording and transmission of the data, and block the data, and shall notify the objection and the measures taken on the basis of the objection to all those to whom it has previously transmitted the personal data concerned by the objection and who are obliged to take action to enforce the right to object.
If the User does not agree with the decision of the Service Provider, the User may appeal against it to a court within 30 days of its notification. The court shall act out of turn.
Complaints against possible infringements by the data controller may be lodged with the National Authority for Data
Protection and Freedom of Information:
National Authority for Data Protection and Freedom of
Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. Box 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail:ugyfelszolgalat@naih.hu
Court enforcement
The controller must prove that the processing is in compliance with the law. It is for the recipient to prove the lawfulness of the transfer.
It is for the courts to decide on the action. The action may also be brought, at the option of the data subject, before the courts for the place where the data subject resides or is domiciled.
A person who does not otherwise have legal capacity may be a party to the proceedings. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
If the court upholds the application, the controller shall be ordered to provide the information, rectify, block or erase the data, annul the decision taken by automated processing, take account of the data subject’s right to object or disclose the data requested by the data subject.
If the court rejects the data subject’s request, the controller is obliged to delete the data subject’s personal data within 3 days of the judgment. The controller shall also be obliged to delete the data if the data subject does not apply to the court within the time limit.
The court may order the publication of its judgment, with the publication of the controller’s identification data, if the interests of data protection and the protected rights of a larger number of data subjects require.
Compensation and damages
Where the controller infringes the data subject’s right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the controller.
The controller is liable to the data subject for the damage caused by the processor and the controller is also liable to pay the data subject the damages for the personal data breach caused by the processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unavoidable cause outside the scope of the processing.
No compensation shall be due and no damages shall be payable where the damage or injury to the person concerned has been caused by the intentional or grossly negligent conduct of the victim or by an infringement of a right relating to personality.
Closing words
In preparing this information notice, we have taken into account the following legislation:
Act CXII of 2007 – on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Information Act”) Act CVIII of 2007 – on certain issues of electronic commerce services and information society services (in particular § 13/A)
Act XLVII of 2007 – on the prohibition of unfair commercial practices against consumers;
Act XLVIII of 2003 – on the basic conditions and certain restrictions on commercial advertising (in particular § 6)
Act XC of 2007 on the freedom of electronic information
Act C of 2003 on Electronic Communications (specifically § 155)
Opinion No 16/2011 on the EASA/IAB Recommendation on best practice on behavioural online advertising
Recommendation of the National Authority for Data Protection and Freedom of Information on data protection
requirements for prior information
