Data Protection Guidelines

  1. General Guidelines
(1)Vivien Németh private contractor, as Data Manager proceeds based on this Data Protection Guidelines concerning the website operated by her:  www.pszichologiai-tanacsadas.hu (from now on: Website)and other websites reachable on different addresses as determined on Website concerning managing data of natural people using her services.
User by using Website accepts the provisions of this Data Protection Guidelines as obligatory as regards himself.
Data Manager in terms of this manual:
Data Manager: Vivien Németh private contractor
Tax identification number: 67951075-1-40
Registration number: 50993844
Electronic (e-mail) address: info@pszichologiai-tanacsadas.hu
(2)The objective of this Data Protection Guidelines is to determine the types of personal data and method of data management handled by Data Manager. It ensures the emergence of the constitutional principles and the demands of data protection to prevent illegal access to data, the modification, unauthorized publication and use of data so that the private sphere of natural persons using the Service can be honoured.
(3) Data Manager handles User’s personal data confidently to reach the goal stated in paragraph (2), in accordance with operative laws, takes care of their safety, carries out technical and organizational measurements and forms the rules which are needed to validate actual regulations and other recommendations.
  1. Legal background
Data Manager is obliged to keep legal rules concerning managing personal data in every phase of data management. The following regulations are operative to handle data management by Data Manager
2:43 (e) paragraph of V. law passed in 2013 about the Penal Code
CXII. (‘Data Protection law’) passed in 2011 about informational declaration of self determination and the freedom of information
CVIII. law (‘Eker law’) passed in 2001 about some questions of electronic commercial services and services connected to information society
XLVIII. law (‘Grt. law’) passed in 2008 about the essential conditions and particular limits of economic advertising activity
  1. law passed in 1998 about announcing Agreement dated 28 January 1981 in Strasbourg about protecting individuals during mechanic processing of personal data
CXIX. law (‘Katv.’) passed in 1995 about managing data like name and address with the objective of research and direct business
3.Concepts
(1) client: any determined, directly or indirectly identifiable natural person based on personal data
(2) personal data: data that can be connected to Client – especially some characteristics like Client’s name, identification number and one or more physical, psychological, mental, economic, cultural or social identification and consequences concerning Client
(3) consent: the voluntary and determined manifestation of Client which is based on adequate information and with which he gives his unambiguous consent to manage his personal data entirely or for specific purposes.
(4) protest: Client’s manifestation with which he objects the management of his personal data, wants to terminate data management and the deletion of managed data.
(5) data management: irrespectively of the applied process, it refers to the summation of a procedure or procedures, for example the collection, record, systematization, storage, modification, use, relay, disclosure, synchronization, connection, lock, deletion and eradication of data as well as hindrance of further use of data, taking a photo, voice or picture record and fixing physical attributes to be able to identify a person (fingerprint, palmprint, DNA sample, iris image).
(6) processing data: completing technical tasks connected to data management procedures irrespective of methods and instruments applied to carry out the procedures and the location of application supposing the technical task is carried out on data.
(7) transmission of data: making data accessible for a determined third person
(8) disclosure of data: making data available for anyone
(9) data manager: the natural or legal person or an organization without legal personality who determines the purpose of managing personal data, makes decisions considering data management and carries them out or he makes a data manager appointed by him carry them out.
(10)data processor: the natural or legal person or an organization without legal personality who deals with data management based on contract – including the contract on the basis of regulations.
(11) deletion of data: making data unrecognizable in a way that their reconstruction is not possible any more.
(12) database: all data managed in one registry.
(13) third person: a natural or legal person or an organization without legal personality who or that is not identical with Client, Data manager or Data processor.
  1. The legal basis of data management
Data Manager handles data of clients in accordance with laws of data protection based on their consent and in accordance with CVIII. law paragraph 13/A passed in 2001 about electronic commercial services and some questions in connection with information society, and XLVIII. law paragraph 6 passed in 2008 about basic conditions and some boundaries of economic advertising.
  1. Types of managed data, purpose and duration of data management
(1) Present Data Protection Guidelines involves managing personal data of exclusively natural people considering the fact that personal data can be interpreted only in case of natural people.
Anonymous information is not qualified as personal data which is collected with the exclusion of personal identification and which cannot be connected to natural persons. The demographic data are not qualified as personal data which are collected in a way that they are not linked to personal data of identifiable people. By doing so, no connection can be established with a natural person.
(2) Sending an online message, making an appointment:
There is a possibility to make an appointment with Provider on Website and ask for whatever information during which it is necessary to provide the following data:
name
e-mail address
Purpose of data management: serving the client personally and making appointments as requested by him.
Client can ask his data to be deleted from registry any time, free of charge. It can be carried out in 5 working days. The recanting proclamation can be communicated:
by means of sending an electronic mail to the e-mail address of Data Manager
(3) Making an appointment
Purpose of data management: making an appointment by using Website, requesting (personal or online) communication with the psychologist in private. Getting in touch with the specialist found on Website. To check the operation of service and prevent misuse, to increase the efficiency of service, marketing research.
Legal basis of data management: the consent of the client and CVIII. law 13/A paragraphs (3) and (4).
Types of managed data:
name
e-mail address
telephone number
name of provider
date
time of appointment.
Duration of data management: 5 years after finishing the use of Service
Deletion and modification of data can be initiated in the following ways:
by means of a message sent to Data Manager’s e-mail address
Data Manager places an anonymous identification (cookie) on Client’s computer, which, in itself, is not able to identify Client in any way, it is suitable only to recognize Client’s computer. It is not necessary to provide name, e-mail address or any other personal information since by applying this solution User does not give any personal data to Data Manager, data change happens exclusively between computers.
Data Manager manages cookies with the objective of getting more information about Client’s habits of information use, and by doing so she can improve the standard of her services and publish customized websites and marketing materials (advertisements) during the visit to the portal.
Client has the chance to ban the placement of individual identification signals (cookies) on his computer by setting his browser. Client understands that some services will not work properly by banning cookies.
                (5)  Remarketing codes
Portal uses Google Awards remarketing codes. The remarketing code uses cookies to label Visitors to Portal.
Settled cookies can help to publish advertisements connected to products and services of Provider on other websites belonging to Google Display network visited by Portal’s visitor at a later point in time.
User can ban cookies any time and customize advertisements on Google advertisement setting.
                (6) Logfiles
The system automatically puts the following data into logfiles to be able to use services:
the dynamic IP address of User’s computer
depending on settings of User’s computer, the type of browser and operating system used by User
User’s activity connected to Website
On the one hand, use of these data happens because of technical reasons like analysing safe operation of servers and their posterior control, on the other hand, Data Manager uses these data to create statistics based on website use and to analyze User demand so that she can improve the standard of services.
The above-mentioned data are not suitable for identifying User and Data Manager does not link them with other personal data.
Data Manager can handle data connected to Client for any reason different from the above-mentioned ones – especially for the purpose of increasing the efficiency of its service or marketing research – after determining the reason for using data with the consent of Client. These data cannot be linked to the identification data of Client and cannot be handed over to a third person without his consent. These data must be deleted if data management purpose ceases to exist or Client gives such a statement.
Data Manager makes sure that User has the right to know any time before and during using Service what kinds of data Data Manager handles for which purposes including data that cannot be linked directly to User.
The legal basis of data management by Data Manager is in every case the consent of Client.
Duration of data management:
Data based on Client’s consent can be managed until the modification or withdrawal of this consent. On expiry of duration of data management Data Manager is obliged to delete Client’s personal data.
Data connected to orders – including voice records made during phone administration – is stored by Data Manager  for 5 (five) years – which is the general terms of limitation to have evidence in case of possible legal cases.
Data connected to invoicing is stored by Data Manager for 8 (eight) years as is her accounting duty (based on paragraph 169 of C. law passed in 2000) and handles them until term of limitation as stated in XCII. law passed in 2003.
Provider uses Google Analytics Software in order to gain independent and other web-analytical data of Website, so Google Inc. as Data Processor is responsible considering these data. The guidelines of Data Protection of Google Inc. can be reached on http://www.google.com/intl/hu ALL/privacypolicy.html.
User of the services of Webpage understands that he has given his consent to Google to process his data by using Website.
(7) Should Provider make a company in business connection with her operate some services and pages of Website, this partner – on behalf of and in representation of Provider and for Provider – gathers personal data and present Data Protection Guidelines concerns data management.
(8) Should Webpage have a common service with any of its content partner, the application law of personal data is joint, but the guidelines of this Data Management Guidelines are normative in accordance with rules considering data management guidelines specified in the contract with partner.
  1. Rights of Clients
(1)Client can request Data Manager
  1. a) to be informed about the management of his personal data,
  2. b) to correct his personal data, as well as
  3. ) to cancel or block her personal data – with the exception of compulsory data management.
(2) For the request of User Data Manager gives written information within 30 days of submission of request about data managed by Data Manager or processed by Data Processor, their sources, purpose, legal basis and duration of data management, name, address and activity of data manager and – in case of transmission of personal data of Client – the legal basis and addressee of transmission.
Information is free if Client applying for information has not handed in a request in the same field that particular year to Data Manager. In other cases Data Manager can charge fees.
(3) Data Manager keeps a record about transmission of data to be able to check its legality and give information to User. Records contain the time of transmission of personal data managed by him, the legal basis and addressee of transmission, the definition of the type of transmitted personal data and other data determined in the law which specifies data management.
(4) If personal data does not reflect reality and real data is known by Data Manager, he corrects personal data.
(5)Personal data has to be deleted if
  1. a) their management is illegal
  2. b)it is requested by Client (with the exception of compulsory data management)
  3. c) it is incomplete or incorrect – and this condition cannot be managed legally – supposing deletion is not excluded by law
  4. d)the purpose of data management has ceased or the determined deadline of data storage specified by law has expired
  5. d)it is ordained by court or authorities
(6) Data Manager blocks personal data instead of deleting them if Client requests it or it can be assumed on the basis of available information that deletion would hurt the legal interests of Client. Data blocked this way can only be managed until data management is relevant which excluded the deletion of personal data.
(7) Data Manager signals personal data managed by him if Client disputes its accuracy or correctness but the accuracy or correctness of disputed personal data cannot be determined unequivocally.
(8)Client and everyone else should be informed about correction, blocking, signalling and deletion who have been transmitted the data with the purpose of data management. Informing them can be neglected if this data management does not hurt the legal rights of Client as regards the purpose of data management.
(9) If Data Manager does not carry out User’s request of correction, blockage and cancellation he justifies his factual and legal reasons why he rejected the correction, blockage or cancellation in a written form within 30 days of receiving the request. In case of rejection Data Manager informs Client about possibilities of court remedy and turning to authorities.
(10)Client can protest against managing his data if
  1. a) management or transmission of data is needed only to fulfil the legal duty of Data Manager or to validate date manager’s, data recipient’s or a third person’s legal interest, with the exception of compulsory data management
  2. b) use or transmission of personal data happens with the purpose of direct business, opinion poll or scientific research
  3. c) other cases determined by law
Data Manager – at the time of suspension of data management – is obliged to examine the protest as soon as possible after submission but in maximum 15 days and inform applicant in a written form about the result. Should protest prove to be lawful Data Manager is obliged – including further admission and transmission of data – to cancel and block data and to inform those about protest and measures based on this who were transmitted personal data with protests earlier and who are obliged to take measures on behalf of violating protest law.
Should Client not agree with Data Manager’s decision or if Data Manager misses the 15-day deadline – 30 days within the disclosure or the last day of deadline – he can turn to court.
(11) The rights of Client as determined in paragraph (5) can be restricted by law in questions of internal and external safety of the state, protection of the country and nation, protection and prosecution of crimes, protection of law enforcement, economic or financial interest of state or local government, economic or financial interest of the European Union or to prevent and reveal disciplinary and ethical misdemeanour connected to practising jobs, breaching duties of law and protection of labour – including control and supervision in all cases – and in the interest of protecting the laws of Client or others.
(12) Client agrees that Data Manager (Vivien Németh psychologist) can record and store personal data and make written notes about counselling during the process of consultations she manages and stores all personal data in accordance with GDPR regulations.