Privacy Policy
According to the 1998 Act VI on the protection of individuals in the processing of personal data, within the territory of the European Union, every individual – regardless of nationality or place of residence – must be ensured that their rights and fundamental freedoms, particularly the right to privacy, are respected during the processing of their personal data. The operator of the website is Szilvia Tünde Sebestyén. It is important for the website operator to protect the data provided by visitors and to ensure the visitors’ informational self-determination rights. The principles and practices outlined in this Data Protection Notice are based on the following laws and regulations:
Act CXII of 2011
Act CVIII of 2001
Act XLVIII of 2008
Regulation (EU) 2016/679 of the European Parliament and the Council
The operator of the website (hereinafter referred to as the Data Controller) handles the personal data it obtains in accordance with the provisions of this Data Processing Notice.
Definitions
a) Personal data: Any information relating to an identified or identifiable individual (data subject).
b) Automated data set: A sequence of data processed automatically.
c) Automated processing: Includes the following operations when carried out, in whole or in part, by automated means: data storage, logical or arithmetic operations on the data, data modification, deletion, retrieval, and distribution.
d) Data controller: A natural or legal person, authority, office, or any other organization that, according to national law, is authorized to determine the purpose of the automated data set, the types of personal data that may be stored, and the operations that can be performed on the data.
- DATA CONTROLLER’S INFORMATION
Name of the Data Controller: Szilvia Tünde Sebestyén
Address of the Data Controller: Budapest
Data Controller’s email contact: sszt.pszichologuscoach@gmail.com - CUSTOMER SERVICE CONTACT OF THE DATA CONTROLLER
The Data Controller primarily communicates with its inquiries and clients electronically, through the contact form and email provided on its websites. The Data Controller is not required to appoint a data protection officer (DPO), so any inquiries related to data processing can be directed to the central (customer service) contact.
CUSTOMER SERVICE: sszt.pszichologuscoach@gmail.com
Since the Data Controller communicates primarily via electronic means with its inquiries and clients, a continuously available customer service phone number is not provided. - VALIDITY OF THE DATA PROCESSING NOTICE
This Data Processing Notice is valid for the work processes, activities, and websites operated by the Data Controller – primarily, but not exclusively, for this website. - DATA PROCESSORS
The Data Controller uses the services of the following Data Processors during data processing:
– Hosting service provider
– Banking services
– Billing software service provider
– Online payment service provider
– Accounting service provider
– Web analytics software service provider
Hosting Service Provider
Company name: ……………….
Address: ……………….
Tax number: ……………….
Legal basis for data processing: explicit consent of the data subject
Types of transferred data: data subject’s name, email address, IP address
Purpose of data transfer: provision of server hosting services
Duration of data processing: until the data subject unsubscribes or submits a request for data deletion
Banking Services
Company name:
Address:
Company registration number:
Tax number:
Legal basis for data processing: statutory obligation
Processed data: data subject’s name and bank account number (Note: The user provides their data directly to the Data Processor, so this is not data from the Data Controller)
Purpose of data processing: provision of payment transfer service
Duration of data processing: 8 years from the last day of the year of the order, based on statutory obligation
Billing Software Service Provider
Company name:
Address:
Company registration number:
Tax number:
Legal basis for data processing: statutory obligation
Types of transferred data: data subject’s name, billing name, billing address, email address
Purpose of data transfer: ensuring the issuance of invoices
Duration of data processing: 8 years from the last day of the year of the order, based on statutory obligation
Accounting Service Provider
Company name:
Address:
Company registration number:
Tax number:
Legal basis for data processing: statutory obligation
Types of transferred data: data subject’s name, billing name, billing address
Purpose of data transfer: ensuring the issuance of invoices
Duration of data processing: 8 years from the last day of the year of the order, based on statutory obligation
Web Analytics Software Service Provider
Statistical data collection and analysis are done using the Google Analytics (cloud-based) service. The data generated during website visits is depersonalized, meaning that neither the Data Controller nor the Data Processor identifies specific individuals during the data processing.
Google Computer Services Limited Liability Company
Address: 1023 Budapest, Árpád fejedelem utca 26-28. (Óbuda Gate Office Building)
Company registration number: 01 09 861726
Tax number: 13561677-2-41
Legal basis for data processing: legitimate interest of the Data Controller
Types of transferred data: visit time and duration, URL of the visited pages, operating system and browser type, screen resolution, data subject’s IP address
Purpose of data transfer: statistical analysis and generating analytical reports to help the Data Controller improve its services
Duration of data processing: 2 years
Data Processing Related to Comments
For blog posts and articles where comment sections are available, visitors can leave comments on the specific post or topic. Along with the visitor’s name, email address, and comment text, the visitor’s IP address is also transmitted via the comment form. If the submitted comment is approved, the comment text and the profile photo associated with the provided email address will be publicly displayed on the Data Controller’s website.
When the comment form is submitted, a depersonalized (non-personal data) character string is sent to the Gravatar service, which displays the photo uploaded by the visitor to the Gravatar service along with the visitor’s comment on the Data Controller’s website.
For detailed privacy information from Gravatar, please visit: Gravatar Privacy Policy.
5. LOCATION OF DATA STORAGE (PHYSICAL)
The Data Controller does not store personal data on its own IT devices, such as computers, mobile phones, or portable storage devices. All personal data is stored within the systems of the Data Processors listed in Section 4.
6. DATA STORAGE, BACKUP, AND DATA MANAGEMENT
6.1. The personal data provided is managed and stored by the Data Controller in accordance with applicable laws. Apart from the Data Processors listed in Section 4, no personal data is shared with third parties (individuals or business entities). The Data Processors listed in Section 4 regularly create and store backups of the data in their systems.
6.2. Providing personal data is voluntary, meaning visitors can choose to share their personal information on the Data Controller’s websites (e.g., subscribing to blog post notifications or marketing emails). Visitors can still use the services provided by the Data Controller even if they do not consent to receiving marketing messages.
6.3. The Data Controller does not engage in profiling or automated decision-making. Identifying visitors to the websites maintained by the Data Controller is not an objective of the Data Controller. No automated classification or offer generation is applied to visitors of the Data Controller’s websites.
6.4. Visitors can unsubscribe from blog post notifications or marketing emails by clicking the ‘Unsubscribe’ link included in the emails sent by the Data Controller. If visitors wish to modify their data, they can send a request to the Data Controller’s customer service or modify their data themselves via the ‘Update My Information’ link included in the emails. The accuracy of the data provided is not verified by the Data Controller; the responsibility for the accuracy lies with the individual providing the data.
- RIGHTS OF DATA SUBJECTS
Data subjects have the right to request information about the processing of their personal data, exercise their rights to data portability and objection, request the rectification of their personal data, and – except in cases of mandatory data processing – request the deletion of their data. Requests can be submitted to the Data Controller’s customer service in writing.
7.1. Right of Access to Data
Data subjects have the right to receive confirmation from the Data Controller regarding whether their personal data is being processed. If processing is ongoing, the data subject is entitled to access the following information about the data processing:
- Purpose(s) of processing
- Information about the sources of the data
- Categories of personal data being processed
- Recipients or categories of recipients with whom the data was or will be shared, including those in third countries or international organizations
- Planned retention period for the data
- Information on the logic behind automated decision-making, if applicable, and the significance and potential consequences of such processing
- Information about data correction, deletion, and processing restrictions
- Right to object to data processing
- Right to lodge a complaint with a supervisory authority
The Data Controller will provide the requested information within one month of the request being submitted.
7.2. Right to Information
The Data Controller will take steps to ensure that data subjects receive all necessary information about the processing of their personal data in a clear, concise, and accessible manner in accordance with the Hungarian Privacy Act of 2011 (CXII) and the EU GDPR (Articles 13–14 and 15–22, 34). The Data Controller will respond to such requests within 14 days (or at most one month).
If information is withheld under statutory provisions, the Data Controller will provide legal justification and details about seeking redress through the courts or authorities.
The information is free of charge unless the data subject has made a similar request within the same year. Any fees previously paid will be refunded if the request leads to data correction or reveals unlawful processing.
7.3. Right to Rectification
Data subjects may request the rectification of inaccurate personal data or the completion of incomplete data held by the Data Controller. Requests can be submitted to the Data Controller’s customer service or performed directly via links provided in emails sent by the Data Controller. The data subject is responsible for the accuracy of the provided data, as the Data Controller does not verify it.
7.4. Right to Erasure
Data subjects can request the deletion of their personal data by contacting the Data Controller’s customer service. Consent withdrawals will be registered within 14 days. However, some data may still be processed for the legitimate interests of the Data Controller or to comply with legal obligations (e.g., invoices, purchase records).
Data deletion is immediate for services like blog notifications and marketing emails when the “unsubscribe” link is clicked. Data required by law or for other legitimate purposes will not be deleted.
Personal data must be erased without undue delay if:
- The data was processed unlawfully.
- The data must be deleted to comply with EU or national law.
- The data is no longer necessary for its original purpose.
- The subject withdraws consent and no other legal basis exists for processing.
- The data was collected in connection with the provision of information society services.
Deletion cannot be requested if processing is required for:
- Exercising the right to freedom of expression and information.
- Legal claims or defenses.
- Compliance with legal obligations.
- Archiving, public health research, or statistical purposes.
7.5. Right to Restrict Processing
Data subjects may request the restriction of data processing in the following cases:
- They object to the processing, pending verification of overriding legitimate grounds.
- Processing is unlawful, and deletion is not requested, but restriction is.
- The accuracy of the data is disputed until verification is complete.
- The data is no longer needed by the Data Controller but is required by the subject for legal purposes.
Restricted data may only be processed with the subject’s consent or for legal claims, public interest, or other compelling reasons.
7.6. Right to Data Portability
Data subjects may request that their personal data be provided in a widely used, machine-readable format (e.g., PDF) or transferred to another data controller. Such requests can be submitted via email to the Data Controller’s customer service.
7.7. Right to Object
Data subjects may object to the processing of their personal data for public interest or legitimate purposes, including profiling. In such cases, the Data Controller will cease processing unless there are overriding legitimate grounds or legal claims.
If the Data Controller rejects the objection, the subject may seek legal remedies within 30 days of the decision.
7.8. Right to Lodge a Complaint
Complaints can be filed with the National Authority for Data Protection and Freedom of Information:
- Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
- Postal Address: 1530 Budapest, Pf.5
- Phone: +36-1-391-1400
- Fax: +36-1-391-1410
7.9. Right to Seek Judicial Remedy
If data subject rights are violated, they may initiate court proceedings, with cases handled expediently. Lawsuits can be filed at the subject’s place of residence or domicile. Non-Hungarian citizens may submit complaints to their local authority.
If you have any questions or concerns about data processing, contact us via email or registered mail, and we will do our best to address and resolve your issues.
Sending and Receiving Advertising Messages
Individuals may voluntarily decide to express their clear intent to allow the Data Controller to use their data for marketing purposes—such as sending advertising and marketing messages—by registering for blog post notifications or subscribing to newsletters. When registering for blog post notifications and/or subscribing to newsletters, individuals consent to the Data Controller sending them advertising and marketing messages. This consent can be withdrawn at any time free of charge (by unsubscribing with a single click). Under Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grtv.), the Data Controller may process the individual’s data for direct marketing or newsletter purposes until the consent is withdrawn.
Use of Cookies on the Data Controller’s Websites
Cookies are small data files that enable various website services. Cookies are stored on the visitor’s computer during website browsing and are saved by the visitor’s internet browser.
Purpose of Cookies:
- Collect information about the visitor.
- Gather data on the visitor’s device used to access the website.
- Ensure the functionality of certain web services (e.g., ordering, payment, etc.).
- Facilitate easier website usage.
Most popular web browsers (Google Chrome, Firefox, Internet Explorer, etc.) are configured by default to allow cookies. Visitors can disable cookies or delete cookies stored on their computers. Certain session cookies do not require prior consent from the visitor, as they are essential for the proper functioning of specific web services. Refusing cookies is not mandatory but may cause the Data Controller’s websites to malfunction or behave unpredictably. Detailed information about cookies is available in the Help menu of web browsers.
Types of Cookies:
- Internal Cookies: Installed by the visited website’s server on the user’s computer.
- Third-party Cookies: Installed by an external service provider on the affected website.
- System Cookies:
- Purpose: Enhance user experience.
- Duration: Until the browser is closed.
- Legal Basis: Does not require consent.
- Description: These cookies allow uninterrupted browsing of the Data Controller’s website and the use of its features and services. They are deleted when the browser is closed.
Statistical Cookies:
- Purpose: Enhance user experience.
- Duration: Until deleted (up to 180 days).
- Legal Basis: Explicit user consent (via an opt-in checkbox).
Google Analytics Web Analytics:
Google Analytics uses internal cookies to compile reports for its clients about user activity on their websites. The collected data is stored in encrypted form.
- Description: The Data Controller uses Google Analytics, a web analytics tool classified as a third-party cookie, to gather anonymous information about website visitor behavior and improve services. Statistical cookies are only automatically deleted when the user configures their browser to do so; otherwise, they are stored for up to 180 days.
- Google Analytics Privacy Policy: Read here
- Google Privacy Policy: Read here
Disabling Google Analytics:
To prevent Google Analytics from collecting data, users can install a browser extension that blocks data transmission from Google Analytics JavaScript (ga.js, analytics.js, dc.js) to Google Analytics.
Other Questions About Data Processing
The Data Controller may be contacted by authorities such as the National Authority for Data Protection and Freedom of Information, the National Tax and Customs Administration, courts, prosecutors, and the police to provide information, disclose data, or supply documents. In such cases, the Data Controller must comply to the extent necessary to fulfill the purpose of the request.
Employees and collaborators involved in data processing and handling are bound by confidentiality and may only access personal data to the extent necessary for predefined purposes. The Data Controller may only transfer personal data within the limits prescribed by law and ensures that contracted data processors use the data solely for the intended purpose, as permitted by the individual’s consent.
The Data Controller protects personal data with technical and other measures to ensure data security, availability, and protection against unauthorized access, modification, damage, disclosure, or misuse. Visitors are advised to safeguard their passwords, avoid sharing them, and ensure that their devices are free of viruses.
Organizational and Technical Data Protection Measures:
- Organizational Measures:
- Control over physical access to data.
- Training employees and collaborators on data protection.
- Secure storage of paper-based documents.
- Technical Measures:
- Encryption.
- Password protection.
- Antivirus software.
This privacy notice is effective from November 28, 2022, and remains valid until revoked.
Budapest, November 28, 2024.