Privacy statement

This is a statement on processing of personal data made by Dr. Ágnes Kaszás, sole proprietor (hereinafter referred to as Controller): 

By means of publishing this statement, I hereby fulfil the prior information obligation provided by the Regulation (EU) 2016/679 of the European Parliament and of the Council on General Data Protection Regulation(hereinafter referred to as GDPR), under which any information required to be addressed to the public or to the data subjects according to its Articles shall be concise, transparent, easy to understand and easily accessible and that clear and plain language.

I. Data processor and data controller

Data controller

Company name: Dr. Ágnes Kaszás sole proprietor
Registered seat: 1063 Budapest, Kmety György utca 20.
Registration number: 51103558
Tax number: 76996445-1-42
E-mail address: info@agneskaszas.com
Website: www.agneskaszas.com

Data Processor – Web hosting service provider

Company name: Tárhely.Eu Szolgáltató Kft.
Address: 1097 Budapest, Könyves Kálmán körút 12-14.
Phone number: +36 1 789-2-789
E-mail: support@tarhely.eu
Web: www.tarhely.eu

My clients’ personal data which are provided by filling the contact form, via info@agneskaszas.com or phone as well as in the context of paper-based client data sheets or notes taken during consultations shall not be disclosed to a third party.

I assure my clients that their personal data shall not be used for any other purposes unless they have given their explicit consent to do so. 

My clients’ e-mail address will be included in my newsletter database if they clearly and explicitly contribute to it at our first meeting or contacting the website. I will send my free information e-mails to that address. 

Any of my clients is entitled to ask for erasing his or her e-mail address from the database without restrictions at any time.

II. Types of data processing, scope of processed personal data, period of data processing

Processing of personal data for marketing purposes by sending newsletters

Data controller

Company name: Dr. Ágnes Kaszás sole proprietor
Registered seat: 1063 Budapest, Kmety György utca 20.
Registration number: 51103558
Tax number: 76996445-1-42
E-mail address: info@agneskaszas.com
Website: www.agneskaszas.com

Data Processor – Webgalamb Email Marketing and Newsletter sending software

Company name: ENS Informatikai és Rendszerintegrációs Zrt.
Address: 1106 Budapest, Fehér utca 10.
Phone number: +36 20 222 0011
E-mail: kapcsolat@webgalamb.hu
Web: www.webgalamb.huhttp://www.webgalamb.hu

  • Purpose of data processing: informing the data subjects who have registered themselves into the database by e-mail about special offers and new services; informing them about services provided by me and their changes, information about news and events.
  • Data subjects: every natural person who wishes to subscribe to my newsletter.
  • Legal ground for data processing: personal consent of the data subject which is made by ticking a box next to the text “subscription to newsletter” after receiving information about his or her personal data or made on our first meeting during the preparation of paper-based client data sheet.
  • Period of data processing: until unsubscription, i.e. until the data subject requires to erase his or her data from the database. Data subjects may unsubscribe by clicking the “unsubscribe” link in the footer of the e-mails sent to the them or by sending an e-mail to the info@agneskaszas.com or by postal mail sent to my registered seat.
  • Scope of the processed data: name, e-mail address, telephone number

Registration in the website, contacting:

  • Purpose of data processing: contacting in the purpose of logging in, receiving information, preparing of contract.
  • Data subjects: every natural person who fills in the contact form in my website. http://agneskaszas.com/kapcsolat/
  • Legal ground for data processing: personal consent of the data subject
  • Period of data processing: until the data subject requires to erase his or her data from the database.
  • Scope of the processed data: name, e-mail address

Processing of the clients’ personal data

  • Purpose of data processing: processing of the clients’ personal data relating to the main activity.
  • Data subjects: clients asking for appointment to consultation
  • Legal ground for data processing: personal consent of the data subject, concluding a contract
  • Period of data processing: until the data subject requires to erase his or her data from the database. The data provided on the invoice cannot be erased for 8 years as required by the Act on Accounting.
  • Scope of the processed data:
  • For callback request: name, e-mail address, telephone number
  • For invoicing: name, address, bank account number (in case of payment by transfer), or company name, registered seat, tax number, bank account number, tax number.
  • In case of filling in the client data sheet: the client data sheet is also a health assessment sheet which contains: Name, e-mail address, phone number, date of birth, billing address, questions relating to health status (if they are relevant)
  • Notes prepared during consultations: they may contain any data disclosed during consultations which are important for the treatment and mainly sensitive e.g. data about health state, sexual orientation, religion, political interests etc. I shall keep these notes in a separate file for each client and I shall pay special attention to their physical security.

The health assessment sheet helps to create a consultation plan as personal as possible and excludes any risk factors that may arise from the particular health condition. The health assessment sheet is not necessary to fill in. Before each treatment, I ask questions and consult to the client about the possible opportunities, needs and risks.

III. People entitled to access the data

As a sole proprietor, I don’t have an employee, so the data are processed only by me.

IV. Your right

Right of access: 

You shall have the right to obtain information about your personal data stored by me at any time. Please, contact me and I will send your personal data by e-mail.

Right to data portability:

If your personal data are processed by automated means based on your approval or consent, you shall have the right to ask to transmit those personal data to you or to another party in a structured, commonly used and machine-readable format. It is only applied to the personal data which you have provided me.

Right to rectification: 

You shall have the right to obtain from me the rectification of inaccurate personal data concerning you including to have incomplete personal data completed. 

Right to erasure:

You shall have the right to obtain from me the erasure of personal data controlled and processed by me. (Obligatory data retention required by the law constitutes as exemption e.g. Act on Accounting in case of invoices).

Right to object to personal data processing based on legitimate interest: 

You shall have the right to object to control or process your personal data based on legitimate interest. From that time on, I shall not continue to process your personal data except of the cases where I will be able to demonstrate my legitimate interests which override your interests and rights or in case of legal claim.

Right to restriction:

Right to restriction:You shall have the right to obtain from me the restriction of processing under the following circumstances:

  • If you have any objection to personal data processing, I shall restrict the processing until the legitimate interest is justified.
  • If your personal data are incorrect, I shall restrict to process such data until the accuracy of such data are justified.
  • If the processing is unlawful, you may request the erasure of your personal data or the restriction of their use, if I no longer need your personal data for the purposes of the processing, but they are required to store for the establishment, exercise or defence of legal claims;

How can you exercise your rights?

You can send your requests in relation to the above rights to the following e-mail address: info@agneskaszas.com

Right to lodge a complaint with a supervisory authority: 

If you consider that I control or process your personal data incorrectly, do not hesitate to contact me. You shall have the right to lodge a complaint with a supervisory authority as well.

Rules of procedure:

I shall provide information on action taken on a request under Articles 15 to 22 of the GDPR to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

I shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If I do not take action on the request of the data subject, I shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Any information and communication shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, I may either charge a reasonable fee into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request.

I shall communicate any rectification or erasure of personal data or restriction of processing carried out by me to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

I shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, I may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided by me in electronic form.

Compensation and tort:

Any person, who has suffered material or non-material damage because of an infringement of the GDPR, shall have the right to receive compensation from the controller or processor for the damage suffered. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of the Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.

Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject.

Right to engage in legal proceedings:

In relation to the breach of his or her rights, the data subject may bring the matter before the court. The matter shall be given priority by the court.

Administrative proceedings on data protection:

Complaint may be lodged to the Hungarian National Authority for Data Protection and Freedom of Information.

Name: Hungarian National Authority for Data Protection and Freedom of Information
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone number: +36 1 789391-1400
Fax number: +36 – 1- 391-1410
E-mail address: ugyfelszolgalat@naih.hu
Website: www.naih.hu

Updates of the Privacy Statement:

I may need to update my Privacy Statement. In this case, I reserve the right to modify my privacy statement unilaterally. That will be the case in particular when the legislation makes it mandatory. You can access the latest version of the Privacy Statement at www.agneskaszas.com at any time. I will always inform you about any major changes to my Privacy Statement, such as the reasons for processing your personal data or about your rights. The changes of data processing shall not result the processing of personal data for another purpose other than the one for which the personal data has been originally collected.

V. Information relating to the personal data of those who visit the website of the undertaking, cookies

During the visits to my website, one or more cookies, i.e. small information packets, will be sent to the computer of the person visiting the website which is sent by the server to the browser and then it is returned to the server at any server-directed request – which results that the browser will be individually identifiable if the person visiting this website has expressly (actively) contributed to it by further browsing of the website. 

We use cookies to enable you to increase your website experience and to the automation of log in. Cookies do not contain any personal information which can be used to identify an individual user. I don’t carry out data processing in the context of these activities.

Remarketing tag

During the visits to my website, the site sends one or more cookies, that is a small file containing a string, to the visitor’s computer, which will allow its browser to be uniquely identified. These cookies are provided by Google and are used through Google Adwords.

These cookies are accessed to the visitor’s computer only when visiting some sub-pages. The use of these cookies is as follows: external service providers, including Google, will store these cookies if a user has previously visited the advertiser’s site, and the external service providers will display ads to the user, including Google, on the websites of its partners.

Users can disable Google cookies on the page serving for this purpose. (It can also indicate the users that they can disable external service providers’ cookies on the Network Advertising Initiative’s opt-out page.) Based on the notification, the operator shall conduct the proceedings provided by Article 13 of the Act CVIII of 2001 complying with the conditions and rules contained therein.