Privacy Policy

Data management information for visitors and registered users of the https://www.browandmakeup.hu website.

Introduction

During the operation of the website, the service provider / data manager manages the data of the persons registered on the site in order to provide them with appropriate services.

The service provider intends to fully comply with the legal requirements for the management of personal data, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council.

This data management information sheet on the protection of personal data of natural persons and the free flow of data was prepared based on Regulation (EU) 2016/679 of the European Parliament and of the Council, taking into account the CXII of 2011. on the content of the law on the right to self-determination of information and freedom of information.

Name of service provider and data controller

Name / Company Name: Albert Mona Brow & Makeup - Bagi-Albert Mona Hortenzia Taxpayer Individual Entrepreneur

Headquarters: 2626 Nagymaros, Vasút sor 17.

Tax number: 59965217-1-33

Registration number: 58016626

Website name, address: Albert Mona Brow & Makeup - Eyebrow and eyelash stylist, beautician

https://browandmakeup.hu

Availability of the data management information: at this address (available from the footer of the website)

Contact details of the data controller

Name / company name: Bagi-Albert Mona Hortenzia Taxpayer

Headquarters: 2626 Nagymaros, Vasút sor 17.

Mailing address: 1131 Budapest, Kucsma utca 11. I/9.

Email: monasmink@gmail.com

Phone: +36 30 158 5314

Data processors used:

https://alteg.io - (Altegio Hungary Kft.) - old appointment booking application

https://salonic.hu - (Salonic Kft) - new appointment booking application

https://billingo.hu - (Billingo Technologies Zrt.) - billing system

https://wix.com - web hosting provider

https://stripe.com - bank card payment service provider

https://gmail.com (Google Inc.) - electronic correspondence

https://facebook.com - social media provider

https://instagram.com - social media provider

Definitions

the GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;

data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

personal data: any information relating to an identified or identifiable natural person (data subject); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

the consent of the data subject: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

recipient: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to handle personal data under the direct control of the data controller or data processor.

Data management guidelines

The data controller declares that it handles personal data in accordance with the provisions of the data management information sheet and complies with the provisions of the relevant legislation, with particular attention to the following:

Personal data must be handled legally and fairly, as well as in a transparent manner for the data subject.

Personal data may only be collected for specific, clear and lawful purposes.

The purpose of processing personal data must be appropriate and relevant, and can only be to the extent necessary.

Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted immediately.

Personal data must be stored in such a way that identification of the data subjects is possible only for the necessary period. Personal data may be stored for a longer period of time only if the storage is for the purpose of archiving in the public interest, for scientific and historical research purposes, or for statistical purposes.

The processing of personal data must be carried out in such a way that the appropriate security of personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of data.

The principles of data protection shall be applied to all information relating to identified or identifiable natural persons.

Important data management information

The purpose of data management is to enable the service provider / data controller to provide appropriate additional services to persons registered on the website during the operation of the website (e.g. online appointment booking).

The legal basis for data management is the consent of the person concerned.

The persons involved in data management are the users of the website and the appointment booking application.

Duration of data management and deletion of data. The duration of data management always depends on the specific user goal, but the data must be deleted immediately if the originally set goal has already been achieved. The person concerned can withdraw their consent to data management at any time by sending a letter to the contact e-mail address. If there is no legal obstacle to the deletion, in this case your data will be deleted.

The data controller and its employees are entitled to access the data.

The person concerned may request from the data controller access to the personal data concerning him, their correction, deletion or restriction of processing, and he may object to the processing of such personal data, as well as to the data subject's right to data portability.

The person concerned may withdraw his data processing consent at any time, but this does not affect the legality of the data processing carried out on the basis of the consent before the withdrawal.

The person concerned may use the right to submit a complaint to the supervisory authority.

If the person concerned wants to use the benefits provided by the registration, i.e. wants to use the website's services in this direction, it is necessary to provide the requested personal data. The person concerned is not obliged to provide personal data, and failure to provide data will not have any adverse consequences. However, it is not possible to use certain functions of the website without registration.

The affected person has the right to have the data manager correct or complete inaccurate personal data concerning him without undue delay upon request.

The data subject has the right to request that the data controller delete inaccurate personal data concerning him without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay, if there is no other legal basis for data processing.

Modification or deletion of personal data can be initiated by e-mail, phone or letter using the contact options provided above.

Registration on the website/appointment application

The purpose of data management is to provide additional services and contact.

The legal basis for registration data management is your consent.

The persons involved in data management are registered users of the website/appointment application.

Duration of data management. Data management takes place until consent is withdrawn. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

Data is deleted when consent to data management is revoked. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of personal data can be initiated by e-mail, phone or letter using the contact options provided above.

The provision of personal data is absolutely necessary for identification in databases and for maintaining contact. The exact company name and address are required for invoicing, which is a legal obligation.

Scope of processed data - The specific purpose of the data management data

Name - Identification, contact, invoicing.

Company name - Identification, contact, invoicing.

Address - Identification, contact, invoicing.

Email - Identification, contact.

Telephone - Identification, contact, sending greeting and reminder SMS.

Registration date - Technical information operation.

IP address - Technical information operation.

The user's data management consent can be given by intentionally ticking the empty checkbox on the website that is specifically for this purpose.

You, as an affected person, can object to the processing of your personal data, in this regard you are entitled to the procedure according to the data management information detailed above and this information sheet, as well as the legislation described in the information sheet.

Online appointment booking

The purpose of data management is to provide additional services, make contact, and send confirmation e-mails/sms/push notifications. You can only book an appointment for the services if you provide your contact and invoicing data, which are absolutely necessary for contact and invoicing.

The legal basis for data management is your consent. In the case of invoicing, data management is based on legal requirements.

The scope of data management is the registration users of the website / users of the appointment booking application (Yclients).

Duration of data management. Data management takes place until legal requirements or withdrawal of consent. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

Data is deleted when consent to data management is revoked. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address. Invoicing data can be deleted in accordance with legal regulations.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of personal data can be initiated by e-mail, phone or letter using the contact options provided above.

Scope of processed data - The specific purpose of the data management data

Name - Identification, contact, invoicing.

Company name - Identification, contact, invoicing.

Address - Identification, contact, invoicing.

Email - Identification, contact.

Telephone - Identification, contact, provision of additional services

Registration date - Technical information operation.

IP address - Technical information operation.

Booked appointments - Identification, technical information operation

Services requested - Identification, technical information operation

The user's data management consent can be given by intentionally ticking the empty checkbox on the website that is specifically for this purpose.

The person concerned may object to the processing of his personal data, in this regard he is entitled to the procedure according to the data management information detailed above and this information sheet, as well as the legislation described in the information sheet.

Invoicing

The purpose of data management is to issue and send an electronic invoice as an e-mail attachment.

The legal basis for data management is mandatory data management based on legislation.

Those involved in data management are the customer partners of the service provider.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of account data can be initiated by e-mail, phone or letter using the contact options provided above.

Scope of processed data - The specific purpose of the data management data

Name - Identification, contact, invoicing.

Company name - Identification, contact, invoicing.

Address - Identification, contact, invoicing.

Email - Identification, contact.

Telephone - Identification, contact.

Tax number / tax identifier - Customer identification, invoicing.

Account details - Account identification.

Invoice issue date - Technical information operation.

The user's data management consent can be given by intentionally ticking the empty checkbox on the website, which is specifically designed for this purpose, and by using the appointment booking application, he accepts its data management conditions.

Sending a newsletter/message

As the operator of the website, we declare that we fully comply with the relevant legal provisions in the information and reviews we publish. We also declare that when subscribing to the newsletter, we are unable to verify the authenticity of the contact data and to determine whether the data provided pertains to an individual or a company. We treat businesses that contact us as customer partners.

The purpose of data management is to send professional reviews, electronic messages containing advertising, information, and newsletters, from which you can unsubscribe at any time without consequences. You can unsubscribe without any consequences even if your business has ceased to exist in the meantime, you have left the business, or someone has provided us with your contact information.

The legal basis for data management is your consent. We would like to inform you that the user can give prior and specific consent to the service provider contacting him with advertising offers, information and other mailings at the e-mail address provided during registration. As a result, the user may consent to the service provider managing the necessary personal data for this purpose.

We would like to inform you that if you wish to receive a newsletter from us, you must provide the necessary data. If the data is not provided, we cannot send you a newsletter.

Duration of data management. Data management takes place until consent is withdrawn. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

Data is deleted when consent to data management is revoked. You can withdraw your consent to data management at any time by sending a letter to the contact e-mail address.

Consent can also be withdrawn based on the link appearing in the sent newsletters.

The data controller and its employees are entitled to access the data.

Data storage method: electronic.

Modification or deletion of data can be initiated by e-mail, phone or letter using the contact options provided above.

Scope of processed data

The specific purpose of the data management data

Name

Identification, contact.

E-mail

Identification, contact.

Date of subscription

Technical information operation.

IP address

Technical information operation.

We would like to inform you that neither the username nor the e-mail address need to contain personal data. So, for example, it is not necessary that the username or e-mail address contains your name. You are completely free to decide if you enter a username or e-mail address that contains information that indicates your identity. The e-mail address - which serves to maintain contact - is absolutely necessary for the newsletter or professional information sent to you to reach its destination.

Cookies are placed on the user's computer by the visited websites and contain information such as page settings or login status.

Cookies are therefore small files created by visited websites. By saving browsing data, they improve the user experience. With the help of cookies, the website remembers the website settings and offers locally relevant content.

The provider's website sends a small file (cookie) to the computer of website visitors in order to determine the fact and time of the visit. The service provider informs the website visitor about this.

The group of persons involved in data management are website visitors.

The purpose of data management is additional services, identification, and tracking of visitors.

Legal basis for data management. The user's consent is not required if the service provider absolutely needs it to use cookies.

Scope of the data: unique identification number, time, setting data.

The user has the option to delete cookies from the browser at any time in the Settings menu.

Data controllers are entitled to access the data. The data controller does not process personal data using cookies.

Data storage method: electronic.

Community sites

Social media is a media tool where the message is spread through social users. Social media uses the Internet and online exposure to transform users from content receivers to content editors.

Social media is a web application interface that hosts user-generated content, such as Facebook, Google+, Twitter, Pinterest, etc.

Social media can include public speeches, lectures, presentations, product or service presentations.

Forms of information published in social media can be forums, blog posts, image, video and audio materials, message boards, e-mail messages, etc.

In accordance with the above, the range of processed data may include the user's public profile picture in addition to personal data.

The scope of those affected: all registered users.

The purpose of data collection is to promote the website or its related website.

The legal basis for data management is the voluntary consent of the data subject.

Duration of data management: according to the regulations that can be viewed on the given social media page.

Data deletion deadline: according to the regulations that can be viewed on the given social media page.

They are entitled to access the data: according to the regulations that can be viewed on the given social media page.

Rights related to data management: according to the regulations that can be viewed on the given social media page.

Data storage method: electronic.

It is important to take into account that when the user uploads or submits any personal data, he gives the operator of the social site a worldwide license to store and use such content.

Therefore, it is very important to make sure that the user has full authorization to communicate the published information.

Google Analytics

Our website uses Google Analytics.

When using Google Analytics:

Google Analytics compiles a report for its customers on the habits of website users based on internal cookies.

On behalf of the website operator, Google uses the information to

evaluate how users use the website. As an additional service, it prepares reports related to website activity for the website operator so that it can provide additional services.

The data is stored on Google's servers in an encrypted format in order to make it difficult and prevent misuse of the data.

You can disable Google Analytics as follows. Quote from the site:

Website users who do not want Google Analytics JavaScript to report their data can install a Google Analytics opt-out browser extension. The plugin prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics blocking browser extension does not prevent data from being sent to the website itself and other internet analytics services.

https://support.google.com/analytics/answer/6004245?hl=en

Google privacy policy:https://policies.google.com/privacy?hl=en

Detailed information on the use and protection of data is available at the links above.

Data protection in detail:

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

Data processors

Hosting provider:

Name / Company Name: wix.com

The data you provide is stored on the server operated by the hosting provider. Only our employees and the employees operating the server can access the data, but they are all responsible for the safe handling of the data.

Name of the activity: hosting service, server service.

The purpose of data management is to ensure the operation of the website.

The processed data: the personal data provided by the data subject

The duration of data management and the deadline for data deletion. The data is managed until the end of the operation of the website, or in accordance with the contractual agreement between the operator of the website and the hosting provider. If necessary, the affected person can contact the hosting provider and request the deletion of their data.

The legal basis for data management is the consent of the person concerned, or data management based on legislation.

Rights related to data management

The right to request information

Through the contact details provided, you can request information from us on what data our company processes, on what legal basis, for what data management purpose, from what source, and for how long. Upon your request, we will send information to the e-mail address you provided without delay, but within 30 days at most.

Right to rectification

You can ask us to change any of your data via the contact details provided. Upon your request, we will act on this immediately, but within 30 days at most, and we will send information to the e-mail address you provided.

The right to erasure

You can ask us to delete your data via the contact details provided. At your request, we will do this immediately, but within 30 days at most, and we will send information to the e-mail address you provided.

Right to block

You can ask us to block your data via the contact details provided. The blocking lasts as long as the reason indicated by you makes it necessary to store the data. At your request, we will do this immediately, but within 30 days at most, and we will send information to the e-mail address you provided.

The right to protest

You can object to data processing via the contact details provided. We will examine the objection as soon as possible, but no later than 15 days after submitting the application, make a decision on its merits, and inform you of the decision by e-mail.

The possibility of legal enforcement related to data management

In the case of illegal data processing that you have experienced, notify our company so that it is possible to restore the legal status within a short period of time. In your interest, we will do everything we can to resolve the outlined problem.

If, in your opinion, the legal status cannot be restored, notify the authority of this at the following contact details:

National Data Protection and Freedom of Information Authority

Postal address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: same service (at) naih.hu
URL https://naih.hu
coordinates: N 47°30'56''; W 18°59'57''

Legislation on which data management is based

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation).

CXII of 2011 Act on the right to self-determination of information and freedom of information.

LXVI of 1995 on the protection of public records, public archives and private archive material. law.

335/2005 on the general requirements for document management of bodies performing public duties. (XII. 29.) Government decree.

CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society.

Act C of 2003 on electronic communications.