Privacy policy

May 30, 2023

PRIVACY AND DATA MANAGEMENT INFORMATION

30 May, 2023.

Individual entrepreneur Gabor Kuerti (registered office: Siraly utca 22., Vac, H-2600, Hungary, hereinafter referred to as “Data Controller” or „Gabor Kuerti”) as the operator and data controller of the https://rife-plasma.com/ website, acknowledges the contents of this legal notice as binding upon it. It undertakes to ensure that any processing of data related to its activities complies with the requirements of this policy and the applicable national legislation and European Union acts.

Name: Gabor Kuerti

Address: Siraly utca 22., Vac, H-2600, Hungary

Registration number: 57952123

Tax number: 59904298-1-33

Telephone number: +36 30 996 2787

E-mail: info@rife-plasma.com

The privacy policy of the Data Controller in relation to its data processing is available on an ongoing basis at https://rife-plasma.com.

The Data Controller reserves the right to change this policy at any time. It will of course inform its audience of any changes in due time.

If you have any questions regarding this notice, please contact us and our team will answer your query.

The Data Controller is committed to protecting the personal data of its customers and partners, and attaches the utmost importance to respecting the right to information self-determination of its customers. The Data Controller handles personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data.

The Data Controller describes its data management practices below.

The data processing activities of the Data Controller are based on voluntary consent and on a contractual relationship. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing.

Data controllers are reminded that if they do not provide their own personal data, the data controller is obliged to obtain the consent of the data subject.

Its data management principles are in accordance with the applicable data protection legislation, in particular the following:

– Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Infotv.); 

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR); 

– Act V of 2013 – on the Civil Code (Civil Code); 

– Act C of 2000 – on Accounting (Accounting Act); 

DATA PROCESSING BY THE CONTROLLER

1. ) When visiting the website https://rife-plasma.com/, the web server does not record any user data.

The service provider places a small data package, a so-called cookie, on the user’s computer and reads it back during the subsequent visit. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user’s current visit to previous visits, but only with respect to its own content.

The purposes of the processing are: to identify and distinguish users, to identify users’ current session, to store the data provided during that session, to prevent data loss, to identify and track users, to measure web analytics.

Legal basis for processing: consent of the data subject.

Data processed: identification number, date, time and the page previously visited.

Duration of processing: 30 minutes.

The user can delete the cookie from his/her computer or disable the use of cookies in his/her browser. The cookie management is usually available in the Tools/Preferences menu of browsers under Privacy/Preferences/Custom settings, under the menu item cookie, cookie or tracking.

Possible consequences of not providing data: incomplete use of website services, inaccuracy of analytical measurements.

The Google Analytics service measures the number of visits to our website, but does not record or transmit any personal data to us.

The Google Analytics Privacy Policy is available at the following link:

https://policies.google.com/privacy?hl=hu

CONTACT US, CUSTOMER CORRESPONDENCE FROM THE CONTROLLER

2.) If you visit our website, you can contact us using the contact details provided in this notice or on the website.

The Data Controller will delete all e-mails received, together with the sender’s name, e-mail address, date, time and other personal data provided in the message, after a maximum of five years from the date of communication.

OTHER DATA PROCESSING

Information about any processing not listed in this notice will be provided at the time of collection.

We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, Hungary, the Hungarian National Bank or other bodies authorised by law may contact the data controller to provide information, to disclose or transfer data or to provide documents.

The Data Controller shall disclose to the authorities – if the authorities have indicated the precise purpose and scope of the data – personal data only to the extent and to the extent that is indispensable for the purpose of the request.

The Data Controller’s computer systems and other data storage locations are located at its headquarters and at the headquarters of the hosting service provider. 

Data of the hosting provider:……………………….

The above mentioned hosting provider has undertaken in its declaration to fully comply with the provisions of the GDPR and other relevant legislation when storing the data.

The Data Controller selects and operates the IT tools used for the processing of personal data in the provision of the service in such a way that the processed data:

a) accessible to those authorised to access it (availability);

b) its authenticity and authenticity are ensured (authenticity of processing);

(c) its integrity can be verified (data integrity);

d) protected against unauthorised access (data confidentiality).

The Data Controller shall take appropriate measures to protect the data, in particular against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction, damage or loss, and inaccessibility resulting from changes in the technology used.

The Data Controller shall ensure, by appropriate technical means, that, except where permitted by law, the stored data cannot be directly linked and attributed to the data subject in order to protect the data files managed electronically in its various registers.

The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures, taking into account the state of the art, which provide a level of protection appropriate to the risks associated with the processing.

The Controller shall, during the processing, keep

a) confidentiality: it shall protect the information so that only those who are entitled to have access to it have access to it;

b) integrity: to protect the accuracy and completeness of the information and the processing method;

(c) availability: ensures that the authorised user has effective access to the information required when he needs it and that the means to access it are available.

The IT system and network of the Data Controller and its partners are protected against computer fraud, espionage, sabotage, vandalism, fire and flooding, computer viruses, computer intrusions and denial of service attacks. The operator ensures security through server-level and application-level protection procedures.

Users are informed that electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, FTP, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes or disclosure or modification of information. The controller shall take all reasonable precautions to protect against such threats. It monitors systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.

The data subject may request information on the processing of his or her personal data and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory processing, and exercise his or her rights of retention and objection, as indicated when the data were collected or by contacting the controller at the above contact details.

Right to information:

The Data Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the notifications referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

The right to information can be exercised in writing through the contact details indicated in the Introduction or in point 4. The data subject may also be provided with information orally at his or her request, after verification of his or her identity.

The data subject’s right of access:

The data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. In the event of a transfer of personal data to a third country or an international organisation, the data subject is entitled to be informed of the appropriate safeguards for the transfer.

The Data Controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. At the request of the data subject, the information shall be provided by the Controller in electronic form.

The controller shall provide the information within a maximum of one month from the date of the request.

Right of rectification:

The data subject may request the correction of inaccurate personal data concerning him or her processed by the Controller and the completion of incomplete data.

Right to erasure:

The data subject shall have the right, upon request, to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

– The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

– the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;

– the data subject objects to the processing and there is no overriding legitimate ground for the processing;

– the personal data have been unlawfully processed;

– the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

– the personal data have been collected in connection with the provision of information society services.

The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for archiving purposes or scientific or historical research purposes; for statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

At the request of the data subject, the Controller may restrict processing if one of the following conditions is met:

– the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the accuracy of the personal data to be verified;

– If the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use, the processing shall be limited to the period of time necessary to verify whether the personal data are accurate, unless the processing is unlawful;

– the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

– the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

The Controller shall inform the data subject in advance of the lifting of the restriction on processing.

Right to data portability:

The data subject has the right to receive personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

Right to object:

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.

Automated decision-making in individual cases, including profiling:

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The above right shall not apply where the processing

– necessary for the conclusion or performance of a contract between the data subject and the controller;

– permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

– is based on the explicit consent of the data subject.

Right of withdrawal:

The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.

Procedural rules:

The controller shall inform the data subject of the action taken in response to a request pursuant to Articles 15-22 GDPR without undue delay and in any event within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months.

The controller shall inform the data subject of the extension, stating the reasons for the delay, within one month of receipt of the request. Where the data subject has made the request by electronic means, the information shall be provided by electronic means, unless the data subject requests otherwise.

If the controller does not act on the data subject’s request, the data subject shall be informed without delay and at the latest within one month of receipt of the request of the reasons for the non-action and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.

The Controller shall provide the requested information and notification free of charge. Where the data subject’s request is manifestly unfounded or excessive, in particular because of its repetitive nature, the controller may charge a reasonable fee, taking into account the administrative costs of providing the requested information or information or of taking the requested action, or refuse to act on the request.

The controller shall inform any recipient to whom or with whom the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject, at his or her request, of these recipients.

The controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has made the request by electronic means, the information shall be provided in electronic format unless the data subject requests otherwise.

Compensation and damages:

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the GDPR is entitled to compensation from the controller or processor for the damage suffered. The processor shall be liable for damage caused by the processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the controller.

Where more than one controller or more than one processor or both controller and processor are involved in the same processing and are liable for the damage caused by the processing, each controller or processor shall be jointly and severally liable for the entire damage.

The controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

Complaints in relation to data processing:

If you have a problem with the processing of data by the Controller, please contact. E-mail: kurti.gabor@rife-plasma.com.

Right to apply to the courts:

The data subject may take the controller to court in case of infringement of his/her rights. The court will decide the case out of turn.

Data Protection Authority procedure:

A complaint can be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Address: Szilagyi Erzsebet fasor 22/C., 1125 Budapest, Hungary.

Postal address: 1530 Budapest, PO Box 5.

Phone: +36 (1) 391-1400

Fax: +36 (1 ) 391-1410

E-mail: ugyfelszolgalat@naih.hu

Website: https://www.naih.hu

Contact