Privacy Policy

Valid from 25 May 2018 until revoked

This Privacy Statement expresses Mónika Búzás’s strong commitment to privacy and data protection. Mónika Búzás (hereinafter: the Data Controller) shall use the personal data in his / her possession with the utmost care, in accordance with the provisions of the Basic Law of Hungary, on the right to information self-determination and freedom of information. (hereinafter: Info Act) and General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter GDPR).

1. DATA CONTROLLER INFORMATION
The name of the data controller: Mónika Búzás
The abbreviated name of the data controller is Mónika Búzás
The registered office of the data controller: Madách Imre út 9, 1075 Budapest.
The e-mail address of the data controller: info@queensbeauty.hu

2. DATA CONTROLLER CUSTOMER SERVICE
The Data Controller maintains contact with its customers and interested parties primarily electronically, through the contact forms placed on our websites, or by e-mail. The Data Manager is not available by phone.

The Data Controller will provide a meaningful reply to e-mails received by 11:00 on working days within 24 hours at the latest. A substantive reply means replying to the email or writing when you can reply.

Pursuant to Article 37 of the GDPR, the Data Controller is not obliged to appoint a data protection officer, therefore he / she may also inquire about data management at the central contact (e-mail: info@queensbeauty.hu).

3. VALIDITY OF THE DATA PROCESSING INFORMATION
This Data Management Information is valid for all activities and work processes of the Data Controller and for all websites operated by the Data Controller, primarily, but not exclusively, the website available at https://www.queensbeauty.hu.

4. PHYSICAL LOCATION OF DATA STORAGE
The Data Controller stores all personal data in the high security cloud systems of the Data Processors listed in Section 5. The Data Controller does not store personal data on its own computers, mobile phones or mobile media. The Data Controller will do its utmost to check the data management of the Data Processors related to it and to request information in this regard.

5. DATA PROCESSORS
When processing personal data, the Data Controller uses the services of the following Data Processors:

Newsletter Software Operator:
MailChimp Email Marketing (The Rocket Science Group, LLC)
Head office: 675 Ponce de Leon Ave NE, Atlanta, GA 30308 USA
Legal basis for data processing: explicit consent of the data subject (actively by ticking the appropriate box).
Scope of data transmitted: name and e-mail address of the data subject.
The purpose of data transmission: notification of campaigns, inquiries for business acquisition, general contact.
Duration of data processing: until the data subject unsubscribes or as long as he / she does not request the deletion of his / her data.

Hosting provider:
Contabo GmbH
Head office: Aschauer Straße 32a, 81549 Munich, Germany
Company registration number: HRB 180722
Tax number: DE267602842
Legal basis for data processing: explicit consent of the data subject (actively by ticking the appropriate box).
Scope of data transmitted: IP address, name and e-mail address of the data subject.
The purpose of data transmission: to provide a server service for the purpose of data storage (in the case of blog notifications, requests for quotations).
Duration of data processing: until the data subject unsubscribes or as long as he / she does not request the deletion of his / her data.

Website statistics software operator:
Google Computer Service Limited Liability Company
(Google Information Technology Services Limited Liability Company)
Headquarters: 1023 Budapest, Árpád fejedelem útja 26-28.
Company registration number: 01-09-861726
Tax number: 13561677-2-41
Legal basis for data management: the legitimate interest of the Data Controller.
The range of data transmitted: the IP address of the data subject, the time and duration of the visit, the list of sub-pages visited, the operating system used by the data subject, the type of browser, the screen resolution.
The purpose of data transmission is to perform statistical analyzes, thereby controlling and improving the quality of the Data Controller’s services.
Duration of data management: 2 years.

Comment. Statistics are collected and analyzed using a service called Google Analytics. The Data Controller does not identify the data received during the visit to the websites with specific persons, ie the data can only be analyzed en masse, in this sense in a completely anonymous way.

Detailed information about how Google Analytics works is available at:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Comments

When you submit a comment to a blog post, in addition to what you specify in the post form, the commenter’s IP address and browser ID string are collected to filter out unwanted content.

A personalized string generated from the email address (called a “hash”) is passed to the Gravatar service. The terms and conditions of the Gravatar service can be viewed at: https://automattic.com/privacy/

After accepting the post, the content of the post and the profile picture associated with the email address will also be displayed publicly.

6. DATA MANAGEMENT, DATA STORAGE, BACKUP
6.1. The provision of personal data is voluntary. Subscribing to blog alerts or marketing newsletters is done using a double opt-in system, ie until the data subject clicks on the so-called confirmation link sent to the e-mail address provided when initiating the subscription, the data controller will only temporarily store the data provided. If the data subject does not click on the confirmation link, the entered data will be deleted automatically after three days.

6.2. The Data Controller handles and stores the provided personal data in accordance with the law, and does not transfer the data to any third party or company other than the Data Processors specified in point 5. The Data Processors (due to technical necessity) regularly back up and store the data.

6.3. You can unsubscribe from blog alerts or marketing newsletters at any time by clicking on the unsubscribe link in the bottom line of any email sent by the Data Controller. The data modification can be requested by the data subject by clicking on the data modification link or by indicating the data modification request to the e-mail address of the Data Controller.

6.4. The data controller does not verify the authenticity of the data provided by the data subject.

6.5. The Data Controller does not perform profiling based on the behavior, interests or other data provided by its interested parties, customers, visitors, subscribers or contracting authorities of the websites operated by it, and does not use automatic bidding, classification or decision-making.

6.6. Identifying visitors to websites is not the purpose of the Data Controller and does not take steps to do so.

6.7. Data subjects may use the services of the Data Controller without subscribing to a newsletter for marketing purposes.

7. RIGHTS OF THE PERSON CONCERNED
The data subject may request information on the processing of his / her personal data, request the correction or deletion or revocation of his / her personal data, except for mandatory data processing, exercise his / her right to carry data and protest in the manner indicated at the time of data collection.

7.1. Right to information

The Data Controller shall take appropriate measures to provide the data subject with all information concerning the processing of personal data referred to in Articles 13 and 14 of the GDPR and Articles 15 to 22. and Article 34 shall be provided in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner.

The Data Controller shall provide his / her information within 14 days (but not more than 1 month) from the submission of the request.

The information shall be free of charge, unless the data subject has already submitted a request for information in the current year for the same set of data. Reimbursement of costs already paid by the data subject shall be reimbursed by the Data Controller in the event that the data have been processed unlawfully or the request for information has led to rectification.

The Data Controller may refuse the information only in cases provided by law, indicating the place of law and informing about the possibility of legal redress or recourse to the Authority.

The Data Controller shall notify the data subject of the rectification, blocking, marking and deletion of personal data, as well as to all persons to whom the data have previously been transmitted for the purpose of data processing, unless failure to notify does not harm the data subject’s legitimate interests.

7.2. Right of access to data

The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and, if such data processing is in progress, he / she has the right to access the personal data and the following information:

• the purposes of data management;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
• the intended duration of the storage of personal data;
• the right to rectify, rectify or restrict the processing of data and to protest;
• the right to lodge a complaint with the supervisory authority;
• information on data sources;
• the fact of automated decision-making, including profiling, and comprehensible information on the logic used and the significance of such data processing for the data subject.

The Data Controller shall provide the above information within a maximum of one month from the submission of the data subject’s request.

7.3. Right to rectify data

The data subject may request the correction of inaccurate personal data processed by the Data Controller or the addition of incomplete data.

The data subject may change or supplement the data independently by clicking on the link to the data modification form in the e-mail sent by the Data Controller, or by requesting the Data Controller to do so by e-mail sent to the central e-mail address (info@queensbeauty.hu).

7.4. Right to delete data

The data subject shall have the right, at the request of the Data Controller, to delete personal data concerning him or her without undue delay, if any of the following reasons exists:

• personal data are no longer required for the purpose for which they were collected or otherwise processed;
• the data subject withdraws the consent on which the data processing is based and there is no other legal basis for the data processing;
• the data subject objects to the processing and there is no overriding legitimate reason for the processing;
• personal data has been processed unlawfully;
• personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
• personal data were collected in connection with the provision of information society services.

Deletion of data cannot be initiated if data management is required:

• to exercise the right to freedom of expression and information;
• in order to comply with an obligation under EU or Member State law governing the processing of personal data;
• for the performance of a task performed in the public interest or in the exercise of a public authority conferred on the Data Controller;
• in the field of public health, or for archival, scientific and historical research purposes, or for statistical purposes, in the public interest;
• to file, enforce or defend legal claims.

The Data Controller shall register the withdrawal of consent within 14 days.

The Data Controller may process certain data after the withdrawal of consent in order to fulfill its legal obligations or enforce its legitimate interests.

Explanatory note. In practice, if a data subject requests the deletion of their data in connection with a blog notification or marketing newsletter and clicks on the unsubscribe link in an e-mail, the computer operation that deletes the data subject’s data from the blog notification or newsletter management software will take place immediately. So the request is executed immediately, there is no need to wait 14 days for it. However, the deletion of data may not take place in the case of data that the Data Controller has a legal obligation to store (purchases, payments, invoices for 8 years).

7.5. Right to restrict and withdraw data processing

At the request of the data subject, the Data Controller shall restrict the data processing if one of the following conditions is met:

• the data subject disputes the accuracy of the personal data – in this case the restriction applies to the period of time that allows the accuracy of the personal data to be verified;
• the processing is unlawful, but the data subject opposes the deletion of the data and instead requests that their use be restricted;
• the Data Controller no longer needs personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims;
• the data subject has objected to the processing – in this case the restriction applies for the period until it is established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

Where processing is restricted, personal data other than storage may be processed only with the consent of the data subject or for the purpose of making, asserting or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

7.6. The right to data portability

The data subject has the right to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used machine – readable format and to transmit this data to another data controller.

Upon the request of the data subject, the Data Controller shall send the data processed by the data subject to the data subject in PDF and / or CSV format. The data subject may submit the application by e-mail sent to the Data Controller’s central e-mail address (info@queensbeauty.hu).

7.7. Right to protest

The data subject shall have the right to object at any time, for reasons related to his or her situation, to the processing of his or her personal data in the public interest or in the exercise of a public authority, or to the profiling based on those provisions. is.

In the event of an objection, the Data Controller may not further process the personal data, unless justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.

If the data subject objects to the processing of his / her personal data, the Data Controller shall examine the objection within 14 days (but not more than within 1 month) of the submission of the request and shall inform the data subject in writing of its decision. If the Data Controller decides that the data subject’s protest is justified, the Data Controller shall terminate the data processing, including further data collection and data transfer, and shall block the data, and shall notify all persons to whom the data protection is based. who has previously transmitted the personal data affected by the protest and who are obliged to take action to enforce the right to protest.

The Data Controller shall refuse to comply with the request if it proves that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or defense of legal claims. If the data subject does not agree with the decision, or if the Data Controller fails to meet the deadline, he or she may apply to the relevant court within 30 days from the notification of the decision or the last day of the deadline.

Comment. If you experience any problems, please contact us by e-mail (info@queensbeauty.hu) or by registered mail with return receipt to our headquarters, and we will do our best to rectify the problem immediately.

7.8. Right to go to court

If the data subject violates his / her rights, he / she may take legal action against the Data Controller. The court is acting out of turn in the case.

Data protection lawsuits fall within the jurisdiction of the tribunal, which may, at the option of the data subject, be sued in the court of the data subject’s domicile or residence. A foreign national may also lodge a complaint with the competent supervisory authority of his or her place of residence.

Comment. Before applying to a court or supervisory authority, please contact us by e-mail (info@queensbeauty.hu) or by registered mail with return receipt to our headquarters, for consultation and to resolve the problem as soon as possible.

7.9. Right to complain

Remedies and complaints can be lodged with the supervisory authority:
National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest Szilágyi Erzsébet avenue 22 / c.
Postal address: 1530 Budapest, Pf .: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
e-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu
More information: https://naih.hu/panaszuegyintezes-rendje.html

8. SENDING AND RECEIVING MARKETING MESSAGES
The data subject may consent to the use of his / her personal data by the Data Controller for marketing purposes by making a statement during the subscription to the blog or newsletter, or later by modifying his / her personal data stored on the newsletter and / or direct marketing registration interface, ie by expressing his / her intention.

In this case, Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Act (Grtv.) § 6. Until the withdrawal of the consent, the Data Controller shall also process the data subject’s data for the purpose of sending direct marketing and / or newsletters, and shall send the data subject advertising advertisements, information leaflets and offers and / or newsletters.

The data subject may give his or her consent to direct marketing and the newsletter together or separately, or withdraw it free of charge at any time.

Deletion of the subscription (so-called “unsubscription”) is considered by the Data Controller to be the withdrawal of the consent in all cases. However, the Data Controller does not interpret the withdrawal of consent to data management for direct marketing and / or newsletter purposes as the withdrawal of consent to data management in general.

9. USE OF COOKIES ON DATA MANAGER WEBSITES
Cookies are small data files (“cookies”) that are placed on a visitor’s computer through the website for the purpose of personalized service, so that they are saved and stored by the visitor’s web browser and then read back during a later visit.

If the browser returns a previously saved cookie, the cookie service provider has the option to link the user’s current visit to the previous ones, but only for their own content.

General tasks of cookies:

• collect information about visitors and their assets;
• notes visitors’ custom settings, which can be used, for example, when using online transactions, so they don’t have to be re-typed;
• facilitate the use of the website;
• provide a quality user experience.

Most commonly used Internet browsers (Chrome, Firefox, Internet Explorer, Safari, Edge, Opera, etc.) accept and allow the download and use of cookies by default. The visitor to the website can reject or disable them by changing their browser settings. The user can also delete cookies already stored on the computer.

There are cookies that do not require the prior consent of the visitor (such as authentication, multimedia player, load balancing, session cookies to help customize the user interface, and user-centric security cookies).

The websites provide brief information about both non-consent and consent-seeking cookies when the website is opened, ie at the start of the first visit (if data processing already begins with a visit to the site) and ask for the user’s consent to the use of cookies.

The Data Controller does not use or authorize cookies that allow a third party or company to collect data without the consent of the data subject.

Acceptance of cookies is not mandatory, however, the Data Controller is not responsible for the fact that the websites may not function as expected if cookies are not enabled.

More information on the use of cookies can be found in the “help” menu of each browser, but we have also collected them here:

Chrome: https://support.google.com/accounts/answer/61416?hl=en_US

Firefox: https://support.mozilla.org/en/kb/sutik-informacio-abely-websites-tarolnak-szami

Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internetexplorer-delete-manage-cookies#ie=ie-11

Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US

Edge: https://support.microsoft.com/en-us/help/10607/microsoft-edge-view-deletebrowser-history

Opera: http://help.opera.com/Windows/10.20/en/cookies.html

System Cookies (so-called “Absolutely Necessary Cookies”)

Legal basis: no consent required.
Description: The purpose of cookies is for visitors to fully and seamlessly browse the Data Manager’s website, use its functions and the services available there. These types of cookies last until the end of the session (browsing), and when you close the browser, these types of cookies are automatically deleted from your computer or other device used for browsing.
The purpose of data management is to improve the user experience.
Duration: browser session.

Statistical cookies (from third parties)

Legal basis: explicit consent of the data subject (actively by switching on the relevant switch).
Description: The Data Controller also uses Google Analytics as a third-party cookie on its websites. Using Google Analytics for statistical purposes, it collects information about how visitors use your web pages. Use the data to improve the website and improve the user experience. These cookies remain on the visitor’s computer or other device used for browsing, in their browser until they expire, or until the visitor deletes them.
The purpose of data management is to improve the user experience.
Duration: up to 180 days.

You can read more about third-party cookies here: https://www.google.com/policies/technologies/types/

You can read more about Google Analytics privacy at https://www.google.com/analytics/learn/privacy.html?hl=en_US

10. OTHER DATA PROCESSING ISSUES
The Data Controller may transfer the data of the data subject only within the limits specified by law, and in the case of Data Processors, by stipulating contractual conditions, they shall ensure that they may not use the personal data of the data subject for purposes contrary to the data subject’s consent.

The Data Controller may be contacted by the court, the public prosecutor’s office, the police, the National Tax and Customs Board, the National Data Protection and Freedom of Information Authority for information, disclosure or provision of documents. In such cases, the Data Controller must fulfill its obligation to provide data, but only to the extent strictly necessary to achieve the purpose of the request.

Contributors and employees of the Data Controller participating in data management and / or data processing are entitled to access the personal data of the data subject to a predetermined extent, subject to the obligation of confidentiality.

The Data Controller protects the personal data of the data subject with appropriate technical and other measures, ensures the security and availability of the data, and protects them from unauthorized access, alteration, damage, disclosure, and any other unauthorized use.

Within the framework of organizational measures, the Data Controller controls physical access, continuously educates its contributors and employees, and keeps paper-based documents locked with adequate protection. As part of the technical measures, the Data Controller and Data Processors use encryption, password protection and anti-virus software.

The Data Controller makes every effort to make the processes as secure as possible, however, due to the current computer conditions, it cannot take full responsibility for the transfer of data via the websites. The Data Controller adheres to strict regulations to ensure the security of the data subject’s data and to prevent unauthorized access.

Comment. Please note that, despite all measures, data transmission over the Internet cannot be considered as completely secure data transmission. Regarding security issues, we ask you to help you keep your access and password carefully, and do not share your password with anyone. We also ask you to cooperate in using a computer that is virus-free while using our websites.

Budapest, May 25, 2018Privacy Policy
Valid from 25 May 2018 until revoked

This Privacy Statement expresses Mónika Búzás’s strong commitment to privacy and data protection. Mónika Búzás (hereinafter: the Data Controller) shall use the personal data in his / her possession with the utmost care, in accordance with the provisions of the Basic Law of Hungary, on the right to information self-determination and freedom of information. (hereinafter: Info Act) and General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter GDPR).

1. DATA CONTROLLER INFORMATION
The name of the data controller: Mónika Búzás
The abbreviated name of the data controller is Mónika Búzás
The registered office of the data controller: Madách Imre út 9, 1075 Budapest.
The e-mail address of the data controller: info@queensbeauty.hu

2. DATA CONTROLLER CUSTOMER SERVICE
The Data Controller maintains contact with its customers and interested parties primarily electronically, through the contact forms placed on our websites, or by e-mail. The Data Manager is not available by phone.

The Data Controller will provide a meaningful reply to e-mails received by 11:00 on working days within 24 hours at the latest. A substantive reply means replying to the email or writing when you can reply.

Pursuant to Article 37 of the GDPR, the Data Controller is not obliged to appoint a data protection officer, therefore he / she may also inquire about data management at the central contact (e-mail: info@queensbeauty.hu).

3. VALIDITY OF THE DATA PROCESSING INFORMATION
This Data Management Information is valid for all activities and work processes of the Data Controller and for all websites operated by the Data Controller, primarily, but not exclusively, the website available at https://www.queensbeauty.hu.

4. PHYSICAL LOCATION OF DATA STORAGE
The Data Controller stores all personal data in the high security cloud systems of the Data Processors listed in Section 5. The Data Controller does not store personal data on its own computers, mobile phones or mobile media. The Data Controller will do its utmost to check the data management of the Data Processors related to it and to request information in this regard.

5. DATA PROCESSORS
When processing personal data, the Data Controller uses the services of the following Data Processors:

Newsletter Software Operator:
MailChimp Email Marketing (The Rocket Science Group, LLC)
Head office: 675 Ponce de Leon Ave NE, Atlanta, GA 30308 USA
Legal basis for data processing: explicit consent of the data subject (actively by ticking the appropriate box).
Scope of data transmitted: name and e-mail address of the data subject.
The purpose of data transmission: notification of campaigns, inquiries for business acquisition, general contact.
Duration of data processing: until the data subject unsubscribes or as long as he / she does not request the deletion of his / her data.

Hosting provider:
Contabo GmbH
Head office: Aschauer Straße 32a, 81549 Munich, Germany
Company registration number: HRB 180722
Tax number: DE267602842
Legal basis for data processing: explicit consent of the data subject (actively by ticking the appropriate box).
Scope of data transmitted: IP address, name and e-mail address of the data subject.
The purpose of data transmission: to provide a server service for the purpose of data storage (in the case of blog notifications, requests for quotations).
Duration of data processing: until the data subject unsubscribes or as long as he / she does not request the deletion of his / her data.

Website statistics software operator:
Google Computer Service Limited Liability Company
(Google Information Technology Services Limited Liability Company)
Headquarters: 1023 Budapest, Árpád fejedelem útja 26-28.
Company registration number: 01-09-861726
Tax number: 13561677-2-41
Legal basis for data management: the legitimate interest of the Data Controller.
The range of data transmitted: the IP address of the data subject, the time and duration of the visit, the list of sub-pages visited, the operating system used by the data subject, the type of browser, the screen resolution.
The purpose of data transmission is to perform statistical analyzes, thereby controlling and improving the quality of the Data Controller’s services.
Duration of data management: 2 years.

Comment. Statistics are collected and analyzed using a service called Google Analytics. The Data Controller does not identify the data received during the visit to the websites with specific persons, ie the data can only be analyzed en masse, in this sense in a completely anonymous way.

Detailed information about how Google Analytics works is available at:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Comments

When you submit a comment to a blog post, in addition to what you specify in the post form, the commenter’s IP address and browser ID string are collected to filter out unwanted content.

A personalized string generated from the email address (called a “hash”) is passed to the Gravatar service. The terms and conditions of the Gravatar service can be viewed at: https://automattic.com/privacy/

After accepting the post, the content of the post and the profile picture associated with the email address will also be displayed publicly.

6. DATA MANAGEMENT, DATA STORAGE, BACKUP
6.1. The provision of personal data is voluntary. Subscribing to blog alerts or marketing newsletters is done using a double opt-in system, ie until the data subject clicks on the so-called confirmation link sent to the e-mail address provided when initiating the subscription, the data controller will only temporarily store the data provided. If the data subject does not click on the confirmation link, the entered data will be deleted automatically after three days.

6.2. The Data Controller handles and stores the provided personal data in accordance with the law, and does not transfer the data to any third party or company other than the Data Processors specified in point 5. The Data Processors (due to technical necessity) regularly back up and store the data.

6.3. You can unsubscribe from blog alerts or marketing newsletters at any time by clicking on the unsubscribe link in the bottom line of any email sent by the Data Controller. The data modification can be requested by the data subject by clicking on the data modification link or by indicating the data modification request to the e-mail address of the Data Controller.

6.4. The data controller does not verify the authenticity of the data provided by the data subject.

6.5. The Data Controller does not perform profiling based on the behavior, interests or other data provided by its interested parties, customers, visitors, subscribers or contracting authorities of the websites operated by it, and does not use automatic bidding, classification or decision-making.

6.6. Identifying visitors to websites is not the purpose of the Data Controller and does not take steps to do so.

6.7. Data subjects may use the services of the Data Controller without subscribing to a newsletter for marketing purposes.

7. RIGHTS OF THE PERSON CONCERNED
The data subject may request information on the processing of his / her personal data, request the correction or deletion or revocation of his / her personal data, except for mandatory data processing, exercise his / her right to carry data and protest in the manner indicated at the time of data collection.

7.1. Right to information

The Data Controller shall take appropriate measures to provide the data subject with all information concerning the processing of personal data referred to in Articles 13 and 14 of the GDPR and Articles 15 to 22. and Article 34 shall be provided in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner.

The Data Controller shall provide his / her information within 14 days (but not more than 1 month) from the submission of the request.

The information shall be free of charge, unless the data subject has already submitted a request for information in the current year for the same set of data. Reimbursement of costs already paid by the data subject shall be reimbursed by the Data Controller in the event that the data have been processed unlawfully or the request for information has led to rectification.

The Data Controller may refuse the information only in cases provided by law, indicating the place of law and informing about the possibility of legal redress or recourse to the Authority.

The Data Controller shall notify the data subject of the rectification, blocking, marking and deletion of personal data, as well as to all persons to whom the data have previously been transmitted for the purpose of data processing, unless failure to notify does not harm the data subject’s legitimate interests.

7.2. Right of access to data

The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and, if such data processing is in progress, he / she has the right to access the personal data and the following information:

• the purposes of data management;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
• the intended duration of the storage of personal data;
• the right to rectify, rectify or restrict the processing of data and to protest;
• the right to lodge a complaint with the supervisory authority;
• information on data sources;
• the fact of automated decision-making, including profiling, and comprehensible information on the logic used and the significance of such data processing for the data subject.

The Data Controller shall provide the above information within a maximum of one month from the submission of the data subject’s request.

7.3. Right to rectify data

The data subject may request the correction of inaccurate personal data processed by the Data Controller or the addition of incomplete data.

The data subject may change or supplement the data independently by clicking on the link to the data modification form in the e-mail sent by the Data Controller, or by requesting the Data Controller to do so by e-mail sent to the central e-mail address (info@queensbeauty.hu).

7.4. Right to delete data

The data subject shall have the right, at the request of the Data Controller, to delete personal data concerning him or her without undue delay, if any of the following reasons exists:

• personal data are no longer required for the purpose for which they were collected or otherwise processed;
• the data subject withdraws the consent on which the data processing is based and there is no other legal basis for the data processing;
• the data subject objects to the processing and there is no overriding legitimate reason for the processing;
• personal data has been processed unlawfully;
• personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
• personal data were collected in connection with the provision of information society services.

Deletion of data cannot be initiated if data management is required:

• to exercise the right to freedom of expression and information;
• in order to comply with an obligation under EU or Member State law governing the processing of personal data;
• for the performance of a task performed in the public interest or in the exercise of a public authority conferred on the Data Controller;
• in the field of public health, or for archival, scientific and historical research purposes, or for statistical purposes, in the public interest;
• to file, enforce or defend legal claims.

The Data Controller shall register the withdrawal of consent within 14 days.

The Data Controller may process certain data after the withdrawal of consent in order to fulfill its legal obligations or enforce its legitimate interests.

Explanatory note. In practice, if a data subject requests the deletion of their data in connection with a blog notification or marketing newsletter and clicks on the unsubscribe link in an e-mail, the computer operation that deletes the data subject’s data from the blog notification or newsletter management software will take place immediately. So the request is executed immediately, there is no need to wait 14 days for it. However, the deletion of data may not take place in the case of data that the Data Controller has a legal obligation to store (purchases, payments, invoices for 8 years).

7.5. Right to restrict and withdraw data processing

At the request of the data subject, the Data Controller shall restrict the data processing if one of the following conditions is met:

• the data subject disputes the accuracy of the personal data – in this case the restriction applies to the period of time that allows the accuracy of the personal data to be verified;
• the processing is unlawful, but the data subject opposes the deletion of the data and instead requests that their use be restricted;
• the Data Controller no longer needs personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims;
• the data subject has objected to the processing – in this case the restriction applies for the period until it is established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

Where processing is restricted, personal data other than storage may be processed only with the consent of the data subject or for the purpose of making, asserting or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

7.6. The right to data portability

The data subject has the right to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used machine – readable format and to transmit this data to another data controller.

Upon the request of the data subject, the Data Controller shall send the data processed by the data subject to the data subject in PDF and / or CSV format. The data subject may submit the application by e-mail sent to the Data Controller’s central e-mail address (info@queensbeauty.hu).

7.7. Right to protest

The data subject shall have the right to object at any time, for reasons related to his or her situation, to the processing of his or her personal data in the public interest or in the exercise of a public authority, or to the profiling based on those provisions. is.

In the event of an objection, the Data Controller may not further process the personal data, unless justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.

If the data subject objects to the processing of his / her personal data, the Data Controller shall examine the objection within 14 days (but not more than within 1 month) of the submission of the request and shall inform the data subject in writing of its decision. If the Data Controller decides that the data subject’s protest is justified, the Data Controller shall terminate the data processing, including further data collection and data transfer, and shall block the data, and shall notify all persons to whom the data protection is based. who has previously transmitted the personal data affected by the protest and who are obliged to take action to enforce the right to protest.

The Data Controller shall refuse to comply with the request if it proves that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or defense of legal claims. If the data subject does not agree with the decision, or if the Data Controller fails to meet the deadline, he or she may apply to the relevant court within 30 days from the notification of the decision or the last day of the deadline.

Comment. If you experience any problems, please contact us by e-mail (info@queensbeauty.hu) or by registered mail with return receipt to our headquarters, and we will do our best to rectify the problem immediately.

7.8. Right to go to court

If the data subject violates his / her rights, he / she may take legal action against the Data Controller. The court is acting out of turn in the case.

Data protection lawsuits fall within the jurisdiction of the tribunal, which may, at the option of the data subject, be sued in the court of the data subject’s domicile or residence. A foreign national may also lodge a complaint with the competent supervisory authority of his or her place of residence.

Comment. Before applying to a court or supervisory authority, please contact us by e-mail (info@queensbeauty.hu) or by registered mail with return receipt to our headquarters, for consultation and to resolve the problem as soon as possible.

7.9. Right to complain

Remedies and complaints can be lodged with the supervisory authority:
National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest Szilágyi Erzsébet avenue 22 / c.
Postal address: 1530 Budapest, Pf .: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
e-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu
More information: https://naih.hu/panaszuegyintezes-rendje.html

8. SENDING AND RECEIVING MARKETING MESSAGES
The data subject may consent to the use of his / her personal data by the Data Controller for marketing purposes by making a statement during the subscription to the blog or newsletter, or later by modifying his / her personal data stored on the newsletter and / or direct marketing registration interface, ie by expressing his / her intention.

In this case, Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Act (Grtv.) § 6. Until the withdrawal of the consent, the Data Controller shall also process the data subject’s data for the purpose of sending direct marketing and / or newsletters, and shall send the data subject advertising advertisements, information leaflets and offers and / or newsletters.

The data subject may give his or her consent to direct marketing and the newsletter together or separately, or withdraw it free of charge at any time.

Deletion of the subscription (so-called “unsubscription”) is considered by the Data Controller to be the withdrawal of the consent in all cases. However, the Data Controller does not interpret the withdrawal of consent to data management for direct marketing and / or newsletter purposes as the withdrawal of consent to data management in general.

9. USE OF COOKIES ON DATA MANAGER WEBSITES
Cookies are small data files (“cookies”) that are placed on a visitor’s computer through the website for the purpose of personalized service, so that they are saved and stored by the visitor’s web browser and then read back during a later visit.

If the browser returns a previously saved cookie, the cookie service provider has the option to link the user’s current visit to the previous ones, but only for their own content.

General tasks of cookies:

• collect information about visitors and their assets;
• notes visitors’ custom settings, which can be used, for example, when using online transactions, so they don’t have to be re-typed;
• facilitate the use of the website;
• provide a quality user experience.

Most commonly used Internet browsers (Chrome, Firefox, Internet Explorer, Safari, Edge, Opera, etc.) accept and allow the download and use of cookies by default. The visitor to the website can reject or disable them by changing their browser settings. The user can also delete cookies already stored on the computer.

There are cookies that do not require the prior consent of the visitor (such as authentication, multimedia player, load balancing, session cookies to help customize the user interface, and user-centric security cookies).

The websites provide brief information about both non-consent and consent-seeking cookies when the website is opened, ie at the start of the first visit (if data processing already begins with a visit to the site) and ask for the user’s consent to the use of cookies.

The Data Controller does not use or authorize cookies that allow a third party or company to collect data without the consent of the data subject.

Acceptance of cookies is not mandatory, however, the Data Controller is not responsible for the fact that the websites may not function as expected if cookies are not enabled.

More information on the use of cookies can be found in the “help” menu of each browser, but we have also collected them here:

Chrome: https://support.google.com/accounts/answer/61416?hl=en_US

Firefox: https://support.mozilla.org/en/kb/sutik-informacio-abely-websites-tarolnak-szami

Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internetexplorer-delete-manage-cookies#ie=ie-11

Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US

Edge: https://support.microsoft.com/en-us/help/10607/microsoft-edge-view-deletebrowser-history

Opera: http://help.opera.com/Windows/10.20/en/cookies.html

System Cookies (so-called “Absolutely Necessary Cookies”)

Legal basis: no consent required.
Description: The purpose of cookies is for visitors to fully and seamlessly browse the Data Manager’s website, use its functions and the services available there. These types of cookies last until the end of the session (browsing), and when you close the browser, these types of cookies are automatically deleted from your computer or other device used for browsing.
The purpose of data management is to improve the user experience.
Duration: browser session.

Statistical cookies (from third parties)

Legal basis: explicit consent of the data subject (actively by switching on the relevant switch).
Description: The Data Controller also uses Google Analytics as a third-party cookie on its websites. Using Google Analytics for statistical purposes, it collects information about how visitors use your web pages. Use the data to improve the website and improve the user experience. These cookies remain on the visitor’s computer or other device used for browsing, in their browser until they expire, or until the visitor deletes them.
The purpose of data management is to improve the user experience.
Duration: up to 180 days.

You can read more about third-party cookies here: https://www.google.com/policies/technologies/types/

You can read more about Google Analytics privacy at https://www.google.com/analytics/learn/privacy.html?hl=en_US

10. OTHER DATA PROCESSING ISSUES
The Data Controller may transfer the data of the data subject only within the limits specified by law, and in the case of Data Processors, by stipulating contractual conditions, they shall ensure that they may not use the personal data of the data subject for purposes contrary to the data subject’s consent.

The Data Controller may be contacted by the court, the public prosecutor’s office, the police, the National Tax and Customs Board, the National Data Protection and Freedom of Information Authority for information, disclosure or provision of documents. In such cases, the Data Controller must fulfill its obligation to provide data, but only to the extent strictly necessary to achieve the purpose of the request.

Contributors and employees of the Data Controller participating in data management and / or data processing are entitled to access the personal data of the data subject to a predetermined extent, subject to the obligation of confidentiality.

The Data Controller protects the personal data of the data subject with appropriate technical and other measures, ensures the security and availability of the data, and protects them from unauthorized access, alteration, damage, disclosure, and any other unauthorized use.

Within the framework of organizational measures, the Data Controller controls physical access, continuously educates its contributors and employees, and keeps paper-based documents locked with adequate protection. As part of the technical measures, the Data Controller and Data Processors use encryption, password protection and anti-virus software.

The Data Controller makes every effort to make the processes as secure as possible, however, due to the current computer conditions, it cannot take full responsibility for the transfer of data via the websites. The Data Controller adheres to strict regulations to ensure the security of the data subject’s data and to prevent unauthorized access.

Comment. Please note that, despite all measures, data transmission over the Internet cannot be considered as completely secure data transmission. Regarding security issues, we ask you to help you keep your access and password carefully, and do not share your password with anyone. We also ask you to cooperate in using a computer that is virus-free while using our websites.

Budapest, May 25, 2018