PRIVACY POLICY

for the visitors and users of the https://www.tetomatra.huwebsite. 

Introduction 

During the operation of the website, the ServiceProvider/Data Controller processes the data of persons registered on the sitefor the purpose of providing them with appropriate services. The ServiceProvider intends to fully comply with the legal requirements regarding theprocessing of personal data, in particular the provisions of Regulation (EU)2016/679 of the European Parliament and of the Council (GDPR). This privacypolicy has been prepared based on Regulation (EU) 2016/679 on the protection ofnatural persons with regard to the processing of personal data and on the freemovement of such data, with regard to the content of Act CXII of 2011 on theRight to Informational Self-Determination and Freedom of Information. 

Name and Contact Details of the Data Controller 
Name: dr. Anna Petrovics 
Registered Office: 2 Damjanich János St, H-3036Gyöngyöstarján, Hungary 
Tax Number: 48277387-1-30 
E-mail: info@tetomatra.hu 
Phone: +36 30 5011662 
Website: www.tetomatra.hu 

Definitions 

GDPR (General Data Protection Regulation): The EuropeanUnion's General Data Protection Regulation; 

Processing: Any operation or set of operations performed onpersonal data or sets of personal data, whether or not by automated means, suchas collection, recording, organisation, structuring, storage, adaptation oralteration, retrieval, consultation, use, disclosure by transmission,dissemination or otherwise making available, alignment or combination,restriction, erasure or destruction; 

Processor: A natural or legal person, public authority,agency or other body which processes personal data on behalf of the controller; 

Personal Data: Any information relating to an identified oridentifiable natural person (Data Subject); an identifiable natural person isone who can be identified, directly or indirectly, in particular by referenceto an identifier such as a name, an identification number, location data, anonline identifier or to one or more factors specific to the physical,physiological, genetic, mental, economic, cultural or social identity of thatnatural person; 

Controller: The natural or legal person, public authority,agency or other body which, alone or jointly with others, determines thepurposes and means of the processing of personal data; 

Consent of the Data Subject: Any freely given, specific,informed and unambiguous indication of the data subject's wishes by which they,by a statement or by a clear affirmative action, signify agreement to theprocessing of personal data relating to them; 

Personal Data Breach: A breach of security leading to theaccidental or unlawful destruction, loss, alteration, unauthorised disclosureof, or access to, personal data transmitted, stored or otherwise processed; 

Recipient: A natural or legal person, public authority,agency or another body, to which the personal data are disclosed, whether athird party or not; 

Third Party: A natural or legal person, public authority,agency or body other than the data subject, controller, processor and personswho, under the direct authority of the controller or processor, are authorisedto process personal data. 

Principles of Data Processing 

The Data Controller declares that personal data is processedin accordance with this privacy policy and complies with the provisions of therelevant legislation, with particular regard to the following: 

Processing must be carried out lawfully, fairly, and in atransparent manner for the data subject. 

Personal data may only be collected for specified, explicit,and legitimate purposes. 

The purpose of processing personal data must be adequate,relevant, and limited to what is necessary. 

Personal data must be accurate and up to date. Inaccuratedata must be erased without delay. 

Personal data must be stored in a form which permitsidentification of data subjects for no longer than is necessary. 

Processing must be carried out in a manner that ensuresappropriate security of the personal data using appropriate technical ororganisational measures. 

General Data Processing Information 

The purpose of the data processing is to enable the ServiceProvider/Data Controller to provide appropriate additional services to personsregistered on the website. The legal basis for processing is the consent of theData Subject. The scope of those involved includes the users of the website. 

Data shall be erased immediately if the originally setpurpose has been achieved. The Data Subject may withdraw their consent at anytime via e-mail. Access to the data is restricted to the Data Controller andtheir employees. 

The Data Subject may request access to, rectification,erasure, or restriction of processing of their personal data, and may object tosuch processing, as well as exercise their right to data portability. Providingpersonal data is not mandatory, but certain functions of the website cannot beused without registration. 

BOOKING 

The purpose of data processing is to provide additionalservices, establish contact, and send confirmation e-mails. Bookings can onlybe fulfilled if the Guest provides contact and billing information. 

Legal Basis: Consent of the Guest. In the case of invoicing,processing is based on legal requirements. 
Duration: Until the withdrawal of consent or as required bylaw. 
Erasing Data: Upon withdrawal of consent, except for billingdata which must be kept according to legal regulations. 
Storage: Electronic. 
Scope of Processed Data and Purpose: 
Name: Identification, contact, invoicing. 
Company Name: Identification, contact, invoicing. 
Address (Country, Postcode, City, Street): Identification,contact, invoicing. 
E-mail/Phone: Identification, contact. 
Payment Info: Invoicing. 
Service Details: Identification of the service. 
Booking time/IP address: Technical operations. 

Consent is given by the User by intentionally ticking thedesignated empty checkbox on the website. Pursuant to the 2016 CLVI Act(modified 2021), processing includes mandatory data provision of identificationdocuments to the VIZA system. 

Invoicing 

The purpose is the issuance and sending of electronicinvoices. This is a mandatory data processing activity based on legalobligations. Billing data modification or erasure can be initiated via theprovided contact details. 

Newsletters 

The purpose is to send professional materials, electronicmessages containing advertisements, and newsletters. The User may unsubscribeat any time without consequences. 

Legal Basis: Consent. 
Requirement: Providing data is necessary to receivenewsletters. 
Duration: Until consent is withdrawn. 

Cookies 

Cookies are small files created by visited websites toimprove the user experience. 
Purpose: Additional services, identification, tracking. 
Legal Basis: Consent is not required if the cookie isstrictly necessary for the Service Provider to operate the site. 
Management: The User can delete cookies from their browsersettings at any time. 

Social Media 

The Data Controller may use social media platforms (Facebook,Google+, etc.) for promotion. The scope of processed data may include theuser's public profile picture. The duration and erasure of data are governed bythe rules of the respective social media platform. 

Google Analytics

The website uses Google Analytics to evaluate how users usethe site. Data is stored in an encrypted format on Google's servers. Users whodo not want Google Analytics to report their data can install the GoogleAnalytics opt-out browser add-on. 

Data Processors

Hosting Provider: Webflow, Inc. (398 11th Street, 2nd Floor,San Francisco, CA 94103). Purpose: Ensuring website operation. 
Accounting: Tunikó Könyvelő Iroda Kft. (3200 Gyöngyös,Belváros tér 6.). Purpose: Bookkeeping of accounting documents. 

Rights Related to Data Processing

Right to Information: The Data Subject may requestinformation regarding what data is processed and why. Response time: maximum 30days. 

Right to Rectification: Modification of data may berequested. Action time: maximum 30 days. 

Right to Erasure: Deletion of data may be requested. Actiontime: maximum 30 days. 

Right to Blocking: The Data Subject may request that theirdata be blocked instead of deleted. 

Right to Object: The Data Subject may object to theprocessing of their personal data. Investigation time: maximum 15 days. 

Legal Enforcement

 In the event of unlawful data processing, the User shouldnotify the Company to resolve the issue. If not resolved, the User may contactthe National Authority for Data Protection and Freedom of Information (NAIH): Address:
1125 Budapest, Szilágyi Erzsébet fasor 22/c 
E-mail: ugyfelszolgalat@naih.hu 
Website: https://naih.hu