Adatkezelési tájékoztató

PRIVACY POLICY

INTRODUCTION

In this Privacy Statement, the Service Provider of Sportmedicina Kft. the organizational and technical measures taken and the rights of the guests in this regard and the means of enforcing them.

Sportmedicina Kft. Szolgáltató Korlátolt Felelősségű Társaság (registered office: 7623 Pécs, Jászai Mari u. 2-4., Cg., Tax number:, statistical number: ensures the protection of personal data, compliance with mandatory legal provisions, and secure and fair data processing.

This privacy statement governs the privacy of the following pages:

http://www.fitnexx.hu/

http://my.fitnexx.hu/

The data management information is available from the following page:

The Data Controller is not responsible for the content of websites that are not operated by the Data Controller, but a link from the Website points to or links to the Data Controller. To your website.
The Privacy Notice may be amended at any time, so Stakeholders are required to review the Website to be aware of any changes.

1. Purpose of the Prospectus

The purpose of the Prospectus is to define the scope of personal data managed by the Data Controller, the method of data management, and to ensure the constitutional principles of data protection and data management and data security requirements in order to respect the privacy of data subjects. or during treatment.

2. Legislation underlying data management

2.1. Act CXII of 2011 on the right to information self-determination and on freedom of information. Act (Info tv.)

2.2. On the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 2016 27.).

2.3. Act V of 2013 on the Civil Code (Civil Code)

2.4. Act C of 2003 - on electronic communications (Eht.)

2.5. Act CVIII of 2001 on certain issues of electronic commerce services and information society services. TV. (Eker tv.)

2.6. Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. TV. (Grt. Tv.)

3. Concepts

"Personal Data": any information relating to an identified or identifiable natural person ("Data Subject"); identify a natural person who, directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.

"Data management" means any operation or set of operations on personal data or data files, whether automated or non-automated, such as collection, recording, systematisation, segmentation, storage, transformation or alteration, retrieval, consultation, use, communication, transmission, distribution or otherwise harmonization or interconnection, restriction, deletion or destruction.

"Data controller" means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.

"Employee of the Data Controller" means a natural person in an employment, assignment or other legal relationship with the Data Controller who comes into contact with personal data in the performance of his or her duties.

"Processor" means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

"Consent of the data subject" means a voluntary, specific and duly informed and clear statement of the will of the data subject, by which the data subject indicates, by means of a statement or unambiguous expression of consent, that he or she consents to the processing of personal data concerning him or her.

"Privacy Incident" means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that is transmitted, stored, or otherwise handled.

4. Scope of the Prospectus

4.1. Duration: This prospectus is effective from 19 March 2020 until further notice or revocation.

4.2. Personal scope: The scope of this prospectus extends to Sportmedicina Kft., The persons whose data are contained in the data processing covered by this prospectus, as well as the persons whose rights or legitimate interests are affected by the data processing.

4.3. Subject matter: The scope of this document covers the data management of all personal data carried out by Sportmedicina Kft.

5. Data management principles

5.1. Personal data may be processed if the data subject consents to it or if it is ordered by law or - on the basis of the authorization of law, within the scope specified therein - by a decree of a local government. It must be handled lawfully and fairly and in a way that is transparent to the data subject.

5.2. Personal data may only be collected and processed for a specific, clear and legitimate purpose, ie not in a way incompatible with those purposes. It must meet this purpose at all stages of data management. Only personal data that is essential for the realization of the purpose of data processing, suitable for the achievement of the purpose, may be processed only to the extent and for the time necessary for the realization of the purpose.

5.3. Personal data may be transferred and the various data processing operations may be combined if the data subject has consented to it or is permitted by law and if the conditions for data processing are met for each personal data.

5.4. They must be appropriate and relevant to the purposes of the data processing and limited to what is necessary. Personal data must be accurate and, where necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without delay.

5.6. The data must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the processing of personal data is carried out in accordance with Article 89 (1) for archiving in the public interest, for scientific and historical research purposes or for statistical purposes, in accordance with this Regulation; subject to the implementation of appropriate technical and organizational measures to protect their freedoms.

5.7. shall be processed in such a way as to ensure the adequate security of personal data, including the protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by means of appropriate technical or organizational measures.

5.8. Personal data may be transferred from the country to a controller or processor in a third country, regardless of the medium or method of data transmission, if the data subject has expressly consented to it or is permitted by law and an adequate level of protection of personal data.

5.9. In the case of mandatory data processing, the purpose and conditions of data processing, the scope and familiarity of the data to be processed, the duration of data processing and the identity of the data controller are determined by the law or municipal decree ordering data processing.

5.10. The law may, in the public interest, order the disclosure of personal data by explicitly indicating the scope of the data. In all other cases, the consent of the data subject is required for disclosure, or in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his consent.

5.11. The data subject's consent shall be deemed to have been given in respect of the data communicated by him or her in the course of his or her public participation or for the purpose of disclosure.

5.12. In proceedings initiated at the request of the data subject, his or her consent to the processing of his or her necessary data shall be presumed. This fact must be brought to the attention of the data subject.

5.13. The data subject may also give his / her consent in the framework of a written contract concluded with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all the information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of data processing, the purpose of use, data transmission and data processing. The contract must state unequivocally that, by signing, the data subject consents to the processing of his or her data as specified in the contract.

5.14. During the data management, the accuracy and completeness of the data must be ensured, if necessary, taking into account the purpose of the data management.

6. Legal basis and purpose of data processing

Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. At all stages of data management, the purpose of data management must be appropriate, and the recording and processing of data must be fair and lawful.

Only personal data that is necessary for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.

6.1. Legal basis: Voluntary declaration of the users of the content on the websites operated by Sportmedicina Kft. This statement contains the express consent of the users to the use of their personal data provided in person during the use of the site or when entering the gym.

The legal basis of data management is Info tv. Pursuant to Section 5 (1) (a), the voluntary consent of the data subject. The consent of the user for each data processing with respect to the website by using the registration, or by voluntarily providing the requested data, in case of visiting the gym, in person, by signing a statement of consent, and at the same time the user / visitor accepts the data management principles applied by the Service Provider.

6.2. Purpose: The data provided by the User is processed by the Data Controller in the Info tv. and Eker. TV. identification and / or subsequent fulfillment of the order of the product, subsequent proof of the conclusion of the contract with the Users and the order conditions, documentation of the compliance with the store and manage it to send you a newsletter and to provide other services on the Website.

The purpose of data management and storage within the customer service database created during personal registration is also the purpose of other services provided by Sportmedicina Kft .: e.g. ensuring the proper use of the purchase of products, the possibility and use of these services by the partners. Subsequent proof of contract and order conditions, documentation of compliance with performance, and documentation of invoicing.
Personal data during personal registration; so the name, as well as phone and email contact, can be managed and stored.
Data processing is also carried out for the above purposes only in the manner specified by law, to the extent and for the time necessary for the realization of the purpose and only with the personal data that is essential for the realization of the above purposes and suitable for achieving the purpose.

7. Scope of personal data processed and method of recording

7.1. This prospectus covers only the processing of personal data, given that personal data can only be interpreted in relation to natural persons. The processing only applies to data transmitted voluntarily, electronically or in person with the voluntary consent of the data subject.

8. Data management related to the operation of our websites

8.1. The fact of data collection, the scope of the data processed and the purpose of the data management

E-mail address: Identification, registration, contact (e-mail address does not need to contain personal data).

Surname and first name: Identification and contact, secure access to the user account.

Phone number: More effective coordination of contact, billing, or other issues.

Invoicing name and address: Issuance of a regular invoice, as well as creation of the contract, determination of its content, modification, monitoring of its fulfillment, invoicing of the resulting fees, and enforcement of related claims.

8.2. Stakeholders: All registered / buyers on the website are affected.

8.3. Duration of data management, deadline for deleting data: By deleting the registration immediately. Except in the case of accounting documents, as these data must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting. The accounting document (including general ledger accounts, analytical and detailed records) supporting the accounting accounts, directly and indirectly, must be kept in a legible form for at least 8 years, retrievable by reference to the accounting records.

8.4. Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller's sales and marketing staff, respecting the above principles.

8.5. Description of the data subject's rights in relation to data processing: The data subject may request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her and may object to the processing of such personal data, and the data subject has the right to consent at any time. to withdraw.

8.6. Access to, deletion, modification or restriction of the processing of personal data, portability of data, protest against data processing can be initiated by the data subject in the following ways:

By post: Sportmedicina Kft. - 7623 Pécs, Jászai Mari u. 2-4.

Via e-mail: fitinfitnexx@gmail.com

Phone: +36 20 539 00 00

9. Legal basis for data management

9.1. Consent of the data subject, Article 6 (1) (a), Infotv. § 5 (1), and Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (hereinafter: Elker Act) 13 / A. § (3).

10. We inform you that the data management is based on your consent.

You are required to provide personal information so that we can fulfill your order. Failure to provide this will result in the inability to process your order.

11. Use of cookies

11.1. The Website operated by the Data Controller (http://www.fitnexx.hu and http://my.fitnexx.hu), the provision of personal data that can be visited by anyone without registration. The Company does not collect or process personal information about visitors.

11.2. The Data Controller may place an anonymous user identifier (cookie, cookie) on the User's computer, which in itself is in no way capable of identifying the affected User, it is only suitable for recognizing the User's computer. The purpose of these cookies (session cookies) is to allow visitors to browse the website completely and smoothly without providing a name, e-mail address or any other personal information and in order to use the services as conveniently as possible.

11.3. The purpose of managing cookies is to facilitate the use of the website, as well as to enable the Data Controller to learn more about the information gathering and use habits of the Users, to improve the quality of its services, to display customized pages and advertising materials and to provide a quality user experience. .

11.4. These types of cookies are valid until the end of the session (browsing), when you close the browser, these types of cookies are automatically deleted from the computer or other device used for browsing, no later than 14 days after closing the browser.

11.5. The data subject has the option to delete cookies in the Tools / Settings menu of browsers, usually under the settings of the Privacy menu item. This acknowledges that certain services will not work properly. In this case, you can ignore the cookie-popping part of the website.

11.6. A clear and voluntary consent to the handling of the User's personal data is displayed in the window with the following text: “Dear Visitor! We inform you that we use cookies to enhance the user experience of the website. By using our website, you acknowledge our information or accept it by continuing on the website. If the User accepts the use of cookies or takes further steps on the website, he / she also clearly and unequivocally accepts the data management policy and information.

11.7. The consent of the data subject is not required if the sole purpose of the use of cookies is the transmission of communications via an electronic communications network or the provision of an information society service expressly requested by the user.

12. Using an All You Can Move (AYCM) Card

12.1. There is an AYCM card in the Gym, which offers discounts. The legitimacy of using the discount must be checked through the AYCM system, to which data must be transmitted to AYCM Magyarország Kft., Which operates the AYCM service (registered office: 1053 Budapest, Károlyi utca 11. 2nd floor, company registration number: 01-09-698597, tax number: 12688621-2-41, represented by: Csaba Kecskés and Tünde Kissné Polgár, managing directors, e-mail: info@aycm.hu, phone: +36 1 445 1563, web: www.aycm.hu). In this case, AYCM Magyarország Kft. Qualifies as a Data Processor.

12.2. The purpose of data management: to check the legitimacy of using the discount related to the gym service

12.3. Legal basis for data processing: legitimate interest

12.4. Further information on the handling of personal data can be found in the information of AYCM Magyarország Kft .: https://allyoucanmove.hu/content_files/adatkezelesi_tajekoztato.pdf - available.

13. Use of social extensions (Facebook, Instagram)

13.1. Extensions on the Portal are disabled by default. Extensions will only be enabled if the User clicks on the button provided. By enabling the plug-in, the User establishes a connection with the social site and consents to the transfer of his data to Facebook, Instagram.

13.2. If the User is logged in to the above social sites or any of them, the respective social network may associate his visit with the User's social account.

13.3. If the User clicks on the appropriate button, his / her browser transmits the relevant information directly to the given social network and stores it there.

Information on the scope and purpose of data collection, the further processing and use of your data by Facebook and Instagram, and the rights and settings for the protection of your personal data can be found in the Facebook and Instagram privacy statement.

14. Remarketing codes

14.1. The Service Provider Google and social networks use remarketing codes. The remarketing code uses cookies to tag visitors to the Portal.
The installed cookie helps to display advertisements related to the Service Provider's products and services on other websites and social networking sites visited by the Portal visitor in the future.

14.2. The User may disable cookies at any time and personalize the ads in the advertising settings interface. These cookies are used to improve the website and improve the user experience until their expiration. Cookies are automatically deleted no later than 26 days after you close your browser.

14.3. Remarketing codes are also used by the Facebook web portal. In case of product purchase, by using the service, the User gives his / her explicit consent to the processing of the following personal data: name, e-mail address. In this case, the provisions of Facebook's privacy policy regarding the handling and use of the information provided and personal data shall apply accordingly.

15. Log files

15.1. In order to use the services, the system automatically logs the dynamic or static IP address of the User's computer, the type of browser and operating system used by the User, depending on the settings of the User's computer, and the activity related to the User's website.

15.2. The purpose of the use of this data is on the one hand of a technical nature - such as the analysis and subsequent verification of the secure operation of the servers - and on the other hand the Data Controller uses this data to compile page usage statistics and analyze user needs in order to improve the quality of services.

15.3. The above data is not suitable for identifying the visitors of the website, and the Service Provider does not link them with other personal data.

16. Newsletter service

16.1. Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Pursuant to Section 6 of Act No. 1/2002 Coll.

16.2. It is also possible to subscribe to the newsletter service by providing the above data during personal registration, or by expressly stating that the visitor or partner wishes to use the newsletter service. The data controller is only for those Users. sends newsletters to visitors who have given their express consent to this in the menu item or in person.

16.3. Furthermore, keeping in mind the provisions of this prospectus, the Customer may consent to the Service Provider handling the personal data necessary for sending advertising offers.

16.4. The Service Provider does not send unsolicited advertising messages, only the low number of e-mails belonging to the business profile, the e-mail addresses (e-mail addresses) provided during registration are considered as subscriptions to the “newsletter”.

16.5. The user can unsubscribe from sending offers free of charge at any time without restriction or justification. In this case, the Service Provider deletes all personal data - necessary for sending advertising messages - from its register and does not contact the User with its further advertising offers.

16.6. The purpose of data management: Sending an electronic message (e-mail) containing advertising to the data subject, providing information on current information, products, promotions, new features, etc. With the express consent of the User, the Data Controller will send newsletters containing information about the content and products of the Website to the e-mail address provided during registration.

16.7. Duration of data management, deadline for deleting data: data management lasts until the withdrawal of the consent statement, ie until unsubscription.

16.8. Identity of potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller's sales and marketing staff, respecting the above principles.

16.9. The data subject may request from the controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her and may object to the processing of such personal data, and the data subject has the right to data portability and to withdraw consent at any time.

16.10. Access to, deletion, modification or restriction of the processing of personal data, portability of data, protest against data processing can be initiated by the data subject in the following ways:

By post: Sportmedicina Kft. - 7623 Pécs, Jászai Mari u. 2-4.

By email: fitinfitnexx@gmail.com

Phone: +36 20 539 00 00

Website: In the appropriate interface.

16.11. We would like to inform you that the data processing is based on your consent, you are obliged to provide personal data if you want to receive a newsletter from us. Failure to provide this will result in the inability to send you a newsletter.

16.12. The purpose of the use of the telephone number provided by the User by the Data Controller is for contact purposes only.

17. Database - personal registration

17.1. The registration system of Sportmedicina Kft. Is Fitness Admin
Fitnexx system where the data of the gym visitors are entered.

17.2. The legal basis of the data management: the voluntary consent of the User, which is realized by the act that the User transfers his / her personal data to Sportmedicina Kft. In order to use the services of the Data Controller, during the personal registration at the reception desk. The provision of this personal data is obligatory: Name, telephone number, e-mail address, which data is also recorded on the magnetic card handed over to the visitor, the purpose of which is to identify the partner.

17.3. The purpose of data management: Continuous contact, relationship building, registration and monitoring of partners' activities, facilitating contact between persons with existing and newly registered Users and partners. Legal basis for data processing: voluntary consent of the data subject. The scope of the managed data: the data specified in this section, as well as the type of service used by the partner (season ticket, single ticket entitling to single entry, etc.), name, indication of the duration of the service, login data related to the customer.

17.4. Duration of data management: Until the withdrawal of the user's consent, but not more than 12 months from the user's last activity. By withdrawing the consent or 12 months after the date of the last activity, the Data Controller is obliged to delete the data immediately.

18. Validation and invoicing of personal purchases

18.1. The Data Controller manages the following personal data in the gym database: Billing name, e-mail address and telephone number.

18.2. The purpose of data management: To complete and complete the purchase and payment process, and to ensure the contractual fulfillment of notification obligations.

18.3. If an online payment is made via the website or at the guest desk, the Data Controller will forward the credit / debit card number required for the payment to the financial institution service provider without retaining it.

18.4. The data controller may process personal data related to the User for any purpose other than those specified above, in particular to increase the efficiency of its service or for market research, only with the prior determination of the purpose of data management and with the express consent of the User. This data may not be linked to the identification data of the User concerned and may not be passed on to third parties without their consent. The Data Controller is obliged to delete this data immediately if the purpose of data management has ceased or the User so provides. During data erasure, the data is rendered unrecognizable in such a way that it is no longer possible to recover them.

18.5. It is the duty of the Data Controller to ensure that the User can find out which data management purposes the Data Controller manages for which purposes, including the handling of data that cannot be directly contacted by the User, before using the service and at any time during the use.

18.6. The legal basis of the data processing performed by the Data Controller is in all cases the consent of the Data Subject.

19. COMPLAINT HANDLING

19.1. Fact of data collection, scope of data processed and purpose of data management:

Surname and first name: Identification, contact.

E-mail address: Contact.

Phone number: Contact.

19.2. Stakeholders: All stakeholders who buy on the website and complain about quality complaints.

19.3. Duration of data management, deadline for deleting data: Data processed on the basis of the User's consent can be managed until the consent is modified or revoked. In the case of consents to the sending of the newsletter, personal data may be processed until the consent is withdrawn. The Data Controller stores the data related to the orders in order to prove them in case of possible legal disputes, until the general limitation period, ie 5 (five) years, and in case of accounting documents for 8 years according to Section 169 (2) of Act C of 2000 on Accounting preserves. Upon expiration of the data management period, the Data Controller is obliged to delete the User's personal data.

19.4. Person of potential data controllers entitled to access the data, recipients of personal data: The data are primarily entitled to be disclosed to the Data Controller or the Internal Employees of the Data Controller, however, they are not published or passed on to third parties. The Data Controller may use a data processor (eg system operator, accountant) within the scope of the operation of the horizontal IT system necessary for the operation of the website, the fulfillment of orders and the settlement of settlements. The controller is not responsible for the data management practices of such external actors.

Furthermore, the transfer of personal data concerning the Users may only take place in cases specified by law or on the basis of the User's consent. Providing information from Sportmedicina Kft. only if and to the extent strictly necessary to achieve the purpose of the request. The request must include the exact purpose and scope of the data.
In addition, Sportmedicina Kft. law. handled in accordance with the provisions of

19.5. Description of data subjects' rights in relation to data processing: The data subject may request from the data controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her. It may also object to the processing of such personal data and has the right to data portability and to withdraw consent at any time.

At the request of the User, the Data Controller shall provide information on the data processed by him / her, the purpose, legal basis and duration of the data processing, as well as keep records of who receives or has received his / her data. The register contains the date of the transfer of personal data managed by the Data Controller, the legal basis and recipient of the data transfer, the definition of the scope of the transferred personal data, as well as other data specified in the legislation prescribing data management. The Data Controller shall provide the requested information in writing within 30 days of the submission of the request.

The User may contact the Data Controller's employee with a question or comment related to the data management at the Data Controller's headquarters (7623 Pécs, Jászai Mari u. 2-4.), Or at the following contact details:

Via e-mail: fitinfitnexx@gmail.com

Phone: +36 20 539 00 00

The User has the right to request the correction or deletion of incorrectly recorded data at any time. The Data Controller deletes the data within 3 working days from the receipt of the request, the deletion does not apply to the data processing required by law (eg accounting regulations), the Data Controller retains them for the required period of time. Deletion means making the data unrecognizable in such a way that it is no longer possible to recover it.
The User is the Info tv. may object to the processing of your personal data in accordance with the relevant provisions if the processing or transfer of personal data is necessary only for the fulfillment of a legal obligation to the Data Controller or for the legitimate interests of the Data Controller, data recipient or third party, unless the data processing is required by law; or if the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; and in other cases specified by law.
The Data Controller shall examine the protest as soon as possible, but not later than within 15 days from the submission of the request, make a decision on the merits of the request and inform the applicant of its decision in writing. If the Data Controller finds that the data subject's objection is justified, the data processing, including further data collection and data transfer, shall be terminated and the data shall be blocked, and the protest and the measures taken on the basis thereof shall be notified to all persons to whom the data subject has previously been transferred. and who are obliged to take action to enforce the right to protest. If the User does not agree with the decision made by the Data Controller, and if the Data Controller fails to comply with the above deadline, he / she may file a lawsuit against it - within 30 days of its notification.
The Data Controller is obliged to prove that the data management complies with the provisions of the law. The recipient of the data must prove the lawfulness of the data transfer.
In case of violation of the User's rights related to personal data, he can go to court. The court is acting out of turn in the case. In case of violation, the User may also apply to the Office of the Data Protection Commissioner (1051 Budapest, Nádor u. 22.) and to the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22 / c.).

20. COMMUNITY SITES

20.1. The fact of data collection, the scope of managed data: Facebook / Google + / Youtube / Instagram, etc. registered name on social networking sites and the user's public profile picture.

20.2. Stakeholders: All stakeholders who have registered on Facebook / Google + / Youtube / Instagram, etc. social networking sites and “liked” the website.

20.3. The purpose of data collection: To share or “like” certain social elements, products, promotions or the website itself on social media sites.

20.4. Duration of data processing, deadline for deletion of data, identity of potential data controllers entitled to access the data and description of data subjects' rights related to data processing: The data subject can find out about the source of the data, its processing, Data management is carried out on social networking sites, so the duration and method of data management, as well as the possibilities of deleting and modifying data are subject to the regulation of the given social networking site.

20.5. Legal basis for data processing: the voluntary consent of the data subject to the processing of his or her personal data on social networking sites.

21. CUSTOMER RELATIONS AND OTHER DATA PROCESSES

21.1. If the data controller has any questions or problems during the use of our data management services, he or she may contact the data controller in the ways provided on the website (telephone, email, social networking sites, etc.).

21.2. Data controller for incoming emails, messages, phone, Facebook, etc. will delete the data provided together with the name and e-mail address of the interested party and other personal data voluntarily provided, no later than 2 years after the communication.

21.3. Information on data processing not listed in this prospectus will be provided at the time of data collection.

21.4. Upon exceptional official request, or in case of contacting other bodies based on the authorization of legislation, the Service Provider is obliged to provide information, communicate and hand over data, and make documents available.

21.5. In these cases, the Service Provider will provide the requester with personal data only to the extent and to the extent that is absolutely necessary to achieve the purpose of the request, provided that it has indicated the exact purpose and scope of the data.

21.6. During the sport-classes and trainings, there can be video recordings or photographs taken, which we only use for our own websites (webpage, social media), for our own promotion projects, making the classes more popular. In case you do not agree to post these recordings or photos, please tell us at the Reception"s Desk, or during the recording, and the media material will be deleted.

22. Compensation

22.1. The Data Controller does not verify the personal data provided to him. The person who provided the data is solely responsible for the accuracy of the information provided. When providing the e-mail address of each User, he / she is also responsible for ensuring that only he / she uses the service from the provided e-mail address. In view of this liability, all liability in connection with logins to a given e-mail address rests solely with the User who registered the e-mail address.

22.2. If the User has provided third party data during the registration for the use of the services provided by the Data Controller, or has caused damage in any way during the use of the Website, the Data Controller is entitled to enforce compensation against the User. In such a case, the Data Controller shall provide all possible assistance to the acting authorities in order to establish the identity of the infringer.

22.3. With regard to the requirement for the up-to-dateness of the data, the User is obliged to cooperate with the Data Controller. If there is a change in the data of the registered User, he is obliged to notify it, if he does not do so, the User shall bear the possible damages and costs arising therefrom.

23. RIGHTS OF STAKEHOLDERS

23.1. Right of access - You have the right to receive feedback from the controller as to whether your personal data is being processed and, if such processing is in progress, you have the right to access personal data and the information listed in the Regulation.

23.2. Right of rectification - You have the right to have inaccurate personal data concerning the data controller rectified without undue delay upon request. Taking into account the purpose of the data processing, you have the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.

23.3. Right of deletion - You have the right, at the request of the controller, to delete personal data concerning him without undue delay, and the controller is obliged to delete personal data concerning you without undue delay under certain conditions.

23.4. Right to forget - If the controller has disclosed personal data and is obliged to delete it, it will take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that you have requested the deletion of links to the personal data in question or of a copy or duplicate of such personal data.

23.5. Right to restrict data processing - You have the right, at the request of the data controller, to restrict data processing if one of the following conditions is met:

The data controller no longer needs personal data for data processing purposes, but you do so in order to make, enforce or protect legal claims.
You objected to the data processing; in this case, the restriction applies for as long as it is established whether the legitimate reasons of the controller take precedence over your legitimate reasons.
The data processing is illegal and you oppose the deletion of the data and instead ask for a restriction on its use.
You dispute the accuracy of the personal data, in which case the restriction applies to the period of time that allows the data controller to verify the accuracy of the personal data.

Right to data portability: You have the right to receive personal data concerning him or her made available to a data controller in a structured, widely used, machine-readable format, and you have the right to transfer this data to another data controller without being hindered by the data controller to whom you have made the personal data available.

Right to protest: You have the right to object to the processing of your personal data at any time for reasons related to your situation, including profiling based on the above provisions.

Protest in the case of direct business acquisition: If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.

Automated decision-making in individual cases, including profiling: You have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effect or similar effect on him or her.

24. The preceding paragraph shall not apply if the decision:

24.1. Necessary for the conclusion or performance of a contract between you and the controller is governed by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; or based on your express consent.

25. DEADLINE FOR ACTION

25.1. The controller shall, without undue delay, but in any case within 1 month of receipt of the request, inform you of the action taken on the above requests.

25.2. If necessary, it can be extended by 2 months. The data controller shall inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month from the receipt of the request.

25.3. If the controller does not take action on your request, it will inform you without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the fact that you can lodge a complaint with a supervisory authority and have a judicial remedy.

26. SECURITY OF DATA PROCESSING

26.1. The controller and the processor shall take appropriate technical and organizational measures to take account of the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of the processing and the varying likelihood and severity of the risk to individuals' rights and freedoms. to guarantee a level of data security appropriate to the degree of risk, including, inter alia, where appropriate:

Aliasing and encryption of personal information;
Ensuring the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;
In the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
A procedure for regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures taken to ensure the security of data management.

It also undertakes to call on any third party to whom the data may be transmitted or transferred to fulfill its obligations in this regard.

27. INFORMATION OF THE STAKEHOLDER ABOUT THE DATA PROTECTION INCIDENT

27.1. If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data protection incident without undue delay.

27.2. The information provided to the data subject shall clearly and intelligibly describe the nature of the data protection incident and the name and contact details of the data protection officer or other contact person who provided further information; the likely consequences of the data protection incident must be described; a description of the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

27.3. The data subject need not be informed if any of the following conditions are met:

The controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures, such as the use of encryption, which make it incomprehensible to persons not authorized to access personal data. data;
Following the data protection incident, the controller has taken further measures to ensure that the high risk to the data subject's rights and freedoms is no longer likely to materialize;
Information would require a disproportionate effort. In such cases, the data subject shall be informed through publicly available information or a similar measure shall be taken to ensure that the data subject is informed in an equally effective manner.

OTHER PROVISIONS

The Data Controller reserves the right to unilaterally amend this Prospectus with prior notice to Users. After the entry into force of the amendment, the User accepts the contents of the amended Prospectus by implicitly using the service.
Sportmedicina Kft., As the Data Controller, acknowledges the content of this legal notice as binding on it. It undertakes that all data processing related to its activities complies with the requirements set out in this prospectus and the applicable legislation.
All employees, employees of Sportmedicina Kft. In the course of data management, to act fairly and lawfully, taking into account the principles of data management, to the best of their knowledge and with increased attention in the given situation. They are obliged to record all this in writing, in the form of a confidentiality statement.

Pécs, April 1, 2021