Facial exercises online - real time 
info.en@fitface.hu
+36204399077
en

GDPR

Data Management Policy

Participation in online classes, registration

Date of publication: 2024.01.01.

Data of the Data Controller:

Operator of the website www.fitface.hu

Company name: Kis Jánosné

Company registered office: 7100 Szekszárd, Zápor utca 1.

Company tax number: 48950776-1-37

E-mail address: info@fitface.hu

Telephone number: +36204399077

Hereinafter referred to as: "Data Controller".

The Data Controller is responsible for the lawful processing of your personal data in terms of the processing of your personal data.

Brief description of data processing:

The purpose of this data protection notice (hereinafter: "Data Protection Notice") is to inform you, as the data subject, about the processing of the personal data collected, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: "GDPR") and Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter: "Infotv.").

By providing the data, you guarantee that the data provided is correct, accurate and complete.

Hereinafter, the participant in the scheduled online class, the participant in the online private class, and the applicant for the online beginner training are collectively referred to as the "Data Subject".

If you wish to participate in the online beginner training and/or the scheduled class, online Japanese rejuvenating facial massage announced on the website www.fitface.hu (hereinafter: "Website"), the Data Controller will collect personal data from you during registration for the purpose of contact and billing.

You can find out about the scheduled classes, beginner training, and massage on the website www.fitface.hu. During registration, the Data Controller will process your data.

What personal data is recorded:

During registration related to participation in the scheduled class, the Data Controller will collect the following data:

• name (for the purpose of identifying you);

• telephone number (for the purpose of providing information about the application);

• e-mail address (for the purpose of providing information about the application);

• billing address (for the purpose of issuing an invoice).

The above data is considered personal data under both the GDPR and the Infotv.

For what purpose does the Data Controller collect personal data:

The Data Controller records the Data Subject's personal data in order to organize and conduct the online classes.

The purpose of recording data related to health problems provided during registration for participation in the class is for your safe practice.

Legal basis for data processing:

As specified in Article 6 (1) a) of the GDPR, the legal basis for the processing of personal data is the consent of the Data Subject in all cases. Data processing is voluntary in all cases. You can withdraw your consent at any time.

Duration of data processing:

Personal data is recorded during registration.

The Data Controllers process the data provided during registration for participation in the class for as long as rights and obligations may arise from the legal relationship. The general limitation period according to the Civil Code is 5 years, but this may vary in different cases.

The Data Controller will delete your personal data even if you withdraw your application or request the deletion of your data after applying.

Data security measures:

I process the data recorded by the Data Controller during the registration for participation in the scheduled class and during the registration for facial gymnastics courses at the Data Controller's headquarters.

The Data Controller has access to the personal data recorded by the Data Controller only. The Data Controller treats the personal data as confidential information, does not disclose them to the public and does not provide access to third parties or employees of the Data Controller who are not involved in the registration for participation in the scheduled class or their organization.

The recorded personal data is stored only on a computer accessible to the Data Controller, which is protected by the most modern firewalls and antivirus software.

The Data Controller continuously monitors the security of the storage of personal data.

The data may be used for statistical purposes, in order to fulfill the Data Controller's data provision obligations and in order to fulfill its statutory obligations, and may be transferred in a manner unsuitable for personal identification.

Your rights and remedies:

Right to information and access:

You have the right to obtain from the Controller, upon request, feedback on whether your personal data is being processed and, if such processing is taking place, access to the personal data and the following information:

the purposes of the processing;

the categories of personal data concerned;

the recipients to whom the personal data are or will be disclosed;

the planned period for which the personal data will be stored;

your rights in relation to the processing of your personal data;

the source of the data, if not collected from you;

information on automated decision-making.

In accordance with applicable law, we provide you with information about your personal data free of charge. We will respond to your request in writing within one month. However, if the request is clearly unfounded or excessive, in particular due to its repetitive nature, the Controller may charge you a reasonable fee, taking into account the administrative costs of providing the requested information or communication or taking the requested action, or may refuse to act on the request.

If you have already paid a fee but the processing of your data has been unlawful or we need to rectify your data as a result of your request, we will refund this fee to you.

If, despite our efforts to protect your personal data with our advanced data security measures, anyone accesses, alters, transmits, discloses, erases or destroys your data without authorisation, causes accidental destruction and damage, or otherwise processes your data without authorisation, we will inform you of the circumstances of such an incident, including when it occurred, what its effects may be and what we have done to prevent or mitigate the consequences.

Right to rectification:

If the personal data we process are inaccurate, we will rectify them without undue delay at your request. You also have the right to request that incomplete personal data be completed by means of a statement to this effect.

Right to erasure:

The Data Controllers will erase your personal data without delay if:

the personal data are no longer needed for the purposes specified in this Privacy Policy;

the processing of the personal data is unlawful;

the erasure of the data is necessary for compliance with a legal obligation to which the Data Controller is subject;

if the Data Controller has made the personal data public.

You may also request the erasure of your personal data by withdrawing the consent to data processing previously given to us. In this case, however, we may refuse to provide you with our services, as providing the data is a prerequisite for participating in scheduled classes or registering.

We will block personal data instead of deleting it if you request this or if it can be assumed that deletion may affect your legitimate interests. We will not process blocked data for the above purposes. We will only process such data for the purpose that precluded deletion.

Right to restriction:

Data processing may be restricted if:

You contest the accuracy of your data; in this case, the Data Controllers will restrict the processing of your personal data for a period of time until the accuracy of the data is established;

the data processing is unlawful; you request restriction of use instead of deletion;

the Data Controllers no longer need the data, but you require it to assert legal claims;

you have objected to the processing of your personal data, pending the assessment of the objection.

The Data Controller will suspend the processing of your personal data for the duration of the assessment of your objection to the processing of your personal data - but not more than 5 days - and will examine the grounds for the objection and make a decision, of which you will be informed immediately.

If the objection is justified, the Data Controllers will restrict the data, i.e. only storage as data processing may take place as long as

you consent to the data processing;

the processing of your personal data is necessary for the exercise of legal claims;

the processing of your personal data is necessary to protect the rights of another natural or legal person; or

the processing is required by law in the public interest.

If you have requested the restriction of data processing, the Data Controllers will inform you in advance of the lifting of the restriction.

Right to data portability:

You have the right to receive the personal data concerning you, which you have provided to the Data Controllers, in a structured, commonly used, machine-readable format (e.g. .doc or .pdf format) and have the right to transmit these data to another data controller without hindrance from the Data Controllers.

What happens and what you can do if we reject your request:

If the Data Controllers reject your request for rectification, restriction or erasure, we will inform you in writing within one month of receiving your request why we could not comply with your request and inform you of your options for judicial redress and that you can file a complaint with the National Data Protection and Freedom of Information Authority. We will send you our response by email if you agree to this.

What rights do you have if you consider that the processing is unlawful:

If you have concerns about the lawfulness of the processing, you have the right to object to the processing. The objection must include a request that we cease processing your data and that your data be erased.

If you object to the processing of your personal data, the Data Controllers will examine the grounds for the objection within one month, make a substantive decision and notify you of their decision in writing.

If we find that your objection is well-founded, we will cease all data processing operations, block the data concerned and notify all those to whom we have previously transmitted the personal data concerned by the objection of the objection and the subsequent measures. These recipients are also obliged to take measures to ensure that your objection can be enforced. If you disagree with our decision or if the Data Controllers do not comply with the above one-month deadline, you may apply to the court within 30 days of the notification of the decision or of the last day of the deadline.

What legal remedies are available to you:

If you consider that the Controllers are infringing the provisions of the GDPR when processing your personal data, you as a data subject have the right to lodge a complaint with a supervisory authority (i.e. a public authority established by any EU Member State pursuant to Article 51 of the GDPR) - in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Hungary, the supervisory authority established in accordance with the criteria set out in Article 51 of the GDPR is the National Data Protection and Freedom of Information Authority (hereinafter referred to as the "NAIH" or "Authority").

According to the GDPR, the supervisory authority concerned is the supervisory authority that is affected by the processing of personal data for one of the following reasons:

the Controller has an establishment in the territory of the Member State of that supervisory authority;

the processing significantly affects or is likely to significantly affect data subjects residing in the Member State of the supervisory authority; or

a complaint has been filed with the said supervisory authority.

With regard to the data processing carried out by the Data Controllers, the relevant supervisory authority pursuant to points a) and b) above is the NAIH, given that the Data Controllers have a place of business in Hungary and that the data processing predominantly concerns data subjects residing in Hungary. Accordingly, in the following point we provide details of the possibility of lodging a complaint with the NAIH. However, we would like to draw your attention to the fact that, regardless of this, you are entitled to lodge a complaint not only with the Authority, but also with any supervisory authority established in an EU Member State, in particular with the supervisory authority of the Member State of your habitual residence, place of work or place of the alleged infringement.

Notification to the National Authority for Data Protection and Freedom of Information:

The National Authority for Data Protection and Freedom of Information supervises compliance with data protection legislation. If you consider that our data processing does not comply with the applicable laws, or if you consider that there is an immediate risk of this, you can file a report with the Authority at the following contact details.

Name of Authority: National Data Protection and Freedom of Information Authority

Postal address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.

E-mail address: ugyfelszolgalat@naih.hu

Telephone number: +36 1 391 1400

Fax number: +36 1 391 1410

Further information on data protection issues can be found on the Authority's website: https://naih.hu/

We also draw your attention to the fact that Data Controllers are obliged to notify the Authority of any data protection incident (i.e. accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data) related to the website without undue delay and, where feasible, no later than 72 hours after they have become aware of the data protection incident. If the data protection incident is likely to result in a high risk to the rights and freedoms of data subjects, Data Controllers will inform you, as the data subject, of the data protection incident without undue delay.

Judicial enforcement:

If you consider that we have violated your right to privacy or that our decision regarding your objection was incorrect or that we have not responded to it, you may apply to court. The court shall have jurisdiction over the case. You may also decide to initiate the case before the court of your place of residence or residence.

In addition, under the conditions specified in the law, if we cause you damage as a result of unlawful data processing or a breach of data security requirements, you may claim damages against the Data Controllers in court. If your personal rights have been violated, you may receive compensation, which you may also enforce in court.