Privacy Policy
2021.
Name of the data controller: BeautySense Ltd. (Hereinafter Service Provider)
Head office: 1048 Budapest, Kőrösbánya u. 30. TT./13.
Email: info@pmuacademy.hu
Phone: +36 20 321 8467
Website: pmuacademy.hu
Tax number: 29208867-2-41
PURPOSE OF THE REGULATIONS
The purpose of these rules is to establish internal rules setting out the provider's data protection and data management policy REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data. In accordance with the data protection and data management provisions set out in Regulation (EC) No 95/46 (General Data Protection Regulation.
By adopting these Regulations, the Company declares compliance with the principles on the processing of personal data set out, in Article 5 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, hereinafter “the Regulation”.
SCOPE OF THE REGULATIONS
1. Personal scope
The scope of these regulations extends to the Company and the natural persons who are covered by its data management activities. The data management activity specified in these regulations is aimed at the personal data of natural persons. The Policy does not cover the processing of personal data concerning legal persons or, in particular, undertakings established as legal persons, including the name and form of the legal person and the contact details of the legal person. Legal person is the association, the company, the cooperative, the association and the foundation.
2. Temporal application
These regulations shall remain in operation from the date of their establishment until further notice or until the date of revocation of the regulations.
DEFINITIONS
For the purposes of this Regulation:
1. "personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. "restriction of data processing" means the marking of stored personal data with the aim of limiting their processing in the future;
4. " profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. "pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
6. "filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
7. "controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
8. "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
9. "recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
10. " third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
11. " consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
12. "personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13. "genetic data" means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
14. "biometric data" means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
15. "data concerning health" means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
16. "enterprise" means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
DECLARATION OF CONSENT TO THE HANDLING OF MY PERSONAL DATA
I give my consent voluntary to the management of my data provided during the visit to the paper-based and electronic interfaces of the Service Provider (website, Facebook advertisements, AdWords advertisements).
At the same time as providing my data, I declare that I am a person of legal age, who has reached the age of 18.
I declare that I will not provide any special personal data in any form, either during registration or later. Special personal data includes, but is not limited to, racial or ethnic origin; political opinions; religious and worldview beliefs; trade union membership; genetic or biometric data that can be used to identify a person; health data or data related to sexual life or sexual orientation.
Exceptions are the before / after photos taken by the Service Provider and the health data required for the condition assessment. I consent to the use of photos taken of me by the Service Provider for marketing purposes. These special data are handled by the Service Provider in the same way as the other data.
I declare that I will not provide a personally identifiable number - examples: passport number, ID card number, license serial number.
With my consent, I acknowledge that the Service Provider may send letters, brochures, newsletters with advertising content related to its activity to my given email address and may reach out tome by phone.
I can withdraw my consent to the management of my data at any time by sending a request to the email address info@pmuacademy.hu.
Legal basis based on a legitimate business interest
If you provide your details by filling in the form and indicate your interest, we will consider your application as contract preparation. In this case, the legal basis for processing your Personal Data will already be a legal basis based on a legitimate business interest under the GDPR Regulation. From this changed legal basis, your rights and the processing of your Personal Data will not change, the only difference is that during the preparation of the contract, unless you request the termination of the process, we will continue to process your Personal Data for the purpose the contract.
Contractual legal basis in case of payment
If you pay a fee for any of our services, you will pay in accordance with the terms and conditions detailed in the General Terms and Conditions. In this case, the legal basis for processing your Personal Data will already be a contractual legal basis under the GDPR Regulation. From this, your rights and the handling of your Personal Data will not change, the only difference is that even if you withdraw your consent during the term of the contract, we will still continue to process your Personal Data for the purpose of the contract.
As soon as the contract is fulfilled or terminated, the legal basis of your data processing will change again and your Personal Data will continue to be processed in accordance with the law.
Upon termination or performance of the contract by law
We are required by law to continue to process your Personal Data in reference to the information on your invoice.
Contractual legal basis in case of payment
If you pay a fee for any of our services, you will pay in accordance with the terms and conditions detailed in the General Terms and Conditions. In this case, the legal basis for your processing of personal data will already be a contractual legal basis under the GDPR Regulation. From this changed legal basis, your rights and the handling of your Personal Data will not change, the only difference is that even if you withdraw your consent during the term of the contract, we will continue to process your Personal Data for the purpose and purpose of the contract.
As soon as the contract is fulfilled or terminated, the legal basis of your data processing will change again and your Personal Data will continue to be processed in accordance with the law.
Upon termination or performance of the contract by law
We are required by law to continue to process your Personal Data with respect to the information on your invoice.
Your rights
The following rights apply. We must respond to your inquiries in accordance with the GDPR within a maximum of 1 month. We will do our best to respond much sooner than that.
Right to information
You can ask us to provide information about the Prersonal Data, we handle. You can request access to this data.
You can request information by e-mail sent to our e-mail address. A request for information will be considered authentic if we can clearly identify you it based on the request sent.
A request for information sent by e-mail will only be considered authentic if you send it from your registered e-mail address, but this does not preclude us from identifying you in another way for security reasons before providing the information.
The request for information may cover the data we process, their source, the purpose, legal basis, duration, names and addresses of any data controllers, activities related to data processing and, in the case of personal data transfers, who received or will receive your data.
Right of access
If you request that we inform you whether your Personal Data is being processed, you may have access to the purpose of the data processing. That means data categories, recipients, data retention period, data subject rights, legal remedies, data source, automated decision-making, foreign data transfer.
Right of rectification
You may request a correction or modification of your Personal Data at any time by e-mail sent to our official e-mail address. Taking into account the purpose of data management, you can also ask for the completion of incomplete Personal Data.
Right to ask for cancellation
You can request the cancellation of your Personal Data processed by us. Cancellation may be refused (i) for the purpose of exercising the right to freedom of expression and information, or (ii) if the processing of Personal Data is in the public interest (authorized by law); and (iii) in a reasonable private interest (to bring, assert, or defend legal claims).
In all cases, we will inform you of the refusal of the cancellation request, indicating the reason for the refusal of the cancellation. Once the request for cancellation of Personal Data has been fulfilled, the previous (deleted) data can no longer be recovered.
Newsletters can be unsubscribed via the unsubscribe link in them.
Right to restrict data processing
You may request that we restrict the processing of your Personal Data if you dispute the accuracy of the Personal Data that being processed. In this case, the restriction applies to the period of time that allows us to check the accuracy of the Personal Data.
We mark the Personal Data we process if you dispute its correctness or accuracy, but the inaccuracy of the disputed Personal Data cannot be clearly established.
You may request that we restrict the processing of your Personal Data even if the Data Management is illegal, but you object to the deletion of the Personal Data being processed and instead request a restriction on its use.
You may exercise this right even if the purpose of the Data Management has been achieved, but you require the processing of your data in order to submit, enforce or protect legal claims.
If you object to the processing of your data, then we will restrict the processing of your Personal Data for the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
The right to data transfer
You may request that the Personal Data you provide to us and that you process in an automated manner be provided to you in XML / XLS / CSV and / or transferred to another data controller.
The right to object
You may object to the processing of your Personal Data (i) if the processing of your Personal Data is necessary solely to fulfill a legal obligation to us or to enforce our legitimate interests; (ii) if the purpose of the Data Management is direct business acquisitions, public research or scientific research; or (iii) if the Data Processing is carried out for ensure the public interest. We will review the lawfulness of the objection and, if it is substantiated, we will terminate the Data Processing and block all Personal Data, and we will notify all those to whom the Personal Data was previously transmitted.
Purpose of data management
Protecting your rights.
Your identification, keeping in touch with you.
Customize marketing messages sent to you. Provide targeted, relevant messages based on your area of interest.
Creation of services, quality of service and security conditions undertaken in general terms and conditions.
Compliance with our legal obligations.
Enforcing our legitimate business interests.
Managed data
We process the information you provide:
Name
E-mail
Phone number
Billing address, home address
Before / after photos
Health condition
We log data for security reasons:
Page / function viewed
Exact time
IP address
Browser cookies
We build a profile for marketing purposes:
What kind of problem are you looking for a solution to?
What services are you interested in?
Profile building is done by the detailed data that was given by you. Our goal is that you find the messages we send interesting and relevant.
Web analytics on the website
We would like to inform you that we use GoogleAnalytics, GoogleRemarketing, AdWords Conversion Tracking, and Facebook Remarketing programs to measure the attandance of the pmuacademy.hu website and to monitor the behavior of its visitors, for statistics and to measure the effectiveness of its advertisements.
These programs place Cookies in your browser that store unique user IDs. As a visitor to the website, you authorize the use of GoogleAnalytics, GoogleRemarketing, AdWords Conversion Tracking, and FacebookRemarketing. At the same time, you agree to monitoring and following your behavior and using all the services provided by the programs.
You have the option to disable the recording and storage of cookies for future reference at any time, as described below. Please be advised that the settings and use of Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing fully comply with the requirements of the Privacy Authority.
According to Google, GoogleAnalytics mainly uses first-party cookies to report visitor interactions on the site. These cookies only store non-personally identifiable information. Browsers do not share their own cookies between domains. You can find more information about cookies in the Google Advertising and Privacy FAQ.
We primarily use GoogleAnalytics to generate statistics, including measuring the effectiveness of your campaigns. Using the program, we obtain information about how many visitors visited the website and how much time the visitors spent on the website. The program recognizes the visitor's IP address, so it can track whether the visitor already visited the website or he is a new visitor, as well as track the visitor through the Website.
The purpose of Google Adwords conversion tracking is to help the website measure the effectiveness of AdWords ads. It is using cookies placed on the User's computer that last for 30 days for measuring it.
If you want to manage the cookie settings or disable the feature, you can do it in your own browser. This option can be found in the Cookies / Tracking Placements menu, depending on your browser toolbar. In general, you can set which tracking features you want to enable / disable on your computer under Tools> Settings> Privacy Settings.
If you don't want GoogleAnalytics to report on your visits, you can install the GoogleAnalytics disabled browser extension. This add-on instructs GoogleAnalyticsJavaScript scripts not to send information to Google.
Principles of data management
The Data Controller handles the Personal Data in accordance with the principles of fairness and transparency, as well as the applicable legislation and the provisions of this Prospectus.
The Personal Data necessary for the use of the Services is used by the Data Controller with the consent of the User and only for the intended purpose.
The Data Controller may use the Personal Data only in this Prospectus or for the purpose specified in the relevant legislation. The scope of the Personal Data processed is proportional to the purpose of data management and may not extend beyond it.
The Personal Data of a person under the age of 18 will not be processed.
The Data Controller will not transfer the Personal Data managed by it to third parties other than the External Service Providers specified in this Prospectus and in certain cases referred to in this Prospectus. An exception to the provision contained in this section is the use of data in statistics, which may not contain other data suitable for the identification of the relevant User in any form, thus it does not qualify as Data Management or data transfer.
In certain cases, the Data Controller - due to a formal court or police request, legal proceedings, or their suspicion of harming the Data Controller's interests, endangering the provision of the Services, etc. - makes the Personal Data available to third parties.
The Data Controller shall inform the User about the correction or restriction of the Personal Data managed by it. The Data Controller shall also notify all the persons to whom the Personal Data has previously been transmitted for the purpose of Data Management. Notification may be canceled if it does not interfere the legitimate interests in question for the purpose of the Data Management.
The Data Management System may collect data on the activity of the Users, which cannot be combined with other data provided by the Users during registration, or with data generated when using other websites or services.
The Data Controller shall inform about the correction or restriction of the Personal Data managed by it. will notify the affected User and all persons to whom the Personal Data has previously been transmitted for the purpose of Data Management. The notification may be ignored if it does not harm the legitimate interests of the data subject in view of the purpose of the Data Management.
The Data Controller ensures the security of the Personal Data, takes the technical and organizational measures and establishes the procedural rules that ensure that the recorded, stored and processed data are protected, and prevent their accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or distribution. In order to fulfill this obligation, the Data Controller warn all third parties to whom it transmits Personal Data.
Confidential data management
The recorded data will be treated confidentially and every effort will be made to ensure the security of the data and to use it in a manner necessary for the proper functioning of the Website. This includes, but is not limited to, sending e-mails and text messages to you and the contact information you provide, in which case the message will be sent through your service provider.
We will never sell or lend your personal information to third parties for marketing purposes. If necessary, we may provide your personal data and other relevant information in a subpoena, court order or legal proceeding.
Access to personal data by our employees
We provide our employees with access to the personal data we handle, which is absolutely necessary for the work.
Data transmission
We are entitled and obliged to transfer all Personal Data which is stored by us to the competent legal authorities, if we are obliged by law. The Data Controllers cannot be held liable for such data transfer and the consequences therefore.
If we transfer the operation of our service to a third party, we may transfer the Personal Data we handle to that third party without your prior consent, but with prior notice. However this data transfer can not put you in a more disadvantaged positionthan the data management rules rules set out in the current GDPR.
According to this paragraph incase of data transfer, before the transfer we provide the opportunity to you to object against the data transfer. In the event of an objection, it is not possible to transfer your data in accordance with this section.
In order to check the lawfulness of the data transfer and to inform the data subject, the data controller shall keep a data transfer register containing the date of the transfer processed by him, the legal basis and recipient of the transfer, the definition of the transferred personal data and other data specified by law.
Additional questions / answers
You can request information regarding data management and / or processing at any time by sending an email to info@pmuacademy.hu.
With your complaints related to data management you can turn directly to the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c .; phone: + 36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih .hu) .
If your rights are violated, you can go to court. The lawsuit falls within the jurisdiction of the Regional Court. The lawsuit can also be brought in the court of your place of residence or stay, depending on your choice. Upon request, we will provide information on the possibility and means of legal redress.
Budapest, 16.08.2021