back

Privacy statement

Data Controller Name: Krisztina Major
Contact: hello@majorkrisztina.hu

(hereinafter referred to as Data Controller)

1. Storage of personal data processed by the Data Controller

The Controller stores the personal data processed by it on the servers of the following hosting providers:

The hosting provider is Rackhost Zrt.
Address of the hosting provider: 6722 Szeged, Tisza Lajos körút 41.
Company registration number: 06-10-000489
E-mail address: info@rackhost.hu

In drafting the provisions of the Privacy Policy, Krisztina Major has taken into particular consideration the provisions of Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Infotv.”). Krisztina Major respects the privacy rights of visitors to her website. Krisztina Major only records personal data that you provide voluntarily. The data will not be disclosed to third parties and will be stored and used solely for the purpose of contacting you.

2. Definition of terms:

Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by the state law, the controller or the specific criteria for the designation of the controller may also be determined by the state law.

Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Information Notice: Privacy Notice of the Controller.

Transfer: where the data are made available to a specified third party.

Disclosure: where the data is made available to any person.

Erasure: the rendering of data unrecognizable in such a way that their recovery is not possible.

Destruction of data: the total physical destruction of a data carrier containing data.

Third country: any country that is out of the European Economic Area (EEA)

Data Subject: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.

Website: the website at http://www.majorkrisztina.hu domain.

Users: users of the Website.

3. Amendments to the Privacy Notice

The Data Controller reserves the right to unilaterally decide to modify or withdraw this Privacy Notice at any time and to inform the Data Subjects at the same time. The information shall be provided by publication on the Website or, depending on the nature of the change, by direct notification to the Data Subjects. If the user concerned continues to use the services of the Data Controller after the notification, this shall be deemed to constitute acceptance of the amended provisions of the Notice.

4. Scope, purpose, legal basis, storage period, access rights of the personal data processed

4.1. The Data Controller places a small data package (so-called “cookie”) on the User’s computer in order to provide a personalized service. The purpose of the cookie is to ensure the highest possible quality of the operation of the site, to provide personalized services and to enhance the user experience. The User can delete the cookie from his/her computer or set his/her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie, the functionality of the site is not fully functional.

Purpose of data processing: these data recorded in the log file are used for statistical purposes and cannot be linked to other personal data of the users.

Legal basis for processing: legitimate interest of the Controller in the operation of the Website (Article 6(1)(f) GDPR)

Duration of processing: for the period necessary for the proper functioning of the Website

Persons entitled to access the Personal Data: Krisztina Major

4.2. Data provided on the Website

The scope of the data processed: name, e-mail address, telephone number

Purpose of data processing: registration of customers, distinguishing between customers, fulfilling orders, customer contact, information about current information, offers

Legal basis for processing: voluntary, specific and informed consent of the data subject (Article 6(1)(a) GDPR), or the performance of a contract or the legitimate interests of the Data Controller (Article 6(1)(b) and (f) GDPR).

Duration of processing: until 30 days after the withdrawal of consent or, failing that, until 5 years after the termination of the cooperation

Persons entitled to access Personal Data: Krisztina Major

5. Method of data processing, transfer of data

The Data Controller shall process Personal Data in accordance with the principles of good faith, fairness and transparency, as well as in accordance with the applicable laws and the provisions of this Notice. The Data Controller shall use Personal Data necessary for the use of the Services on the basis of the consent of the User concerned and only for the purposes for which they are collected. Unless otherwise provided by law, the disclosure of Personal Data to third parties or public authorities is only possible on the basis of a decision by a public authority or with the prior express consent of the User. The Data Controller shall process Personal Data only for the purposes set out in this Notice and in the applicable legislation. The scope of the Personal Data processed shall be proportionate to the purpose of the Processing and shall not go beyond that purpose. In all cases where the Controller intends to use the Personal Data for a purpose other than that for which it was originally collected, the Controller shall inform the User thereof and obtain his or her prior explicit consent or provide the User with the opportunity to object to such use. The Data Controller does not verify the Personal Data provided. The person providing the Personal Data is solely responsible for the correctness of the Personal Data provided.

Processing of data received from third parties:

  • Any User who provides an e-mail address and Personal Data provided during registration is also responsible for(1) the data and consents provided by him/her are his/her own and accurate,
    (2) he/she is the sole user of the service using the data provided.
  • With regard to this assumption of responsibility, any and all liability in connection with accessing the Service using an e-mail address and/or data provided shall be borne solely by the User who registered the e-mail address and provided the data. If the User has provided third party data during registration for the use of the service, the User shall be liable and the Data Controller shall be entitled to claim damages from the User. In such a case, the Data Controller shall provide all reasonable assistance to the competent authorities in order to establish the identity of the offending person.
  • The Personal Data of a person under the age of 16 may be processed only with the consent of the person who has parental authority over him or her. The Data Controller is not in a position to verify the eligibility of the person giving consent or the content of his or her declaration, so the User or the person having parental authority over him or her guarantees that the consent is in accordance with the law. In the absence of a declaration of consent, the Data Controller shall not process or collect Personal Data relating to a data subject under the age of 16, with the exception of the IP address used when using the Website, which is automatically recorded due to the nature of the Internet services.

6. Analytical Services:

The data controller uses Google Analytics to track site statistics and user demographics, interests and behavior on websites. The Organization also uses Google Search Console for site search engine optimization and to measure user satisfaction. Google provides the option to limit the use of analytics services. Visit Google’s website to opt-out of the use of your data by Google Analytics. https://tools.google.com/dlpage/gaoptout

Data transfers to third countries or international organizations:

The Data Controller will not transfer the Data Subject’s personal data and records to a third country or international organization outside the European Economic Area.

  • The Data Controller may, in certain cases, make available to third parties the Personal Data of the User concerned that are accessible to the Data Subject. The Data Controller shall not be held liable for such transfers and the consequences thereof. The processing of the transferred data shall be governed by the third party’s data processing provisions.
  • The Data Controller shall keep a record of the data transfers for the purpose of verifying the lawfulness of the data transfers and providing information to the User.

7. Information on data security measures

Personal Data is processed by the Data Controller in a closed system. The Controller shall ensure that data protection is provided by default and built-in. To this end, the Data Controller shall apply appropriate technical and organizational measures in order to:

  • precisely control access to the data;
  • allow access only to persons who need the data to perform the task for which it is collected, and then only to the minimum necessary for the performance of that task;
  • carefully select the data processors it engages and ensure the security of the data through appropriate data processing contracts;
  • ensure the integrity (data integrity), authenticity and protection of the data processed.

The Data Controller shall implement reasonable physical, technical and organizational security measures to protect Personal Data, in particular against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, use, access or processing. The Data Controller shall immediately notify the Data Subject of any known unauthorized access to or use of Personal Data which is known to be of high risk to the Data Subject.

The Data Controller shall, where it is necessary to transfer Data Subject Data, ensure adequate protection of the data transferred, for example by encrypting the data file. The Controller shall be fully responsible for the processing of the Data Subject’s data carried out by third parties. The Data Controller shall also ensure that the Data Subject’s data are protected against destruction or loss by appropriate and regular backups.

8. Rights of data subjects

The User may request information about the processing of Personal Data at any time in writing, by registered or certified mail sent to the address of the Data Controller or by e-mail sent to his/her e-mail address.

The request for information may cover the data of the User processed by the Controller, their source, the purposes, legal basis and duration of the processing, the names and addresses of any Data Processors, the activities related to the processing and, in case of transfer of Personal Data, who has received or is receiving the User’s data and for what purposes.

The User may request the rectification or modification of his Personal Data processed by the Controller. Taking into account the purpose of the Processing, the User may request the completion of incomplete Personal Data. The User may request the erasure of his Personal Data processed by the Controller.

The erasure may be refused (1) for the exercise of the right to freedom of expression and information, or (2) if the processing of Personal Data is authorized by law; and (3) for the establishment, exercise or defense of legal claims.

In any case, the Data Controller shall inform the User of the refusal of a request for erasure, indicating the reasons for the refusal. Once the request for erasure of personal data has been complied with, the previous (erased) data can no longer be restored.

The User may request that the Controller restrict the processing of his Personal Data if the User contests the accuracy of the Personal Data processed. In this case, the restriction shall apply for the period of time that allows the Controller to verify the accuracy of the Personal Data. The Controller shall flag the Personal Data it processes if the User contests its accuracy or correctness but the incorrectness or inaccuracy of the contested Personal Data cannot be clearly established.

The User may request that the Controller restrict the processing of his Personal Data even if the processing is unlawful, but the User opposes the erasure of the processed Personal Data and instead requests the restriction of its use.

The User may also request that the Controller restrict the processing of his or her Personal Data where the purpose of the processing has been achieved but the User requires the Controller to process the Personal Data in order to establish, exercise or defend legal claims. The User may request that the Personal Data provided by the User and processed by the Controller in an automated way by the User be provided to the Controller in a structured, commonly used, machine-readable format and/or transferred to another controller. The User may object to the processing of his/her Personal Data (1) if the processing of the Personal Data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller or a third party; (2) if the processing is for direct marketing, public opinion polling or scientific research purposes; or (3) if the processing is carried out for the performance of a task carried out in the public interest. The Data Controller shall examine the lawfulness of the User’s objection and, if the objection is found to be justified, shall terminate the Processing and block the Personal Data processed and notify the objection and the action taken on it to all those to whom the Personal Data to which the objection relates have been disclosed. The Data Controller shall act on or reject (with reasons) the notification within 1 month of the request being made at the latest, or in exceptional cases within a longer period permitted by law. It shall inform the Data Subject in writing of the result of the investigation.

9. Cost of information

The Controller shall provide the measures and the necessary information free of charge for the first time. If the Data Subject requests the same data for a second time within one month and the data have not changed during this period, the Data Controller shall charge an administrative fee.

  • The administrative costs shall be calculated on the basis of the hourly rate of the current minimum wage.
  • The number of working hours used to provide the information shall be calculated on the basis of the hourly rate.
  • In addition, the cost of printing the reply at cost price and the cost of postage in the case of a request for information on paper.

10. Refusal of information

If the Data Subject’s request is clearly unfounded, he/she is not entitled to receive information. If the Controller can prove that the Data Subject has the information requested, the Controller shall refuse the request for information.

If the data subject’s request is excessive, in particular because of its repetitive nature, the controller may refuse to act on the request if the Data Subject makes a third request within one month to exercise his or her rights under Articles 15 to 22 of the GDPR Regulation on the same subject matter.

11. Enforcement options

If you have any questions, comments or complaints about data management, you can contact the Data Controller’s staff at the contact details indicated in the header.

The User may directly contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).

In the event of violation of the User’s rights, the User may take legal action. The lawsuit may also be brought before the competent court of the place of residence or domicile of the Data Subject, at the Data Subject’s option. Upon request, the Data Controller shall inform the User of the possibilities and means of legal redress.

Budapest, 04 July 2023.