Adatkezelési tájékoztató

1. Purpose of the Privacy Policy

Katalin Havasi (hereinafter referred to as the “Data Controller”) acknowledges the content of this legal notice as binding upon herself. The Data Controller undertakes to ensure that all data processing related to her activities complies with the provisions set out in this Policy, the applicable national legislation, as well as the legal acts of the European Union. The Data Controller’s data protection principles are continuously available at havasikatalin.hu/adatkezelesi-tajekoztato. The Data Controller reserves the right to modify this notice at any time; any potential changes will be communicated to the public in due time. If you have any questions regarding this notice, please contact us, and our colleague will respond to your inquiry. The Data Controller is committed to protecting the personal data of her clients and partners and considers it of utmost importance to respect her clients’ right to informational self-determination. The Data Controller treats personal data confidentially and takes all necessary security, technical, and organizational measures to guarantee the security of the data. Below, the Data Controller outlines her data processing practices.

2. Data Controller’s Details

You can contact the Data Controller using the contact details provided below. The Data Controller will delete all emails received, together with any personal data contained therein, no later than 1 year after the date of receipt.

  • Company name: Havasi Katalin egyéni vállalkozó
  • Registered address: 2532 Tokodaltáró, Géza street 30.
  • Mailing address: 1122 Budapest XII., Bíró street 12.
  • Tax number: 66090555-1-31
  • Company registering authority: Kormányhivatal Dorog
  • Permit number: 31621287
  • Chamber: Komárom-Esztergom Megyei Kereskedelmi és Iparkamara
  • Email: katalin.havasi@gmail.com
  • Phone: +36302356070

3. Scope of Personal Data Processed

3.1 Personal Data to Be Provided During Registration
  • Name / required
  • Email / required
  • Message / required
3.2 Technical Data

When processing personal data, the Data Controller selects and operates the IT tools used in the provision of the service in such a way that the data being processed:

  • is accessible to authorized persons (availability);
  • has its authenticity and verification ensured (data authenticity);
  • has its integrity verifiable (data integrity);
  • is protected against unauthorized access (data confidentiality).

The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental loss or destruction. The Data Controller implements technical, organizational, and administrative measures to ensure the security of data processing, providing a level of protection appropriate to the risks associated with data processing. During data processing, the Data Controller safeguards:

  • Confidentiality: protecting information so that only authorized persons have access to it;
  • Integrity: protecting the accuracy and completeness of the information and the methods of processing;
  • Availability: ensuring that authorized users can access the required information when needed and that the necessary tools are available.
3.3 Cookies
3.3.1 Purpose of Cookies
  • collect information about visitors and their devices;
  • remember individual visitor settings that may be used, for example, during online transactions so that they do not have to be re-entered;
  • facilitate the use of the website;
  • ensure a quality user experience.

For the purpose of providing a personalized service, small data files, known as cookies, are placed on the user’s computer and read during future visits. If the browser sends back a previously saved cookie, the service provider managing the cookie may link the user’s current visit with previous ones, but only with respect to its own content.

3.3.2 Essential Session Cookies

The purpose of these cookies is to enable visitors to browse the website seamlessly, use its functions, and access the services available there without interruption. The validity of these cookies lasts until the end of the browsing session; when the browser is closed, these cookies are automatically deleted from the computer or other device used for browsing.

3.3.3 Third-Party Cookies (Analytics)

The Data Controller’s website also uses third-party cookies such as Google Analytics. By using the statistical services of Google Analytics, information is collected about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies remain stored on the visitor’s computer or other browsing device until they expire or until the visitor deletes them.

4. Planned Use and Retention Period of the Data Processed

  • Name of Data Processing: registration
  • Purpose: registration
  • Legal Basis: consent
  • Retention Period: 1 year

5. Purpose, Method, and Legal Basis of Data Processing

5.1 General Data Processing Principles

The Data Controller’s data processing activities are based on voluntary consent or statutory authorization. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing. In certain cases, the processing, storage, or transmission of certain data may be mandatory under applicable laws, about which our clients will be separately informed. Data providers are reminded that if they provide personal data that does not belong to them, it is their responsibility to obtain the consent of the data subject. The Data Controller’s data processing principles are in accordance with applicable data protection laws, including but not limited to the following:

  • Act CXII of 2011 – on the Right of Informational Self-Determination and Freedom of Information (Infotv.);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
  • Act V of 2013 – the Civil Code (Ptk.);
  • Act C of 2000 – on Accounting (Accounting Act);
  • Act LIII of 2017 – on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.);
  • Act CCXXXVII of 2013 – on Credit Institutions and Financial Enterprises (Hpt.).

6. Physical Locations of Data Storage

Your personal data (i.e., data that can be linked to you) may come into our possession in the following ways: on the one hand, technical data related to your computer, browser, IP address, and visited pages are automatically generated in our computer system in connection with maintaining the internet connection; on the other hand, you may provide your name, contact information, or other data if you wish to establish personal contact with us while using the website. The data technically recorded during the operation of the system includes data from the user’s computer generated during voting, which is automatically recorded by the Data Controller’s system as a result of technical processes. Automatically recorded data is logged by the system at login and logout without any separate statement or action from the data subject. These data cannot be linked to any other personal user data, except where required by law. Only the Data Controller has access to this data.

7. Data Transfer, Data Processing, and Scope of Data Access

The data provided is treated confidentially in accordance with data protection laws. It is not transferred to third parties and is used solely for the Data Controller’s own purposes.

8. Rights of Data Subjects and Possibilities for Enforcing Rights

Data subjects may request information about the processing of their personal data and may request the correction, deletion, or withdrawal of their personal data (except where mandatory data processing applies), exercise their right to data portability, and object to processing in the manner indicated at the time of data collection or via the contact details of the Data Controller.

8.1 Right to Information

The Data Controller shall take appropriate measures to ensure that all information referred to in Articles 13 and 14 of the GDPR, as well as the information referred to in Articles 15–22 and 34, is provided to data subjects in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.

8.2 Right of Access

The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning them is being processed. If such processing is ongoing, the data subject is entitled to access the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been or will be disclosed, including third-country recipients and international organizations; the intended storage period of the personal data; the right to rectification, erasure, restriction of processing, and objection; the right to lodge a complaint with a supervisory authority; information on the data sources; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the data subject. The Data Controller shall provide this information within one month of the request.

8.3 Right to Rectification

The data subject may request the correction of inaccurate personal data and the completion of incomplete personal data concerning them.

8.4 Right to Erasure

The data subject is entitled to request the deletion of personal data concerning them without undue delay if any of the following applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based, and there is no other legal basis for the processing;
  • the data subject objects to processing and there are no overriding legitimate grounds for processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
  • the personal data have been collected in relation to the offer of information society services.

Data cannot be deleted if processing is necessary: for exercising the right of freedom of expression and information; to comply with a legal obligation under EU or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority; for public health purposes or archival, scientific, historical research, or statistical purposes; or for the establishment, exercise, or defense of legal claims.

8.5 Right to Restriction of Processing

The data subject may request restriction of processing if any of the following conditions are met:

  • the accuracy of personal data is contested, for a period allowing verification;
  • processing is unlawful, and the data subject opposes erasure and requests restriction instead;
  • the Data Controller no longer needs the data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims;
  • the data subject has objected to processing, pending verification whether the Data Controller’s legitimate grounds override those of the data subject.

If processing is restricted, personal data may only be stored and processed with the data subject’s consent, for legal claims, or to protect the rights of another natural or legal person, or for important public interest of the Union or a Member State.

8.6 Right to Data Portability

The data subject has the right to receive personal data they have provided to the Data Controller in a structured, commonly used, machine-readable format and transmit those data to another data controller.

8.7 Right to Object

The data subject may object at any time to the processing of personal data for tasks carried out in the public interest, in the exercise of official authority, or for legitimate interests of the Data Controller or a third party, including profiling. Upon objection, the Data Controller shall no longer process the personal data unless compelling legitimate grounds override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

8.8 Automated Decision-Making, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

8.9 Right to Withdraw Consent

The data subject may withdraw consent at any time.

8.10 Right to Judicial Redress

In case of violation of their rights, the data subject may bring a case against the Data Controller in court. The court will prioritize the case.

8.11 Supervisory Authority

Complaints may be submitted to the National Authority for Data Protection and Freedom of Information:

  • Name: National Authority for Data Protection and Freedom of Information (NAIH)
  • Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
  • Mailing Address: 1530 Budapest, P.O. Box 5
  • Phone: +36 1 391 1400
  • Fax: 0613911410
  • E-mail: ugyfelszolgalat@naih.hu
  • Website: http://www.naih.hu

9. Other Provisions

Any data processing not listed in this notice will be communicated at the time of data collection. Clients are informed that courts, prosecutors, investigative authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other authorities authorized by law may request information, data, or documents from the Data Controller. The Data Controller will only provide the personal data necessary to achieve the purpose specified by the requesting authority.