The operator of www.eternalhealth.ch hereby informs the visitors of the website about its practice in the management of personal data, the organizational and technical measures taken to protect the data, and the related rights of visitors, and the possibilities for enforcing them.
The data controller
Data Controller in relation to these Regulations:
a) Data controller: Essential Consulting Kft.
b) Headquarters: H-1097 Budapest, Könyves Kálmán körút 12-14.
c) Postal address: H-1097 Budapest, Könyves Kálmán körút 12-14.
d) Electronic (e-mail) address: info@eternalhealth.ch
e) Tax number: 32089282-1-43
The purpose of the data protection information is to determine the scope of the personal data managed by the Data Controller, the method of data management, and to ensure the enforcement of the constitutional principles of data protection and data security requirements, and prevent unauthorized access to, alteration and unauthorized disclosure of, or use of, data in order to ensure respect for the privacy of natural persons.
For the purpose set out in paragraph 2, the Data Controller shall treat the personal data of the user confidentially, in accordance with the legal regulations in force, ensure their security, take the technical and organizational measures, and establish the procedural rules necessary to give effect to the relevant legal provisions and other recommendations.
Legal background
The Data Controller is obliged to comply with the legal regulations related to the processing of personal data at all stages of data management. The data processing carried out by the data controller is primarily governed by the provisions set out in the following legislation:
• Section 2:43 (e) of Act V of 2013 on the Civil Code
• Act CXII of 2011 on the right to information self-determination and freedom of information. TV. („ Data Protection Act. ”);
• CVIII of 2001 on certain issues in electronic commerce services and information society services. TV. („ Eker. tv. ”);
• Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising. TV. („ Grt. TV. ”)
• Act VI of 1998 on the promulgation of the Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981. law;
• CXIX of 1995 on the management of name and address data for research and direct business acquisition. Act („ Katv. ”)
concepts
(1) data subject: any specific natural person identified on the basis of personal data or – directly or indirectly identifiable –;
(2) personal data: data which may be linked to the data subject – in particular the name and identification mark of the data subject and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion to be drawn from the data concerning the data subject;
(3) consent: a voluntary and firm statement of the data subject’s wish, based on appropriate information and giving his or her unequivocal consent to the processing of personal data concerning him or her – in full or in certain operations;
(4) protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the data processing or the deletion of the processed data
(5) data processing: any operation or set of operations on personal data, regardless of the procedure used, such as collection, recording, recording, systematization, storage, alteration, use, transmission, disclosure, coordinating or linking, blocking, deleting and destroying data and preventing their further use, taking photographs, sound or images, and physical characteristics that can identify the person (eg fingerprints, palmprints, DNA sample, iris image) recording
(6) data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to carry out the operations and the place of application, provided that the technical task is performed on the data.
(7) data transfer: making the data available to a specific third party.
(8) disclosure: making data available to anyone.
(9) “controller” means any natural or legal person, or any entity without legal personality, which alone or jointly with others determines the purpose for which personal data are processed, makes and implements decisions on data management (including the means used) or implements it with a data processor entrusted by it.
(10) data processor: a natural or legal person or an organization without legal personality who processes data – under a contract, including a contract entered into under a legal provision.
(11) data erasure: making data unrecognizable in such a way that their recovery is no longer possible.
(12) data set: the set of data managed in a single register.
(13) third party: a natural or legal person or an organization without legal personality which is not the same as the data subject, the controller or the processor;
Legal basis for data processing
Data Controller data the data of the Data Subjects in accordance with the applicable data protection legislation, on the basis of their consent, or
CVIII of 2001 on certain issues in electronic commerce services and information society services. TV. Section 13 / A,
XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising. TV. § 6.
Scope of data processed, purpose and duration of data management
(1) This Privacy Policy applies only to the processing of data of natural persons, given that personal data may only be interpreted in relation to natural persons.
Anonymous information that is collected by a data controller to the exclusion of personal identification and cannot be linked to a natural person, nor does demographic data that it collects constitute personal data, not to link them to the personal data of identifiable persons, thereby not establishing a connection with a natural person.
(2) Request a quote, send an online message:
On the website, it is possible to request an application or other information related to the services provided by the Service Provider, during which the following personal data must be provided:
• email address
• name
• phone number
• The purpose of data management is to provide personalized service to the Stakeholders and to send a response at the request of the Stakeholders.
Anonymous user ID (cookie)
We use a session, ie a session cookie (small data package) on the website, which is valid until the end of the given session, so it is created for the duration of the visit, after which it is automatically deleted from the user’s computer. The so-called cookie is required for the security of the website, for user-friendly solutions, for a higher user experience.
The use of cookies does not store personal data. The visitor can delete cookies from their own computer / browsing device at any time, or set their browser to disable the use of cookies, without which the website will continue to operate, but the user acknowledges the fact that browsing it will not necessarily be full after this.
The session cookie is in no way able to identify the Data Subject, only to identify the Data Subject’s machine, it is not necessary to provide a name, e-mail address or any other personal information, as the User does not provide personal data to the Data Controller when applying the solution, the data exchange takes place only and exclusively between the machines.
The Data Subject has the option to use your browser to prohibit the placement of an individual’s cookie on your computer. The Data Subject acknowledges that if cookies are disabled, some services will not work properly.
Use social extensions (Facebook, Instagram, Twitter, Linked-in, Google +)
Extensions on the Portal are disabled by default. Extensions will only be enabled if the Data Subject clicks the button to do so. By enabling the plug-in, the Data Subject connects to the social networking site and consents to the transfer of his or her data to Facebook / Instagram / Twitter / Linked-in / Google +.
If the Data Subject is logged in to Facebook / Instagram / Twitter / Linked-in / Google +, the social network may associate its visit with the Data Subject’s social account.
If the Data Subject clicks the appropriate button, your browser will transmit the relevant information directly to that social network and store it there.
Information on the scope and purpose of data collection, the further processing and use of your data by Facebook / Instagram / Twitter / Linked-in / Google +, your rights and settings to protect your personal data on Facebook / Instagram / Twitter / Linked-in/See Google + Privacy Statement.
Remarketing codes
On the Portal, the Service Provider uses Google Adwords as well as facebook remarketing codes. The remarketing code uses cookies to tag visitors to the Portal.
The installed cookie helps to display advertisements related to the Service Provider’s products and services on other websites belonging to the Google Display network that the Portal visitor later visited, as well as on facebook.
Users can disable cookies at any time and customize ads in the Google ad settings interface.
Log files
To use the services, the system automatically logs the following data:
• the dynamic IP address of the user’s computer
• depending on the settings of the user’s computer, the type of browser and operating system used by the user
• user activity related to the website
• The use of this data is used for technical purposes – such as the analysis of the safe operation of the servers, for the subsequent verification of the data controller, and for the production of page use statistics by the Data Controller, use it to analyze user needs to raise the standard of services.
• The above data is not suitable for identifying the user and is not linked by the Data Controller with other personal data. (3) The Data Controller shall increase the efficiency of the Data Subject’s personal data for any purpose other than those specified above –, in particular, or for market research purposes – may only be managed with the prior definition of the purpose of the data processing and with the consent of the Data Subject.
• This data cannot be linked to the data of the Data Subject and cannot be transferred to a third party without his or her consent.
• The Data Controller is obliged to delete this data if the purpose of data management has ceased or the Data Subject so provides.
(4) The Data Controller shall ensure that the user can find out which data types the Data Controller handles for which data management purposes before and at any time during the use of the service, including the handling of data that cannot be directly related to the user.
(5) The legal basis for the data processing performed by the Data Controller is in all cases the consent of the Data Subject.
(6) Duration of data management:
Data managed with the consent of the Data Subject may be processed until the consent is modified or revoked. At the end of the data management period, the Data Controller is obliged to delete the personal data of the Data Subject.
The Data Controller stores the data related to the orders – including the sound recording made during the telephone administration – in order to prove it during any disputes, until the general limitation period, ie 5 (five) years.
The data related to invoicing are provided by the Data Controller in order to fulfill the accounting obligations, in accordance with Section 169 of Act C of 2000, for 8 (eight) years, and Act XCII of 2003 on the taxation system. It is handled until the statutory limitation period.
Session IDs are automatically deleted when you leave the website.
www.eternalhealth.ch is not responsible for its previous pages, which have already been deleted but have been archived with the help of Internet search engines. These must be removed by the search page operator.
(7) The Service Provider uses the Google Anatitycs Software to retrieve independent website traffic and other web analytics data, therefore Google Inc. acts as a data processor for this data. Google Inc. Your privacy policy is available at http://www.google.com/intl/hu ALL / privacypolicy.html.
The website user acknowledges that he has consented to the processing of his data by Google using the website
By accessing the website and using the website, the User accepts the provisions of these Data Management Regulations as binding on him.
www.eternalhealth.ch treats all data and facts about users as confidential, using them exclusively for the development of its services, the sale of advertising spaces and the production of its own research and statistics. Statements of these are published only in a form that is not unique in identifying individual users.
Scope of access to data, data processors
The personal data provided by the users can be accessed by the staff of the data controller.
Personal data will not be transferred by the data controller to third parties other than those indicated. This does not apply to any statutory transfers of data that can only take place in exceptional cases. Before fulfilling each request for official data, the controller shall examine for each data whether there is in fact a legal basis for the transfer.
Users’ rights regarding the handling of their personal data
(1) The Data Subject may apply to the Data Controller
a) informing you about the processing of your personal data,
(b) the rectification of your personal data; and
c) deletion or blocking of your personal data – except for mandatory data processing –.
(2) At the request of the Data Subject, the Data Controller shall, no later than 30 days after the submission of the request, provide written information on the data processed by the Data Subject or processed by the data processor entrusted by him or her in accordance with his or her provisions, their source, the purpose, legal basis, duration of the data processing, the name, address and activities of the data processor related to the data processing, and – in the case of the transfer of the data subject’s personal data – on the legal basis and recipient of the data transfer.
The information is free of charge if the request for information has not yet submitted a request for information in the same field to the Data Controller in the current year. Otherwise, the Data Controller shall determine the reimbursement by reimbursing the costs already paid if the data have been processed unlawfully or the request for information has led to a correction. The information can be requested at the postal address of the data controller (registered office: 8617 Kőröshegy, Kossuth Lajos utca 63.) or at the e-mail address info@eternalhealth.ch.
(3) For the purpose of verifying the lawfulness of the data transfer and informing the data subject, the Data Controller shall keep a data transfer register containing the date of transfer of the personal data managed by him, the legal basis and the recipient of the data transfer, the definition of the scope of personal data transmitted and other data specified in the legislation requiring data processing.
(4) If the personal data does not correspond to reality and the personal data corresponding to reality is available to the Data Controller, the personal data shall be corrected by the Data Controller.
(5) Personal data shall be deleted if
(a) its treatment is unlawful;
b) the Data Subject requests (except for mandatory data processing);
(c) incomplete or incorrect – and this condition cannot be legally remedied, provided that the deletion is not precluded by law;
(d) the purpose of the data processing has ceased or the time limit for the storage of the data specified by law has expired;
(e) it has been ordered by a court or the Authority.
(6) Instead of deleting, the Data Controller shall block the personal data if the Data Subject so requests or if, on the basis of the information available to him, it can be assumed that the deletion would harm the Data Subject’s legitimate interests. Personal data blocked in this way may only be processed for as long as the purpose of the data processing which precluded the deletion of personal data exists.
(7) The Data Controller shall mark the personal data processed by him or her if the data subject disputes its correctness or accuracy, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established.
(8) The data subject shall be notified of the rectification, blocking, marking and erasure, as well as to all those to whom the data have previously been transmitted for data management purposes. Notification may be omitted if this does not harm the legitimate interest of the data subject with regard to the purpose of the processing.
(9) If the Data Controller does not comply with the data subject’s request for rectification, blocking or erasure, the rectification shall be communicated in writing within 30 days of receipt of the request, the factual and legal reasons for rejecting the request for blocking or cancellation. In the event of a rejection of a request for rectification, erasure or blocking, the Data Controller shall inform the Data Subject of the possibility of judicial redress and recourse to the Authority.
(10) The Data Subject may object to the processing of his or her personal data if
(a) where the processing or transfer of personal data is necessary solely for the fulfillment of a legal obligation to the controller or for the legitimate interest of the controller, recipient or third party, except in the case of mandatory data processing;
(b) where the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; as well as
(c) in other cases specified by law.
The Data Controller – is obliged to examine the objection as soon as possible, but not later than within 15 days from the submission of the request, and to inform the applicant in writing of the result. If the objection is justified, the Data Controller is obliged to terminate the data processing – including further data collection and transmission – and to block the data, as well as the protest, or notify all those to whom the personal data affected by the protest have previously been transferred and who are obliged to take action to enforce the right to protest.
If the Data Subject does not agree with the decision of the Data Controller, or if the Data Controller fails to meet the 15-day deadline, the Data Subject – will notify the decision, or – within 30 days of the last day of the deadline.
(11) The rights of the Data Subject as defined in this Section 5 may be limited by law in order to ensure the external and internal security of the State, such as national defense, national security, the prevention or prosecution of criminal offenses, and the security of the execution of sentences, and disciplinary and ethical misconduct relating to the economic or financial interests of the State or local authorities, to the significant economic or financial interests of the European Union and to the pursuit of occupations, to prevent and detect breaches of labor law and safety at work – including control and supervision in all cases – and to protect the rights of the Data Subject or others.
Remedies
In the event of an infringement by the data subject, an appeal may be lodged:
a.) to the Office of the Data Protection Commissioner (1051 Budapest, Nádor u. 22.),
b.) to the National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c.
Postal address: 1530 Budapest, Pf. 5th.
Phone: 06 -1- 391-1400
Fax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
c.) the place of residence of the Data Subject, resp. At the General Court competent for the place of residence.
The court is acting out of turn in the case. The lawfulness of the data management is proved by the Data Controller, the lawfulness of the data transfer is obliged to prove.
If the court upholds the request, the Data Controller shall grant the information, rectify, block or delete the data, annul the decision made by automated data processing, take into account the data subject’s right to protest, and Info tv. Obliges to release the data requested by the data recipient specified in Section 21.
If the court is Info tv. In the cases specified in Section 21, the data subject rejects the request, the data controller is obliged to delete the personal data of the data subject within 3 days from the notification of the judgment.
The data controller is obliged to delete the data even if the data recipient is Info tv. He shall not apply to a court within the time limits specified in Section 21 (5) or (6).
The court may order the publication of its judgment – by publishing the data of the Data Controller – if required by the interests of data protection and the protected rights of a larger number of data subjects under this Act.
(2) The Data Controller is obliged to compensate someone who has caused damage caused by the unlawful processing of the Data Subject’s data or by violating the data security requirements. The Data Controller is also liable to the Data Subject for the damage caused by the data processor. The Data Controller is released from liability if it proves that the damage was caused by an unavoidable cause outside the scope of data management.
Damage shall not be compensated in so far as it has resulted from the intentional or grossly negligent conduct of the injured party.
Users can request information on the handling of their personal data. Upon request, the data controller provides information on the data subject’s data, the purpose, legal basis and duration of the data processing, the name and address of the data processor (registered office: 1097 Budapest, Könyves Kálmán körút 12-14.) and its activities related to data management, as well as who receives or has received the data and for what purpose. The information can be requested at the postal address of the data controller (registered office: 1097 Budapest, Könyves Kálmán körút 12-14.) Or at the e-mail address info@eternalhealth.ch.
You can also initiate the correction and deletion of the user’s personal data at the same contacts.
In case of improper use of the services of the website, as well as at the user’s own request, the related data will be deleted. Cancellation will take place within 24 hours of the start of the cancellation request.
