Geiger Tamás s.e. (hereinafter: Data Controller), as the operator of the website available under the domain name gtm4wp.com (hereinafter: Website), hereby publishes the rules, data protection and data management principles, as well as information regarding the data management carried out through the Website.
By starting to use the Website and marking the appropriate field, users visiting the Website or using the Data Manager’s services (hereinafter: User) accept all the conditions contained in this Data Management Information (hereinafter: Information), so please read this Information carefully before using the Website.
Data of the data controller
Tamás Geiger s.e.
Hungarian registry number in self employed database: 20603739
EU TAX number: HU60384649
Address: Váci street 83, Budapest 1044, Hungary
Information on individual data management
In order to view the textual content appearing on the Website, no prior registration or provision of personal data is required, they can be read freely by clicking on the title of the article, without any kind of compensation.
The Website operator reserves the right to grant the User access to certain content only after prior registration, and the Website operator will inform the User of the detailed data protection principles before registration.
The operator of the Website reserves the right to limit some or all of the content available for free for certain Users, if the User’s activity or activities cause malfunctions or vandalism in the operation of the Website.
Scope of processed data
On the interface available under the Contact menu item available on the Website, the User has the opportunity to enter his data in order to receive information and make comments regarding the Trainings and the activities of the Data Controller (hereinafter: Contact). During the Contact, it is possible to provide the following data (data marked with * is mandatory):
- full name*
- e-mail address*
- name of affected website / mobile application*
Purpose of data management
Providing information related to the Data Manager’s services and activities, within this framework, contacting and maintaining contact with the interested User, informing the User, handling comments related to the Data Manager’s activities.
Duration of data management
It shall immediately delete the User’s personal data after the end of the two-way communication, and also in the event that the User requests the deletion of his data or withdraws his consent to the processing of his personal data.
Legal basis for data management
The express consent of the User (given by ticking the box available for accepting this Information) based on GDPR Article 6 (1) point a).
Only persons over the age of 18 are entitled to provide data!
Scope of persons entitled to access personal data, data processing
The Data Controller is entitled to access personal data according to the applicable legislation.
The data controller uses the following data processor during data management:
Websupport Magyarország Kft. (head office: 1132 Budapest, Victor Hugo utca 18-22; e-mail: firstname.lastname@example.org)
Purpose of data processing
Providing the technical background necessary for the operation of the Website.
The Data Controller reserves the right to involve additional data processors in the data management in the future, of which it will inform the Users by amending this Notice.
In the absence of an express legal provision, the Data Controller will only transfer personal identification data to third parties with the express consent of the User in question.
Rights of the user
Access to personal data
At the request of the User, the Data Controller provides information on whether the Data Controller continues data processing with regard to his personal data and, if so, gives him access to the personal data, as well as informs him of the following information:
- purpose(s) of data management;
- types of personal data involved in data management;
- in case of transmission of the User’s personal data, the legal basis and recipient(s) of the data transmission;
- planned duration of data management;
- the rights of the User in connection with the correction, deletion and restriction of processing of personal data, as well as objections to the processing of personal data;
- the possibility of turning to the Authority;
- the source of the data;
- relevant information related to profiling;
- about the name, address and activity related to data management of the data processors
The Data Controller provides the User with a copy of the personal data subject to data management free of charge. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. If the User submitted the request electronically, the information must be provided in a widely used electronic format, unless the data subject requests otherwise.
The Data Controller is obliged to provide the information at the User’s request in an understandable form without undue delay, but at the latest within one month of the submission of the request. The user can submit his request for access to the contact details specified in point 1.
Correction of processed data
The User may apply to the Data Controller (at the contact details specified in point 1) for the correction of inaccurate personal data or the addition of incomplete data, taking into account the purpose of the data management. The data controller will carry out the correction without undue delay.
Deletion of processed data (right to be forgotten)
The User may request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:
- the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
- the User withdraws his consent and there is no other legal basis for data processing;
- the User objects to the handling of his personal data;
- the processing of personal data was unlawful;
- the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller;
- the collection of personal data based on consent took place in connection with the offering of information society-related services to children.
If the Data Controller has disclosed (made available to a third party) the personal data and is obliged to delete it based on the above, it must take the reasonably expected steps and measures, taking into account the available technology and the costs of implementation, in order to inform the data controllers handling the personal data concerned that the User has requested from them the deletion of the links to the personal data in question or the copy or duplicate of this personal data.
Personal data do not need to be deleted if data management is necessary:
- for the purpose of exercising the right to freedom of expression and information;
- for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller;
- on the basis of public interest in the field of public health;
- for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right to erasure would likely make this data management impossible or seriously jeopardize it; obsession
- for the presentation, enforcement and defense of legal claims.
Limitation of data management
The User has the right to request that the Data Controller limit the processing of personal data instead of correcting or deleting it, if one of the following conditions is met:
- the User disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data manager to check the accuracy of the personal data;
- the data management is illegal and the User opposes the deletion of the data and instead requests the restriction of their use;
- The Data Controller no longer needs the personal data for the purpose of data management, but the User requires them to present, enforce or defend legal claims; obsession
- the User objected to data management; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
If data management is subject to restrictions, such personal data may only be processed with the consent of the User, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
The Data Controller informs the User, at whose request the data processing was restricted, of the lifting of the data processing restriction in advance.
Notification obligation related to the correction or deletion of personal data or the limitation of data management
The Data Controller informs all recipients of the correction, deletion or restriction of personal data to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. Upon the User’s request, the data controller will inform the User about these recipients.
Right to protest
The User may object to the processing of his personal data if the data processing
- it is of public interest or necessary for the execution of a task performed in the context of the exercise of public authority granted to the Data Controller;
- necessary to enforce the legitimate interests of the Data Controller or a third party;
- based on profiling.
In the event of the User’s objection, the Data Controller may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over the User’s interests, rights and freedoms, or that are related to the submission, enforcement or defense of legal claims.
Action by the data controller in the event of a request from the User
The Data Controller shall inform the User without undue delay, but at the latest within one month of the receipt of the request, of the measures taken following the request for access, correction, deletion, restriction, objection, and data portability. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controller shall inform the User of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the User submitted the request electronically, the information must be provided electronically, if possible, unless the data subject requests otherwise.
If the Data Controller does not take measures following the User’s request, it shall inform the User without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the User may file a complaint with a supervisory authority and exercise his right to judicial redress.
In the case of the User’s request, the information, the information and the action taken based on the request must be provided free of charge. If the User’s request is clearly unfounded or – especially due to its repetitive nature – excessive, the Data Controller, taking into account the administrative costs associated with providing the requested information or information or taking the requested action, may charge a reasonable fee or refuse to take action based on the request. It is the responsibility of the Data Controller to prove that the request is clearly unfounded or exaggerated.
Management and reporting of data protection incidents
A data protection incident is any event that results in the unlawful handling or processing of personal data managed, transmitted, stored or processed by the Data Controller, thus in particular unauthorized or accidental access, alteration, communication, deletion, loss or destruction, as well as accidental destruction and damage.
The Data Controller is obliged to report the data protection incident to the NAIH without undue delay, but no later than 72 hours after becoming aware of the data protection incident, unless the Data Controller can prove that the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, the reason for the delay must be indicated, and the required information can be provided in detail without further undue delay. The notification to the NAIH shall contain at least the following information:
- the nature of the data protection incident, the number and category of data subjects and personal data;
- Name and contact information of data controller;
- likely consequences of the data protection incident;
- the measures taken or planned to manage, prevent, remedy the data protection incident.
If the data protection incident is likely to involve a high risk, the Data Controller will inform the data subjects about the data protection incident via the Data Controller’s website within 72 hours after the detection of the data protection incident. The information must contain at least the data specified in this point.
The Data Controller keeps a record of data protection incidents for the purpose of checking the measures related to the data protection incident and informing the affected parties. The register contains the following data:
- scope of personal data concerned;
- scope and number of stakeholders;
- the date of the data protection incident;
- the circumstances and effects of the data protection incident;
- measures taken to prevent the data protection incident.
The data in the register is kept by the Data Controller for 5 years from the date of detection of the data protection incident.
The Data Controller undertakes to take care of the security of the data, to take the technical and organizational measures and to establish the procedural rules that ensure that the recorded, stored and managed data are protected, and to prevent their destruction, unauthorized use and unauthorized alteration. It also undertakes to call on all third parties to whom the data is forwarded or transferred based on the consent of the Users to comply with the requirement of data security.
The data controller ensures that no unauthorized person can access, disclose, forward, modify, or delete the processed data. The managed data can only be seen by the Data Manager, its employees, or the Data Processor used by the Data Manager, and the Data Manager will not pass them on to third parties who do not have the right to access the data.
The data manager will do everything possible to ensure that the data is not accidentally damaged or destroyed. The above commitment is required by the Data Controller for its employees participating in data management activities.
The User acknowledges and accepts that in the case of entering personal data on the Website – despite the fact that the Data Controller has modern security tools to prevent unauthorized access to the data or their investigation – the protection of the data cannot be fully guaranteed on the Internet. In the event of unauthorized access or knowledge of data despite our efforts, the Data Manager is not responsible for this type of data acquisition or unauthorized access or for any damage caused to the User as a result of these reasons. In addition, the User may also provide his personal data to third parties, who may use it for illegal purposes or in a way.
Legal enforcement options
The Data Controller does everything possible to ensure that personal data is handled in accordance with the law, however, if the User feels that it has not complied with this, he has the option to write to the contact details specified in point 1.
If the User feels that his right to the protection of personal data has been violated, he can seek legal redress from the competent authorities according to the applicable laws.
- National Data Protection and Freedom of Information Authority in Hungary (address: 1055 Budapest, Falk Miksa utca 9-11; email@example.com; www.naih.hu)
- at court.
This Information is governed by Hungarian law, especially Act CXII of 2011 on the right to self-determination of information and freedom of information. Act and the provisions of the GDPR are applicable.
Budapest, August 1, 2023.