Privacy Policy

Takács Tímea Tax Number: 55422132-1-42 Seat: 1145 Columbus utca 27-29. Building A, Floor 2, Apt. 1

Tax Number: 55422132-1-42

Privacy Notice

1. General Information

Takács Tímea (hereinafter: Data Controller), during the processing of personal data, pays priority attention to complying with the provisions of the effective legislation and to protecting the personal and special categories of data provided to her. The Data Controller handles personal data confidentially and takes all technical and security measures necessary to guarantee the security of the data. The Data Controller’s data processing principles are in accordance with the effective legislation related to data protection, in particular the following:

Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information;
Act C of 2000 on Accounting;
Act CVIII of 2001 on certain issues of electronic commerce services and information society services;
Act I of 2012 on the Labour Code;
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation / GDPR)

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Subject: any natural person identified or identifiable, directly or indirectly, based on any specific personal data.

Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Data: a) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as b) data concerning health, a natural person’s sex life or sexual orientation, and personal data relating to criminal convictions and offenses.

The processing of personal data may take place for law enforcement, national security, and national defense purposes, provided that the relevant legislation so provides. Personal data may be transferred to organizations performing such tasks, provided that the relevant legislation so provides; the provisions of these legislations cannot be overridden by the Data Processing Rules.

2. Circumstances, Legal Basis, Purpose, and Instances of Data Processing

Data processing carried out by the Data Controller occurs in the specifically defined cases below, according to the following criteria.

2.1. Coaching Service

Types of data processed during the service:

surname,
first name,
phone number,
e-mail address,
home address,
health data

We inform you that the processing of special categories of data (health data) only takes place if its knowledge is indispensable for the performance of the service.

Purpose of data processing:

identification of the natural person, contact maintenance,
invoicing obligation related to the fulfillment of the service,
approaching/securing the location necessary for the fulfillment of the service.

Legal basis for data processing: the consent of the data subject pursuant to point (a) of Article 6(1) of the GDPR.

Duration of data processing: The Data Controller shall store and process the data in her database until the data subject requests its erasure, or they will be automatically erased after 2 years from the date of collection. If consent is given on multiple occasions, the duration of processing starts from the last date of consent.

The Data Controller is obliged to retain the invoice containing the personal data of the data subject for 8 years pursuant to the Act on Accounting.

2.2. Workshops

Types of data processed during the service:

surname,
first name,
phone number,
e-mail address.

Purpose of data processing:

identification of the natural person, contact maintenance,
invoicing obligation related to the fulfillment of the service,
ensuring the transmission of electronic messages necessary for the fulfillment of the service (transmission of study materials/videos via e-mail).

Legal basis for data processing: the consent of the data subject pursuant to point (a) of Article 6(1) of the GDPR.

The Data Controller is obliged to retain the invoice containing the personal data of the data subject for 8 years pursuant to the Act on Accounting.

2.4. Purchase of Paintings and Image Cards

Types of data processed during product purchase:

surname,
first name,
phone number,
e-mail address,
home address,
shipping address,
billing name and address.

Legal basis for data processing: the consent of the data subject pursuant to point (a) of Article 6(1) of the GDPR.

The Data Controller is obliged to retain the invoice containing the personal data of the data subject for 8 years pursuant to the Act on Accounting.

2.5. Data Collection:

Offline: in person at the venue of the service, at events (e.g., open days, fairs), via incoming calls.
Online: by filling out the contact form found on the website, through Facebook paid lead-generation forms, Instagram, YouTube channels, and through social chat platforms.

In cases where the data subject does not contact the Data Controller by filling out a form (especially via telephone, live chat, messenger, email, comment), the Data Controller shall immediately send the link to the page containing the acceptance of this privacy notice. If the person using the service does not confirm the acceptance within 3 days of sending the link, the sent data will be erased, will not be kept in the database, and no further contact will be initiated.

The Data Controller does not take responsibility for special data brought to her knowledge without an express request (e.g., in a telephone conversation, Messenger, Facebook, or e-mail otherwise communicated); therefore, we request that you do not provide such data in the absence of an express request.

2.6. Data Transfer, Data Processing:

We inform you that by accepting this policy, you also consent to the transfer and processing of data to the following partners:

Marketing service: TeMarketinged
Hosting service: Profitárhely
IT service: Google

2.7. Cookies

The Data Controller’s website—similarly to many other websites—uses cookies to ensure proper use of the website, enhance user experience, and optimize marketing communication, for which the website requests your express prior consent upon your first visit. We request that you read the Cookie Notice carefully before giving your consent.

All cookies can be manually deleted from your browser after your visit, even if you previously authorized their use.

2.8. Marketing Newsletter and Profiling

The Data Controller processes data in a way that allows her to provide the most suitable service (profiling) based on the data provided by you, and provides information about these on her provided contact details. You have the option, if you do not wish to consent to the use of your data for profiling and service development purposes, or do not wish to receive personalized electronic mail for marketing purposes, not to consent to such use of the data. If you have already given such authorization, you may withdraw it in writing at any time, without justification.

We inform you that automated decision-making does not take place.

Purpose of data processing: the purpose of processing the data is to send electronic mail for marketing purposes to the data subject and—based on the voluntary provision of data during contact with the Data Controller—to maintain a business relationship.

Legal basis for data processing: the consent of the data subject pursuant to point (a) of Article 6(1) of the GDPR.

If you no longer wish to receive electronic mail for marketing purposes, you can unsubscribe from the newsletter at any time using the link in the footer of the newsletter or at the info@alkotoanyu.hu email address.

3. Data Security

The collection, storage, and processing of personal and special categories of data, as well as their transfer to a third party and any other data processing activity adapted to the purpose of data processing, shall be carried out in such a way that unauthorized persons do not have access to them.

For the security of your personal and special data, the Data Controller applies technical and procedural rules that prevent unauthorized access to these data, their alteration or transfer, and intentional or accidental loss or destruction.

We call your attention to the fact that we strive to appropriately protect all devices and the data found on them, both electronically (password) and physically (stored in an appropriately locked place).

4. Persons Authorized for Data Processing

The processing of data is carried out exclusively by the authorized employees of the Data Controller for the performance of their tasks. Only designated employees are authorized to access the stored data.

To protect the data, the Data Controller instructs all persons authorized for data processing to comply with the legislation and the provisions contained in this notice, and binds them to confidentiality. The processing of personal data by our contractual partners during their handling of personal data is the responsibility of our contractual partners, for which the Data Controller assumes no liability.

5. Incident Handling

If you experience any problem regarding the processing of your personal data or become aware that unauthorized persons have gained access to your data, you can report this to the Data Controller at the info@alkotoanyu.hu e-mail address. The Data Controller shall take the appropriate steps in accordance with the legislation and in a timely manner and notify the authority if the conditions for such are met. Following the conduct of the investigation, the data subjects will be informed via e-mail of its result, with the level of detail corresponding to the regulations.

6. Rights of the Data Subject

1. Request for Information You may request information regarding the processing of your personal data at any time. Upon your request, the Data Controller shall provide information about the data processed. You may contact us with any question or observation related to data protection, or exercise your rights set out in this document, via the info@alkotoanyu.hu address.

2. Right to Withdrawal Consent previously given for data processing on a voluntary basis may be withdrawn by you at any time. You may initiate the withdrawal of your consent at the info@alkotoanyu.hu e-mail address.

3. Right of Access You may receive feedback from the Data Controller at any time as to whether the processing of your personal data is in progress, and if such data processing is in progress, you are entitled to access the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed;
the envisioned period for which the personal data will be stored;
the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning you, and to object to such processing;
the right to lodge a complaint with a supervisory authority;
any available information as to their source, where the personal data were not collected from you.

We shall provide the requested information within a maximum of one month from the submission of the request.

4. Right to Rectification The Data Controller shall rectify data processed by her that do not correspond to reality at your request, and supplement incomplete data. In all cases, we send notification via e-mail about the fact of rectification and erasure. You can initiate the rectification of your data at the info@alkotoanyu.hu e-mail address.

5. Right to Erasure (Right to be Forgotten) In the following cases, you are entitled at any time to request the erasure of your personal data, and the Data Controller is obliged to erase your personal data without undue delay if:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw your consent on which the processing was previously based on a voluntary basis, and there is no other legal ground for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.

The above shall not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject, or for the performance of a task carried out in the public interest; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defense of legal claims.

6. Restriction of Processing At your request, the Data Controller shall restrict processing if one of the following conditions is met:

you contest the accuracy of the personal data, in which case the restriction applies for a period enabling the verification of the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
the Data Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
you have objected to processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override your legitimate grounds.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7. Objection You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions.

In the event of your objection, the Data Controller shall no longer process the personal data unless she demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

8. Limitation of the Exercise of Rights The above rights may not be exercised, or the Data Controller is not obliged to fulfill the request, if the data processing is necessary for the fulfillment of a legal obligation relating to the Data Controller, and we perform the data processing lawfully.

7. Legal Enforcement

You may enforce your right to the protection of your personal data before a civil court or turn to the Office of the Commissioner for Fundamental Rights, or the National Authority for Data Protection and Freedom of Information (NAIH).

At the National Authority for Data Protection and Freedom of Information (Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, mailing address: 1530 Budapest, Pf.: 5.), anyone may initiate an investigation by filing a report, citing that a legal injury has occurred or there is a direct threat of such in connection with the processing of personal data or the exercise of the right to know data of public interest or data public on grounds of public interest.

The data subject may turn to a court:

against the refusal of information,
against the refusal of a request for rectification, erasure or blocking,
in case of infringement of their rights,
if they do not agree with the decision made regarding their objection, or if the Data Controller misses the deadline open for the consideration of the objection request, within 30 days from the communication of the decision or the last day of the deadline.

The adjudication of the lawsuit falls within the jurisdiction of the tribunal (Metropolitan Tribunal) according to the seat of the Data Controller as defendant. The lawsuit—at the choice of the Data Subject—may also be initiated before the tribunal of their place of residence or place of stay.

We request that in the event of any complaint or observation related to the data processing of the Data Controller, please contact the Data Controller for the purpose of reconciliation prior to initiating the above procedures.

Budapest, September 7, 2021

Takács Tímea