PRIVACY STATEMENT
1. Purpose of the Data Management Information
Péter Huszáros (hereinafter referred to as the Data Controller) acknowledges the content of this legal notice as binding. The Data Controller undertakes that all data management related to its activities complies with the expectations defined in this regulation, applicable national laws, and the legal acts of the European Union. The Data Controller's data protection principles are continuously available at the website globalmentalfitness.com/privacy statement. The Data Controller reserves the right to change this information at any time. Naturally, any changes will be communicated to the public in a timely manner. If you have any questions related to this notice, please write to us, and our colleague will answer your questions. The Data Controller is committed to protecting the personal data of its clients and partners, considering it particularly important to respect the right of informational self-determination of its clients. The Data Controller treats personal data confidentially and takes all security, technical, and organizational measures to guarantee the security of the data. The Data Controller outlines its data management practices below.
2. Data of the Data Controller
You can contact the Data Controller at the following contact details. The Data Controller deletes all emails received, along with any personal data, no later than 1 year after the data is provided.
Company name: Péter Huszáros Sole Proprietorship
Headquarters: 1182 Budapest Tarkő Street 55.
Mailing address: 1182 Budapest Tarkő Street 55.
Tax number: 90159361-1-43
Registration authority: National Tax and Customs Administration
Registration number: 59309301
Chamber: Budapest Chamber of Commerce and Industry
Email: huszpeter369@gmail.com
Phone: +36701611961
3. Range of Personal Data Processed
3.1 Personal Data Required During Registration
Name / mandatory
Email / mandatory
Message / mandatory
3.2 Technical Data
The Data Controller selects and operates the IT tools used in the provision of services in such a way that the processed data:
-
is accessible to those authorized (availability);
-
its authenticity and authentication are ensured (authenticity of data processing);
-
its unaltered nature is verifiable (data integrity);
-
is protected against unauthorized access (data confidentiality).
The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction. The Data Controller ensures the protection of data processing security with technical, organizational, and structural measures that provide an adequate level of protection corresponding to the risks associated with data processing. The Data Controller ensures:
-
confidentiality: protecting information so that only those who are authorized have access to it;
-
integrity: protecting the accuracy and completeness of the information and the method of processing;
-
availability: ensuring that when the authorized user needs it, they can indeed access the desired information and the related tools are available.
3.3 Cookies
3.3.1 Purpose of Cookies
-
They collect information about visitors and their devices;
-
They remember visitors' individual settings, which may be used, e.g., during online transactions, so that they do not have to be re-entered;
-
They facilitate the use of the website;
-
They provide a quality user experience.
For customized service, a small data package called a cookie is placed on the user's computer, which is read back during subsequent visits. If the browser returns a previously saved cookie, the service provider managing the cookie can link the user's current visit to the previous ones, but only in terms of its own content.
3.3.2 Strictly Necessary, Session Cookies
The purpose of these cookies is for visitors to be able to browse the website fully and seamlessly, use its functions, and access the services available there. The validity period of these types of cookies lasts until the end of the session (browsing), and they are automatically deleted from the computer or other browsing device upon closing the browser.
3.3.3 Third-Party Cookies (Analytics)
The Data Controller's website also uses third-party cookies such as Google Analytics. The Google Analytics service is used to gather statistical data on how visitors use the website. The Data Controller uses the information to improve the website and enhance user experience. These cookies remain on the visitor's computer or browser until they expire or until the visitor deletes them.
4. Intended Use and Retention Period of Processed Data
Name of data processing: Registration
Use: Registration
Legal basis: Consent
Retention period: 1 year
5. Purpose, Method, and Legal Basis of Data Processing
5.1 General Data Management Principles
The data management of the Data Controller is based on voluntary consent or legal authorization. In the case of data management based on voluntary consent, the persons concerned can withdraw their consent at any stage of the data processing. In certain cases, the processing, storage, and transmission of a specific set of provided data is mandatory by law, which we will notify our customers about separately. We draw the attention of those who provide data to the Data Controller that if they do not provide their own personal data, it is their duty to obtain the consent of the concerned individual. The data management principles of the Data Controller comply with applicable data protection legislation, including, in particular, the following:
-
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.);
-
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
-
Act V of 2013 on the Civil Code (Ptk.);
-
Act C of 2000 on Accounting (Accounting Act);
-
Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.);
-
Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises (Hpt.).
6. Physical Storage Locations of Data
Your personal data (i.e., data that can be associated with you) may be processed in the following ways: on the one hand, technical data related to the computer, browser program, internet address, and visited pages used by you are automatically generated in our computer system when maintaining the internet connection, and on the other hand, you can provide your name, contact details, or other data if you wish to contact us personally while using the website. The technically recorded data generated during the operation of the system are automatically recorded by the system without any separate declaration or action by the user at the time of login and logout. This data, except in cases required by law, cannot be linked to other personal user data. Only the Data Controller has access to the data.
7. Data Transfer, Data Processing, and Persons Accessing the Data
The provided data is treated confidentially according to the data protection law, is not passed on to third parties, and is only used for our own purposes.
8. Rights of the Data Subject and Legal Remedies
The data subject may request information about the processing of their personal data and may request the correction, deletion, or restriction of their personal data, with the exception of mandatory data processing. The data subject may also exercise their right to data portability and objection in the manner indicated at the time of data collection or via the contact details of the Data Controller.
8.1 Right to Information
The Data Controller shall take appropriate measures to provide the data subject with all information relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR, as well as all information referred to in Articles 15 to 22 and Article 34, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
8.2 Right of Access
The data subject shall have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, recipients in third countries or international organizations; the envisaged period for which the personal data will be stored; the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; the source of the data if not collected from the data subject; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. The Data Controller provides the information within a maximum of one month from the submission of the request.
8.3 Right to Rectification
The data subject has the right to request the correction of inaccurate personal data concerning them and to have incomplete personal data completed by the Data Controller.
8.4 Right to Erasure
The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay, and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
-
The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
-
The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
-
The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
-
The personal data have been unlawfully processed;
-
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
-
The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Erasure of data cannot be initiated if the processing is necessary:
-
For exercising the right of freedom of expression and information;
-
For compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject;
-
For the establishment, exercise, or defense of legal claims.
8.5 Right to Restriction of Processing
At the request of the data subject, the Data Controller shall restrict processing where one of the following applies:
-
The accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
-
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
-
The Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
-
The data subject has objected to processing pending the verification of whether the legitimate grounds of the Data Controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. A data subject who has obtained restriction of processing shall be informed by the Data Controller before the restriction is lifted.
8.6 Right to Data Portability
The data subject shall have the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller, where the processing is based on consent or on a contract and the processing is carried out by automated means. In exercising their right to data portability, the data subject shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.
8.7 Right to Object
The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
8.8 Automated Individual Decision-Making, Including Profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
8.9 Right to Withdraw Consent
The data subject shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8.10 Right to Lodge a Complaint
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.
9. Data Security Measures
The Data Controller declares that they have taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction, as well as against the possibility of data becoming inaccessible due to changes in the technology used. The Data Controller will make every reasonable effort to ensure that the data controllers they work with also implement appropriate data security measures.
10. Access to Data and Data Security
The Data Controller ensures the following in terms of data security:
-
Prevention of unauthorized persons from gaining access to personal data;
-
Protection of personal data against unauthorized modification;
-
Ensuring that personal data is available to authorized persons when needed.
The Data Controller continuously checks the IT system to ensure compliance with data protection and data security requirements, and ensures the continuous availability of data during the data processing process.
11. Legal Remedies
In the event of a violation of the data subject's rights, the data subject may seek remedy at the court with jurisdiction based on their residence or habitual place of residence. The court shall handle the case with priority.
12. Modification of the Privacy Policy
The Data Controller reserves the right to amend this Privacy Policy unilaterally. Any changes will be communicated to the public promptly.
13. Data Management in Connection with Job Applications
The Data Controller will retain the data of job applicants for a maximum of 1 year after the conclusion of the recruitment process unless otherwise stipulated by the applicant. If the applicant wishes for their data to be deleted earlier, they can request it by email.
14. Personal Data Protection Officer
The Data Controller does not currently employ a personal data protection officer as it is not required under current legislation.