GDPR on data privacy
Below you will find information on how I handle your personal data and information about your rights in relation to the personal data I process. Information leaflet Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, hereinafter: GDPR) and Article CXII of 2011 on information security prepared in accordance with the relevant provisions of the Act.
1.) Data controller, contact details:
Anita Kocsis, coach, trainer
Phone: +36 70 374 1924
2.) Data Protection Officer
No Data Protection Officer has been appointed.
3.) Purpose of processing personal data
According to the Regulation, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Contact, offer request, book an appointment
Upon contact by e-mail or telephone, the following information is required to contact the data subject and give a quote:
- email address
Purpose of data management: identification of the data subject, preparation and sending of a personalized quote to the data subject, and contact with the data subject
Keeping a coaching session
In order to keep a coaching session, to achieve the desirable goal with the session, face-to-face communication with the data subject is required, that can be in person or via online. For this I need the data below:
- email address,
- address/billing address,
- tax number from companies only.
4.) Legal basis for data management
The data processing is based on the data subject’s consent (Article 6 (1) (a) GDPR).
The data subject’s consent means that the data subject authorizes the processing of his or her personal data by giving the data controller a voluntary, specific and well-informed and unambiguous declaration based on adequate information of his or her will. The data subject shall indicate his or her consent by means of a statement or an act which unequivocally expresses the confirmation.
Regulation states, with regard to the data subject’s consent, that the processing of his or her personal data is lawful only if and to the extent that the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
Consent and the related rights of the data subject:
- Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her.
- The data subject shall have the right to withdraw his or her consent at any time, in which case the controller must delete the data subject’s personal data from his or her systems.
- The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- According to the accounting regulations, the data related to invoicing cannot be deleted, and if the data subject has a debt, I can also process your data in case of withdrawal of consent, based on the legitimate interest in the collection of the claim.
- Legal basis of contact, request a quote and date reservation section 5, article (1) (b) of the Act CXII of 2011 on information self-determination and freedom of information (HU) and article 6, section (1) (a) of GDPR.
- Legal basis of keeping a coaching session section 5, article (1) (b) of the Act CXII of 2011 on information self-determination and freedom of information (HU) and article 6, section (1) (a) of GDPR.
5.) Persons involved in data processing
The data controller processes the data of natural persons who contact him or her and request a quote, as well as those who apply for or wish to participate in a coaching session.
6.) The range of personal data processed during coaching
- Contact, request a quote, book an appointment
- email address,
- address/billing address
- Keeping a coaching session
- email address,
- address/billing address,
- tax number (companies only).
7.) The method of data processing
I store the personal information you provide me in a password-protected encrypted file.
8.) Data processors
Any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
No data processor will be used in the processing of the personal data of those involved in this data management.
9.) Az adatkezelés időtartama
Personal data will be processed until withdrawal of the consent, but for a maximum of 8 years by the data controller.
The Data Controller shall store the data related to the orders – including the sound recording made during the telephone administration – in order to prove it in the course of possible legal disputes, until the general limitation period, ie for 5 (five) years.
In order to fulfill the accounting obligations, the Data Controller shall provide the data related to invoicing for 8 (eight) years in accordance with Section 169 of Act C of 2000, and in accordance with Section XCII of 2003 on the Taxation Procedure. It is managed until the statutory limitation period.
10.) Data transfer
Concerned parties’ personal data to third party processing is transferred due on the basis of legal obligation.
11.) Automated decision making
Automated decision making is not in use.
12.) Rights of data subjects with regard to the processing of personal data
In accordance with the GDPR and Information Act, you have the following rights with regard of the processing of your personal data:
Information on the handling on personal data
The data subject has the right to be properly informed about the processing of his or her personal data and the enforcement of his or her rights. At the request of the data subject, the data controller shall provide information on the processing of his or her personal data in writing. If the controller is unable to identify the data subject, he or she may refuse to comply with the request. The controller shall respond to the data subject’s request without undue delay, but no later than within 5 days, and if he / she does not comply with any of his / her requests, he / she shall state the reasons.
The information is free of charge if the person requesting the information has not yet submitted a request for information to the data controller for the same data set in the given year. In other cases, reimbursement may be established.
Access to personal data
The data subject has the right to receive feedback from the data controller as to whether the processing of his or her personal data is in progress. If the data processing is in progress, the data subject is entitled to:
- have access to the personal data processed and
- receive information on the following data:
- the purpose of data processing,
- the type of personal data processed,
- information on the addressed or categories of addressed with whom, or with which the personal data have been communicated or will be communicated by the data controller,
- the planned period of personal data storing, or if it is not possible, the criteria for determining this period.
The purpose of the exercise is to establish and verify the lawfulness of the data processing, therefore in case of multiple requests for information, the data controller may charge a fair fee for the fulfillment of the information.
Access to personal data is ensured by sending the processed personal data or other information to the data subject by email after identification.
Correction of personal data
A data subject should have the right to have inaccurate personal data concerning him or her rectified by the date controller without undue delay.
Deleting personal data
The data subject has withdrawn his or her consent and the data controller is obliged to delete his or her personal data.
The data subject can request the deletion of his / her data from our register at any time, free of charge, which we can carry out within 5 working days.
The data subject can send a withdrawal statement in a message to the data controller’s email address.
The data subject objects to the data processing based on a legitimate interest and there is no overriding legitimate reason (ie. a legitimate interest) for the processing, the data controller is obliged to delete his/her personal data.
I have processed your personal data unlawfully and this has been established on the basis of the complaint.
Your personal data must be deleted in order to fulfill a legal obligation under Union or Member State law.
Restrictions on the processing of personal data
At the request of the data subject, the controller shall restrict the data processing if:
- the data subject disputes the accuracy of the personal data, in which case the restriction shall apply to the period of time that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful, and the data subject opposes the deletion of the data and instead requests that their use to be restricted;
- the controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to make, enforce or protect legal claims.
- if the data subject has objected to the processing but the data controller’s legitimate interest may justify the processing, in which case the data processing shall be limited until it is established whether the data controller’s legitimate reasons take precedence over the data subject’s legitimate reasons,
- where processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing, protecting or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State. I will inform you in advance about the lifting of the data management restriction (at least 15 working days before the lifting of the restriction).
Request a copy
Complying with the request of a copy of personal data from the data controller is free of charge. The data controller may charge a reasonable fee based on administrative costs for copies requested in more than one copy, or is a simpler, faster, more cost-effective way than the method requested by the data subject would be available.
Right to protest
The data subject has the right to object at any time to the improper handling of his or her personal data for reasons related to his or her own situation.
Right to portability
If the data processing is carried out in an automated manner, or if the data processing is based on the voluntary consent of the data subject, the data subject is entitled to request the data provided by him or her. The data controller is obliged to provide the requested data in a form that the data subject can display.
If he wishes to exercise the rights of the data subject, this is accompanied by the identification of the data subject and the fact that the data controller must contact him or her. Therefore, you will be required to provide personal information for identification purposes (however, identification may only be based on information that is already on my records). Complaints about data management should be sent to email@example.com. I will respond to complaints about data management by email within 5 days at the latest.
If, in your opinion, I have violated any legal provision on data processing or have not complied with any of your requests, you may initiate an investigation procedure by the National Data Protection and Freedom of Information Authority (mailing address: 1530 Budapest, Pf .: 5., e-mail: firstname.lastname@example.org).
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and repealing Directive 95/46/EC (GDPR)
- Act V of 2013 on the Civil Code (Civil Code-HU)
- CXII of 2011 on the right to information self-determination and freedom of information. (Info-law – HU)
- Act CXII of 2001 on certain issues of electronic commerce services and information society services. TV. (e-commerce law -HU—)
The data controller is obliged to comply with the legal regulations related to the processing of personal data in all phases of the processing of personal data.