Privacy Policy
1. Purpose of the Privacy Policy
The purpose of the Privacy Policy is to define the principles and rules for the handling of personal and other data provided by visitors to the mayerjudit.hu website during the use of the website, managed by Mayer Judit ev. (hereinafter referred to as the Service Provider / Data Controller), in order to enforce the principles of data protection and the requirements of data security.
2. Change Tracking
The data protection guidelines related to the Service Provider’s data handling are continuously available at mayerjudit.hu/adatkezeles. The Service Provider reserves the right to change this information at any time.
3. General Provisions
The Service Provider handles personal data confidentially, in accordance with applicable legal requirements, ensures their security, takes necessary administrative, logical, and physical security and organizational measures, and establishes procedural rules necessary to enforce relevant provisions of applicable laws. The Service Provider maintains confidentiality during data processing:
protects information so that only authorized personnel can access it; integrity: protects the accuracy and completeness of the information and processing methods; availability: ensures that authorized users can access the desired information when needed and that the necessary tools are available. As the data controller, the Service Provider undertakes to ensure that all data processing activities comply with the provisions of this privacy policy and relevant applicable laws.
The appointed data protection officer at the Service Provider:
- assists or provides support in making decisions related to data processing and ensuring the rights of data subjects;
- ensures compliance with this law and other regulations related to data processing, as well as the provisions of internal data protection and security regulations and data security requirements;
- investigates reports received, and in case of unauthorized data processing, calls upon the data controller or data processor to cease such processing; ensures training in data protection knowledge;
- ensures compliance with regulatory requirements within the organization;
- ensures that data processors involved comply with legal requirements related to data protection.
The Service Provider is obliged to comply with legal regulations regarding the handling of personal data in all phases of data processing. The following regulations primarily govern the data processing conducted by the Service Provider: • Act V of 2013 on the Civil Code (“Civil Code”) • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) • Act CXII of 2011 on informational self-determination and freedom of information (“Data Protection Act”)
5. Definitions
Data Subject: Any identified or identifiable natural person based on specific personal data.
Personal Data: Any data relating to the data subject – in particular the data subject’s name, identifier, as well as one or more factors specific to the physical, physiological, mental, economic, cultural, or social identity of the data subject – and any inference drawn from such data concerning the data subject.
Consent: The voluntary and unambiguous expression of the data subject’s wishes, based on adequate information, by which the data subject gives consent to the processing of personal data relating to him or her – either in full or for specific operations.
Objection: The voluntary and unambiguous expression of the data subject’s wishes, based on adequate information, by which the data subject gives consent to the processing of personal data relating to him or her – either in full or for specific operations.
Data Processing: Any operation or set of operations performed on personal data, irrespective of the method or means, including collection, recording, organization, storage, alteration, use, transmission, disclosure, alignment, combination, blocking, erasure, or destruction of data, as well as preventing further use of the data, taking photographs, sound or visual recordings, and recording physical characteristics suitable for identifying the person (e.g., fingerprints, DNA samples, iris scans).
Data Processing: Carrying out technical tasks related to data processing, regardless of the method and means of execution and the location of the application, provided that the technical task is performed on the data.
Data Transmission: Making data accessible to a specific third party.
Disclosure: Making data accessible to anyone.
Data Controller: The natural or legal person, or organization without legal personality, who determines the purposes and means of the processing of personal data.
Data Processor: The natural or legal person, or organization without legal personality, who processes data on behalf of the controller – including a contract concluded under legal provisions – whether the task is carried out by technical means or not, and regardless of where the processing takes place.
Data Erasure: Rendering data unrecognizable in such a way that their restoration is no longer possible.
Data Inventory: Rendering data unrecognizable in such a way that their restoration is no longer possible.
Third Party: Any natural or legal person, or organization without legal personality, who is not the data subject, controller, or processor.
6. Az adatkezelő adatai, és elérhetősége
- Data Controller’s Company Name: Mayer Judit solopreneur
- Data Controller’s Registered Office: 1039 Budapest, Madzsar József utca 3.
- Data Controller’s Phone Number: 06 20 488 3966
- Company Registration Number/Registry Number: 57114783
- Tax Identification Number: 58762808-1-41
- Email Address: beszelgetes@mayerjudit.hu
- Website Operated by Data Controller: mayerjudit.hu
- Data Protection Officer: Not appointed
7. Data Processors
Data Processor’s Company Name: Websupport Ltd.
Data Processor’s Registered Office: 1132 Budapest, Victor Hugo utca 18-22.
Company Registration Number: 01-09-381419
Tax Identification Number: 25138205-2-41
Websupport Ltd. electronically transfers all data sent and received on every backend interface of mayerjudit.hu in server log format, which it stores on its own server for operation/maintenance purposes. The logs contain personal data received through contact forms (name, email address, phone number).
Data Processor’s Company Name: Meta Inc.
Data Processor’s Registered Office: 1 Hacker Way, Menlo Park, CA 94025
Meta Inc. receives electronically transmitted logs containing personal data provided beyond Facebook registration for the organization of sweepstakes (postal address, phone number) for maintenance purposes.
Data Processor’s Company Name: Google Inc.
Data Processor’s Registered Office: 1600 Amphitheatre Parkway, Mountain View, CA 94043
Google Inc. receives electronically transmitted logs in connection with Google Ads advertisements operated by Mayer Judit ev. containing personal data (name, address, phone number, email address, credit card number) for administrative purposes (billing, settlement of advertising costs).
Data Processor’s Company Name: Youtube (Google Inc.)
Data Processor’s Registered Office: 1600 Amphitheatre Parkway, Mountain View, CA 94043
Youtube receives electronically transmitted logs containing videos of participants in events organized by Mayer Judit ev., as well as registration data of registered members engaging in opinion-sharing activities (likes, comments) for maintenance purposes.
The Service Provider has contractual obligations with all data processors in accordance with legal requirements, ensuring that the processing of personal data is carried out only based on written instructions from the data controller, the data processor undertakes confidentiality obligations, provides guarantees for the IT and other security conditions of the data processor, and, upon request, provides all necessary information to the data controller. Data subjects consent to the transfer of data to all the above-mentioned data processors under the conditions detailed above.
8. Scope of Personal Data Processed, Legal Basis, Withdrawal of Consent
The following details are provided for each case:
the purpose of data processing the legal basis for data processing the personal data processed the scope of data subjects the possibility of withdrawing consent whether the data subject is obliged to provide personal data consequences of not providing personal data duration of data storage
Voluntary Consent to Data Processing:
Users expressly consent to the processing of their personal data as described in this information notice. If the visitor does not provide their own personal data, the data provider is obliged to obtain the consent of the data subject. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of data processing, which does not affect the legality of the processing prior to withdrawal.
8.1 Personal Data Provided During Contact:
The purpose of data processing is to provide personalized service to data subjects and to send price quotes upon request. The legal basis for data processing is the voluntary consent of the data subject to data processing, accepting the content of the data processing information notice by submitting the contact form. The processed personal data includes the name, email address, and phone number provided by the data subject. All interested individuals who initiate electronic contact on the website are affected. Consent can be withdrawn by requesting the deletion of submitted data; however, withdrawing consent does not affect the lawfulness of processing prior to consent withdrawal. The data subject is obliged to provide the data, as future identification cannot be performed without the provided data. If the data subject does not provide personal data, contact cannot be established, but the data subject can still view public sections of the website without restrictions. Data is stored until the requested deletion of data is initiated.
8.2 Personal Data Provided During Phone or Direct Contact:
The purpose of data processing is to provide personalized service to data subjects and to send price quotes upon request. The legal basis for data processing is the voluntary consent of the data subject to data processing, as the data is provided by the data subject. The processed personal data includes the name, phone number, and email address of the data subject. All interested individuals who initiate contact are affected. Consent can be withdrawn by email or phone, but withdrawing consent does not affect the lawfulness of processing prior to consent withdrawal. The data subject is obliged to provide the data, as future identification, contact, and contract-related activities cannot be performed without the provided data. If the data subject does not provide personal data, quotation cannot be provided. Data is stored for 1 year after the quotation is provided.
8.3 Cookies and IP Address:
The Service Provider places an anonymous user identifier (cookie) on the data subject’s computer, which is incapable of identifying the data subject on its own and is only capable of recognizing the data subject’s machine; no name, email address, or any other personal information is required, as data exchange occurs only between machines.
Users are entitled to prohibit the placement of a unique identifier token (cookie) on their computer through their browser settings. Users can also disable marketing and other types of cookies in a pop-up window when viewing websites.
The Service Provider processes cookies to obtain information about the browsing habits of data subjects, improve the quality of services, and display customized pages and marketing materials during website visits. The legal basis for data processing is the voluntary consent of the data subject to data processing, as the data subject can control cookies’ operation in a pop-up window upon opening the website. The processed personal data includes cookies used by Google Analytics, cookies assisting in website operation, and cookies for marketing purposes. All interested individuals who initiate contact are affected. Consent can be withdrawn by email or phone, but withdrawing consent does not affect the lawfulness of processing prior to consent withdrawal. The data subject is obliged to provide the data, as future identification, contact, and contract-related activities cannot be performed without the provided data. If the data subject does not provide personal data, quotation cannot be provided. Data is stored for 1 year after the quotation is provided.
Cookies collect information about visitors and their devices; remember visitors’ individual settings, which can be used, for example, during online transactions without having to re-enter them; facilitate website use; and provide a quality user experience.
Involved Data Processors: Google Inc, Facebook Inc, Youtube Inc, Websupport Hungary Ltd, Microsoft Hungary
8.4 Hosting Data
The purpose of data processing is to maintain the Service Provider’s own website and the websites of clients managed by the Service Provider, as well as to maintain the Service Provider’s email system. The legal basis for data processing is the consent of the data subject. All individuals who engage in correspondence with the Service Provider or initiate contact on the Service Provider’s own website or on the websites of contracted clients are affected. The data subject is required to provide the data, as future identification cannot be carried out without the provided data. If the data subject does not provide personal data, quotation and communication cannot be conducted. The storage period is 1 year following the provision of the quotation.
Involved Data Processor: Websupport Hungary Ltd
8.5 Customer Data / Event Participants’ Data
The purpose of data processing is to provide personalized service to the Service Provider’s clients, send price quotes upon request, and perform contracted activities. The legal basis for data processing is the consent of the data subject and contract conclusion. The data subject is required to provide the data, as future identification, communication, and the performance of activities specified in the contract cannot be carried out without the provided data. If the data subject does not provide personal data, quotation, communication, and contract conclusion cannot be carried out. The storage period is 6 months following the provision of the quotation.
9. Adat Transfer Abroad, to International Organizations
The Data Controller does not directly transfer personal data abroad; the storage of personal data takes place solely in Hungary. If any data processor stores or transfers personal data within or outside the European Union, such storage or transfer is carried out in accordance with the provisions of the GDPR.
10. Rights of the Data Subject and Remedies
10.1 Right to Transparent Information
The fundamental right of the data subject is the right to adequate, transparent information, which is an obligation incumbent on the data controller. The Data Controller informs the data subject succinctly, transparently, comprehensibly, in easily accessible format, clearly, and in an understandable manner about the circumstances of data processing, as well as their entitlements.
Upon request, information shall be provided without undue delay, but no later than within 30 days.
10.2 Right to Access
The data subject is entitled to receive feedback from the data controller as to whether the processing of personal data is ongoing, and if such processing is ongoing, the data subject is entitled to access the personal data and related information, particularly regarding the source of the personal data, and whether the data has been transmitted to third parties. The data controller shall provide the information within one month from the submission of the request.
10.3 Right to Data Portability
The data subject has the right to receive their personal data provided to the data controller in a structured, widely used, machine-readable format and to transmit this data to another data controller.
10.4 Right to Rectification, Modification
The data subject has the right to request the data controller to rectify or supplement their inaccurate personal data without undue delay.
10.5 Right to Erasure
The data controller is obliged to erase the personal data concerning the data subject without undue delay if one of the following reasons exists:
- Personal data are no longer needed for the purposes for which they were collected or otherwise processed.
- The storage period specified by the data controller has expired.
- The data subject withdraws their consent, and there is no other legal basis for data processing.
- The data subject objects to the data processing, and there are no overriding legitimate grounds for the processing.
- The personal data have been unlawfully processed.
- Personal data must be erased to comply with a legal obligation to which the data controller is subject.
- Personal data have been collected in relation to the offer of information society services.
If the processed data is necessary for legal claims or, for example, for accountability towards authorities, data processing may continue based on legal obligations or legitimate interests.
During erasure, the data controller must also notify the involved data processors of the obligation to erase.
10.6 Right to Object
The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data carried out in the public interest or in the exercise of official authority vested in the data controller, or where the processing is necessary for the legitimate interests pursued by the data controller or a third party, including profiling based on the aforementioned provisions. In case of objection, the data controller cannot further process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
10.7 Right to Restriction of Processing
In case of restriction, personal data may only be stored, and any further processing may only be carried out with the consent of the data subject, for the purpose of asserting legal claims, or for reasons of public interest. The data subject is entitled to request the data controller to restrict processing if one of the following conditions is met:
- The data subject contests the accuracy of the personal data, in which case the restriction applies for the period allowing the data controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing; in this case, the restriction applies for the period until it is verified whether the legitimate grounds of the data controller override those of the data subject.
11. Automated Decision-Making and Profiling
The Service Provider does not use or perform profiling, automated decision-making, or automatic mechanisms. The Service Provider does not allow automated decision-making or profiling for its data processors unless explicitly and separately consented to by the data subject.
12. Data Protection Incidents, Data Protection Log
The Data Controller is obliged to inform the competent Authority and the data subjects without undue delay, but no later than within 72 hours, of any data protection incidents upon becoming aware of them. The Data Controller shall make every effort to minimize the data protection and other damages caused to the data subjects as a result of the incident. The Data Controller must ensure that similar incidents do not occur in the future.
The Data Controller maintains a data protection log of all data protection-related cases—requests regarding data protection by data subjects, potential data protection incidents—which provides information about the content related to a given data subject upon request.
13. Resorting to Court
In case of a violation of their rights, the data subject may file a lawsuit against the Data Controller. The court shall proceed with the matter without delay. Jurisdiction lies with the court. The lawsuit may be brought before the court having jurisdiction over the Data Controller’s registered office or, at the choice of the data subject, the court having jurisdiction over their place of residence or habitual residence.
If the Data Controller unlawfully processes the data subject’s data or breaches the data security requirements, causing harm to another, they are obliged to compensate for it. The Data Controller is exempt from liability for the damage caused and the obligation to pay compensation if they prove that the damage or violation of the data subject’s personal rights resulted from an unavoidable circumstance beyond the scope of data processing. Compensation for damage and compensation for moral harm need not be paid to the extent that the damage or violation of personal rights resulted from intentional or grossly negligent behavior of the aggrieved party.
14. Administrative Procedure, Filing a Complaint
The data subject may submit a complaint or request information to the competent Authority:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf.: 5.
Correspondence address: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu
15. Other Provisions
Any data processing not listed in this notice will be provided with detailed information at the time of data collection. The Service Provider shall only disclose personal data to the authorities in the amount and to the extent necessary to achieve the purpose of the request if the authority has specified the exact purpose and scope of the data.