Privacy Policy

1. Introduction

In the course of its activities, Barabás Mónika (hereinafter: Data Controller) pays particular attention to the protection of personal data, compliance with mandatory legal provisions, and secure and fair data processing.

2. Data controller details

Name: Mónika Barabás (hereinafter referred to as data controller)

Registered office: 1143 Budapest, Stefánia út 59.

Email: info@barabasmonika.hu

Phone: +36307307366

The Data Controller shall process the personal data made available to it in all cases in compliance with the applicable Hungarian and European laws and ethical requirements, and shall in all cases take the technical and organizational measures necessary for the appropriate secure processing of data.

These regulations have been drawn up in accordance with the following applicable laws:

• Act CXIX of 1995 on the processing of name and address data for research and direct marketing purposes
• Act CVIII of 2001 on certain issues related to electronic commerce services and information society services
• Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities
• Act CXII of 2011 on the right to informational self-determination and freedom of information
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

The Data Controller undertakes to comply with this policy unilaterally and requests – in a notice available on its website – that its customers also accept the provisions of the policy. The Data Controller reserves the right to change its privacy policy. If the policy is amended, the updated text will be published publicly.

2. INTERPRETATIVE PROVISIONS

In our policy, the following terms related to data protection have the following meanings: – data file: the totality of data managed in a single register;

– data processor: a natural or legal person or an organization without legal personality who or which processes data on the basis of a contract, including a contract concluded in accordance with the provisions of the law;  

– data controller: the public body that produced the public interest data that must be published electronically, or that generated this data in the course of its operations;

– data processing: a

any operation or set of operations performed on data, regardless of the procedure used, in particular the collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure or destruction of data, as well as the prevention of further use of data, taking photographs, sound or image recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprints or palm prints, DNA samples, iris images);

Translated with DeepL.com (free version)

– data controller: a natural or legal person or an organization without legal personality who or which, alone or jointly with others, determines the purposes of the processing, makes decisions regarding the processing (including the means used) and implements them, or implements them with the data processor;

– data provider: the public body which, if the data controller does not publish the data itself, publishes the data provided to it by the data controller on its website;

– data labeling: marking the data with an identification mark for the purpose of distinguishing it;

– adattovábbítás : making the data available to a specific third party;

– data deletion: rendering the data unrecognizable in such a way that it can no longer be restored;

– data breach: unlawful processing or handling of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage.  

– data lock: marking the data with an identifier for the purpose of restricting its further processing for a definite or indefinite period;

– criminal personal data: during or prior to criminal proceedings, in connection with the criminal offense or criminal proceedings, generated by authorities authorized to conduct criminal proceedings or investigate criminal offenses, as well as by the penal system, personal data relating to the person concerned and to their criminal record;

– EEA country : a Member State of the European Union and another state party to the Agreement on the European Economic Area, and a state whose citizens enjoy the same legal status as citizens of a state party to the Agreement on the European Economic Area under an international agreement concluded between the European Union and its member states and a state that is not a party to the Agreement on the European Economic Area;

– affected: any natural person identified or identifiable, directly or indirectly, on the basis of any specific personal data;  

– third country: any country that is not an EEA country;

– third party: a natural or legal person or an organization without legal personality that is not the same as the data subject, the data controller, or the data processor;

– contribution: the voluntary and explicit expression of the will of the data subject, based on adequate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or for specific operations;  

– mandatory organizational regulations :data controller or group of data controllers operating in several countries, including at least one EEA Member State, and approved by the National Data Protection and Freedom of Information Authority (hereinafter: Authority), which are binding on the data controller or group of data controllers and which, in the case of data transfers to third countries, ensure the protection of personal data through a unilateral commitment by the data controller or group of data controllers;  

– public data in the public interest: any data not falling under the concept of data of public interest, the disclosure, disclosure or accessibility of which is required by law in the public interest;

– special data: 

• personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other ideological beliefs, membership of interest groups, or sex life, 
• az egészségi állapotra, a kóros szenvedélyre vonatkozó személyes adat, valamint a bűnügyi  személyes adat; 

– disclosure: amaking data accessible to anyone;  

– personal data: data relating to the data subject, in particular the data subject’s name, identification number, and one or more factors specific to the physical, physiological, mental, economic, cultural, or social identity of the data subject, as well as conclusions that can be drawn from the data about the data subject;  

– protest: a statement by the data subject objecting to the processing of their personal data and requesting the termination of data processing or the deletion of the processed data;  

• personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other ideological beliefs, membership of interest groups, or sex life, 
• personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other ideological beliefs, membership of interest groups, or sex life, 

-data processing: performing technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the location of the application, provided that the technical task is performed on the data;  

-data destruction: complete physical destruction of the data carrier containing the data;  

• personal data relating to health, pathological addictions, and criminal records. 
• personal data relating to health, pathological addictions, and criminal records; 

-public interest data : information or knowledge recorded in any manner or form, not falling under the concept of personal data, which is managed by a body or person performing state or local government tasks or other public tasks specified by law, and which relates to its activities or has been generated in connection with the performance of its public tasks, regardless of the method of processing, whether independent or collective in nature, including, in particular, data relating to jurisdiction, competence, organizational structure, professional activities, evaluation of their effectiveness, types of data held, legislation governing operations, management, and contracts concluded;

Scope of data processed and reason for data processing

The Data Controller undertakes to ensure that all data processing related to its activities complies with the requirements set out in this notice and in the applicable national legislation and legal acts of the European Union. It reserves the right to amend this notice at any time, of which it shall notify the public in a timely manner.

The Data Controller is committed to protecting the personal data of its customers and considers it extremely important to respect their right to informational self-determination. It treats personal data as confidential and takes all security, technical, and organizational measures to guarantee the security of the data.

Purposes of data processing

The data controller processes data for the following purposes in accordance with the relevant legislation:

1. Contacting us by email, phone, text message, or post;
2. For the purpose of fulfilling a therapeutic contract (verbal contract);
3. In connection with the provision of consulting services, we also process the data of service users for the purposes of complying with legal obligations (fulfilling our accounting and tax obligations arising from our activities) and maintaining customer relationships.

I process your personal data on the following legal bases

6. a) Legal basis for consent: for online registration purposes: Article 6(1)(a) of the GDPR
7. b) Legal basis for contract performance: for the purpose of processing the data of contractual partners (consultation participants): Article 6(1)(b) of the GDPR
8. c) Legal basis for contact: Article 6(1)(f) of the GDPR. Legitimate interest of the data controller: ensuring continuity of contact with those seeking psychological counseling.
9. d) Issuing invoices in accordance with accounting legislation Legal basis: Article 6(1)(c) of the GDPR

Duration of data processing

I keep invoices for at least 8 years due to legal obligations (payee data management). The retention period for documents used as the basis for invoicing is also 8 years.

The retention period for data provided for contact purposes is 1 year after the end of the relationship.

Retention period for data related to the performance of a contract: 5 years after the termination of the contract.

Data processed during psychological services

Personal data

Name

Email address

Phone number

Address

Place and date of birth

Written records of consultations

The rights of the data subject and their options for enforcing those rights

The data subject may request information about the processing of their personal data, as well as request the correction or, with the exception of mandatory data processing, the deletion or withdrawal of their personal data, and may exercise their right to data portability and objection as indicated at the time of data collection or via the above contact details of the data controller.

Right to information

Data controller. Take appropriate measures to provide data subjects with all information relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR and all information referred to in Articles 15 to 22 and 34 in a concise, transparent, understandable and easily accessible form, in clear and plain language.

The data subject’s right of access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the right to request rectification or erasure or restriction of processing and to object to processing; the right to lodge a complaint with a supervisory authority; information on the sources of the data; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. The data controller shall provide the information within one month of the request being made.

Upon request, we will provide you with a copy of your personal data affected by the data processing. For additional copies, we will charge a reasonable fee based on administrative costs.

Right of correction

The data subject may request the correction of inaccurate personal data concerning him or her processed by the Data Controller and the completion of incomplete data.

Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; the data subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; the personal data have been collected in relation to the offer of information society services. The erasure of data cannot be initiated if the processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health or for archiving purposes, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defense of legal claims.

Right to restriction of processing

At the request of the data subject, the Data Controller shall restrict data processing if any of the following conditions are met:

1. the data subject contests the accuracy of the personal data, in which case the restriction applies for a period enabling the accuracy of the personal data to be verified;
2. the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or the data subject has objected to processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the controller override those of the data subject.

If data processing is restricted, personal data may only be processed, except for storage, with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

Right to protest

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Automated decision-making in individual cases, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Right of withdrawal

The data subject has the right to withdraw their consent at any time.

Legal remedy options

If you have any complaints regarding the processing of your personal data, please contact us at info@barabasmonika.hu. I will investigate your complaint and inform you of the results of the investigation and the measures I have taken within 30 (thirty) days.

If you believe that the processing of your personal data violates applicable laws, you have the right to lodge a complaint with the data protection supervisory authority or to take legal action.

Data protection authority proceedings Complaints may be lodged with the National Data Protection and Freedom of Information Authority:

Name: National Authority for Data Protection and Freedom of Information

S

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Pf.: 5.

Telephone: 0613911400

Fax: 0613911410

Website: www.naih.hu

 Effective: September 22, 2020.