Privacy policy

: Krisztian; Legal information; 08 July 2022; Hits: 1181; Rating:

( 0 Rating )

PRIVACY POLICY

Present Data management Informational Kadocsa Krisztián László Individual Entrepreneur (6725 Szeged, Kisfaludy utca 29/A., tax number: 56324910-1-26) contains the internal rules of its data management activities in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL - the regulation of natural persons regarding the management of personal data on the protection and free flow of such data, as well as on the repeal of Regulation 95/46/EC (general data protection regulation) - also the XXXIV of 2019. to comply with the law.

Kadocsa Krisztian László Individual Entrepreneur repeals the Data Management Notice dated November 12, 2020 and replaces it with this Notice.

I. GENERAL PROVISIONS

1. Introduction

Kadocsa Krisztián László Individual Entrepreneur The contractor declares that it carries out its data management activities - by adopting the appropriate internal rules, technical and organizational measures - in such a way that it complies in all circumstances with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL - on the processing of personal data of natural persons on the protection and free flow of such data, as well as on the repeal of Regulation 95/46/EC (general data protection regulation, hereinafter: Regulation) - as well as CXII of 2011 on the right to informational self-determination and freedom of information. of the provisions of the Act (hereinafter: Infotv).

Kadocsa Krisztián László Individual Entrepreneur The contractor operates the following websites(www.ormus.hu, www.vancouverislandormus.eu, www.csaladiasztrologia.hu, www.magicalcompanygrowth.com as well as www.cegnoveszto.hu).

2 Purpose of this Information

The purpose of the Information Sheet is to establish the internal rules that ensure that the data management activities of Kadocsa Krisztián László Individual Entrepreneur comply with the Regulation and Infotv. and its provisions.

3 Scope of this Notice

covers the handling of personal data relating to natural persons by Kadocsa Krisztián László Individual Entrepreneur.

Individual entrepreneurs, individual companies, primary producer customers, buyers, and suppliers shall be considered as natural persons for the purposes of this Information. The scope of the Notice does not cover the processing of personal data relating to legal entities, or in particular to businesses established as legal entities, including the name and form of the legal entity, as well as the contact details of the legal entity.

4. Concept definitions

The governing concept is defined in Article 4 of the Decree , as well as in Article CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. contained in the law .

1./ "personal data" : any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

2./ "data management" : any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, access, use, transmission, distribution or by making it available in other ways, coordinating or connecting, limiting, deleting or destroying;

3./ "restriction of data management" : designation of stored personal data for the purpose of limiting their future management;

4./ "profiling" : any form of automated processing of personal data, during which personal data is used to evaluate certain personal characteristics of a natural person, in particular work performance, economic situation, state of health, personal preferences, interests, reliability, behavior, residence used to analyze or predict characteristics related to location or movement;

5./ "pseudonymization" : handling personal data in such a way that, without the use of additional information, it is no longer possible to establish which specific natural person the personal data refers to, provided that such additional information is stored separately and technical and organizational measures are taken to ensure that this personal data cannot be linked to identified or identifiable natural persons;

6./ "registry system" : the file of personal data in any way - centralized, decentralized or divided according to functional or geographical aspects - which is accessible based on specific criteria;

7./ "data controller" : the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

8./ "data processor" : the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

9./ "recipient" : the natural or legal person, public authority, agency or any other body to whom or with which the personal data is communicated, regardless of whether it is a third party - Those public authorities that, in the context of an individual investigation, the EU or the they can access personal data in accordance with member state law, they are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

10./ "third party" : the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or those persons who, under the direct control of the data controller or data processor, process the personal data have been authorized to handle data;

11./ "consent of the data subject" : the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

12./ "data protection incident" : a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;

13./ "genetic data" : all personal data relating to the inherited or acquired genetic characteristics of a natural person, which carries unique information about the physiology or state of health of that person, and which primarily results from the analysis of the biological sample taken from the mentioned natural person;

14./ " biometric data" : all personal data related to the physical, physiological or behavioral characteristics of a natural person obtained through special technical procedures that enable or confirm the unique identification of the natural person, such as facial image or dactyloscopic data;

15./ "electronic commercial service" : a service related to the information society, the purpose of which is to acquire a negotiable movable thing - including money and securities, as well as natural forces that can be utilized in the manner of the thing -, service, real estate, right of property value (hereinafter including: commercial sale, purchase, exchange or other use of goods;

16./ "electronic way" : the use of wired, radio-technical, optical or other electromagnetic devices for electronic data processing, storage and transmission;

17./ " informative with society connected service ”: a service provided electronically, for those who are absent, usually for a fee, to which the user of the service has individual access;

18./ "Service provided from the territory of Hungary": Service related to the information society provided by a service provider that carries out actual activities related to the service related to the given information society at its seat, location or place of residence in the territory of Hungary.

5 Main legislation to be applied

Regulation (EU) 2016/679 of the Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (General Data Protection Regulation)
Act V of 2013 on the Civil Code
Act I of 2012 on the Labor Code
CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society
CXII of 2011 Act on the right to self-determination of information and freedom of information
Act C of 2000 on accounting

II. RIGHTS OF THE PERSON CONCERNED

6 Rights of the data subject

Right to prior information

The data subject has the right to receive information about the facts and information related to data management before the start of data management.

(Order 13-14. article)

The data subject's right of access

The data subject has the right to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and related information specified in the Regulation .

(Order Article 15)

Right to rectification

The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

(Order Article 16)

The right to erasure ("the right to be forgotten")

The data subject has the right to request that the Data Controller delete his personal data without undue delay.

The Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the reasons specified in the Regulation exists.

(Order Article 17)

The right to restrict data processing

The data subject has the right to request that the Data Controller restricts data processing, if in the Regulation

certain conditions are met.

(Order Article 18)

Notification obligation related to the correction or deletion of personal data or the limitation of data management

The Data Controller informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the Data Controller informs about these recipients.

(Order Article 19)

The right to data portability

Under the conditions set out in the Regulation , the data subject is entitled to receive the personal data relating to him and made available to Kadocsa Krisztián László Egyéni Vállalkozo in a segmented, widely used, machine-readable format, and he is also entitled to forward this data to another Data Controller without this would be hindered by the Data Controller to whom the personal data was made available.

(Order Article 20)

The right to protest

Regulation of his personal data at any time for reasons related to his own situation Article 6 (1) point e) - data processing is in the public interest or is necessary for the execution of a task carried out within the framework of the exercise of a public authority vested in the Data Controller - against processing or point f) - data processing is necessary for asserting the legitimate interests of the Data Controller or a third party - based processing against. In this case, the data controller may not process the personal data further, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject or that are related to the submission, enforcement or defense of legal claims .

(Order Article 21 )

Automated decision-making in individual cases, including profiling

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.

(Order Article 22)

Restrictions

The EU or Member State law applicable to the Data Controller or data processor may limit the provisions of Articles 12-22 through legislative measures. Article and Article 34 , as well as Articles 12-22. with regard to its provisions in accordance with the rights and obligations set out in Article 5 , the scope of the rights and obligations contained in Article 5, if the restriction respects the essential content of fundamental rights and freedoms, as well as a necessary and proportionate measure for the protection of the following in a democratic society. E.g. national security, national defense, public safety, crime prevention, investigation, detection or prosecution, as well as the implementation of criminal sanctions, including protection against threats to public security and the prevention of these threats, etc.

(Order Article 23)

Informing the data subject about the data protection incident

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, Kadocsa Krisztián László Egyéni Vállalkozó will inform the data subject about the data protection incident without undue delay.

(Order Article 34)

The right to lodge a complaint with the supervisory authority (right to an official remedy)

The data subject has the right to file a complaint with a supervisory authority - in particular in the Member State of his or her usual place of residence, workplace or the place of the suspected infringement - if, in the opinion of the data subject, the processing of personal data relating to him/her violates the Regulation.

(Order Article 77)

Complaints can be lodged with the National Data Protection and Freedom of Information Authority: Name: National Data Protection and Information Freedom Authority

Headquarters: 1055 Budapest, Falk Miksa utca 9-11.

Correspondence address: 1363 Budapest, Pf.: 9.

Telephone: 061/3911400

Fax: 061/3911410

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: http://www.naih.hu

The right to an effective judicial remedy against the supervisory authority

All natural and legal persons are entitled to an effective judicial remedy against the supervisory authority's legally binding decision concerning them, or if the supervisory authority does not deal with the complaint, or does not inform the data subject within 3 (three) months of the procedural developments related to the submitted complaint or its about the result.

(Order Article 78)

The right to an effective judicial remedy against the controller or processor

Regulation have been violated as a result of inappropriate handling of their personal data .

(Order Article 79)

7. Detailed information on the rights of the data subject

Right to prior information

The data subject has the right to receive information about the facts and information related to data management before the start of data management.

A) Information to be made available if personal data is collected from the data subject

1./ If the personal data concerning the data subject is collected from the data subject, the data controller shall provide the data subject with all of the following information at the time of obtaining the personal data:

a.) the identity and contact details of the data controller and, if any, the representative of the data controller;

b. ) contact details of the data protection officer, if any;

c.) the purpose of the planned processing of personal data and the legal basis of data processing;

d.) in the case of data management based on point f) of Article 6, paragraph (1) of the Regulation ( assertion of legitimate interests), the legitimate interests of the data controller or a third party;

e.) where appropriate, the recipients of personal data, and the categories of recipients, if any;

f.) where applicable, the fact that the data controller wishes to transfer the personal data to a third country or international organization, as well as the existence or absence of the Commission's compliance decision, or the Regulation in Article 46, Article 47 or Article 49 ( In the case of data transfer referred to in the second subparagraph of paragraph 1) , the indication of suitable and suitable guarantees, as well as a reference to the methods for obtaining a copy of them or their availability.

2./ In addition to the information mentioned in point 1./, at the time of obtaining the personal data, in order to ensure fair and transparent data management, the data controller informs the data subject of the following additional information:

a.) on the period of storage of personal data, or if this is not possible, on the aspects of determining this period;

b. ) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of such personal data, as well as the data subject's right to data portability;

c.) in the case of data processing based on point a) of Article 6 (1) (consent of the data subject) or point a) of Article 9 (2) (consent of the data subject) of the Regulation, the right to withdraw consent at any time, which it does not affect the legality of data processing carried out on the basis of consent before the withdrawal;

d.) on the right to submit a complaint to the supervisory authority;

e.) whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide the personal data, and the possible consequences of failure to provide data;

f.) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the Regulation , including profiling, as well as, at least in these cases, comprehensible information on the logic used and the significance of such data management, and on the data subject looking at the expected consequences.

3./ If Kadocsa Christian László Egyéni Vállalkozo wishes to carry out further data processing of personal data for a purpose other than the purpose of their collection, prior to further data processing, he must inform the data subject of this different purpose and of all relevant additional information mentioned in paragraph (2) .

4./ The 1-3. points do not apply if and to the extent that the data subject already has the information.

(Order Article 13)

B) Information to be made available if the personal data was not obtained from the data subject

1./ If the personal data was not obtained from the data subject, the data controller provides the data subject with the following information:

a.) the identity and contact details of the data controller and, if any, the representative of the data controller;

b. ) contact details of the data protection officer, if any;

c.) the purpose of the planned processing of personal data and the legal basis of data processing;

d.) categories of personal data concerned;

e.) recipients of personal data, and categories of recipients, if any;

f.) where appropriate, the fact that the data controller wishes to forward the personal data to a recipient in a third country or to an international organization, and the existence or absence of the Commission's compliance decision, or in Article 46, Article 47 or 49 of the Regulation In the case of data transfer referred to in the second subparagraph of paragraph (1) of Article

2./ In addition to the information mentioned in point 1./, the data controller provides the data subject with the following additional information necessary to ensure fair and transparent data management for the data subject:

a.) the period of storage of personal data, or if this is not possible, the criteria for determining this period;

b. ) if the data management is based on point f) of Article 6 (1) of the Regulation (legitimate interest), on the legitimate interests of the data controller or a third party;

c.) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of personal data, as well as the data subject's right to data portability;

d.) in the case of data processing based on point a) of Article 6 (1) (consent of the data subject) or point a) of Article 9 (2) (consent of the data subject) of the Regulation, the right to withdraw consent at any time, which it does not affect the legality of data processing carried out on the basis of consent before the withdrawal;

e.) the right to submit a complaint addressed to a supervisory authority;

f.) the source of the personal data and, where applicable, whether the data comes from publicly accessible sources; and

g.) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the Regulation , including profiling, as well as, at least in these cases, comprehensible information regarding the logic used and the significance of such data management and the data subject looking at the expected consequences.

3./ The data controller provides the information according to points 1./ and 2./ as follows:

a.) taking into account the specific circumstances of the handling of personal data, within a reasonable period of time from the acquisition of the personal data, but within one month at the latest;

b. ) if the personal data is used for the purpose of contacting the data subject, at least during the first contact with the data subject; obsession

c.) if it is expected that the data will be communicated to another recipient, at the latest when the personal data is communicated for the first time.

4./ If the data controller wishes to carry out further data processing of the personal data for a purpose other than the purpose for which they were obtained, he must inform the data subject of this different purpose and all relevant additional information mentioned in point 2./ before the further data processing.

5./ Points 1-5./ do not have to be applied if and to what extent:

a.) the data subject already has the information;

b. ) the provision of the information in question proves to be impossible or would require a disproportionately large effort, especially in the case of data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, taking into account the conditions and guarantees contained in Article 89 (1) of the Regulation, or if the obligation referred to in paragraph (1) of the article would likely make it impossible or seriously jeopardize the achievement of the goals of this data management. In such cases, the data controller must take appropriate measures - including making the information publicly available - in order to protect the rights, freedoms and legitimate interests of the data subject;

c.) the acquisition or disclosure of the data is expressly required by the EU or Member State law applicable to the data controller, which provides for appropriate measures to protect the legitimate interests of the data subject; obsession

d.) personal data must remain confidential on the basis of the obligation of professional confidentiality prescribed by an EU or member state law, including the obligation of confidentiality based on legislation.

(Order Article 14)

The data subject's right of access

1./ The data subject has the right to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive access to the personal data and the following information:

a.) the purposes of data management;

b. ) categories of personal data concerned;

c.) recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular third-country recipients and international organizations;

d.) where appropriate, the planned period of storage of personal data, or if this is not possible, the criteria for determining this period;

e.) the data subject's right to request from the Data Controller the correction, deletion or restriction of processing of personal data relating to him and to object to the processing of such personal data;

f.) the right to submit a complaint addressed to a supervisory authority;

g.) if the data were not collected from the data subject, all available information about their source;

h.) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the Regulation , including profiling, as well as, at least in these cases, comprehensible information about the applied logic and the significance of such data management, and what are the expected consequences for the person concerned.

2./ If personal data is transferred to a third country or an international organization, the data subject is entitled to receive information about the appropriate guarantees regarding the transfer according to Article 46 of the Regulation .

3./ László Kadocsa Krisztián Individual Contractor provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs

4./ If the data subject submitted the request electronically, the information must be made available in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy must not adversely affect the rights and freedoms of others. (Regulation Article 15)

The right to erasure ("the right to be forgotten")

1./ The data subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:

a.) the personal data are no longer needed for the purpose for which they were collected or

treated differently;

b. ) the data subject withdraws the consent that forms the basis of the data management pursuant to point a ) of Article 6 (1) or point a) of Article 9 (2) of the Regulation , and there is no other legal basis for the data management;

c.) the data subject objects to the data processing based on Article 21 (1) of the Regulation and there is no overriding legitimate reason for the data processing, or the data subject objects to the data processing based on Article 21 (2) ;

d.) personal data were handled illegally;

e.) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller;

f.) the collection of personal data took place in connection with the offering of information society-related services referred to in Article 8 (1) of the Regulation.

2./ If Kadocsa Krisztián László Individual Entrepreneur has made the personal data public and is obliged to delete it pursuant to the previous / point, taking into account the available technology and the costs of the implementation, he will take the reasonably expected steps - including technical measures - in order to inform the Data Controllers handling the data that the the data subject requested from them the deletion of the links to the personal data in question or the copy or duplicate of this personal data.

3. / Points 1./ and 2./ do not apply if data management is necessary:

a.) for the purpose of exercising the right to freedom of expression and information;

b. ) for the purpose of fulfilling the obligation under the EU or member state law applicable to the Data Controller, which prescribes the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority vested in the Data Controller;

c.) in accordance with points h) and i) of Article 9 (2) and Article 9 (3) of the Regulation on the basis of the public interest affecting the field of public health;

d.) in accordance with Article 89 (1) of the Decree , for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right mentioned in point 1./ would likely make this data management impossible or seriously endanger it; obsession

e.) to present, enforce and defend legal claims.

(Order Article 17)

The right to restrict data processing

1./ The data subject has the right to have László Kadocsa Krisztián Individual Contractor restrict data processing if one of the following is met:

a.) the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data;

b. ) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;

c.) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession

d.) the data subject has objected to data processing in accordance with Article 21 (1) of the Regulation; in this case, the restriction applies to the period until it is determined whether the Data Controller's legitimate reasons take precedence over the data subject's legitimate reasons.

2./ If data processing is subject to restrictions based on point /, with the exception of storage, such personal data will only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of other natural or legal persons, or the Union, or can be handled in the important public interest of a member state.

3./ The Data Controller informs the data subject, at whose request the data processing was restricted based on point /, of the lifting of the data processing restriction in advance.

(Order Article 18)

The right to data portability

1./ The data subject is entitled to receive the personal data concerning him/her provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another Data Controller without being hindered by the Data controller to whom you made the personal data available, if:

a.) the data management is based on consent according to point a) of Article 6 (1) or point a) of Article 9 (2) of the Regulation , or on a contract according to point b) of Article 6 (1) of the Regulation ;

b. ) data management is automated.

2./ When exercising the right to data portability in accordance with point 1./, the data subject is entitled to - if this is technically feasible - request the direct transfer of personal data between Data Controllers.

3./ The exercise of this right may not violate Article 17 of the Regulation . The aforementioned right does not apply in the event that the data processing is in the public interest or is necessary for the execution of a task performed in the context of the exercise of the public authority delegated to the Data Controller.

4./ The right mentioned in point 1./ may not adversely affect the rights and freedoms of others.

(Order Article 20)

The right to protest

1./ The data subject has the right to object to his personal data at any time for reasons related to his own situation in accordance with point e) of Article 6 (1) of the Regulation (the data processing is in the public interest or is necessary for the execution of a task performed in the framework of the exercise of public authority conferred on the Data Controller) or f) (data processing is necessary to assert the legitimate interests of the Data Controller or a third party), including profiling based on the aforementioned provisions. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected.

2./ If personal data is processed for the purpose of direct business acquisition, the data subject has the right to object at any time to the processing of his/her personal data for this purpose, including profiling, if it is related to direct business acquisition.

3./ If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.

4./ The right mentioned in points 1./ and 2./ must be specifically drawn to the attention of the data subject during the first contact at the latest, and the relevant information must be displayed clearly and separately from all other information.

5./ In connection with the use of services related to the information society and deviating from Directive 2002/58/EC, the data subject has the right to protest also by means of automated means based on technical specifications

6./ If personal data is processed for scientific and historical research or statistical purposes in accordance with Article 89 (1) of the Regulation, the data subject has the right to object to the processing of personal data relating to him for reasons related to his own situation, except , if the data management is necessary for the execution of a task carried out for reasons of public interest.

(Order Article 21)

Automated decision-making in individual cases, including profiling

1./ The person concerned has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent.

2./ Point 1./ does not apply if the decision:

a.) necessary for the conclusion or fulfillment of the contract between the data subject and the Data Controller;

b. ) is made possible by EU or member state law applicable to the Data Controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession

c.) is based on the express consent of the data subject.

3./ In the cases referred to in points a) and c) of point 2./, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the Data Controller, his position express and file an objection against the decision.

4./ The decisions referred to in point 2./ may not be based on the special categories of personal data referred to in Article 9 (1) of the Regulation , unless points a) or g) of Article 9 (2) apply and the data subject appropriate measures have been taken to protect your rights, freedoms and legitimate interests.

(Order Article 22)

Restrictions

1./ The EU or Member State law applicable to the Data Controller or data processor may limit the rights contained in Article 5 with legislative measures in accordance with the provisions contained in Articles 12 - 22 and Article 34 of the Regulation, as well as the rights and obligations defined in Articles 12 - 22 and the scope of obligations, if the restriction respects the essential content of fundamental rights and freedoms, and is a necessary and proportionate measure to protect the following in a democratic society:

a.) national security;

b. ) national defense;

c.) public safety;

d.) prevention, investigation, detection or prosecution of crimes, as well as the implementation of criminal sanctions, including protection against threats to public safety and the prevention of these threats;

e.) other important general public interest objectives of the Union or a Member State, in particular the important economic or financial interest of the Union or a Member State, including monetary, budgetary and tax issues, public health and social security;

f.) protection of judicial independence and court proceedings;

g.) in the case of regulated occupations, the prevention, investigation and detection of ethical violations and the conduct of related procedures;

h.) in the cases mentioned in points a) - e) and ag) - even occasionally - control, investigation or regulatory activities related to the performance of public authority tasks;

i.) the protection of the data subject or the protection of the rights and freedoms of others;

j.) enforcement of civil law claims.

2./ The legislative measures referred to in point 1./ contain detailed provisions, where applicable, at least:

a.) for the purposes of data management or categories of data management,

b. ) for categories of personal data,

c.) on the scope of the restrictions introduced,

d.) guarantees aimed at preventing misuse, unauthorized access or transmission,

e.) to define the Data Controller or to define the categories of Data Controllers,

f.) for the duration of data storage, as well as applicable guarantees, taking into account the nature, scope and purposes of data management or data management categories,

g.) to risks affecting the rights and freedoms of those concerned, and

h.) the right of the data subjects to receive information about the restriction, unless this may adversely affect the purpose of the restriction.

(Order Article 23)

Informing the data subject about the data protection incident

1./ If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, Kadocsa Krisztián László Individual Entrepreneur will inform the data subject of the data protection incident without undue delay.

2./ In the information provided to the data subject referred to in point 1./, the nature of the data protection incident must be clearly and comprehensibly described, and at least the information mentioned in points b), c) and d) of Article 33, paragraph (3) of the Regulation must be provided and measures.

3./ The data subject does not need to be informed as mentioned in point 1./ if any of the following conditions are met:

a.) the Data Controller has implemented appropriate technical and organizational protection measures, and these measures have been applied with respect to the data affected by the data protection incident, in particular those measures - such as the use of encryption - for persons not authorized to access personal data make the data unintelligible;

b. ) after the data protection incident, the Data Controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject, mentioned in point 1./, is unlikely to materialize in the future;

c.) providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

d.) If the Data Controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed or establish that one of the conditions mentioned in point 3 has been met.

(Order Article 34)

The right to complain to the supervisory authority

1./ Without prejudice to other administrative or judicial remedies, all data subjects are entitled to file a complaint with a supervisory authority - in particular in the Member State of their usual place of residence, workplace or the place of the suspected infringement - if, in the judgment of the data subject, the personal data relating to them handling violates the

2 ./ The supervisory authority to which the complaint was submitted is obliged to inform the client about the procedural developments related to the complaint and its result, including that the client is entitled to legal remedies based on Article 78 of the Decree .

(Order Article 77)

The right to an effective judicial remedy against the supervisory authority

1./ Without prejudice to other administrative or non-judicial remedies, all natural and legal persons are entitled to an effective judicial remedy with a legally binding decision of the supervisory authority.

2./ Without prejudice to other administrative or non-judicial legal remedies, all data subjects are entitled to effective judicial remedies if the competent supervisory authority based on Article 55 or 56 of the Regulation does not deal with the complaint, or does not inform the data subject within three months of the on procedural developments or the result of a complaint submitted pursuant to Article 77 .

3./ Proceedings against the supervisory authority must be initiated before the court of the Member State where the supervisory authority is headquartered

4./ If proceedings are initiated against a decision of the supervisory authority in relation to which the Board previously issued an opinion or made a decision within the framework of the uniformity mechanism , the supervisory authority is obliged to send this opinion or decision to the court. (Regulation Article 78)

The right to an effective judicial remedy against the controller or processor

1./ The available administrative or non-judicial legal remedies - including complaints to the supervisory authority, Regulation 77. right according to Article - without prejudice, all affected persons are entitled to an effective judicial remedy if, according to their judgment, their rights according to the Regulation have been violated as a result of the processing of their personal data not in accordance with the Regulation.

2./ Proceedings against the data controller or data processor must be initiated before the court of the Member State where the data controller or data processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority acting in the public authority of a Member State

(Order Article 79)

III. PROVISIONS ON THE BASIS OF THE REQUEST OF THE PARTICIPANT

8 Person responsible for data protection

Person responsible for data protection: Kadocsa Krisztián László Individual Entrepreneur

The data subject can contact the person responsible for data protection at This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it. in order to assert their rights.

Kadocsa Krisztián László Individual Entrepreneur notes that no data protection officer will be appointed.

9 Measures based on the request of the data subject

Kadocsa Krisztián László Individual Entrepreneur shall inform the data subject without undue delay, but in any case, within 1 (one) month of the receipt of the request, of the measures taken following his request to exercise his rights. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another 2 (two) months. About the extension of the deadline, Kadocsa Krisztián László Individual Entrepreneur will inform the affected person within 1 (one) month from the date of receipt of the request, indicating the reasons for the delay.

If the data subject submitted the request electronically, the information must be provided electronically, if possible, unless the data subject requests otherwise.

If Kadocsa Krisztián László Individual Entrepreneur does not take any measures following the request of the data subject, without delay, but at the latest within 1 (one) month from the receipt of the request, it informs the data subject of the reasons for not taking action, as well as of the fact that the data subject can file a complaint with a supervisory authority and take legal action with his right of redress. Kadocsa Krisztián László Individual Entrepreneur information according to Articles 13 and 14 of the Regulation and information about the rights of the data subject - Regulation 15-22. and Article 34 - and provides measures free of charge. If the data subject's request is clearly unfounded or - especially due to its repetitive nature - excessive, the Data Controller may, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure, charge a fee or refuse to take action on the basis of the request.

It is the responsibility of the Data Controller to prove that the request is clearly unfounded or excessive. If Kadocsa Krisztián László Individual Entrepreneur has well-founded doubts about the identity of the natural person who submitted the application, he can request the provision of additional information necessary to confirm the identity of the person concerned.

ARC. ENSURING THE LEGALITY OF DATA MANAGEMENT

10 Legality of data management

The processing of personal data is legal only if and to the extent that at least one of the following is fulfilled:

a.) the data subject has given his consent to the processing of his personal data for one or more specific purposes;

b. ) data management is necessary for the performance of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract;

c.) data management is necessary to fulfill the legal obligation of the data controller;

d.) data management is necessary to protect the vital interests of the data subject or another natural person;

e.) data management is in the public interest or is necessary for the execution of a task performed in the context of the exercise of public authority delegated to the data controller;

f.) data processing is necessary to enforce the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject take precedence over these interests, which require the protection of personal data, especially if the data subject is a child.

11. Data management based on the consent of the data subject

In the case of data processing based on consent, the consent of the data subject must be requested in the context of a declaration of consent. Consent covers all data processing activities carried out for the same purpose or purposes. If data processing serves several purposes at the same time, consent must be given for all data processing purposes. If the data subject gives his consent in the form of a written statement that also applies to other matters - e.g. concluding a sales or service contract - the request for consent must be presented in a way that is clearly distinguishable from these other cases, in an understandable and easily accessible form, with clear and simple language. Any part of such a statement containing the consent of the data subject that violates the Regulation is not binding.

It should be possible to withdraw consent in the same way as to give it. If the personal data was collected with the consent of the data subject, the data controller may, unless otherwise provided by law, process the collected data for the purpose of fulfilling the relevant legal obligation without further separate consent, and also after the withdrawal of the consent of the data subject.

12 Data management based on the fulfillment of a legal obligation

Data management based on the legal title of fulfilling a legal obligation is independent of the data subject's consent, as data management is defined by law.

Before data processing begins, the data subject must be informed that data processing is mandatory, and before data processing begins, the data subject must be informed clearly and in detail about all the facts related to the processing of their data, in particular the purpose and legal basis of data processing, the person entitled to data management and data processing, the about the duration of data management, about whether the personal data of the data subject is managed by the data controller based on the relevant legal obligation, and about who can see the data. The information must also cover the data subject's rights and legal remedies. In the case of mandatory data management, the information can also be provided by publishing a reference to the legal provisions containing the above information.

13 Data management based on legitimate interest

The data controller - including the data controller with whom the personal data may be disclosed - or the legitimate interest of a third party may create a legal basis for data processing, provided that the interests, fundamental rights and freedoms of the data subject do not take precedence, taking into account the data subject's reasonable expectations. Such a legitimate interest can be discussed, for example, when there is a relevant and appropriate relationship between the data subject and the data controller, for example in cases where the data subject is a client of the data controller or is employed by it. In order to establish the existence of a legitimate interest, it is necessary to carefully examine, among other things, whether the data subject can reasonably expect, at the time and in connection with the collection of personal data , that data processing may take place for the given purpose. The interests and fundamental rights of the data subject may take precedence over the interests of the data controller if the personal data are processed under circumstances in which the data subjects do not expect further data processing. Since it is the task of the legislator to determine by law the legal basis on which public authorities may process personal data, the legal basis supporting the legitimate interest of the data controller cannot be applied to data management carried out by public authorities in the performance of their duties.

The absolutely necessary processing of personal data for the purpose of fraud prevention is also considered a legitimate interest of the data controller concerned. The processing of personal data for direct business purposes is also considered to be based on a legitimate interest.

V. WITH BUYERS/BUSINESS WITH PARTNERS RELATED DATA HANDLING

14 Management of the data of natural person customers/business partners

Legal basis for data management:

a.) performance of the contract

b. ) voluntary contribution

c.) fulfilling a legal obligation

d.) legitimate interest

Data processing is considered lawful even if the data processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract. The natural person concerned (as well as the individual entrepreneur) must be informed before the data processing begins that the data processing is based on the legal title of the performance of the contract, the information can also be provided in the contract.

The purpose of data management:

a.) performance of the contract

b. ) website use (as a registered user)

c.) invoicing

d.) contact

The processed data:

a.) name (username)

b. ) password

c.) residential address (delivery address)

d.) telephone number

e.) e-mail address

f.) any data necessary to fulfill the assignment (contract).

Duration of storage of personal data:

a.) for 2 years after the termination of the business relationship.

Kadocsa Krisztián László Individual Entrepreneur performs the following general data management process for natural person customers/business partners:

Data management process	Person performing data management (job title)
a.) order, offer	Krisztián László Kadocsa Individual Entrepreneur
b. ) performance of the contract	Krisztián László Kadocsa Individual Entrepreneur
c.) invoicing	Krisztián László Kadocsa Individual Entrepreneur
d.) registration of a contract	Krisztián László Kadocsa Individual Entrepreneur
e.) complaint handling	Krisztián László Kadocsa Individual Entrepreneur

15. Managed data of legal entity buyers/business partners

Legal basis for data management:

a.) performance of the contract

b. ) voluntary contribution

c.) fulfilling a legal obligation

d.) legitimate interest

Data processing is considered lawful even if the data processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract.

The affected natural person must be informed before the start of data processing that the data processing is based on the legal title of the performance of the contract, the information can also be provided in the contract.

The purpose of data management:

a.) performance of the contract

b. ) website use (as a registered and unregistered user)

c.) invoicing

d.) contact

The processed data:

a.) company name (username)

b. ) password

c.) headquarters

d.) telephone number

e.) e-mail address

f.) any data necessary to fulfill the assignment (contract).

Duration of storage of personal data:

a.) for 2 years after the termination of the business relationship.

Kadocsa Krisztián László Individual Entrepreneur carries out the following general data management process in relation to legal entity customers/business partners:

Data management process	Person performing data management (job title)
a.) order, offer	Krisztián László Kadocsa Individual Entrepreneur
b. ) performance of the contract	Krisztián László Kadocsa Individual Entrepreneur
c.) invoicing	Krisztián László Kadocsa Individual Entrepreneur
d.) registration of a contract	Krisztián László Kadocsa Individual Entrepreneur
e.) complaint handling	Krisztián László Kadocsa Individual Entrepreneur

16. Information about data processors

Kadocsa Krisztián László Individual Entrepreneur The contractor may hand over the personal data of customers/ business partners to a data processor in order to fulfill the legal obligations arising from the contractual relationship - as defined by law.

The data controller uses the following data processor to perform accounting activities :

Name of data processor:	Gyöngyi Kardos Individual Entrepreneur
The headquarters of the data processor:	6721 Szeged, József Attila avenue 3.fsz.1.
Tax number of the data processor:	61991042-1-26

The data controller uses the following data processor to perform invoicing activities :

Name of data processor:	KBOSS. hu Trading and Service Limited Liability Company
The headquarters of the data processor:	1031 Budapest, Záhony utca 7.
Cg. number of the data processor:	01 09 303201
Tax number of the data processor:	13421739-2-41

The data controller uses the following data processor for the purpose of providing hosting services:

Name of data processor:	Tárhelypark Kft.
The headquarters of the data processor:	1126 Budapest, Tartsay Vilmos utca 14.
Cg. number of the data processor:	01 09 322570
Tax number of the data processor:	23289903-2-43

The data controller uses the following data processor to perform postal activities :

Name of data processor:	Magyar Posta Private Limited Liability Company
The headquarters of the data processor:	1138 Budapest, Dunavirág utca 2-6.
Cg. number of the data processor:	01 10 042463
Tax number of the data processor:	10901232-2-44

The data controller uses the following data processor to perform courier activities :

Name of data processor:	24H Parcel Zrt.
The headquarters of the data processor:	1106 Budapest, Fehér út 10.
Cg. number of the data processor:	01 10 049225
Tax number of the data processor:	25885062-2-42

Name of data processor:	UPS Hungary Kft.
The headquarters of the data processor:	2220 Vecsés, Lőrinci út 154. Airport City Logistic Park. G. ed.
Cg. number of the data processor:	13-09-139285
Tax number of the data processor:	22776082-2-13

Name of data processor:	GLS General Logistics Systems Hungary Parcel-Logistics Limited Liability Company
The headquarters of the data processor:	2351 Alsónémedi, GLS Európa utca 2.
Cg. number of the data processor:	01 10 049225
Tax number of the data processor:	12369410-2-44

Name of data processor:	TNT Express Hungary Kft.
The headquarters of the data processor:	1185 Budapest II. Logistics Center-Office Building, BUD International Airport Building 283.
Cg. number of the data processor:	01 09 068137
Tax number of the data processor:	10376166-2-44

Name of data processor:	Csomagpont Logistics Limited Liability Company Company
The headquarters of the data processor:	1067 Budapest, Szondi utca 15. basement level
Cg. number of the data processor:	01 09 340159
Tax number of the data processor:	26704058-2-42

Name of data processor:	Post Solutions Postal Consolidator Limited It's his responsibility Company
The headquarters of the data processor:	1215 Budapest, Popieluszko Street 23.
Cg. number of the data processor:	01 09 191284
Tax number of the data processor:	24952152-2-43

Name of data processor:	FÜRGEFUTÁR.HU Service Provider Limited It's his responsibility Company
The headquarters of the data processor:	1133 Budapest, Árbóc utca 6.
Cg. number of the data processor:	01 09 946845
Tax number of the data processor:	22966331-2-41

Name of data processor:	PMP EXPRESS LOGISTICS Limited Liability Company Company
The headquarters of the data processor:	4030 Debrecen, Békés u. 3.
Cg. number of the data processor:	09 09 020200
Tax number of the data processor:	23068577-2-09

Name of data processor:	Csomagküldő.hu Limited Liability Company
The headquarters of the data processor:	1031 Budapest, Vízimolnár utca 10. 6th floor. 54.
Cg. number of the data processor:	01 09 202186
Tax number of the data processor:	25140550-2-41

The data controller uses the following data processor for the purpose of providing newsletter services:

Name of data processor:	The Rocket Science Group LLC d/b/a Mailchimp
The headquarters of the data processor:	675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
E-mail address of the data processor:	This email address is being protected from spambots. You need JavaScript enabled to view it.

The data controller uses the following data processor in order to provide card payment options in its online store :

Name of data processor:	Barion Payment Zrt.
The headquarters of the data processor:	1117 Budapest, Infopark sétány 1. Building I. 5th floor 5.
Cg. number of the data processor:	01-10-048552
Tax number of the data processor:	25353192-2-43

Paypal : https://www.paypal.com/hu/webapps/mpp/home

17. On visitor data management

"Cookies" are short data files placed on the user's computer by the visited website. The purpose of the cookie is to make the given information communication and Internet service easier and more convenient. The European Based on the Commission's guidelines, cookies (unless they are absolutely necessary for the use of the given service) can only be placed on the user's device with the user's permission. It does not require the user's consent

In the case of "cookies", information must be provided during the first visit to the website.

It is not necessary for the full text of the information regarding "cookies" to appear on the website, it is sufficient if the operators of the website briefly summarize the essence of the information and refer to the availability of the full information via a link.

In the case of "cookies" that require consent, the information may also be linked to the first visit to the website, if the data processing associated with the use of cookies already begins with the visit to the website. If the use of the "cookie" is related to the use of a function specifically requested by the user, then the information may also appear in connection with the use of this function.

In this case, it is not necessary for the full text of the information regarding "cookies" to appear on the website, a short summary of the essence of the information and a link to the availability of the full information is sufficient. The visitor must be informed about the use of "cookies" on the website in the data management information sheet. Kadocsa Christian László Egyéni Vállalkozo ensures that the visitor can learn at any time before using the information society-related services of the website that Kadocsa Christian For which data management purposes László Egyéni Vállalkozo manages which types of data, including the management of data that cannot be directly linked to the user.

Data management related to " contact" placed on the websites of Kadocsa Krisztián László Individual Entrepreneur ( www.ormus.hu, www.vancouverislandormus.eu, www.csaladiasztrologia.hu, www.magicalcompanygrowth.com as well as www.cegnoveszto.hu ) it is possible to contact, in view of which the natural person can give his consent to the processing of his personal data by ticking the relevant box.

Scope of personal data that can be processed:

a.) name

b. ) email address

c.) telephone number

d.) message and its subject

The purpose of processing personal data:

a.) question / request for information

Legal basis for data management:

a.) consent of the data subject

Recipients of personal data:

a.) Kadocsa Krisztián László Individual Entrepreneur

Duration of storage of personal data:

a.) if the contract is concluded, then for 2 years after the termination of the business relationship

b. ) if no contract is concluded, then for 1 year from the date of contact

c.) until the consent of the affected person is revoked

19 Google Application of Analytics

Kadocsa Krisztián László Individual Entrepreneur's website is Google Analytics application, which is a web analytics service provided by Google Inc. (“Google”) . Google Analytics _ uses so-called " cookies ", text files that are saved on the affected person's computer, thus facilitating the analysis of the use of the website visited by the User.

cookies related to the website used by the User is usually sent to and stored on one of Google 's servers in the USA . By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the website operator, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.

Google Analytics _ does not combine the IP address transmitted by the User's browser with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, however, in this case, it is possible that not all functions of the website will be fully usable.

The data subject can also prevent Google from collecting and processing the User's website usage data (including the IP address) through cookies by downloading and installing the browser plugin available at the following link: https://tools.google. com/dlpage/gaoptout?hl=en

20 Data management related to the newsletter service

On the website, the user who registers for the newsletter service can give his consent to the processing of his personal data by checking the relevant box.

The interested party can unsubscribe from the newsletter at any time by using the "Unsubscribe " application of the newsletter, or by making a statement in writing or by e-mail, which means withdrawal of consent. In such a case, all data of the unsubscriber must be deleted immediately.

Scope of personal data that can be processed:

a.) name of the user

b. ) is the e-mail address of the user

The purpose of processing personal data:

a.) promotion of services / products / up-to-date information

Legal basis for data management:

a.) consent of the data subject

Recipients of personal data:

a.) programmer (data processor)

b. ) Kadocsa Krisztián László Individual Entrepreneur

Duration of storage of personal data:

a.) until the registration / service exists

b. ) until the consent of the affected person is revoked

21. Data management related to purchases in online stores operated by Kadocsa Krisztián László Individual Entrepreneur

Customers / business partners on the websites (www.ormus.huas well as www.vancouverislandormus.eu ) can also place their order without registering.

With regard to the CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. 13/A. of the Act , and 45/2014 on the detailed rules of contracts between the consumer and the business. (II. 26.) Pursuant to government decree , a purchase in a web store operated by László Kadocsa Krisztián Individual Entrepreneur is considered a contract between the person concerned and László Kadocsa Krisztián Individual Entrepreneur .

Legal basis for data management:

Kadocsa Krisztián László Individual Entrepreneur can manage the natural personal identification data and address necessary for the identification of the customer who registers in the online store for the purpose of creating a contract for the provision of services related to the information society, defining its content, modifying it, monitoring its fulfillment, invoicing the fees resulting from it, and validating related claims. CVIII of . 13/A.§ (1) of the Act, as well as your telephone number, e-mail address, bank account number, and online ID. For billing purposes, Kadocsa Krisztián László Individual Entrepreneur may process natural personal identification data, residential address, and data related to the time, duration and place of service use, in accordance with CVIII of 2001. under the legal title of § 13/A. (2) of the Act .

Kadocsa Krisztián László Individual Entrepreneur may process the personal data that are technically absolutely necessary for the provision of the service. If the other conditions are the same, Kadocsa Krisztián László Individual Entrepreneur must choose and in all cases operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is for the provision of the service and in accordance with this law it is absolutely necessary for the fulfillment of certain other goals, but in this case also only to the extent and for the necessary time.

Recipients of personal data:

a.) Kadocsa Krisztián László Individual Entrepreneur

b. ) accounting office

c.) programmer (data processor)

Duration of storage of personal data:

a.) until the data subject's consent is revoked

b. ) after the contract was not concluded

c.) until the registration / service exists

d.) if the contract is concluded, then for 2 years after the termination of the business relationship

e.) with regard to the data of the purchases [No. TV. Article 169 (2)] for 8 years

PayPal collects the data of the bank card and the card payment transaction and the

Barion Payment Zrt. (headquarters: 1117 Budapest, Infopark sétány 1. Building I. 5. floor 5.; registry office: Cégbírósága of the Capital Court; company registry number: Cg. 01-10-048552; tax number: 25353192-243., community tax number : HU25353192; activity license number: HEN-I-1064/2013, electronic money issuing institution identifier: 25353192) .

The data subject is responsible for the correctness of the bank card data provided. Kadocsa Krisztián László Individual Entrepreneur draws the attention of the person concerned to manually record the bank card details in the system and in any case to check the feedback sent to his e-mail address.

The orderly execution of the payment transaction, the management of the bank card data, the encryption of the data and the security of the process are handled by PayPal. and is carried out and provided by Barion Payment Zrt. Kadocsa Krisztián László Individual Entrepreneur for the payment transaction, only the amount of the purchase (as data) is provided by PayPal as well as for Barion Payment Zrt. and about the final result of the transaction (successful/unsuccessful), Kadocsa Krisztián László Individual Entrepreneur receives information from PayPal and Barion Payment Zrt .

Payment by bank card is made through PayPal and the secure electronic payment interface of Barion Payment Zrt. The website does not access or store the bank card data used for payment. The bank card data will not reach the merchant. After completing the ordering process, you will receive a confirmation letter with the invoice.

You can access information about the payment transaction at the following website:

https://www.barion.com/hu/adatvedelmi-tajekozzatato/

You can access information about the payment transaction at the following website:

https://www.paypal.com/hu/webapps/mpp/pay-online https://www.borgun.com/hu/

22 Data management for direct marketing purposes

direct marketing purposes, i.e. direct inquiries of a natural person as the recipient of the advertisement - unless a separate law provides otherwise - are only possible if the recipient of the advertisement has given clear and express consent beforehand.

Scope of personal data that can be processed:

a.) e-mail address of the natural person

b. ) is the name of the natural person

c.) the telephone number of the natural person

The purpose of processing personal data:

a.) sending newsletters, advertising publications, current offers (in printed or electronic form) regarding the products and services of Kadocsa Krisztián László Individual Entrepreneur

b. ) The promotion of the products and services of Kadocsa Krisztián László Individual Entrepreneur

Legal basis for data management:

a.) consent of the data subject

Recipients of personal data:

a.) programmer (data processor)

b. ) Kadocsa Krisztián László Individual Entrepreneur

Duration of storage of personal data:

a.) until the consent of the affected person is revoked

23 Data management on the Facebook page operated by László Krisztián Kadocsa Sole Proprietor

Kadocsa Krisztián László Individual Entrepreneur maintains a Facebook page for the purpose of introducing and promoting its services. A question asked on the Facebook page of László Krisztián Kadocsa Egyéni Vállalkózo is not considered an officially filed complaint. Kadocsa Krisztián László Egyéni Vállalkozo does not manage the personal data published by visitors on its Facebook page.

Visitors are governed by Facebook's Privacy and Terms of Service. Facebook 's Terms of Use are available at the following link:

https://www.facebook.com/legal/terms

In case of publication of illegal or offensive content, László Kadocsa Krisztián Egyéni Vállalkozó may exclude the person concerned from the membership or delete his/her comment without prior notice.

Facebook 's Data Management Policy is available at the following link:

https://www.facebook.com/privacy/explanation

Kadocsa Krisztián László Individual Entrepreneur is not responsible for data content and comments published by Facebook users that violate the law Kadocsa Krisztián László Individual Entrepreneur is not responsible for any errors, malfunctions or problems arising from changes to the operation of Facebook.

24. Data management on the Instagram page operated by László Krisztián Kadocsa Individual Vállalkozo

Kadocsa Krisztián László Individual Entrepreneur maintains an Instagram page for the purpose of introducing and promoting its services. A question asked on the Instagram page of Kadocsa Krisztián László Individual Entrepreneur is not considered an officially filed complaint. Kadocsa Krisztián László Individual Entrepreneur does not manage the personal data published by visitors on the Instagram page of Kadocsa Krisztián László Individual Entrepreneur.

Visitors are governed by Instagram's Privacy and Service Terms .

Instagram's Terms of Use are available at the following link:

https://help.instagram.com/581066165581870

Instagram 's Data Management Policy is available at the following link:

https://help.instagram.com/519522125107875

Kadocsa Krisztián László Individual Entrepreneur is not responsible for data content and comments published by Instagram users that violate the law. Kadocsa Krisztián László Individual Entrepreneur is not responsible for any errors, malfunctions or problems arising from changes to the operation of Instagram.

VI. DATA SECURITY PROVISIONS

25. Data security measures

Kadocsa Krisztián László Individual Entrepreneur is obliged to take the technical and organizational measures and establish the procedural rules that the Regulation and Infotv. are necessary for its enforcement. Kadocsa Krisztián László Individual Entrepreneur protects the data with appropriate measures against accidental or illegal destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access to them.

Kadocsa Krisztián László Individual Entrepreneur classifies and manages personal data as confidential data.

Kadocsa Krisztián László Individual Entrepreneur performs data processing and registration - via a computer program - both electronically and on paper. The data processing and registration of Kadocsa Krisztián László Individual Entrepreneur meets the requirements of data security. Kadocsa Krisztián László Individual Entrepreneur protects IT systems with a firewall and virus protection. The electronic program ensures that only those persons who need it in order to perform their duties have access to the data in a purpose-related manner, under controlled conditions. Kadocsa Krisztián László Individual Entrepreneur ensures the control of incoming and outgoing communications conducted electronically in order to protect personal data.

Paper-based documents - especially those containing personnel, wage and labor and other personal data - are stored by Kadocsa Krisztián László Individual Entrepreneur in a lockable place so that only those persons who need it in order to perform their duties have access to them. Only the competent administrators have access to work in progress and documents being processed.

During the automated processing of personal data, the data manager and the data processor ensure with additional measures:

a.) preventing unauthorized data entry;

b. ) preventing the use of automatic data processing systems by unauthorized persons using data transmission equipment;

c.) the verifiability and ascertainability of which bodies the personal data has been or may be transmitted using data transmission equipment;

d.) the verifiability and ascertainability of which personal data was entered into the automatic data processing systems, when and by whom;

e.) the restoreability of the installed systems in the event of a malfunction and

f.) that a report is prepared on errors occurring during automated processing.

Adequate physical protection of the data and the devices and documents carrying them must be ensured.

VII. PRIVACY HANDLING OF INCIDENTS

26. Concept of data protection incident

Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

(Order Article 4 12.)

27 Handling of data protection incidents

The prevention and management of data protection incidents and compliance with the relevant legal regulations are the responsibility of the Kadocsa Krisztián László Individual Entrepreneur. Accesses and access attempts must be logged on the IT systems and these must be continuously analyzed.

data protection incident can be reported at the central e-mail address and phone number of Kadocsa Krisztián László Individual Entrepreneur, at which employees, contractual (business) partners, and stakeholders can report the underlying incidents and security weaknesses. In the event of a data protection incident being reported, Kadocsa Krisztián László Individual Entrepreneur will immediately investigate the report, during which the incident must be identified and a decision must be made as to whether it is a real incident or a false alarm.

It must be examined and determined:

a.) the time and place of the occurrence of the incident,

b. ) the description, circumstances, effects of the incident,

c.) the scope and number of data compromised during the incident,

d.) the range of persons affected by the compromised data,

e.) a description of the measures taken to prevent the incident,

f.) a description of the measures taken to prevent, eliminate and reduce the damage.

In the event of a data protection incident, the affected systems, persons, and data must be demarcated and separated, and evidence supporting the occurrence of the incident must be collected and preserved. After that, it is possible to start repairing the damage and restoring legal operation.

28 Registration of data protection incidents

A record of data protection incidents must be kept, which includes:

a.) the range of personal data concerned,

b. ) the scope and number of those affected by the data protection incident,

c.) the date of the data protection incident,

d.) the circumstances and effects of the data protection incident,

e.) the measures taken to remedy the data protection incident,

f.) other data specified in the law prescribing data management.

29 Levels of data protection incidents

Low level: unauthorized transmission, alteration, disclosure, intentional or accidental destruction of a negligible amount of personal data or other illegal data management cases.

Medium level: unauthorized transmission, alteration, disclosure, intentional or accidental destruction of a small amount of personal data or other illegal data management cases.

High level: unauthorized transmission, alteration, disclosure, intentional or accidental destruction of a wide range of personal data, or other illegal data management cases, or any case where the incident may have a negative impact on the person concerned or the occurrence of a negative consequence is certain.

Data relating to data protection incidents in the register must be kept for 5 years.

VIII. FINAL PROVISIONS

30. Establishing and amending the Policy

Kadocsa Krisztián László Individual Entrepreneur is entitled to establish and amend the Policy.

31. Entry into force of the Policy

This Notice will be announced and communicated locally at the company in the usual manner as well as it will also be posted on the following websites: www.ormus.hu, www.vancouverislandormus.eu, www.csaladiasztrologia.hu, www.magicalcompanygrowth.com www.cegnoveszto.hu.

Szeged, July 1, 2022.

…………………………………………………

Kadocsa Krisztián László

Individual Entrepreneur