The operator of the website places great emphasis on the safe handling of the personal data of its customers and visitors to the website. In particular, this data protection information according to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Directive 95/46/EC, is contained in https: All information related to the data management and data processing of the //lunarium-academy.com/ website.
Please read the information below carefully and use the services available tomorrow only if you agree with what is written below.
We would also like to draw your attention to the fact that this data protection information is also part of Zsuzsanna Ráth's creations, so it is fully covered by the legal protection based on legislation and contained in the copyright declaration found in the website.
1. Data controller’s information
Name of data controller: Zsuzsanna Ráth
Data controller registered office: 1089 Budapest, Orczy út 6. II. floor Email: lunarium.academy9@gmail.com
2. Rules for data management
This data management information is effective from January 1, 2023 until withdrawn.
Legislation regarding data processing through the data protection officer reporting system: Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Directive 95/46/EC (hereinafter: GDPR)
When interpreting the data protection information, the following concepts must be taken as a basis, which are the same as the interpretative explanations of the GDPR:
1. data subject: any natural person identified or - directly or indirectly - identified on the basis of personal data;
2. personal data: any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on
the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
3. the consent of the data subject: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
4. data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
5. data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, systematization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or making accessible in any other way by item, coordination or connection, restriction, deletion or destruction;
6. data transfer: making the data available to a specific third party;
7. data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
8. data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
9. data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled
The website processes personal data only in order to exercise a right or fulfill an obligation. The website may not use the personal data it manages for private purposes under any circumstances. The data management of the website always complies with the principle of purpose limitation according to the GDPR.
Before recording the data, the website always informs the data subject of the specific purpose of the data management, as well as the legal basis on which the data management is carried out (consent of the data subject, legal authorization or for the purpose of fulfilling a contract).
Employees associated with the operation of the website, who perform data management in connection with the website, as well as employees of the organizations performing the data management operations, are obliged to keep the personal data they learn in the highest security as a business secret. In view of this, the persons handling personal data on the website and having the possibility of access to them make a Confidentiality Declaration before starting the operations.
The website and the employees contributing to its operation are obliged to initiate the correction of the data with the responsible employee if they notice that the personal data managed by the website is incorrect, incomplete or out of date.
In the course of their work, employees involved in the operation of the website are obliged to ensure that unauthorized persons cannot access the personal data managed by the website, that they cannot be accessed, modified or destroyed by unauthorized persons.
Zsuzsanna Ráth takes care of the supervision of the data protection system established by the website.
3.1. Right to information
Through the contact details provided in point 1, the person concerned can request information from the website operator in writing about what kind of personal data, on what legal basis, for what data management purpose, from what source, for how long, to whom, when, according to what legal basis. to which personal data you provided access or to whom you forwarded your personal data. The operator of the website fulfills the request of the person concerned within a maximum of one month, by sending an e-mail to the contact address provided by him.
3.2. Right to rectification
The person concerned can request in writing that the operator of the website change some of his personal data (for example, he can change his e-mail address or postal contact information at any time) via the contact details provided in point 1. The operator of the website will fulfill the request within a maximum of one month and will notify you of this by e-mail sent to the contact address provided.
3.3. Right to rectification
The person concerned can request the deletion of his personal data from the website operator in writing via the contact details provided in point 1. The deletion request is rejected by the website operator in the event that the website operator is obliged to continue storing personal data. Such a case is, for example, if the deadline prescribed by
accounting legislation has not expired. However, if there is no such obligation, the website operator will fulfill the request within a maximum of one month and will notify
the data subject of this in an e-mail sent to the contact address provided for this purpose.
3.4. The right to blocking (restriction of data processing).
The person concerned can request in writing that his personal data be blocked by the website operator (by clearly marking the limited nature of data processing and ensuring that it is handled separately from other data) via the contact details provided in point 1. The blocking lasts as long as the reason specified by the data subject makes it necessary to store the data. The data subject may request blocking of the data, for example, if he believes that the website operator handled his submission illegally, but for the sake of the official or court proceedings initiated by him, it is necessary that the website operator does not delete the submission. In this case, the website operator will continue to store the personal data (for example, the application) until the authority or the court is contacted, after which the data will be deleted.
3.5. The right to protest
The person concerned can object to the data management in writing via the contact details given in point 1, if the website operator uses the personal data, e.g. it would be forwarded or used for the purpose of public opinion polls or scientific research.
The operator of the website will notify the data subject and all those to whom the data was previously transmitted for the purpose of data management of the measures taken.
The operator of the website ensures compliance with data protection provisions during its operation. It also compensates for damage caused by possible illegal data processing or violation of data security requirements, as well as damages in the event of a privacy violation caused by the data processor. The data controller shall be released from responsibility for the damage caused and from the obligation to pay compensation if it proves that the damage or the violation of the privacy rights of the data subject was caused by an unavoidable cause outside the scope of data management. In the same way, the website operator will not reimburse the damage if it resulted from the intentional or grossly negligent behavior of the injured party.
4. Data management during the use of the website
Place of data management:
Zsuzsanna Ráth
1089 Budapest, Orczy út 6. II. floor
Website data management
The website runs software that analyzes the website's visitor data. However, the software does not manage personal data in accordance with the provisions of the GDPR, but records data about visits. The operator of the website receives automatically generated information about its visitors: the visitor's internet protocol address (IP address), the time of the visit, the data of the pages viewed, the name of the browser program used.
Since, based on the practice of the National Data Protection and Freedom of Information Authority, the IP address can even become relative personal data, the operator of the website protects all data obtained during the data management of the website with the protection of personal data in accordance with these regulations.
The operator of the website therefore informs visitors about data collection with this information on its website.
• purpose of data management: examination of website visiting habits
• scope of managed data: the visitor's internet protocol address (IP address), the time of the visit, data on the pages viewed, the name of the browser program used
• legal basis for data management: consent of the data subject according to Article 6 (1) a) of the GDPR
• data storage deadline: one year from data collection
• method of data storage: electronic
4.2. Contact
The person concerned can send a message to the Data Controller using the "Contact" function of the website.
• purpose of data management: contacting, sending messages
• scope of processed data: name, e-mail address, telephone number of the data subject
• legal basis for data management: consent of the data subject according to Article 6 (1) a) of the GDPR
• data storage deadline: until the purpose is achieved, but at the latest until deletion at the request of the data subject
• method of data storage: electronic
4.3. Data transfer statement
By clicking the "Continue to payment" button, I agree that the following personal data managed by us and provided on the online payment interface will be processed in accordance with Article LXXXV of 2009 on the provision of payment services. for the purpose of strong customer authentication required by law, forward to OTP Bank Nyrt. (1051 Budapest, Nádor utca 16.): name, surname, first name, address, email address, billing data.
I acknowledge that the following personal data stored in the user database of https:// www.lunarium-academy.com/ by the data controller Ráth Zsuzsanna (1089 Budapest, Orczy út 6. II. elemet) will be transferred to OTP Mobil Kft. as a data processor . The range of data transmitted by the data controller is as follows: name, surname, first name, address, email address, billing information.
The nature and purpose of the data processing activity carried out by the data processor can be found in the SimplePay Data Management Information Sheet, at the link below:
OTP Plc data management information:
http://simplepay.hu/vasarlo-aff
4.4. Sign up for newsletter
On the website, the visitor has the opportunity to register for the free online newsletter. By filling out the registration form, the visitor provides the relevant data required for contact. However, the data subject only has the opportunity to send the data if he accepts the data protection information of the website operator, he can do this by ticking a checkbox, otherwise he cannot finalize the registration.
purpose of data management: informing those concerned about the most important news of the website operator
scope of managed data: affected name and e-mail address
legal basis for data processing: the consent of the data subject according to Article 6 (1) a) of the GDPR
data storage deadline: until the end of the operation of the newsletter service, but if the data subject requests the deletion of his data (unsubscribes from the newsletter), then immediately after his deletion request
data storage method: electronic
5. Data processors
The operator of the website uses the following data processor exclusively for the performance of technical tasks when handling personal data:
• Name of data processor: Zsuzsanna Ráth
• Data processing headquarters: 1089 Budapest, Orczy út 6. II. floor • Purpose of data processing: hosting service
The Data Processor carries out its activities in accordance with the instructions of the website operator, cannot make substantive decisions regarding data management, can only process the personal data it comes to know in accordance with the provisions of the website operator, may not carry out data processing for its own purposes, and must store the personal data in accordance with the provisions of the website operator and keep.
6. Access to data and data security measures
6.1. Data access and data transfer
Personal data can be accessed by designated employees of the website operator in order to perform their duties. The operator of the website only transfers the personal data it handles to the colleague designated for this purpose in the manner and for the purpose specified by law.
6.2. Data security measures
The operator of the website stores the personal data provided in the notification at Tárhely.Eu Szolgáltató Kft. To store personal data, the website operator uses the services of a data processor according to point 5. The operator of the website takes appropriate IT, technical and personnel measures to protect the personal data it manages, among other things, against unauthorized access or unauthorized changes. For example, access to data stored in the IT system is logged by the website operator, which means that it is always possible to check who, when and what personal data was accessed.
7. Issues not specified in this information sheet
In matters not specified in this information, the rules of the GDPR apply.
The operator of the website reserves the right to modify the data protection information. If the amendment affects the handling of personal data provided by the person concerned, the user will be informed of the changes in the form of an e-mail information
letter. If, as a result of the modification of the statement, the essential conditions of data management also change, the operator of the website separately requests the consent of the interested parties for the modification.
8. The possibility of legal enforcement related to data management 8.1. Initiating legal proceedings
If the person concerned experiences the illegality of the handling of his personal data, he can initiate a civil lawsuit against the operator of the website. Adjudication of the lawsuit falls within the jurisdiction of the court. At the choice of the affected person, the lawsuit can also be initiated before the court of the affected person's place of residence (you can view the list and contact information of the courts via the following link: http:// birosag.hu/torvenyszekek).
8.2. NAIH procedure
If the person concerned experiences the illegality of the handling of his personal data, he can file an online complaint with the National Data Protection and Freedom of Information Authority. The available link: https://www.naih.hu/online-uegyinditas.html
You can make a personal appointment on Tuesdays and Thursdays between 9:00 a.m. and 12:00 p.m. and 1:00 p.m. and 4:00 p.m. by calling +36 (1) 391-1400.
Please note that the Authority investigates complaints only if the person concerned has already contacted the data controller (website operator) regarding his complaint before reporting it to the Authority, and it has not led to a result.