Dear Guests/prospective Guests!

(This site is protected by copyright, copying in whole or in part is prohibited!)

This sub-page on the website has been created to inform you about our privacy policy and our privacy policy.

This Privacy Policy is written in simple terms so that it can be understood by everyone.

It is important to us that your data is secure and we will process it in the way required by law. You will find various definitions towards the bottom of this page.

Name, address, company registration number of the data controller: Dr.Füstné Tran Thi Hanh E.V., 1142. Budapest, Nezsider park 2., +36704145337, info@beautebudapest.com

Purpose and duration of data processing: your data are processed because you have voluntarily provided them (Act CXII of 2011, § 5).

Data processing purposes and periods:

1. The first time you call us, we’ll write your full name so we can remember who’s coming to see us. If your phone is set up to allow caller ID, we will see your phone number, which we will save so that if anything happens that prevents you from coming to us, we can call you, so we will keep it for notification purposes.

2. If you register by email, you also accept the Privacy Policy, which you can find on our website.

3. If you ask me to sign you up on the website (or in the cosmetic shop) or subscribe to a newsletter, it is completely voluntary and you can read this privacy policy by clicking on the privacy policy. You can also ask to subscribe to our newsletter in person at the shop. By subscribing, you consent to receive newsletters from us for information and marketing purposes. Please only subscribe to our newsletter if you are over 18 years of age.

Your email address will be kept until you unsubscribe by clicking on the unsubscribe button at the bottom of the emails you receive, or you send a request to info@beautebudapest.com to unsubscribe.

If you click on unsuscribe, you can unsubscribe immediately, if you request it by email, I will delete your data within 24 hours.

We use the MailChimp system for sending newsletters, so they are the data processors. You can read their privacy policy by “clicking here”. http://mailchimp.com/legal/privacy/

If for some reason I don’t want you on our newsletter list, we’ll delete you without question.

Concepts, if someone has questions about what it means.

All the concepts are copied from the NAIH website and can be found here: https://www.naih.hu/adatvedelmi-szotar.html

Data processing: any operation or set of operations which is performed on data, regardless of the procedure used, such as collection, recording, recording, organisation, storage, alteration, use, disclosure, transmission, alignment or combination, blocking, erasure and destruction, and prevention of further use of the data. Processing also includes the taking of photographs, audio or video recordings and the recording of physical characteristics that can be used to identify a person (such as fingerprints, palm prints, DNA samples, iris scans).

Data controller: the person or entity that determines the purposes for which the data are processed, makes and executes the decisions concerning the processing (including the means used) or has the processing carried out by a processor on its behalf.

Data processing: the performance of technical tasks related to processing operations (irrespective of the method and means used to carry out the operations and the place of application).

Data processor: the person or entity that processes the data on the basis of a contract with the controller, including a contract entered into pursuant to a legal provision.

Data subject’s rights: the data subject must be clearly informed of all the details of the processing before the processing starts and at any time at his or her request. The data subject may also request the rectification and, in certain cases, the erasure of his or her data, and may object to the processing of his or her personal data in cases provided for by law.

Legal basis for processing: as a general rule, consent of the data subject or mandatory processing by law.

Consent: a voluntary and explicit indication of the data subject’s wishes, based on appropriate information, by which he or she gives his or her unambiguous agreement to the processing of personal data relating to him or her, either in full or in relation to specific operations. For special data, a written form is required.

Adequate information: the data subject must be informed before the processing starts whether the processing is based on his or her consent or whether it is mandatory, and must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.

Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data.

Data security: a system of technical and organisational solutions to protect against the unauthorised acquisition, modification and destruction of data.

Data management principles: the purpose limitation requirement (see below) and the data quality requirement. The latter implies the need for accurate, complete and up-to-date data, as well as fair and lawful data collection and processing.

Purpose limitation: personal data may only be processed for specified purposes, for the exercise of a right or the performance of an obligation. At all stages of the processing, the purpose of the processing must be fulfilled and the collection and processing of the data must be fair and lawful. Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose. The processing must ensure that the data are accurate, complete and, where necessary for the purposes for which they are processed, kept up to date, and that the data subject can be identified only for the time necessary for the purposes for which they are processed.

Personal data may only be processed for specified purposes, for the exercise of rights and the performance of obligations. At all stages of the processing, the purpose of the processing must be fulfilled and the collection and processing of the data must be fair and lawful. Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose. The processing must ensure that the data are accurate, complete and, where necessary for the purposes for which they are processed, kept up to date, and that the data subject can be identified only for the time necessary for the purposes for which they are processed.

Transfer abroad: the transfer of personal data to a controller in a third country outside the EEA (European Economic Area: the countries of the European Union plus Iceland, Norway and Liechtenstein).

Complaints handling:

Source: https://www.naih.hu/panaszuegyintezes-rendje.html

Information on the investigation of complaints related to the exercise of the rights of persons concerned

Pursuant to Article 38 (2) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: the “Act”), the National Authority for Data Protection and Freedom of Information (hereinafter: the Authority) is responsible for monitoring and promoting the enforcement of the right to the protection of personal data and the right to access data of public interest and public interest.

According to Article 3(1) of the Data Protection Act, “data subject” means any natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.

According to the definition in Section 3(9) of the Data Protection Act, “controller” means the natural or legal person or unincorporated organisation which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has the data processed by a processor.

The Infotv. Pursuant to Section 52 (1) of the Act on the Protection of Personal Data, any person may submit a notification to the Authority to initiate an investigation on the grounds that a violation of rights has occurred or is imminent in connection with the processing of personal data or the exercise of rights of access to personal data in the public interest or in the public interest.

In view of the above provisions of the Information Act, the Authority will only investigate complaints if the data subject has already contacted the data controller prior to his/her notification to the Authority in relation to the exercise of the rights specified in the notification.

In this context, the data subject may, pursuant to Article 14 of the Data Protection Act, request the controller to.

information on the processing of his or her personal data,

rectification of his personal data, and

the erasure or blocking of his or her personal data, except for mandatory processing.

Data subjects should exercise these rights in a documented and verifiable manner to avoid disputes and request that data controllers inform them in writing of the fulfilment of their obligations and of the measures taken. Pursuant to Article 24 of the Infotv, the appointment of an internal data protection officer is mandatory for data controllers and data processors handling or processing data held by national authorities, labour or criminal records, financial institutions, and electronic communications and utilities providers (in addition, data protection officers are also appointed in healthcare institutions pursuant to Article 32 of Act XLVII of 1997). Therefore, the Authority recommends that data subjects in these data controllers should seek the assistance of an internal data protection officer.

If the data controller does not comply with its legal obligation in relation to one of the above claims of the data subject, the Authority shall, upon the request of the data subject, initiate an investigation pursuant to Section 38 (3) a) of the Data Protection Act or shall conduct an official procedure pursuant to Section 38 (3) b) of the Data Protection Act. The request shall inform the Authority of any circumstances that may be necessary for the conduct of the investigation.

The Authority reminds the parties concerned that, if proceedings are initiated, they should keep all relevant documentation in order to ensure that they are conducted efficiently and accurately, thus facilitating the Authority’s proceedings.

The Infotv. No person shall suffer any disadvantage as a result of a notification made to the Authority pursuant to Article 52(3) of the Infotag. The identity of the notifier may only be disclosed by the Authority if the investigation could not be carried out without it. If the notifier so requests, the Authority may not disclose the identity of the notifier even if the investigation cannot be carried out without it.

Irrespective of the decision of the Authority, the data subject may, pursuant to Article 22(1) of the Data Protection Act, in the event of a breach of his or her rights, take the data controller to court, as a result of which, in the event of a finding of a breach of rights, the court may, in addition to enforcing the exercise of the data subject’s rights by ordering the data controller to do so, claim damages or compensation.

The Authority shall facilitate the enforcement of data subjects’ rights by issuing formal notices. Available at: https://www.naih.hu/panaszuegyintezes-rendje.html

By subscribing to our newsletter, or by sending an email, message or logging in to the cosmetic, you agree to our privacy policy.