top of page

Data management information and regulations

Valid from: November 1, 2023

 

Data controller details:

 

Company name:               Nikola Tauzin is a sole trader (individual taxpayer)

Headquarters:             2000 Szentendre, Barackos út 51.

Phone number:     06-30-821-0160

Email address:          nikola.tauzin@outlook.com

Contact person: Nikola Tauzin

I. Data protection principles

 

Tauzin Nikola E.V., as a data controller, considers the protection of personal data and all measures to ensure data security to be of utmost importance.

The Data Controller does not transfer or make available the data it manages to third parties for commercial or other purposes. The data manager does not use a data processor.

With this Data Management information and regulations, the Data Controller wishes to ensure that all data management related to its operation complies with the requirements set out in these regulations and the applicable national and European Union legislation.

Information about the data management of the Data Controller is continuously available at the location of the sessions.

The Data Controller treats the processed personal data confidentially and takes all security, technical and organizational measures that ensure the security of the data. The data management practice of the Data Controller is contained in this data management information.

The data management principles of the Data Controller are in accordance with the applicable legislation related to data protection, in particular the CXII of 2011 on the right to informational self-determination and freedom of information. Act (Infotv.), and with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free flow of such data and the repeal of Regulation 95/46/EC (2016. April 27) (GDPR);

The Data Controller uses personal data on the basis of the legal basis included in the GDPR and only for purposes.

The Data Controller undertakes to publish a clear, attention-grabbing and unequivocal notice before collecting, recording and processing any personal data of the website visitor, informing about the method, purpose and principles of data collection and data management, as well as who manages the personal data , or process it.

In all cases where the personal data being processed is used for a purpose other than the purpose of the original data collection, the Data Controller will inform the affected party and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.

 

II. The legal basis of the data management, its purpose and the scope of the managed data

 

The Data Controller continues data management on the basis that the data subject has given his   consent to the processing of his personal data for one or more specific purposes (voluntary consent, GDPR Article 6 (1) point a)).

 

In the case of data management based on voluntary consent, the data subject may withdraw his consent at any stage of the data management.

 

The Data Controller processes personal data exclusively for specific purposes. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal. Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. The Data Controller does not use personal data for purposes other than those indicated.

 

The Data Controller processes personal data as follows:

 

  1. When applying for yoga classes, sessions, courses, programs

 

Purpose of data management: To enable contact with the applicant, so that the applicant can receive information about the concerned yoga class, session, course, program (e.g. change of start time). In addition, the applicant will be added to the Data Controller's mailing list, through which they can receive information about programs organized by the Data Controller. The person concerned can unsubscribe from the mailing list via the mailing list or by sending an e-mail to the address indicated in these Regulations.

 

Legal basis for data management: voluntary consent, GDPR Article 6 (1) point a)

 

Scope of processed data: name, address, email, telephone.

 

Data deletion deadline: the data subject's data will be deleted after the data subject unsubscribes from the mailing list. However, at the written request of the person concerned (including the request sent electronically), their data will be deleted before this, as soon as possible.

 

III. Transmission of data

 

The Data Manager does not hand over, transmit or make available the data it handles to third parties for commercial or other purposes. The Data Controller does not use a data processor.

 

ARC. Method of storing personal data

 

The operator of the Data Controller selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the managed data:

a) accessible to those authorized to do so (availability);

b) its authenticity and authentication are ensured (authenticity of data management);

c) its immutability can be verified (data integrity);

d) be protected against unauthorized access (data confidentiality).

 

The operator of the Data Controller protects the data with appropriate measures, in particular against unauthorized access, change, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

 

The operator of the Data Controller ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks arising in connection with data management, taking into account the current state of technology. Among several possible data management solutions, the one that ensures a higher level of protection of personal data must be chosen, unless it would represent a disproportionate difficulty.

 

The operator of the Data Controller preserves it during data management

a) confidentiality: protect the information so that only those who are authorized to do so can access it;

b) integrity: protects the accuracy and completeness of the information and the method of processing;

c) availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

 

The operator of the Data Controller ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.

 

V. Rights of data subjects

The Data Controller ensures all the rights of the data subjects provided for in the relevant legislation, in particular as follows:

 

The data subject may request information about the processing of his personal data, as well as request the correction of his personal data, as well as - with the exception of mandatory data processing - its deletion and withdrawal, as well as his right to data portability and objection.

 

The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed and, if such data processing is underway, he is entitled to access the personal data and the following information (the data subject's right to access):

- the purposes of data management;

- categories of personal data concerned;

- the recipients or categories of recipients to whom or to whom the personal data has been or will be disclosed, including in particular third-country recipients and international organizations;

- the planned period of storage of personal data;

- the right to correct, delete or limit data processing and to protest;

- the right to submit a complaint to the supervisory authority;

- information about data sources;

- the fact of automated decision-making.

  

The Data Controller provides a copy of the personal data that is the subject of data management at the request of the data subject. At the request of the data subject, the Data Controller provides the information in electronic form. The data controller shall provide the information within a maximum of one month from the date of submission of the request.

 

The data subject may request the correction of inaccurate personal data concerning him or her managed by the Data Controller and the addition of incomplete data (right to rectification).

 

If one of the following reasons exists, the data subject has the right to request that the Data Controller delete his personal data without undue delay (right to deletion):

- personal data are no longer needed for the purpose for which they were collected or otherwise processed;

- the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;

- the data subject objects to the data processing and there is no overriding legal reason for the data processing;

- personal data were handled illegally;

- personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;

- the collection of personal data took place in connection with the offering of services related to the information society.

 

Once a request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be restored.

 

At the request of the data subject, the Data Controller restricts data processing if one of the following conditions is met (right to restrict data processing):

 - the data subject disputes the accuracy of the personal data, in this case the restriction applies to the period that allows the accuracy of the personal data to be checked;

- the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;

- the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession

- the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

 

If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of other natural or legal persons.

 

The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to transmit this data to another data controller (right to data portability).

 

The data subject has the right to object at any time for reasons related to his own situation against the processing of his personal data necessary to assert the legitimate interests of the data controller or a third party, including profiling (right to object:).

 

In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims.

 

The data subject has the right to withdraw his consent at any time (right of withdrawal). Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.

 

VI. Procedural rules

The Data Controller informs the data subject without undue delay, but in any case within one month of receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art.

 

If the Data Controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, and of the fact that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress.

 

The Data Controller provides the requested information and information free of charge.

 

Compensation and damages: All persons who have suffered material or non-material damage as a result of a violation of the data protection regulation are entitled to compensation from the data manager or data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specified in the law, which are specifically imposed on data processors, or if it has ignored or acted contrary to the legal instructions of the data controller. If several data managers or data processors or both the data manager and the data processor are involved in the same data management and are liable for damages caused by the data management, each data manager or data processor is jointly and severally liable for the total damage. The data manager or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.

 

VII. Modification of the Data Management Information and Regulations

The Data Controller is entitled to unilaterally modify the Data Management Information and Regulations. In the event of a change, the Data Controller will notify visitors by posting the changes on the www.nikolatauzin.com page. By visiting the Data Controller after the amendment enters into force, the visitor accepts the amended Data Management Information and Regulations.

 

VIII. Enforcement options

1. The person concerned can send his questions, inquiries and comments to the email address nikola.tauzin@outlook.com.

2. Right to go to court: In the event of a violation of their rights, the data subject may go to court against the data controller. The court acts out of sequence in the case.

3. Data protection official procedure: Complaints can be made to the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Pf.: 5.

Phone: 06 1 391 1400

Fax: 06 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

© 2024 Tauzin Nikola

bottom of page