Privacy Policy for the Customer
The protection of personal data is extremely important to us, which is why we describe in this Data Management information what personal data we process about you, for what purpose and legal basis. The Data Management Information also contains your rights.
1. Data of the Data Controller
Data controller: MIRA Health Kft (hereinafter: Data Controller)
Headquarters: 1092 Budapest, Ráday utca 37. V. em. Door 1
Company registration number: 01-09-333473
Tax number: 26584331-2-43
Website: www 2.mira.health
Email contact: support@mira.health
2. General legislation on which data management is based
- Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (GDPR )
- CXII of 2011 Act on the right to self-determination of information and freedom of information (Infotv.)
- Act V of 2013 on the Civil Code (Ptk.)
- CXXVII of 2007 Act on General Sales Tax (VAT Act)
- Act C of 2000 on accounting (Accounting Act)
- CXIX of 1995 Act on the handling of name and address data for the purpose of research and direct business acquisition (DM Act)
- CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society (Eker tv.)
- XLVIII of 2008 Act on the Basic Conditions and Certain Limitations of Economic Advertising Activities (Grt.)
3. Concepts
Personal data: any information relating to an identified or identifiable natural person (“Data Subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified. Such typical personal data in particular: name, address, place and time of birth, mother's name.
Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.
Data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the Data Controller or the special aspects regarding the designation of the Data Controller may also be defined by EU or member state law.
Data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Data Controller.
Recipient: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party.
4. Basic principles
The Data Controller takes into account the following basic principles when handling personal data, so personal data:
a. must be handled lawfully and fairly, as well as in a transparent manner for the Data Subject (legality, fair procedure and transparency)
b. be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1) of the GDPR, further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes (purpose limitation) is not considered incompatible with the original purpose
c. they must be appropriate and relevant from the point of view of the purposes of data management and must be limited to what is necessary (data saving)
d. they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to immediately delete or correct personal data that is inaccurate for the purposes of data management (accuracy)
e. its storage must take place in a form that enables the identification of the Data Subjects only for the time necessary to achieve the goals of personal data management; personal data may only be stored for a longer period of time if personal data will be processed in accordance with Article 89 (1) of the GDPR for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the Data Subjects in this regulation and taking into account the implementation of appropriate technical and organizational measures required to protect your freedoms (limited storage capacity)
f. must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (integrity and confidentiality )
g. The Data Controller is responsible for compliance with the above, and must also be able to prove this compliance (accountability)
5. Data management activity
a) contact (website)
| Purpose of data management | Add contact |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Interested |
| Scope of personal data | Name, phone number, email address |
| Data retention period | Until the end of the 1st year after contact |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller uses Data Processor(s): hosting provider: Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany); mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland) |
| Source of data | The source of the personal data is the interested party |
| Method and consequences of data provision | Entering the data is required. If you do not provide personal data, the Data Controller cannot contact you by email |
b) contact by email
| Purpose of data management | Add contact |
|---|---|
| Legal basis for data management | Article 6(1)(b) of the GDPR: necessary to fulfill the contract or to take steps at the request of the data subject prior to concluding the contract |
| Categories of Data Subjects | Interested |
| Scope of personal data | Name, phone number, email address |
| Data retention period | Until the end of the 1st year after contact |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller uses Data Processor(s): hosting provider: Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany); mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland) |
| Source of data | The source of the personal data is the interested party |
| Method and consequences of data provision | Entering the data is required. If you do not provide personal data, the Data Controller cannot contact you by email |
c) sending a newsletter
| Purpose of data management | Send a newsletter |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point a): consent |
| Categories of Data Subjects | Newsletter subscriber |
| Scope of personal data | Name, email address |
| Data retention period | Until withdrawal of consent or 30 days from the date of unsubscribing |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s ):· hosting provider: Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany) · newsletter software provider(s): MailChimp: Intuit Limited (registered office: Cardinal Place, 80 Victoria Street, London, SW1E 5JL, United Kingdom), Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, When subscribing to a newsletter in a Facebook closed group, personal data is accessed by the Facebook service provider: · Meta Platforms Ireland Ltd. (head office: 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland) |
| Source of data | The source of personal data is the subscriber to the newsletter |
| Method and consequences of data provision | The provision of data is voluntary. If you do not provide personal data, the Data Controller cannot send you a newsletter |
d) filling out a risk assessment questionnaire on the website and in the application
| Purpose of data management | Filling in the risk assessment questionnaire on the website and in the application |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point a): consent |
| Categories of stakeholders | Interested party, customer |
| Scope of personal data | Name, email address |
| Data retention period | Until withdrawal of consent |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s): · hosting provider: Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany) · mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland) · Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA) · CRM system provider: Airtable, (head office: 799 Market St., 8th Floor, San Francisco, CA 94103, USA) When filling out the questionnaire in the application, the service providers of the application interface have access to the personal data: · Google Play store: Google Ireland Ltd. (headquarters: Gordon House, Barrow Street, Dublin 4, Ireland), the data management information of the Service Provider is available here: https://policies.google.com/ privacy· App Store: Apple Distribution, Cork, Ireland), the data management information of the Service Provider is available here: https://www.apple.com/legal/privacy/hu/ |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | The provision of data is voluntary. If you do not provide personal data, the Data Controller cannot provide services |
e) registration in the application
| Purpose of data management | Registration in the application |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Customer |
| Scope of personal data | Surname, first name, email address |
| Data retention period | Until the end of the 1st month after the cancellation of the registration |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s): · Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA) · CRM system provider: Airtable, (head office: 799 Market St., 8th Floor, San Francisco, CA 94103, USA) During registration in the application, the service providers of the application interface have access to personal data: · Google Play store: Google Ireland Ltd. (headquarters: Gordon House, Barrow Street, Dublin 4, Ireland), the data management information of the Service Provider is available here: https://policies.google.com/ privacy· App Store: Apple Distribution, Cork, Ireland), the data management information of the Service Provider is available here: https://www.apple.com/legal/privacy/hu/ |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is required. If you do not enter your personal data, you will not be able to register in the application |
f) application use
| Purpose of data management | Application use |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point a): consent |
| Categories of Data Subjects | Customer |
| Scope of personal data | Country, date of birth, photo |
| Data retention period | Until the end of the 1st month after the cancellation of the registration |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s): · Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA) · CRM system provider: Airtable, (head office: 799 Market St., 8th Floor, San Francisco, CA 94103, USA) When using the application, the service providers of the application interface have access to personal data: Google Play store: Google Ireland Ltd. (headquarters: Gordon House, Barrow Street, Dublin 4, Ireland), the data management information of the Service Provider is available here: https://policies.google.com/ privacy · App Store: Apple Distribution, Cork, Ireland), the data management information of the Service Provider is available here: https://www.apple.com/legal/privacy/hu/ |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | The provision of data is voluntary. If you do not enter personal data, you will not be able to use the application |
g) in-app purchases
| Purpose of data management | In-app purchase |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, product or service name |
| Data retention period | Until the end of the 5th year following the completion or termination of the contract |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s): Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA), CRM system provider: Airtable, (head office: 799 Market St., 8th Floor, San Francisco, CA 94103, USA), During the purchase of the package programs, the service providers of the application interface have access to personal data: Google Play store: Google Ireland Ltd. (headquarters: Gordon House, Barrow Street, Dublin 4, Ireland), the data management information of the Service Provider is available here: https://policies.google.com/ privacy App Store: Apple Distribution, Cork, Ireland), the data management information of the Service Provider is available here: https://www.apple.com/legal/privacy/hu/ |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is required. If you do not provide personal data, the Data Controller cannot serve you |
h) use of social communication function in the application
| Purpose of data management | Use of social communication function in the application for program participants |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, photo, message content |
| Data retention period | Until the end of the 1st month after the cancellation of the registration |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller uses Data Processor(s): · hosting provider: Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany) When using the application, the service providers of the application interface have access to personal data: Google Play store: Google Ireland Ltd. (headquarters: Gordon House, Barrow Street, Dublin 4, Ireland), the data management information of the Service Provider is available here: https://policies.google.com/ privacy, App Store: Apple Distribution (Cork, Ireland), the data management information of the Service Provider is available here: https://www.apple.com/legal/privacy/hu/ |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is required. If you do not enter your personal data, you will not be able to communicate with the program participants |
i) holding a closed webinar online
| Purpose of data management | Holding a closed webinar online, the online webinar will be recorded |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, email address, live photo and video recording |
| Data retention period | Until the end of the 5th year following the completion or termination of the contract |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s): · Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA) · CRM system provider: Airtable, (head office: 799 Market St., 8th Floor, San Francisco, CA 94103, USA) · mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland) · online consultation provider(s): Google Meet: Google Ireland Ltd. (head office: Google Building Gordon House, Barrow St, Dublin 4, Ireland), Zoom: Lionheart Squared Ltd. (registered office: 2 Pembroke House, 28-32 Upper Pembroke Street, Dublin DO2 EK84, Ireland) |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is required. If you do not provide personal data, the Data Controller cannot hold a webinar online |
j) holding dietary counseling online
| Purpose of data management | Holding a dietetic consultation online, online counseling is recorded |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, email address, live photo and video recording |
| Data retention period | Name, email address: until the end of the 5th year following the completion or termination of the contract |
| Data transfer | 44-49 of the GDPR. data is transferred in accordance with Articles |
| Recipients | The Data Controller uses Data Processor(s): · Kartra: Genesis Digital LLC (head office: 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA) · CRM system provider: Airtable, (head office: 799 Market St., 8th Floor, San Francisco, CA 94103, USA) hosting provider: Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany) mail system provider: Google Ireland Ltd. (headquarters: Google Building Gordon House, Barrow St, Dublin 4, Ireland)· online consultation provider(s): Google Meet: Google Ireland Ltd. (head office: Google Building Gordon House, Barrow St, Dublin 4, Ireland), Zoom: Lionheart Squared Ltd. (registered office: 2 Pembroke House, 28-32 Upper Pembroke Street, Dublin DO2 EK84, Ireland) |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is required. If you do not provide personal data, the Data Controller cannot provide dietary advice online |
k) use of dietary advice
| Purpose of data management | Use of dietary advice ,a note is made about the counseling. |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point a): consent |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, personal data regarding health status and insulin resistance, data required for making notes |
| Data retention period | Until withdrawal of consent , if the customer does not withdraw his consent, until the end of the 5th year from the completion or termination of the contract |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller uses Data Processor(s): · server hosting : Hetzner Online GmbH (head office: Industriestr. 25., 91710 Gunzenhausen, Germany) · document management (Google Drive): Google Ireland Ltd. (head office: Google Building Gordon House, Barrow St, Dublin 4, Ireland) The Data Controller uses subcontractors during the provision of the service, about which it provides specific information. |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | The provision of data is voluntary. If you do not provide personal data, the Data Controller cannot provide services |
l) taking pictures and videos during counseling
| Purpose of data management | Taking pictures and videos during counseling |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point a): consent |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, photo and video recording |
| Data retention period | Until the withdrawal of consent or 30 days from the withdrawal of consent |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller does not use Data Processor(s). The Data Controller transfers data to the providers of social media interfaces (Facebook, Instagram, LinkedIn, TikTok, Youtube). The Data Controller uses subcontractors during the provision of the service, about which it provides specific information. |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | The provision of data is voluntary. If you do not provide personal data, the Data Controller cannot take photos or videos during the consultation |
m) invoicing
| Purpose of data management | Issue of an invoice |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point c: fulfillment of legal obligation: § 159 (1) of the VAT Act |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, address, tax number (in the case of a legal entity client), email address |
| Data retention period | Accounting tv. Based on § 169, paragraphs (1) and (2), 8 years |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller uses Data Processor(s): · billing program billingo.hu is operated by: Billingo Technologies Zrt. (head office: 1133 Budapest, Árbóc utca 6., company registration number: 01-10-140802) · bookkeeping: Irén Viktória Füki, sole proprietor (headquarters: 1182 Budapest, Cziffra György utca 67., registration number: 53006835) When purchasing certain subscriptions and programs, payment is made via the Google Play and App Store interfaces, in which cases the invoice is issued by Google Play and the App Store The Data Controller complies with Article CXXVII of 2007 on general sales tax. provides data to the National Tax and Customs Office (NAV) in accordance with point 1 of Annex No. 10 of the Act (VAT Act) |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is mandatory. If you do not provide personal data, the Data Controller cannot fulfill its statutory invoicing obligation |
n) payment of service consideration
| Purpose of data management | Payment of service consideration |
|---|---|
| Legal basis for data management | Article 6(1)(b) GDPR: necessary to fulfill the contract or to take steps at the Data Subject's request prior to the conclusion of the contract |
| Categories of Data Subjects | Customer |
| Scope of personal data | Name, service identifier, fact and time of service fee payment |
| Data retention period | Accounting tv. Based on § 169, paragraphs (1) and (2), 8 years |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller does not use Data Processor(s). When paying by online bank card, the provider of the online bank card payment has access to personal data as an independent Data Controller: · Stripe Ltd. (registered office: 1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Ireland). The Service Provider's data management information is available here: https://stripe.com/en-hu/privacy When purchasing certain subscriptions and programs, payment is made through the Google Play and App Store interfaces. |
| Source of data | The source of personal data is the customer |
| Method and consequences of data provision | Entering the data is required. If you do not provide personal data, you will not be able to purchase the service |
o) contractual relationship
In the case of its Partners (suppliers, customers) contracted with it, the Data Controller communicates and maintains a business relationship through the contact person specified in the contract.
| Purpose of data management | To implement the contract between the Data Controller and the Partner as intended, maintaining communication and implementing cooperation |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point f): legitimate interest |
| Categories of Data Subjects | An employee of a partner (individual entrepreneur, Kft., Bt., Zrt.) as a person designated as contact person |
| Scope of personal data | Name, position, phone number, email address |
| Data retention period | Until the end of the 5th year following the completion or termination of the contract |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller does not use Data Processor(s). |
| Source of data | The source of personal data is the partner's contact person |
| Method and consequences of data provision | If you do not provide the necessary data, the Data Controller cannot negotiate with the Partner |
p) complaint handling
| Purpose of data management | Dealing with any service related complaints |
|---|---|
| Legal basis for data management | Article 6 (1) point c) GDPR: fulfillment of legal obligation: CLV of 1997 on consumer protection. law |
| Categories of Data Subjects | Consumer |
| Scope of personal data | Name, address, phone number, email address, place, time, method of presenting the complaint, detailed description of the complaint, list of documents, documents and other evidence presented by the consumer |
| Data retention period | Fgy.tv 17/A. 3 years based on § (7). |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller does not use Data Processor(s). |
| Source of data | The source of personal data is the consumer as a complainant |
| Method and consequences of data provision | Entering the data is required. If you do not provide the necessary data, the Data Controller cannot investigate your complaint |
q) communication on social media
| Purpose of data management | Communication on social media sites , The Data Controller operates a closed Facebook group. |
|---|---|
| Legal basis for data management | GDPR Article 6 (1) point a): consent |
| Categories of Data Subjects | A person registered on a social site |
| Scope of personal data | Name, public profile data |
| Data retention period | Given that data management is carried out on social media sites, in accordance with the data management information of the given social media site |
| Data transfer | 44-49 of the GDPR. no data transfer takes place according to Articles |
| Recipients | The Data Controller does not use Data Processor(s). |
| Source of data | The source of personal data is the partner's contact person |
| Method and consequences of data provision | The provision of data is voluntary. If you do not provide personal data, the Data Controller cannot inform you about its current activities and services on social media sites. |
6. Website data management
The Website uses cookies.
A cookie is a file that is placed on your computer when you visit a website. A cookie is a packet of information that the server sends to the browser, and then the browser sends it back to the server with the data content determined by the server at each request. The purpose of this is to save the Internet settings of the website you are visiting, so that if you visit the same website again from the same device, the page will already remember the set parameters.
Cookies have numerous functions. Cookies are most often used to personalize ads and services, and to analyze website traffic.
According to the currently valid legislation, cookies can only be stored on your device if this is absolutely necessary, i.e. essential for the website to function, these are called "necessary cookies". The use of all other types of cookies requires your consent. You can view and set the cookies currently used on the website in the pop-up window when you enter the website.
Modern browsers allow modification of cookie settings. Some browsers automatically accept cookies by default, but this setting can also be changed so that you can prevent automatic acceptance in the future. In case of conversion, the browser will offer the option to set cookies each time.
Given that the purpose of cookies is to support and facilitate the usability and processes of the website, if cookies are disabled, it cannot be guaranteed that you will be able to fully use all the functions of the website. In this case, the website may function differently than planned in the browser. More detailed information about the cookie settings of the following browsers:
· Firefox
· Microsoft Internet Explorer 11
· Microsoft Internet Explorer 10
· Microsoft Internet Explorer 9
· Microsoft Internet Explorer 8
· Safari
7. Social media
The Data Controller is available on the following social media sites.
The operator of the social website is considered an independent Data Controller, information on data management is available at the following links:
| Community Page | Name of data controller | Contact information for data management |
|---|---|---|
| Meta Platforms Ireland Ltd. (head office: 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland) | https://www.facebook.com/privacy/explanation | |
| Meta Platforms Ireland Ltd. (head office: 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland) | https://www.facebook.com/help/instagram/155833707900388/ | |
| LinkedIn Ireland Unlimited Company (head office: Wilton Plaza Wilton Place, Dublin 2 Ireland) | https://www.linkedin.com/legal/privacy-policy | |
| TikTok | TikTok Technology Ltd., (registered office: 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) | https://www.tiktok.com/legal/privacy-policy-eea?lang=hu |
| YouTube | Google Ireland Limited (registered office: Gordon House, Barrow Street, Dublin 4, Ireland) | https://policies.google.com/technologies/product-privacy?hl=en |
The Data Controller does not record or manage personal data about the user of the given social media site in its internal database and system.
8. Access to data
Competent employees of the Data Controller may access personal data to the extent necessary for the performance of their duties.
9. Data security measures
The Data Controller uses appropriate IT, technical and personal measures to protect the personal data it manages against, among other things, unauthorized access or unauthorized changes.
10. Rights of the Data Subject and their content related to data management
| Related to data management, affected right | Content of the Data Protection Right |
|---|---|
| Right to information /GDPR 13-14. article/ | You have the right to receive information about the facts and purposes of data management at the time of obtaining your personal data. The Data Controller also provides you with additional information that is necessary to ensure fair and transparent data management, taking into account the specific circumstances and context of personal data management. You must also be informed about the fact of profiling and its consequences. |
| Right of access /GDPR Article 15/ | You have the right to request information on whether your personal data is being processed, and if such data processing is underway, you are entitled to know that the Data Controller: · what personal data · on what legal basis · for what data management purpose · how long you treat it · to whom, when, on the basis of which legislation, to whom you granted access to your personal data or to whom you forwarded your personal data · the source of your personal data (if you did not provide them to the Data Controller) · whether it uses automated decision-making and its logic, including profiling. |
| Right to rectification /GDPR Article 16/ | You have the right to request that the Data Controller correct your inaccurate personal data or supplement your incomplete personal data. So you can request that the Data Controller change some of your personal data (for example, you can change your e-mail address or other contact details at any time). |
| Right to erasure ("right to be forgotten") /GDPR Article 17/ | You are entitled to request that the Data Controller delete your personal data if one of the following reasons exists: · your personal data is no longer needed for the purpose for which it was collected or otherwise processed · You withdraw your consent on the basis of data processing pursuant to Article 6 (1) point a) or Article 9 (2) point a) and there is no other legal basis for data processing · You object to data processing based on Article 21 (1) and there is no overriding legitimate reason for data management, or you object to data management based on Article 21 (2) · your personal data was processed illegally · your personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller · the collection of your personal data took place in connection with the offering of services related to the information society referred to in paragraph 1 of Article 8. |
| Right to limitation /GDPR Article 18/ | You have the right to have the Data Controller restrict data processing at your request if one of the following reasons exists: · You dispute the accuracy of your personal data (in this case, the limitation applies to the period that allows the Data Controller to check the accuracy of your personal data) · the processing is unlawful and you object to the deletion of the data and instead request the restriction of its use · The Data Controller no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend a legal claim You have objected to data processing in accordance with Article 21 (1) (in this case, the restriction applies to the period until it is established whether the Data Controller's legitimate reasons take precedence over your legitimate reasons). |
| Right to data portability /GDPR Article 20/ | You have the right to receive your personal data provided by you to a Data Controller in a segmented, widely used, machine-readable format, and you are also entitled to transmit this data to another Data Controller without being hindered by the Data Controller whose provided the personal data if: · the data processing is based on consent according to Article 6 (1) point a) or Article 9 (2) point a) or on a contract according to Article 6 (1) point b) and · data management is automated. You are entitled to - if this is technically feasible - request the direct transmission of your personal data between Data Controllers. |
| Right to protest /GDPR Article 21/ | You have the right to object at any time to the processing of your personal data based on points e) or f) of Article 6 (1), including profiling based on the said provisions, at any time for reasons related to your own situation. In this case, the Data Controller may no longer process your personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are necessary for the presentation, enforcement or defense of legal claims are connected. If your personal data is processed for direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct business acquisition. |
| Right to withdraw consent /GDPR Article 7 (3)/ | You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. You must be informed of this before giving your consent. Withdrawal of consent should be possible in the same simple way as giving it. |
11. Data processing related legal remedies and their content
| Legal remedy | Content of the remedy |
|---|---|
| The right to lodge a complaint with the Supervisory Authority / GDPR Article 77 / | In the event of a violation of your right to the protection of your personal data, you may submit a complaint to the following Authority: National Data Protection and Freedom of Information Authority registered office: 1055 Budapest, Falk Miksa utca 9-11. mailing address: 1363 Budapest, Pf. 9. telephone: +36 (1) 391-1400 email: ugyfelszolgalat@naih.hu website: www.naih.hu |
| The right to an effective judicial remedy against the Data Controller or the Data Processor (initiation of legal proceedings) /GDPR Article 79/ | You have the right to go to court against the Data Controller or Data Processor if you experience the illegality of the processing of your personal data. The court acts out of sequence in the case. In this case, you can freely decide whether to file your claim with the competent court according to your place of residence or place of stay. Contact information for the courts: www.birosag.hu/torvenyszekek |
12. Updating the Data Management Information
The Data Controller reserves the right to unilaterally modify this Data Management Information. This information may be amended especially if it is necessary due to changes in legislation, data protection official practices, business needs, or other circumstances. At the Data Subject's request, the Data Controller will send him a copy of the current information in the form agreed with him.
Budapest, November 14, 2023.
Copyright MIRA Health Kft. 2023. All Rights Reserved.
Copyright pictures: Shutterstock, see more credits