General Data Protection Regulation

The purpose of this GDPR document by the Data Controller, Judit Anna Fejes (hereinafter: Data Controller) is to inform everyone involved (included but not limited to the Clients, Partners of the Data Controller and those who are interested in its services) about the ways the collected data is handled.

Current document covers the data collected online (e.g. messaging and contact attempt via the Data Controller’s website or social media accounts and via e-mail) and offline (e.g. written notes during sessions, phone calls).

The Data Controller reserves the right to modify the document in order to improve it.

II. LEGAL BASIS

The Data Controller, in accordance with the Hungarian Constitution, self-determination and freedom of information act 2011. CXII., and the 2016/679 (2016. április 27.) general data protection act of the European Union (“GDPR”) determines its data processing principles as follows:

Collecting and handling personal data is legal when at least one of the following conditions are met:

The subject gave consent to handling personal data,
Data id necessary for a contract of which the subject is one party of,
Data collection and handling is necessary for the Data Controller to fulfil a legal obligation,
Data management is necessary for the protection of the subject’s or another individual’s personal rights.

III. KEY TERMS

GDPR (General Data Protection Regulation) refers to the data protection regulation of the European Parliament (EU) 2016/679 (2016. április 27.);

Data processing: Any handling of data – holding, recording, sending, analysing, using and deleting or destroying it;

Data Processor: A person/organisation who processes data on behalf of the Data Controller;

Personal Data: Any data relating to a living person or ‘data subject’, that can be used to directly or indirectly identify the person (including but not limited to name, number, location data or any identifiable physical, socio-economic or cultural description of the person);

Consent: voluntary expression of the subject’s will, via a statement or an unmistakable act (e.g. attending a session), that they agree with the later detailed way of handling of their data;

Deletion of data: masking or destroying the data in a way that their reconstruction is no longer possible;

Data breach: A personal data breach is a security incident affecting the confidentiality, integrity or availability of personal data, whether caused deliberately or accidentally, resulting in the accidental deletion, misplacement or change of data;

Third party: A person/organisation who is other than the Client, the Data Controller, the Data Processor and those who are working under the supervision of the Data Controller with given permission to handle the data.

IV. THE DATA CONTROLLER

Name: Judit Anna Fejes
Seat: 1161 Budapest, Madách utca 47.
E-mail: info@fejesjuditanna.com, fejes.judit.anna.coaching@gmail.com, fejes.judit.anna.pszichologus@gmail.com
Tax number: 56887905-1-42

V. KEY PRINCIPLES

Data handling is done according to the law and in a transparent way.
A minimalist approach drives the data collection, therefore only the relevant and necessary information is collected and stored.
The handled data needs to be correct and up to date. In order to achieve this the Data Controller and the Data Processor are doing their best to delete or change any incorrect data immediately.
Personal data is stored for a limited, necessary time.
Data Controller only handles personal data in order to provide services and fulfil obligations described in the current document.

VI. TYPE OF DATA COLLECTED, PURPOSE AND TIMEFRAME OF DATA COLLECTION

6.1 Data collection on the Contact page of the website:

Type of data, purpose of data collection:

Personal data – purpose of data collection
Name – identification,
E-mail address – contact
Phone number (optional) – contact
IP address – establishing connection

Subjects: any individual filling the Contact form on the website. Reading and accepting the GDPR is the condition of submitting the Contact form.
Timeframe: kept until the data is deleted, until the Subject requests deletion of said data. Data is reviewed on a yearly basis.
People entitled to get acquainted with the data: Data processor.
Hereby we inform you that handling of this data is necessary for establishing contact, lacking consent to handling said data results in connection not being established.

6.2 Establishing contact

If Subjects contact the Data Controller via the below mentioned channels the consent for data collection is assumed – otherwise requests coming in e.g. via e-mail the Data Controller would not be able to answer.

Type of data, purpose of data collection:

Personal data – purpose of data collection
Name – identification,
E-mail address – contact
Phone number (optional) – contact
IP address – establishing connection

Subjects: any individual contacting/keeping in touch with the Data Controller via e-mail/telephone/in person.
Timeframe: until consent is withdrawn. Data is reviewed on a yearly basis.
People entitled to get acquainted with the data: Data processor.
Hereby we inform you that handling of this data is necessary for establishing contact, lacking consent to handling said data results in connection not being established.

6.3 Social media

Type of data: username and public profile image on Facebook / Instagram
Subjects: any individual contacting or being active on the Data Controller’s Facebook / Instagram site (incl. “Like”-ing, sharing, commenting, messaging).
Purpose of data collection: involving the readers of said sites in discussion, establishing contact. Presenting a service or sharing useful knowledge via posts. In a data processing point of view the Data Controller does not get any relevant data out of these sites.
Timeframe, deadline for deletion of data, people entitled to learn said data: subjects can get familiar with these parameters on the social media sites, as data handling is done by the social media site.
Legal base: subjects consent on social media sites.

6.4 Billing

Type of data, purpose of data collection:

Compliance to legal obligation. Data collected regarding billing:
Personal data – purpose of data collection
Name – identification,
E-mail address – contact
Address – billing address

Subjects: Individuals using the Data Controller’s services.
Timeframe: until deletion of data, according to the Hungarian Accounting Act 5 years.
People entitled to get acquainted with the data: Data processor.

6.5 Cookies

6.5.1. Purpose of cookies:

Gathering data of visitors and their equipments;
Remembering the custom user settings that can be used for
- Online transactions, so there is no need to type them again
- Providing quality user experience on the website.

For a tailor-made, smooth user experience, cookies serve useful and sometimes essential functions on the web. They enable web servers to store stateful information (such as items added in the shopping cart in an online store) on the user’s device or to track the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to save for subsequent use information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers. Cookies do not store personal information and are not used to identify a person. If a visitor prefers to delete cookies they can find relevant information on the browser’s website.

6.5.2. Session cookies

A session cookie (also known as an in-memory cookie, transient cookie or non-persistent cookie) exists only in temporary memory while the user navigates a website. Session cookies expire or are deleted when the user closes the web browser. Session cookies are identified by the browser by the absence of an expiration date assigned to them.

6.5.3. Third party cookies (analytics)

The Data Controller uses Google Analytics as third party cookies. With Google Analytics statistics we collect information on how users use the website. Data is used to improve the website and the user experience within. These cookies remain on the user’s computer until expiration or until being deleted by the user.
The Data Controller linked the website with several social media site (Facabook, Instagram). These social media sites might place cookies on the user’s computer that contains personal data. The Data Controller does not see nor uses these personal data. Users can modify settings relevant to this data in the browser.

VII. USER RIGHTS

Access: users are entitled to learn what kind of data is stored about them, how long and why.
Correction: users are entitled to rectify any inaccurate or incomplete personal information in an additional statement.
Request erasing data: Data Controller is only obligated to delete personal information upon the specific request of the User in case one of the following:
- the original base of collection the data is no longer exist
- the User has withdrawn its original consent and there is no other legal base of storing the information
- the User objects storing the data and there is no other priority reason for further data storage
- personal data was stored illegally
  Data must be deleted within 30 days in the above mentioned cases.

Data portability: right to receive the stored personal data.

VIII. COMPLAINTS

I handle all individuals’ personal data with the utmost discretion and foresight. If you still have a complaint please contact me at info@fejesjuditanna.com, and I’ll try my best to solve the problem. Of course you can always turn to the court and take legal actions. We are open to participate in mediation or any other form of problem solving at any point.
Moreover, subjects can turn to the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C., mailing address: 1530 Budapest, Pf.: 5., email: ugyfelszolgalat@naih.hu, web: http://www.naih.hu ).