Etelka Andrea Szeghalmi sole trader (hereinafter referred to as the “Data Controller”, for details see section 1.1.) as the operator of the website available under the domain name szeghalmietelka.com (hereinafter referred to as the “Etelka Szeghalmi Website”) hereby publishes the rules, data protection, data management principles and information on data management within the framework of the Etelka Szeghalmi Website and the related services.
The Data Controller acknowledges that it is bound by the contents of this legal notice. It undertakes to ensure that any processing of data related to its activities shall comply with the requirements set out in this Policy and in the applicable national legislation and European Union legal acts.
Questions, requests and comments can be sent to the addresses indicated in point 1.1. The Data Controller shall treat personal data confidentially and shall take all security, technical and organizational measures to ensure the security of the data, deleting personal data after use.
1. Data controller
Site owner: Etelka Andrea Szeghalmi sole trader
Address: Budapest 1125, Zsolna str. 28-32, building A, 1/4
Registration number: 55465337
Tax number: 56773369-1-43
Statistical number: 56773369-9609-231-01
Storage provider: http://tarhelypark.hu Websupport Magyarország Kft.; registered office: 1132 Budapest, Victor Hugo utca 18-22.; company registration number: 01-09-381419; tax number: 25138205-2-41 (formerly TárhelyparkKft.)
If you have any questions, you can contact the Data Controller using the contact details above. Incoming emails will be deleted together with the personal data upon request or upon expiry of the use (e.g. completion of the service, end of the course), except in the case of regular use of the service, in which case the data will be kept for the necessary period.
1.2. The Data Controller uses Bazi Destiny Analysis, Qi Men Dun Jia, Five Elements Way of Living, ThetaHealling and other Eastern Metaphysics methods to inform and teach the Users through blogposts, videos, seminars, webinars, professional studies, professional events which will be announced in the newsletter, on the website and on the blog. To this end, the processing of Users’ personal data will be carried out in compliance with the legal provisions in force and the rules of business ethics.
1.3 The Data Controller reserves the right to involve additional data processors in the future, which will be disclosed to the Users through the amendment of this Policy.
2. Relevant legislation of the Data Protection Policy
2.1. The Data Controller commits to carry out its activities in accordance with the legislation in force at the time. These are the following at the time of publication of this document:
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter referred to as the Electronic Commerce Act)
- Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities (hereinafter referred to as the Economic Advertising Act)
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the Infotv.)
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);
2.2. Data processing is governed by the Infotv. (5. § paragraph (1) a)) and by Act CVIII of 2001 on certain aspects of information society services. In the case of processing based on voluntary consent, the data subjects (Users) may withdraw their consent at any time during the processing.
2.3. Consent covers in particular the following processing operations: collection, recording, organization, storage, modification, use, blocking, deletion and destruction of data.
2.4. The Data Controller is not in a position to verify the eligibility of the consenting person or to know the content of the declaration of the legal representative, so the User or his/her legal representative guarantees that the consent is in compliance with the law. If the User does not provide the Data Controller with his/her own personal data, the User is obliged to obtain the consent of the data subject. The Data Controller shall consider the appropriate consent of the legal representative to be given when using the Service. In relation to age, the following shall apply:
- Consent may be given by the legal guardian on behalf of minors under the age of 14 and otherwise incapacitated Users.
- Minors over the age of 14 but under the age of 16 and Users who are otherwise incapacitated may give their consent to data processing with the consent or subsequent consent of their legal representative.
- A minor User over the age of 16 may give consent on his or her own, and the consent or subsequent approval of his or her legal representative is not required for the validity of his or her declaration.
2.5. The collection and processing of the data detailed in point 3.2. c) meets the criteria for a customer relationship. Pursuant to Article 65(3)(a) of the Infotv, the Authority does not keep data protection records on the processing of data relating to persons who have a customer relationship with the controller. Data processing in the context of a customer relationship need not be notified to the data protection register if
- data are collected directly from the data subjects,
- the purpose of the processing is known to the data subject,
- the type of data to be processed, the duration of the processing (erasure) is predefined,
- the data are used only in connection with the predefined purpose (e.g. not for direct marketing or sending newsletters),
- the data are not removed from the controller’s records and the data subjects are appropriately informed,
- the data are not transferred to a third party (not a data processor, but an independent data controller).
3. Nature of Data Processing
3.1. Users can enter information about themselves on the Etelka Szeghalmi website in two ways:
- Personal data explicitly provided or made available when using the services of the Etelka Szeghalmi website (see section 3.2.).
- Information provided to the Data Controller in connection with the use of the Etelka Szeghalmi website, when visiting and using the Etelka Szeghalmi website (see section 3.3)
3.2. Processing data provided directly by Users on a voluntary basis
a) Subscribe to Etelka Szeghalmi website newsletter – news, events of interest, offers or additional services and other informative or contact messages provided electronically (hereinafter collectively referred to as “Newsletter”):
- First Name
- Email address
- Consent (to receive newsletters to the email address you provided)
b) When applying for any service:
- Full name/Company Name
- Email address
- Invoicing address
- Consent (to subscribe to the course/service newsletter list and to manage billing data; this is necessary to use the service and is therefore mandatory)
c) In case of application to Services including Bazi Destiny Analysis, Qi Men Dun Jia consultation or Five Elements Way of Living consultation besides point 3.2. b) the following data is necessary for the efficient provision of services:
- Place of birth
- Date of birth
- Life events
3.2.1. For certain elements of the website (e.g. comments on blog posts, likes, click-throughs), it is possible to comment, register or access or use other functions or processes using data stored by an external data controller. The Data Controller does not have a contractual relationship with these parties or does not intentionally cooperate with them in relation to the processing of the data, but they still have access to the Website/Services, with or without the User’s involvement (e.g. by connecting his/her individual account to the Service), and thus collect data about Users or about the User’s activity on the Services’ websites, which may sometimes be used to identify the User, either individually or in combination with data collected by other external service providers. Such external service providers may include, but are not limited to:
- Facebook Ireland LTD. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) –– Data Policy
These external service providers process the Personal Data transferred to them in accordance with their own privacy policies.
3.2.2. In certain cases, such as anonymous questionnaires, surveys, etc., which do not directly identify the User, the data is collected through the online platform of Google Forms, a service provided by Google. In this case, Google is considered to be the data processor. In such cases, Google’s data processing activities in relation to the processing of the data will be the provision of technical support. For contact details, see the previous point.
3.2.3. The automatic mail following subscriptions and all emails sent through the newsletter system will contain a link to unsubscribe. The User can use this at any time. By clicking on the unsubscribe link, the Data Controller will no longer send him/her any further mailings on that list (unless the User subscribes again).
3.3. Processing of other data collected in connection with the use of the Etelka Szeghalmi website
3.3.1. If the User does not explicitly provide any personal data or information on the Etelka Szeghalmi website, as described in section 3.2 of the Information, the Data Controller shall not collect or process any personal data concerning the User in a way that would allow the User to be personally identified.
3.3.3. The Data Controller uses the services of the Google Analytics system in connection with the Etelka Szeghalmi website. The cookies managed by Google Analytics help to measure the traffic and other web analytics data of the Etelka Szeghalmi website. The information collected by the cookies is transmitted to and stored on external servers operated by Google. Google will use this information primarily for the purpose of monitoring the traffic on the Szeghalmi Etelka website and to analyze the activities of the Szeghalmi Etelka website. Google may transfer this information to third parties where required to do so by law. Google may also transfer this information to third parties which it uses to process the data. Google Analytics can provide detailed information on the processing of data by Google Analytics (http://www.google.com/analytics).
3.3.5. The processing of data by the aforementioned external service providers shall be governed by the data protection standards set by these service providers and the Data Controller shall not assume any liability in respect of such processing.
4. Purpose of data processing
4.1. The Data Controller uses the data to provide the services available on the website of Etelka Szeghalmi (introduction to and application of personalized lifestyle consultation through Eastern metaphysical methods), in particular for the following purposes:
- efficient delivery of the services available on the Etelka Szeghalmi website and the related administrative tasks (e.g. invoicing);
- maintaining contact, the primary aim of which is to provide Users with appropriate information, to deal efficiently and quickly with any technical problems that may arise, to reply to messages sent by Users; organizing professional events, publishing professional studies;
- registering and fulfilling orders and applications, delivering the ordered products to Users, maintaining contact with Users in connection with orders, training courses, etc.;
- settling disputes over the use of the Etelka Szeghalmi website;
- Sending newsletters, if the User has given his/her express consent, until such consent is withdrawn.
4.2. The processing carried out by the Data Controller for each of the purposes of processing covers the personal data of the Users listed in Sections 3.2. and 3.3. of the Notice and, in respect of each processing carried out by the Data Controller, includes:
- For the purpose of registration for the newsletter series, contact, information and correct invoicing, the data listed in points 3.2. a) and b) are voluntarily provided
- personal data listed in point 3.2. c), voluntarily provided for the purpose of the efficient performance of the service requested
- Data voluntarily provided, with or without name, for the purposes of questionnaires and surveys on Google Forms
4.3. The data collected by the technologies referred to in point 3.3 of this Notice shall not be used to identify the User, nor shall the Data Controller link such data to any other potentially identifiable data. The primary purpose of the use of such data is to enable the Data Controller to operate the Etelka Szeghalmi website properly, in particular to monitor the data relating to visits to the Etelka Szeghalmi website and to detect possible abuse of the Etelka Szeghalmi website. In addition to the above, the Data Controller may use this information to analyze usage trends, to improve and develop the functions of the Etelka Szeghalmi website and to obtain comprehensive traffic data on the overall usage of the Etelka Szeghalmi website.
4.4. The Data Controller may use the data referred to in point 4.3. to compile and analyze statistics on the use of the Etelka Szeghalmi website, and to transmit to third parties or to publish in aggregate and anonymously statistical data (e.g., number of visitors, most viewed topics or content) that are not suitable for such identification.
5. Duration of data processing on the Etelka Szeghalmi website
5.1. The processing of the User’s personal data lasts from the time the data is disclosed until its deletion by the Data Controller.
5.2. The processing carried out by the Data Controller for each of the purposes of processing shall, in the absence of prior deletion at the User’s request, be for the period specified below:
- Database managed for the purpose of sending newsletters, registration for newsletter series – until the date of unsubscribing from the newsletter.
- I delete the data received in my mailbox upon explicit request from the User in accordance with the legal framework.
5.3. The User may object to the processing of his/her personal data
- if the processing or transfer of the personal data is necessary solely for compliance with a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests pursued by the Data Controller, the data subject or a third party, except in cases of mandatory processing
- if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and
- in other cases, specified by law.
5.4. The Data Controller shall examine the objection within the shortest possible period of time from the submission of the request, but not later than 15 days, shall decide on the merits of the objection and shall inform the applicant in writing of its decision. If the User does not agree with the decision of the Data Controller, or if the Data Controller fails to comply with the above time limit, the User may, within 30 days of the notification of the decision or the last day of the time limit, take the matter to court.
5.5. Furthermore, the User may decide at any time that the Data Controller shall no longer send him/her the Newsletter. The User may withdraw his/her consent to receive the Newsletters at any time, free of charge, without giving reasons and without any restrictions, by clicking on the unsubscribe button at the bottom of the Newsletters or by sending a written request to the Data Controller’s contact details (see point 1.1 of the Notice; this way the User may unsubscribe from all relevant online platforms).
5.4. The deletion of data from the database may also occur at the request of the User, so the data management – within the periods specified above – shall continue until the User explicitly requests the deletion of his/her data by the Data Controller.
5.5. The Data Controller shall delete the data within 30 (thirty) calendar days of receipt of the User’s request at the latest.
5.6. The above regulations are without prejudice to the fulfilment of legal obligations of retention, such as those arising from accounting requirements. The data of the services used by the Data Controller’s customers will also appear on the invoice and other accounting documents, and these data cannot be deleted due to accounting requirements.
6. Method of data processing
6.1. The User communicates his/her personal data to the Data Controller by registering, using the Data Controller’s website, filling in certain questionnaires, recording in e-mails and by any other individual means.
6.2. Users’ personal data are recorded separately for each processing purpose.
6.3. Who has access to Users’ personal data:
- the employees and associates of the Data Controller;
- employees of the Data Processors as defined below;
- certain public authorities in respect of data requested by them in the course of official proceedings and which the Data Controller is required by law to provide;
- the staff of a debt collection company appointed by the Data Controller for the purpose of handling overdue debts;
- other persons with the express consent of the User.
6.4. The Data Controller undertakes to maintain strict confidentiality of the personal data processed by it without any time limitation, and shall not disclose them to any third party, except with the consent of the User.
7. Data Processing
7.1. The Data Controller uses the services of the following Data Processors as data processors:
- Google Drive
- Google Docs
- Chrome browser
7.2 Data Transmission
The personal and non-personal data provided may be transmitted through several channels, according to different technological standards.
7.3 Links to other sites
8. Data Security
8.1. The Data Controller commits to ensure the security of the data, to take technical and organizational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorized use or unauthorized alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Users to comply with the requirements of data security.
8.2. The Data Controller shall ensure the security of personal data, and shall take the technical and organizational measures and establish the procedural rules necessary to enforce the Infotv. and other data protection and confidentiality rules. It shall ensure that the data processed cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. The processed data may only be accessed by the Data Controller, its employees and its Data Processor(s) and shall not be disclosed by the Data Controller to any third party not entitled to access the data.
8.3. The Data Controller shall make every reasonable effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall impose the above commitment on its employees involved in the processing activities.
8.4. The User acknowledges and accepts that in case of providing his/her personal data, despite the fact that the Data Controller has advanced security measures in place to prevent unauthorized access or disclosure, the data cannot be fully protected on the Internet. In the event of unauthorized access or disclosure of data despite our efforts, the Data Controller shall not be liable for any such acquisition or unauthorized access or for any damage suffered by the User as a result thereof. In addition, the User may also provide personal data to third parties who may use it for illegal purposes or in illegal ways.
8.5. The Data Controller does not collect any special categories of data, such as data concerning racial or ethnic origin, membership of national or ethnic minorities, political opinions or party affiliations, religious or philosophical beliefs, membership of representative associations, health, pathological addictions, sex life or criminal records, which are required to be provided.
9. Legal Remedies
9.1. Right to be informed: the Data Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the information referred to in Articles 15 to 22 and 34 of the GDPR relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
9.2. The right of access of the data subject: the User has the right to receive feedback from the Data Controller as to whether or not his/her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:
- the purposes of the data processing (see point 4);
- the categories of personal data concerned (see point 3);
- the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organizations (see point 6.3);
- the anticipated duration of the storage of the personal data (see point 5);
- the right to rectification (9.3), deletion (9.4) or restriction of processing (9.5) and the right to object (9.7
- the right to submit a complaint to the supervisory authority (9.10 and 9.11);
- the fact of automated decision-making, including profiling (9.8.)
- information on data sources; and
- the applied logic and clear information on the significance of such processing and its likely consequences for the data subject.
Upon request, the Data Controller shall provide the information in writing within 30 (thirty) calendar days.
9.3. Right of rectification: The User may request the correction of inaccurate personal data concerning him/her processed by the Data Controller and the completion of incomplete data.
9.4. Right of deletion: The User shall have the right, upon request and without undue delay, to have the Controller erase personal data relating to him/her if one of the following grounds applies:
- the User withdraws the consent on which the processing is based and there is no other legal basis for the data processing;
- the User objects to the data processing and there are no overriding legitimate grounds for the data processing;
- the data is incomplete or inaccurate – and this cannot be lawfully rectified – provided that deletion is not prohibited by law;
- the purpose of the data processing has ceased to exist, that is, the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data processing is illegal;
- the storage time limit laid down by law has expired;7. the personal data must be e deleted in order to comply with a legal obligation under EU or Member State law to which the controller is subject;
- the personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
- the deletion has been ordered by a court or the National Authority for Data Protection and Freedom of Information;
- the personal data were collected in connection with the provision of information society services.
The deletion of data shall not be initiated if the data processing is necessary: for the purpose of exercising the right to freedom of expression and information; for compliance with an obligation under EU or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defense of legal claims.
9.5. Right to restriction of data processing: at the User’s request, the Data Controller shall restrict data processing if one of the following conditions is met:
- the User disputes the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the accuracy of the personal data to be verified;
- the processing is illegal and the User opposes the deletion of the data and instead requests the restriction of their use;
- the Data Controller no longer needs the personal data for the purposes of the processing, but the User requires them for the establishment, exercise or defense of legal claims; or
- the User has objected to the data processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Data Controller prevail over the legitimate grounds of the User.
Where data processing is restricted, personal data, other than storage, may be processed only with the consent of the User or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the EU or of a Member State.
9.6. Right to Data retention: The User has the right to receive the personal data concerning him/her that he/she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit such data to another Data Controller.
9.7. Right to object: The User may object to the processing of his/her personal data on the grounds set out in Article 21 of the Infotv. In this case, the Data Controller shall examine the objection within 15 (fifteen) calendar days from the date of the request and inform the applicant in writing of the outcome of the objection.
9.8. Automated decision-making in individual cases, including profiling: The User shall have the right not to be subject to a decision based solely on automated processing, including profiling, which would have legal effects concerning him or her or similarly significantly affect him or her.
9.9. Right of withdrawal: The User has the right to withdraw his/her consent at any time.
9.10. Right to apply to court: if the User does not agree with the decision of the Data Controller or if the Data Controller fails to comply with the deadline, the Data Subject may apply to court within 30 (thirty) calendar days from the date of notification of the decision or the last day of the deadline. In the event of a violation of his/her rights, the Data Subject may appeal to a court, specifically to the responsible court, in the capital city to the Metropolitan Court of Budapest, as defined in Article 22 of the Infotv.
9.11. Right to data protection authority proceedings:: The National Authority for Data Protection and Freedom of Information has the right to lodge a complaint:
10. Unilateral amendment
10.1. The Data Controller reserves the right to unilaterally amend this Privacy Notice.
11. Other regulations
The Data Controller shall disclose to public authorities, where the public authority has indicated the precise purpose and scope of the data, only such personal data as are strictly necessary for the purpose of the request and to the extent strictly necessary for the purpose of the request.
12. Data processing definitions
According to § 3 of Act CXII of 2011
- User: any user visiting Szeghalmi Etelka website is considered a User after starting to use the website See also point 2.4;
- personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the conclusions which can be drawn from the data concerning the data subject;
- special categories of personal data: personal data revealing racial or ethnic origin, national or ethnic minority, political opinions or political party affiliation, religious or philosophical beliefs, membership of an interest group, sex life; personal data concerning health, pathological addiction and personal data concerning criminal offences;
- criminal personal data: personal data relating to the criminal offence or criminal proceedings, generated during or prior to the criminal proceedings, by the bodies authorized to conduct criminal proceedings or investigate criminal offences, and by the law enforcement authorities, which can be linked to the data subject, and personal data relating to the criminal record;
- data of public interest: information or knowledge, in whatever form or by whatever means, which is held by a body or person performing a State or local government task or other public task defined by law and which relates to its activities or is generated in the course of the performance of its public task, and which does not fall within the concept of personal data, irrespective of the way in which it is handled, whether or not it is of a specific or collective nature, in particular data concerning the powers, competences, organization, structure, professional activities, including an assessment of their effectiveness, the types of data held and the legislation governing their operation, as well as data concerning management and contracts concluded;
- public interest data: any data not covered by the concept of public interest data, the disclosure, availability or accessibility of which is required by law in the public interest;
- consent: a freely given and explicit indication of the data subject’s wishes, based on adequate information, by which he or she gives his or her unambiguous agreement to the processing of personal data concerning him or her, whether in full or in relation to specific operations;
- objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data;
- data controller: the natural or legal person or an organization without legal personality who, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a data processor on its behalf;
- data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organization, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, deletion or destruction of data, as well as any prevention of further use of data, the taking of photographs, audio or video recordings, and the recording of physical characteristics which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);
- data transfer: making data available to a specified third party
- disclosure: making data available to any person;
- deletion of data: rendering data unrecognizable in such a way that it is no longer possible to retrieve it;
- data marking: marking of data with an identification mark to distinguish it;
- data retention: the marking of data with an identification mark for the purpose of limiting their further processing permanently or for a limited period of time;
- data destruction: the total physical destruction of a data storage medium containing data;
- data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to carry out the operations and the place of application, provided that the technical task is performed on the data;
- data processor: a natural or legal person or an unincorporated body which, under a contract with a controller, including a contract entered into pursuant to a legal provision, processes data;
- data provider: the public authority which has produced the data of public interest which must be made public by electronic means or in the course of whose activities the data were generated;
- data communicator: a public sector body which, if the data controller does not publish the data itself, publishes on a website the data communicated to it by the data controller;
- data set: the set of data managed in a database;
- third party: a natural or legal person, or an unincorporated body, other than the data subject, the controller or the processor;
- EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area, and a State whose nationals enjoy the same legal status as nationals of a State party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its Member States and a State not party to the Agreement on the European Economic Area;
- third country: any State which is not an EEA State.
Budapest, 2nd of October 2021.
Szeghalmi Etelka Andrea sole trader.