Data privacy

  1. Data controller data

Name of data controller: InSpiral Event Kft.

Data controller's registered office: 1031 Budapest, Zrínyi út 32.

Data controller's e-contact: info@everness.hu

Data controller representative: Ákos Háger-Veress

 

  1. Data processing rules

InSpiral Event Ltd.
1031 Budapest, 1031 Budapest, Zrínyi Street 32.

adatvedelem@everness.hu

Data protection officer: Ákos Háger-Veress

This data protection notice is valid from 24 March 2021 until revoked.

 

As the operator of www.everness.hu (hereinafter: website), InSpiral Event Kft. informs its visitors that it processes personal data in connection with this website only on the basis of the provisions of this data protection notice.

This information has been prepared based on the Data Protection and Data Security Regulations of InSpiral Event Kft., and its scope extends to all processes implemented by InSpiral Event Kft. during the operation of the website, during which the processing of personal data as defined in Section 3. 2. of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.) is carried out.

The terms used in this information are the same as the explanatory notes defined in Section 3 of the Information Act.

InSpiral Event Kft. declares that it processes personal data only for the purpose of exercising a right or fulfilling an obligation. It does not use the processed personal data for private purposes, data processing always complies with the principle of purpose limitation. If the purpose of data processing has ceased to exist or the processing of the data is otherwise unlawful, the data will be deleted.

InSpiral Event Kft. processes personal data only with the prior consent of the data subject or based on legal requirements.

The purpose of this information is for InSpiral Event Kft. to inform the data subject of the purpose of data processing, the legal basis for data processing, and all important information regarding data processing in all cases before collecting data.

Employees who process data at the organizational units of InSpiral Event Kft. are obliged to keep the personal data they have learned as a business secret. For this purpose, our employees who process personal data and have access to them have made a Confidentiality Statement.

The current managing director of InSpiral Event Kft. determines the data protection organization, the tasks and powers related to data protection and related activities, taking into account the specificities of InSpiral Event Kft., and appoints the person supervising data management.

InSpiral Event Kft. employees ensure that unauthorized persons cannot access personal data. The storage and placement of personal data is designed in such a way that it cannot be accessed, learned, changed or destroyed by unauthorized persons.

 

  1. Enforcement of data subjects' rights

Any natural person who can be identified directly or indirectly based on personal data may request information about the processing of their personal data, as well as request the correction of their personal data, or the deletion, except for data processing required by law, or the transmission of the data to a third party, at the contact details provided by InSpiral Event Kft.

InSpiral Event Kft. will respond to the received request related to the processing of the data subject's personal data in writing and in a clearly understandable form within 5 days of its receipt, in the event of exercising the right to object, at the latest within 30 days.

The information covers the information specified in Section 15 (1) of the Privacy Act, if the information of the data subject cannot be refused by law.

The information is generally free of charge, and InSpiral Event Kft. will only charge a fee in the cases specified in paragraph 15 (5) of the Information Act.

InSpiral Event Kft. will only reject the request for reasons specified in Section 9 (1) or Section 19 of the Information Act, and this will only be done in writing with justification and information specified in Section 16 (2) of the Information Act.

The head of the organizational unit managing the data shall correct inaccurate data if the necessary data and the public documents proving them are available, and shall take measures to delete the processed personal data if the reasons specified in paragraph 17 (2) of the Information Act exist.

The head of the organizational unit performing the data processing shall suspend the data processing for the duration of the assessment of the data subject's objection to the processing of his or her personal data, but for a maximum of 5 days, examine the grounds for the objection and make a decision, of which the applicant shall be informed in accordance with Section 21 (2) of the Information Act.

If the objection is justified, the head of the organizational unit handling the data shall act in accordance with the provisions of Section 21 (3) of the Infotv. InSpiral Event Kft. shall also compensate for the damage caused to others by the unlawful processing of the data of the data subject or by the violation of data security requirements, as well as for the damages due in the event of a violation of personal rights caused by it or by the data processor used by it. However, InSpiral Event Kft. shall be exempted from liability for the damage caused and from the obligation to pay the damages if it proves that the damage or the violation of the personal rights of the data subject was caused by an unavoidable cause outside the scope of data processing. Likewise, it shall not compensate for the damage if it resulted from the intentional or grossly negligent conduct of the injured party.

The data subject may contact the NAIH with a complaint regarding the data processing procedure of InSpiral Event Kft.:

National Data Protection and Freedom of Information Authority

1024 Budapest, Szilágyi Erzsébet fasor 22/C.

www.naih.hu

Data processing carried out when using the website of InSpiral Event Kft.

Place of data processing:

1031 Budapest Nanasi Street 39.

 

4.1. Website data management

Anyone can access the website of InSpiral Event Kft. without revealing their identity or providing personal data, and can obtain information on the website and the pages linked to it freely and without restriction. However, the website collects non-personal information about visitors without restriction and automatically. However, personal data cannot be obtained from this data, so data processing under the scope of the Infotv. is not carried out.

InSpiral Event Kft. uses the Google Analytics web analytics service on its website. Google Analytics uses cookies, text files placed on the website visitor's computer, to help analyze how the website is used. The information generated by the cookies about how the website is used (the website visitor's IP address) is transmitted to Google's servers in the United States and stored there.

Google does not link the information generated by cookies with other data and therefore does not process personal data under the applicable data protection regulations. The website visitor can refuse the use of cookies by selecting the appropriate settings in their browser.

By using this website, the website visitor consents to the processing of their data in the manner and for the purposes specified above.

Google will use the above information to evaluate and analyze your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage.

 

4.2. Contacting InSpiral Event Ltd.

On the website of InSpiral Event Kft., visitors have the opportunity to contact InSpiral Event Kft.: by filling out a form, the relevant data necessary for contact can be provided. However, the data subject can only send the data if they accept the data processing rules of InSpiral Event Kft., which they can do by checking a checkbox, otherwise they will not be able to send their message.

The legal basis for this data processing is the consent of the data subject [Articles 5(1)(a) and 6(6) of the Data Protection Act], according to which in other cases initiated at the request of the data subject, the consent of the data subject shall be presumed with regard to the personal data provided by him/her.

purpose of data processing: to facilitate contact with InSpiral Event Kft.

scope of processed data: name, e-mail address, telephone number, subject, message text

Legal basis for data processing: consent of the data subject pursuant to Section 5 (1) a) of the Privacy Act. Data storage period: until the contact case is resolved (until the purpose is achieved),

data storage method: electronic

 

  1. Issues not specified in this information

The rules of the Information Act shall govern matters not specified in this information.

The purpose of this policy is to record the data protection and management principles applied by InSpiral Event Kft. (hereinafter referred to as: Data Controller), which the Data Controller recognizes as binding on itself.

When developing these regulations, the Data Controller took into particular consideration the provisions of Act CXII of 2011 on the right to informational self-determination and freedom of information, Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society, and Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities.

The purpose of this policy is to ensure that all data subjects, in all areas of the service provided by the Data Controller, have their rights and privacy respected during the automatic processing of their personal data.

InSpiral Event Kft. is the data controller of all data that is considered personal data and deals mainly with events and information related to awareness, self-development, and self-knowledge. www.everness.hu It is recorded when visiting the website, making purchases in the web store, registering, and using the service.

The Data Controller only processes personal data whose recording is necessary for the www.everness.hu website visits can be statistically quantified, it can exercise its rights and fulfill its obligations in its legal relationship with customers using services related to self-knowledge, awareness and self-development, it can inform customers about other important circumstances of the service and cooperate with them.

These data protection rules are established by the Data Controllerwww.everness.huare an inseparable part of the GTC published on the website, and the Data Subject simultaneously accepts these data protection rules in conjunction with the provisions of the GTC accepted during the use of the service, and acknowledges that he/she expressly consents to the processing of the data provided during registration.

 

 

 

1. Definitions

- Personal data: any data that can be linked to any specific natural person (hereinafter referred to as the Data Subject), in particular the name, identification number and one or more specific physical, physiological, mental, economic, cultural or social characteristics of the data subject - and any conclusions that can be drawn from the data concerning the data subject.

- Special data: personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other ideological beliefs, membership in an interest group, sexual life, or personal data relating to health status, pathological addiction, and criminal personal data.

- Consent: a voluntary and definite indication of the data subject's wishes, based on adequate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part.

- Data processing: any operation or set of operations performed on data, regardless of the procedure used, including in particular collection, recording, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing further use of data, taking photographs, audio or video recordings and recording physical characteristics suitable for identifying a person (e.g. fingerprints or palm prints, DNA samples, iris scans).

- Data controller: InSpiral Event Kft. (registered office: 1031 Budapest, Zrínyi út 32. company registration number: 01-10-382598, e-mail:info@everness.hu).

- Data processor: a natural or legal person, or an organization without legal personality, who processes data based on a contract concluded with the data controller - including a contract concluded based on the provisions of the law.

- Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on data.

- Data deletion: making data unrecognizable in such a way that its recovery is no longer possible.

- Data subject: any natural person identified or directly or indirectly identifiable on the basis of specific personal data, such as the Customer.

- Disclosure: making data accessible to anyone.

 

2. Scope of personal data processed

The following data are considered personal data and can be provided based on the decision of the Data Subject: username, password, billing information, name, address, place of residence, tax number, e-mail address, telephone and fax number, place and time of birth.

The data technically recorded during the operation of the system are the data of the Data Subject's computer that are generated during the use of the service and that are recorded by the data controller's system as an automatic result of technical processes. The data that are automatically recorded are automatically logged by the system upon entry or exit without a separate declaration or other action by the Data Subject. These data cannot be linked to other personal data. Only the data controller has access to the data.

 

3. Legal basis, purpose and method of data processing

For data management,www.everness.huThe use of the service on the website is based on the voluntary, properly informed declaration of the customers, which declaration contains the express consent of the Data Subject to the use of his/her personal data provided during the use of the website. In this way, the legal basis for data management is the voluntary consent of the Data Subject, as defined in Section 5 (1) a) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

The purpose of data processing is to www.everness.hu ensuring the provision of services available on the website, creating the contract thus concluded, defining and modifying its content, monitoring its performance, invoicing the consideration arising therefrom, and enforcing claims related thereto.

The purpose of the data that is technically recorded is solely to prepare statistics and to technically develop the available IT system.

The Data Controller may not use the personal data provided for purposes other than the above purposes, and shall not forward it to third parties. Unless otherwise provided by law, the disclosure of personal data to third parties or authorities is possible only with the prior, express consent of the Data Subject.

The Data Controller is not obliged to verify the personal data provided to it. The Data Subject is solely responsible for the accuracy of the personal data provided in this way. In view of this responsibility, any liability related to logins made using a given e-mail address lies solely with the Data Subject who registered the e-mail address.

 

4. Electronic advertising, newsletter

The Data Controller is entitled to send newsletters or other advertising letters to the Data Subjects, if the Data Subject has given prior, clear, explicit and voluntary consent by providing the necessary data during the use of the service. The Data Subject may withdraw the above consent at any time. After the withdrawal of consent, the Data Controller will not send any more newsletters or other advertising letters to the Data Subject, and will delete the Data Subject's data from the data of customers who have subscribed to the newsletter.

The purpose of data management in connection with the Service is to identify and distinguish Data Subjects from each other, to establish contact, and to send targeted advertising by means of electronic advertisements and direct inquiries in connection with the Service.

The legal basis for data processing is the prior clear and explicit consent of the Data Subject, which is made at the same time as the registration for the Service, in accordance with the provisions of Section 6 (1) of Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities and Section 13/A (4) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.

 

5. Principles of data management

Personal data may only be processed for specific purposes, in order to exercise rights and fulfill obligations, data processing must comply with the purpose of data processing at all stages, and data may only be collected and processed fairly and lawfully.

During data processing, the accuracy, completeness and, if necessary, up-to-dateness of the data must be ensured, as well as the fact that the Data Subject can only be identified for the period necessary for the purpose of data processing.

The data must be protected by appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.

In order to protect data files managed electronically in various registers, it must be ensured with an appropriate technical solution that the data stored in the registers cannot be directly linked and assigned to the Data Subject, unless permitted by law.

The Data Controller uses the personal data that is essential for the use of the Data Controller's services based on the consent of the Data Subjects and exclusively for the purpose for which it is intended. The Data Controller undertakes to process the data obtained in this way in accordance with the legal provisions and the data protection principles set out in this Policy and not to transfer them to third parties.

5.1. The following are exceptions to the provisions of this section:

- the use of data in a statistically aggregated form, which may not contain the name of the Data Subject or any other identifiable data in any form; or

- in certain cases, the Data Controller may make the Data Subject's available data accessible to third parties due to an official court or police request, legal proceedings, copyright, property or other infringement or reasonable suspicion thereof, harm to the Data Controller's interests, endangering the provision of its services, etc.

5.2. Before the start of data processing, the Data Subject must be clearly and in detail informed about all facts related to the processing of his/her data, in particular the purpose and legal basis of the data processing, the person authorized to manage and process the data, the duration of the data processing, whether the Data Subject's personal data are processed by the Data Controller based on the Data Subject's consent, and who may have access to the data. The information must also include the Data Subject's rights and legal remedies in relation to data processing.

5.3 In all cases where the Data Controller intends to use the provided data for a purpose other than the purpose of the original data collection, it shall inform the Data Subject thereof and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.

5.4 The Data Controller undertakes to ensure the security of the data, to take the technical and organizational measures and to develop the procedural rules that ensure the protection of the recorded, stored and processed data, and to prevent their possible destruction, unauthorized use and unauthorized alteration.

5.5 Instead of erasure, the Data Controller shall block the personal data if the Data Subject so requests or if, based on the information available to it, it can be assumed that the deletion would harm the legitimate interests of the Data Subject. Personal data thus blocked may only be processed for as long as the purpose of the data processing that precluded the deletion of the personal data exists.

5.6 The Data Subject and all those to whom the data was previously transmitted for the purpose of data processing must be notified of the correction, blocking or deletion of the processed personal data. Notification may be omitted if this does not violate the legitimate interests of the Data Subject in view of the purpose of data processing.

If the Data Controller does not comply with the Data Subject's request for correction, blocking or deletion, it shall, within 30 (thirty) days of receipt of the request, communicate in writing the factual and legal reasons for rejecting the request for correction, blocking or deletion, and shall also inform the Data Subject about the possibility of judicial redress and contacting the authorities.

5.7. If the personal data is not accurate and the Data Controller has accurate personal data, the Data Controller will correct the personal data.

 

6. Duration of data processing

The processing of personal data provided by the Data Subject shall continue for as long as it is necessary for the performance of the service used by the Data Subject and for the enforcement of the concluded contract, but at the latest until the data subject withdraws his/her consent. The date of deletion shall be ten (10) days from the receipt of the Data Subject's request to this effect.

In the event of unlawful or misleading use of personal data or a crime committed by the Data Subject or an attack on the system, the Data Controller is entitled to delete the Data Subject's data immediately upon termination of their registration, but in the event of suspicion of a crime or civil liability, the Data Controller is also entitled to retain the data for the duration of the proceedings to be conducted.

Data automatically and technically recorded during the operation of the system are the data of the Data Subject's computer that are generated during the use of the service and that are recorded by the data controller's system as an automatic result of technical processes. The data automatically recorded are automatically logged by the system upon entry or exit without a separate declaration or other action by the Data Subject. These data cannot be linked to other personal data. Only the Data Controller has access to the data.

 

7. Handling of personal data

7.1 Any change in personal data or a request for deletion of personal data may be communicated by means of a written statement sent electronically or by post on the website operated by the Data Controller. The sending of newsletters may be cancelled by modifying the settings of the user interface on the website.

7.2 After a request to delete or modify personal data has been fulfilled, previous (deleted) data can no longer be restored.

 

8. Data processing

The Data Controller does not use an external data processor. It processes the personal data it manages itself.

 

9. Possibility of data transfer

The Data Controller is entitled and obliged to forward all available and duly processed personal data to the competent authorities, which it is obliged to forward by law or a final authority decision. The Data Controller cannot be held liable for such data forwarding and any consequences arising therefrom.

 

10. Amendment of the Data Protection Policy

The Data Controller reserves the right to amend this Data Management Policy at any time by its unilateral decision. After the amendment of the Policy, all Data Subjects must be informed in an appropriate manner. By further using the service, the Data Subjects expressly acknowledge the amended Data Management Policy.

 

11. Rights of the Data Subject in relation to their personal data processed by the Data Controller

Data Subjects may request information from the Data Controller about the processing of their personal data at any time in writing, by electronic or postal mail sent via the website operated by the Data Controller, and may also request the correction of their personal data, and may request the deletion or blocking of their personal data, with the exception of mandatory data processing, in the manner indicated above.

The Data Controller shall only consider a request for information sent to the Data Controller electronically as authentic if it is sent from the Data Subject's registered e-mail address. The request for information may include the Data Subject's data processed by the Data Controller, their source, the purpose, legal basis, duration of the data processing, the name and address of any data processors used and their activities related to the data processing, and in the case of the transfer of personal data, the legal basis and recipient of the data transfer.

The Data Controller is obliged to provide information in a clear and understandable form as soon as possible after receiving the request, but no later than thirty (30) days.

 

12. Legal remedies

The Data Subject may exercise his/her rights in court based on the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.) and Act V of 2013 on the Civil Code (Ptk.), and may also request the assistance of the National Data Protection and Freedom of Information Authority in any matter related to personal data (www.naih.hu, 1125 Budapest, Szilágyi Erzsébet fasor 22/c.).

 

Budapest, March 24, 2021.