Privacy Policy – Data Protection

Introduction

The Privacy Policy provides information on the terms of data processing by the Data Controller, as well as on the rights and remedies of the Users or persons involved in data management (hereinafter referred to as the persons concerned).
The Hungarian Iyengar Yoga Association, as a Data Controller (Data Controller or Service Provider), manages the data of the persons registered on the site in order to provide them with a proper service.

The Data Controller intends to comply with the legal requirements regarding the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.

This privacy statement is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data and the free movement of personal data, subject to CXII of 2011. the content of the law on information self-determination and freedom of information.

Please read this Privacy Notice carefully before agreeing to the management of your personal information. Data Controller Name:
Name / Company Name: Hungarian Iyengar Yoga Association

headquarters:

Court of record keeping

Controller registration number

1111 Budapest, Bartók Béla út 34. 1st floor 3.

capital Court

01-01-0014645

VAT number: 18280440-1-43
represented by Erika Répássy
E-mail: www.iyengar.hu
Phone number: +36 20 555 4167

II. Definitions

GDPR (General Data ProtectionRegulation): the European Union’s new Data Protection Regulation;
data management: any or all of the operations carried out in an automated or non-automated way on personal data or data files, such as collection, recording, systematization, classification, storage, conversion or alteration, retrieval, access, use, communication, transmission, distribution or otherwise making available, coordinating or linking, limiting, deleting or destroying;
data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller;
personal data: any information relating to an identified or identifiable natural person (data subject); identifiable by a natural person who, directly or indirectly, in particular by virtue of one or more factors such as name, number, position, online identification or physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified;
“controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of data processing are determined by Union or Member State law, the Data Controller or specific aspects of the designation of the Controller may be defined by Union or Member State law;
data subject’s consent: the voluntary, explicit and unambiguous expression of the data subject’s will by expressing their consent to the processing of personal data concerning them by means of a declaration or an act unambiguously confirming the data subject;
Privacy Incident: a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise processed.
recipient: any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities which have access to personal data in the framework of a specific inquiry in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
third party: any natural or legal person, public authority, agency or any other body which is not the data subject, the Data Controller, the data processor or persons authorized under the direct control of the Data Controller or the data processor to process personal data.

III. Privacy Policy

 

The Data Controller hereby declares that it will handle the personal data in accordance with the provisions of this Privacy Policy, and that it will comply with the requirements of applicable law, with particular regard to the following:

The processing of personal data must be lawful and fair and transparent to the data subject.
Personal data may only be collected for specified, explicit and legitimate purposes.
The purpose of the processing of personal data should be appropriate and relevant and only as necessary.
Personal data must be accurate and up to date. Inaccurate personal data must be deleted immediately.
Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for a longer period only if they are stored for archival purposes in the public interest, for scientific and historical research or for statistical purposes.
The processing of personal data must be carried out in such a way as to ensure adequate security of personal data by appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage.
The principles of data protection apply to all information relating to an identified or identifiable natural person.

 

V. Registration on the Website

 

Purpose of data management: Providing extra service and contact.

Legal basis for the management of the registration: Consent of the data subject.

Stakeholders: Registered users of the website.

Duration of Data Management: Data management will continue until the consent is revoked. Your consent to data management may be withdrawn at any time by a letter sent to the contact email address.

Data deletion: When you withdraw your consent to data management. The data subject may at any time withdraw his / her consent to the data management by sending a letter to the contact email address.

They are entitled to access the data: Data Controller and Data Processor.

Data storage method: Electronic.

Modifications or deletions of your personal information may be initiated by email, telephone or mail using the above contact options.

The provision of personal information is absolutely necessary for the purposes of identification in databases and contacts. The exact company name and address are required for billing, which is a legal requirement.

 Scope of managed data Purpose of data management
Name Identification, contact, billing.
Identification, contact, billing.
Address Identification, contact, billing.
E-mail Identification, contact.
Phone Identification, contact.
Date of registration Technical information operation.
IP Address Technical information operation. 

You may consent to the User’s Data Management by deliberately ticking the blank checkbox provided on the Website for this purpose.

The data subject may object to the processing of his / her personal data, in this respect he / she has the right to act in accordance with the data management information detailed above and this law and the legislation described therein.

VI. Send newsletter

As the operator of the Website, the Service Provider declares that in complying with the information and brochures published by it, it fully complies with the relevant legal provisions. You further state that when you subscribe to a newsletter, you will not be able to verify the authenticity of your contact information or to determine whether the information provided relates to an individual or a company.

Purpose of data management: To send professional brochures, electronic messages containing advertising, information, newsletters, which you can unsubscribe at any time without consequences. The data subject can also unsubscribe without any consequences if his / her business has been terminated and left the company.

Legal basis for the data management: Consent of the data subject. Please be advised that the User may give prior and express consent to contact the Service Provider with the promotional offers, information and other mailings at the email address provided at registration. As a result, the User may consent to the Service Provider processing personal data required for this purpose.

You will be informed if you wish to receive a newsletter from us. We will not be able to send you a newsletter in the event of non-submission.

Duration of Data Management: Data management will continue until the consent is revoked. The data subject may at any time withdraw his / her consent to the data management by sending a letter to the contact email address.

Data deletion: When you withdraw your consent to data management. The data subject may at any time withdraw his / her consent to the data management by sending a letter to the contact email address.

Contributions may also be revoked on the basis of a link in the newsletters sent.

They are entitled to access the data: the Data Controller and the Data Processor.

Data storage method: electronic.

Modifications or deletions of data can be initiated by e-mail, telephone or mail using the above contact options.

 

Scope of managed data Purpose of data management
Name Identification, contact.
E-mail Identification, contact.
Subscription Time Technical Information Operation.
IP Address Technical information operation.
Please be advised that neither your username nor your email address should contain any personally identifiable information. For example, it is not necessary that the username or email address contains the person’s name. The data subject is personally free to choose whether to provide a user name or email address that contains information that identifies the data subject. The contact email is essential to reach the newsletter or professional information sent to the Person concerned section.

 

Cookies
VII. General information about cookies:

 

A cookie is data that a web page you visit sends to the visitor’s browser (in the form of a variable name) so that it can be stored and later loaded by the same web page. The cookies may be valid, valid until the browser closes, or for an unlimited period. Later, for each HTTP (S) request, this information is sent to the server by the browser. This modifies the data on the user’s machine.

The point of the cookie is that by the nature of the web site services, it is necessary for a user to be identified by the person concerned (eg that they have logged in to the site) and be able to handle it accordingly. The danger is that the user is not always aware of this and may be able to follow the user of the web site operator or other service provider whose content is embedded in the site (eg Facebook, Google Analytics), so the profile jaz is affected and in this case the content of the cookie can be considered as personal information.

 

Types of cookies: 

Technically indispensable session cookies: without which the site simply would not function properly, they would be used to identify the user, e.g. it is necessary to manage whether you have entered, etc. This is typically a session-id storage, the other data is stored on the server, which is more secure. It has security implications, if the session cookie value is not well generated then there is a risk of a session hijacking attack, so it is imperative that these values ​​are properly generated. Other terminologies call a session cookie any cookie that is deleted when you exit your browser (a session is a browser use from start to exit).

Usage cookies: This is how you usually refer to cookies that remember the user’s preferences, such as the form in which the user wants to see the page. These types of cookies essentially represent the setting information stored in the cookie.

Performance cookies: Although they have little to do with “performance”, they are commonly referred to as cookies that collect information about the user’s behavior, time, and clicks on the website they visit. These are typically third-party applications (such as Google Analytics, AdWords, or Yandex.ru cookies). These are suitable for profiling a visitor.

Learn about Google Analytics cookies:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Learn about Google AdWords cookies:

https://support.google.com/adwords/answer/2407785?hl=hu

 

Accept cookies 

You do not have to accept or allow the use of cookies. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. Although most browsers automatically accept cookies by default, they can usually be changed in order to prevent automatic acceptance and to offer you a choice each time.

Information on cookies used on the Company’s website and information generated during the visit:

Data Visited during the Visit: Our Company’s website may record and manage the following information about the visitor and the device used by the visitor while using the website:

the IP address used by the visitor,
browser type,
operating system features of the browsing device (language set),
time of visit,
the (sub) page, function or service you are visiting.
click.
This data is retained for a maximum of 90 days and is primarily used to investigate security incidents.

 

Cookies used on this website: 

Technically indispensable session cookies:

Purpose of data management: to ensure the proper functioning of the website. These cookies are required to enable visitors to browse the site, to use its features and services available through the site, such as, in particular, commenting on the visitor’s actions on those pages, or identifying a logged-in user during a visit. . The duration of the processing of these cookies is based solely on the visitor’s current visit, and this type of cookies is automatically deleted from your computer at the end of the session or when you close your browser.

The legal basis for this data management is the 2001 CVIII. Act on certain issues of electronic commerce services and information society services. 13 / A. (3) of the Act, which provides that the service provider may process, for the purpose of providing the service, the personal data which are technically indispensable for the provision of the service. The Service Provider shall, in the event that the other conditions are identical, select and in any case operate the tools used in the provision of the information society service in such a way that personal data is not processed unless it is necessary to absolutely necessary, but in this case only to the extent and for the time necessary.

Usage cookies:

They remember the user’s choices, such as how the user wants to see the page. These types of cookies essentially represent the setting information stored in the cookie.
The legal basis for data management is the consent of the visitor.
Purpose of data management: To increase the efficiency of the service, to increase the user experience and to make the use of the website more comfortable.
This information is rather stored on the user’s machine, and the web site only accesses and recognizes the visitor.

Performance cookies:

It collects information about the user’s behavior, time spent and clicks on the website you visit. These are typically third-party applications (e.g. Google Analytics, AdWords).

Legal basis for the data processing: consent of the data subject.

Purpose of data management: analysis of the website, sending advertising offers

 

Community sites
A social networking site is a media device where the message is distributed through social users. Social media uses the Internet and online presence to transform users from content providers to content editors.

Social media is the interface of web applications that contains user-generated content such as Facebook, Google+, Twitter, etc.

Social media can take the form of public speaking, lectures, presentations, products or services.

Social media information can take the form of forums, blog posts, picture, video and audio materials, message boards, email messages, etc.

As described above, the scope of the managed data may be, in addition to personal information, a public profile picture of the user.

Stakeholders: All registered users.

The purpose of the data collection is to promote the website or the related website.

The legal basis for data management is the voluntary consent of the data subject.

Duration of Data Management: According to the regulations available on the given social networking site.

Deadline for deletion of data: According to the regulations available on the given social networking site.

They are entitled to access the data: according to the regulations that can be viewed on the given social networking site.

Data Protection Rights: According to the regulations available on the given community site.

Data storage method: electronic.

It is important to note that when a user uploads or submits any personal information, he / she grants worldwide permission to the social network operator to store and use such content. Therefore, it is very important to make sure that the user has full authority to publish the published information.

 

VIII. data Processors

 

The controller informs the data subjects that he / she will use a data processor to operate the website, to develop the website and to ensure the smooth operation of the services.

The Data Processor is responsible for performing the technical tasks related to the data management operations.

The Data Processor shall act only on the instructions of the Data Controller and shall not make any substantive decision concerning the data management.

 

Hosted by:

Name / Company Name: Simon Nándor e.v.
Headquarters: 8000 Székesfehérvár, Köfém Ltp. 24. 3/8.
represented by Nándor Simon
E-mail: info@simonszoft.com
The data provided by the data subject is stored on a server operated by the hosting provider. Data may only be accessed by the Data Processing Officer or by the server operator, but they are all responsible for the secure management of the data.

Description of the activity: hosting, server service.

Purpose of data management: to ensure the operation of the website.

Data processed: personal data provided by the data subject

Duration of data management and deadline for deletion of data. Data management until the end of the operation of the website or according to the contractual agreement between the website operator and the hosting provider. The person concerned may also ask the hosting provider to delete his or her data if necessary.

The legal basis for the data management is the consent of the person concerned and the data management based on the law.

Data management rights

 

Right to access and request information
The person concerned may, through the contact details provided, request information from us on what data the Association has, on what legal basis, for what purpose, from what source, for how long, to whom it is transmitted, and is entitled to have access to your personal data. we will send you an email within a maximum of 30 days to the email address provided by the person concerned.
Right to rectification
The person concerned may request that any of his or her details be modified through the contact details provided. We will respond promptly to your request, but within a maximum of 30 days, and we will send you information to the email address provided by the person concerned.
Right to delete
The person concerned may request the deletion of your data through the contact details provided. We will do so immediately upon request, but within a maximum of 30 days, and we will notify you of this upon the contact email provided by the person concerned.
Right to lock
You can request us to lock your data through the personally identifiable contact details. The blocking shall continue for as long as a reason indicated by the person concerned necessitates the storage of the data. Upon request by the individual concerned, we will do so immediately, but within a maximum of 30 days, and we will send you information to the email address provided by the individual.
Right to protest
The person concerned may object to the processing of the data through the contact details provided. We will investigate the objection as soon as possible after filing the application, but no more than 15 days, and make a decision on its merits and notify the person concerned by email of its decision.
Data Enforcement Option
In the event of unlawful processing of data by the person concerned, you must notify our company immediately so that you can be restored to legal status in the short term.
Right to a legal remedy
If the Person concerned considers that the legal situation cannot be restored, notify the Authority at the following contact details:

National Authority for Data Protection and Freedom of Information

Postal address: 1530 Budapest, Pf .: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: customer service (at) naih.hu
URL: https://naih.hu

 

Right to a judicial remedy
The person concerned shall have the right to apply to the competent court for unlawful processing. Proceedings against the controller or the processor shall be brought before the courts of the place where the controller or processor is established. Proceedings may also be brought in the courts for the place where the data subject is habitually resident, unless the controller or the processor is a public authority of a Member State of the European Union acting in the exercise of its public powers.

 

Informing the data subject about the privacy incident
If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject without undue delay, as required by law.

 

SIMPLEPAY
Disclosure Statement
“I acknowledge that the following personal data stored in the iyengar.hu user database will be transferred to the data controller of the Hungarian Iyengar Yoga Association (headquarters: 1111. Budapest, Bartók Béla út 34. I.em.3)
as a data processor for OTP Mobil Kft. (1093 Budapest, Közraktár u. 30-32.). The controller
The data transmitted by you is: name, email address, phone number, billing address
The nature and purpose of the data processing activity performed by the data processor is SimplePay Data Management
For information, see the following link: http://simplepay.hu/vasarlo-aff