Privacy notice

The privacy notice is available at  can be downloaded by clicking on the link.

1. Data controllers / data processors

Name of service provider, data controller

• hereinafter, TSZ

Data Controller, Data Processor - Website Owner (1.)

• hereinafter, TL

Data controller, data processor - operator (2.)

• hereinafter, UZ

*** The employees of Viola 30 Ltd. - consultant partners - are qualified data processors

Google Analytics

- hereinafter referred to as GA

Other data controller, data processor - Google

2. Definitions

• GDPR (General Data Protection Regulation) is the new EU Data Protection Regulation;

• Data management: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

• Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

• Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

• Data Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law;

• Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she gives his or her consent to the processing of personal data concerning him or her;

• Disclosure: if the data is made available to anyone;

• Data deletion: data rendered unrecognisable in such a way that it cannot be recovered; automated dataset: a set of data that is processed automatically;
• Machine processing:includes the following operations, if they are carried out in whole or in part by automated means: storage of data, logical or arithmetical operations on data, alteration, deletion, retrieval and dissemination of data.

• Data protection incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

• Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

• Visitor: visitors of the calendula.hu website

• User: a visitor who is duly registered in the database of the calendula.hu website

• Operator: operates a website describing and promoting its Ayurvedic services for Users and Visitors through the aforementioned calendula.hu website.

The content placed and published on the site can be visited, viewed and browsed by visitors without registration (without entering a username, password, shipping and billing address).

3. Guidelines for data management and processing

3.1 The data controller(s) and processor(s) declare that they will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable law, in particular with regard to:

3.1.1.1 The Data Controller undertakes to publish a clear, prominent and unambiguous notice (privacy statement) informing users and visitors of the method, purpose and principles of data collection before recording, recording or processing any data of their users or visitors. A the processing of personal data must be lawful, fair and transparent for the data subject.

3.1.2 In addition to the above, the Data Controller draws the attention of the user to the voluntary nature of the data provision.

In all cases where the Data Controller requests personal data from its Visitors and Users, they are free to decide whether or not to provide the requested information after reading and understanding the required information text. However, if a person does not provide personal data, he or she may not be able to use the service from the Operator that requires the provision of personal data.

3.1.3 The data subject shall be informed of the purposes of the processing and of the persons who will process the data. The personal data must be collected for specified, explicit and legitimate purposes and not processed by the Controller in a way incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes („purpose limitation”) shall not be considered incompatible with the original purpose;

3.1.4 In all cases where the Data Controller intends to use the data provided for purposes other than those for which they were originally collected, the Data Controller shall inform the User thereof and obtain his/her prior explicit consent or provide the User with the opportunity to prohibit such use.

3.1.5 The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.

3.1.6 Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted without delay.

3.1.7 Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.

3.1.8 Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.

The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require any third party to whom it may transmit or transfer the data to fulfil its obligations in this respect.

3.1.9 All employees and senior managers of the Data Controller are entitled to access the data processed by the Data Controller. Information on data processing shall also be provided where the law provides for the inclusion of data from existing data processing by transfer or interconnection.

3.1.10. The principles of data protection shall apply to all information relating to an identified or identifiable natural person.

3.1.11. The Data Controller shall in all cases comply with the restrictions set out in the Principles when collecting, recording and processing data, and shall inform the data subject of its activities by electronic mail, as requested. The Data Controller undertakes not to impose any sanctions on a user who refuses to provide the optional data.

3.1.12. Personally identifiable data and information means personal data relating to natural persons that can be used to identify someone personally, to contact someone for communication or to determine someone's physical contact details, including but not limited to: name, address, postal address, telephone number, e-mail address.

3.1.13. Anonymous information that is collected in a way that excludes personal identifiability and cannot be linked to a natural person, and demographic data that is collected in a way that does not link it to the personal data of identifiable persons and thus cannot be linked to a natural person, are not personal data.

3.1.14. This privacy statement is related to the protection of personal data of visitors, registered users not intended for public disclosure, but made available to the Data Controller, Operator. If a person voluntarily discloses some or all of his/her personal data, such information is not covered by this Privacy Policy.

3.1.15. In all cases, we will indicate which information is requested on a “mandatory” basis, for what purpose and under what conditions when sending a pre-booking request. The term "mandatory" in this case does not refer to the mandatory nature of the data recording, but to the fact that there are some records without which the booking request cannot be interpreted, so that leaving certain fields blank or filling them in incorrectly may lead to irrelevant information.

3.1.16. Personal data provided to us by Visitors and Users will not be disclosed to third parties under any circumstances unless authorised.

However, if the Data Controller is requested by the competent authorities to provide personal data in the manner required by law (e.g. in case of suspicion of a crime, in an official data seizure order), we will provide the requested and available information in compliance with our legal obligation.

Where our Users provide us with personal data, we will take all necessary steps to ensure the security of that data - both during network communication (i.e. online processing) and during storage and retention (i.e. offline processing).

3.1.17. As the Data Controller, we ensure that Visitors can access, correct and amend their own personal data through the same communication channels and by providing the same facilities through which they have previously provided their personal data to us. In this way, as Data Controller, we ensure that Users' personal data is kept up to date, accurate and timely.

3.1.18. If any User requests that we delete his or her personal data from our own system (in certain cases, of course, assuming that he or she will no longer be able to use the service to which the data belonged or in a way that he or she cannot use it), we will do so without delay.

4. Additional safeguards to protect the data subject

In the following sections, we draw your attention to the rights of all data subjects.

4.1 The data subject has the right to be informed about the processing of his/her data (data subject's right of access).

4.2 The data subject shall have the right to obtain, at his or her direct request, the restriction of processing by the Controller if any of the grounds listed herein apply:

4.2.1 The data subject contests the accuracy of his or her personal data, in which case the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data;

4.2.2. the data processing is unlawful, and the data subject opposes the deletion of the data and requests the restriction of their use instead;

4.2.3. where the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;

4.2.4. the data subject has legitimately objected to the processing; in this case, the restriction is limited to the

until it is established whether the legitimate grounds of the controller override those of the data subject.

4.3.The data subject has the right to obtain information about the automated processing of personal data, its main purposes and the identity, habitual residence or registered office of the controller.

4.4 The data subject has the right to be informed, at reasonable intervals and without excessive delay or expense, whether or not his or her personal data are stored in an automated dataset and to be provided with information about those data in a form which he or she understands.

4.5 The data subject shall have the right to have such data rectified or erased without undue delay where justified (right to be forgotten). The Controller shall inform all recipients to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the data subject of these recipients.

4.6.The data subject has the right to receive, in the course of processing based on consent, in the case of automated processing, the personal data concerning him or her provided by him or her to Viola 30 Kft. in a structured, commonly used, machine-readable format, and the right to have Viola 30 Kft. transfer these data to another controller. The exercise of this right shall not infringe the right to be forgotten and shall not adversely affect the rights and freedoms of others.

4.7 The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions;

4.8 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in the circumstances set out in Article 22 of the GDPR (automated decision-making);

4.9 The data subject shall have the right to a judicial remedy if his or her request for information or, in justified cases, for disclosure, rectification or erasure as provided for by law is not complied with. At the request of the data subject, the Controller shall provide information on the data processed by the Controller or by a processor on its behalf, the purposes, legal basis and duration of the processing, the name, address (registered office) and activities of the processor in relation to the processing, as well as the persons to whom and the purposes for which the data are or have been disclosed. The data controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. The data subject may, in the event of a breach of his or her rights, take the Controller to court. The Controller shall compensate any damage caused to another party by unlawful processing of the data of the data subject or by a breach of the requirements of technical data protection.

The Data Controller is also liable to the data subject for damage caused by another Data Processor employed by the Data Controller. The Data Controller shall be exempted from liability if it proves that the damage was caused by an unavoidable cause outside the scope of the processing. No compensation shall be payable in so far as the damage resulted from the intentional or grossly negligent conduct of the person who suffered it.

5. The data processed and their legal basis

5.1. Legal basis of the data processed

The provisions on data processing and the protection of the personal data of Visitors apply only to natural persons, given that personal data can also be understood only in relation to natural persons (pursuant to Act CXII of 2011 on the right to information self-determination and freedom of information), therefore this privacy policy is binding only in relation to the processing of personal data of natural persons who register on the website.

5.1.1 The legal basis for the processing under 5.2.1 is the consent of the data subjects and the legitimate interest of the Data Controller in the performance of the contract between the data subject and the Data Controller (Article 6(1)(b) GDPR).

5.1.2 The legal basis for the processing of the data under sections 5.2.3 - 5.2.6 is the consent of the data subjects. The data subjects give their consent during the form filling process by ticking a checkbox for each processing purpose.

5.1.3 The legal basis for the processing of the data under points 5.2.5 and 5.2.6 is the legitimate interest of the Data Controller in the performance of the contract between the data subject and the Data Controller (Article 6(1)(b) GDPR).

Users of the Website accept the use of cookies by clicking the Accept button at the bottom of the page. If you accept the use of cookies, this information and consent will also apply to the use of the website on subsequent connections to your device.

5.2. Scope of data processed and purpose of data processing

Process personal data only for specified purposes, in the exercise of rights and obligations

in order to comply with. Data processing must comply with this purpose at all stages.

Only personal data that is necessary for the purposes for which it is processed may be processed.

essential, suitable for achieving the objective, necessary only for the achievement of the objective

to the extent and for the duration.

5.2.1.
Purpose of data processing: to provide the website service, to fulfil the contractual rights and obligations related to it.

Data processed: name, e-mail address, telephone number, advance booking date, type of accommodation chosen

In addition, we also process the following data to ensure the quality of the service, to comply with the General Terms and Conditions and for the legitimate interest of the service provider:
Customer service correspondence, call data (call number, time, duration of call), SMS, what's app, viber messages and log files of the use of the features provided by the system.

5.2.2.
Purpose of processing: use for marketing purposes, sending newsletters (commercial offers), use for direct marketing purposes.

Data processed: name, e-mail address, telephone number

5.2.4.
Purpose of data management: informing users, providing services

Data processed: the data indicated in point 5.2.1

5.2.5.
When visiting the calendula.hu website, certain parameters of Visitors and Users are recorded on TSZ's servers, which can be accessed by TL and ED.

These logging parameters - automatically recorded - can be any of the following, depending on what the website's program code can identify for a given visitor:

• Time of access, time spent on the website, activity performed during this time, time of exit
• Visitor's browser type, resolution, language, operating system, type of computing device
• Visitor IP address

The purpose of processing this data is to ensure quality and to provide TL with statistics for the website. The duration of this processing is 365 days - unless the visitor requests otherwise, by sending a request for deletion to one of TL's contact details in this information.

5.2.6 Cookie: cookies are information automatically logged by the TSZ servers. The Fund Manager uses the following cookies:

(a) Session cookies

(b) Functional cookies

The purposes, legal basis, duration and other information about the processing of cookies are set out in section 10 of this Privacy Policy.

6. How the website works

6.1 The calendula.hu website is an informative online platform promoting the Operator's Ayurvedic services. Visitors to the website are greeted by a pop-up window in the footer, in which both the cookies used by the site and the acceptance of this Privacy Policy are mandatory, otherwise the main page cannot be accessed and the content of the site cannot be viewed by the visitor!

Visitors viewing the Service and browsing the site are free to visit the website.

7. Important data processing information, request for data erasure

The duration of data processing always depends on the specific purpose of the user.

The Data Controller shall delete the data, unless otherwise provided by law or the data subject, on the day following the following periods (as the time when the purpose of the processing ceases to exist).

The Data Controller shall delete the data under the data management provided for in Sections 5.2.1, 5.2.3, 5.2.4 on the 730th day after the inactivity of the user concerned, if the conditions set out in the legislation are met (this period shall be extended by the hibernation period initiated by the user in any case).

The data processed in accordance with point 5.2.2. for the period specified by law

(end of the 8th year after the termination of the contract between the parties).

Data processed in accordance with clauses 5.2.5 to 5.2.6 will be processed by the Data Controller for the period of time specified in clause 10 of this Privacy Statement.

You may request the deletion of your data before the date of your request, provided that you can prove that you are entitled to have the data deleted. The request for erasure may be made in writing, by info@calendula.hu by electronic mail to the following address and to the postal address of TL.

The way to confirm is to call and request cancellation from the telephone number you provided when you sent the pre-booking request form, and to initiate and request cancellation from the e-mail address you provided on this form. In the case of a request by post, data controllers will assess individually the presumption of identity of the person requesting the cancellation and the request for cancellation.

If the legal basis for the erasure of the data cannot be demonstrated by the data subject in any of the above ways, a case-by-case and individual assessment may be made - with other identification requested.

You may request the modification or deletion of your personal data by e-mail, telephone or letter using the contact details provided in this GDPR notice.

8. How the data is stored

As a data subject, you have the right to object to the processing of your personal data, in accordance with the procedure set out in the processing information and this notice and the legislation described in this notice.

The data controller or data processor must ensure the security of the data, and must take the technical and organisational measures and establish the procedural rules necessary to enforce the Data Protection Act and other data protection and confidentiality rules. In particular, the data must be protected against unauthorised access, alteration, disclosure or deletion, damage or destruction.

9. Newsletter

We declare that the information and brochures we publish fully comply with the relevant legal provisions. In accordance with Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities and the provisions of the Info tv. 5(1)(a) of the Info Act, the User may expressly consent in advance to the sending of TL advertising offers and other mailings to the contact details provided on the form and/or to the https://calendula.hu/blog-hirek/ on the basis of the data (name, email address) you have submitted on the subpage, or to process your personal data for the purpose of sending you promotional offers.

Scope of data processed: name, email address

Legal basis for data processing: the User may unsubscribe from receiving offers and newsletters without any restriction and without giving any reason, free of charge. In this case, all personal data necessary for sending advertising messages will be immediately deleted from the register and the User will not be contacted with further advertising offers.

Users are reminded of this at the bottom of each newsletter.

Possible data controllers: personal data may be processed by the controller's employees or, in the case of a separate written data processing contract, by subcontractors engaged by the controller, in compliance with the data protection legislation in force at the time.

Data subjects' rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge. The data subject may request information from the controller about the processing of his/her personal data, and may request the rectification, erasure or blocking of his/her personal data. The Service Provider as data controller shall provide the information requested by the customer in writing in an intelligible form within the shortest possible period of time from the submission of the request for information, but not later than 30 days. If you have any questions or doubts about the data processed by the Service Provider, or if you wish to obtain clarification about your data, you may do so by sending an e-mail to info@calendula.hu.

The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope specified in the consent. The data recorded in this register, relating to the recipient of the advertising, may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.

10. Cookies (cookies)

We use „cookies” on our website. These are small files that store information in the visitor's - user's - web browser. This requires your consent when you access the site.

We use the „cookies" in accordance with the provisions of Act C of 2003 on electronic communications, Act CVIII of 2001 on certain aspects of electronic commerce services and information society services, and the European Union.

Analytical or performance monitoring cookies:

These help us to distinguish visitors to the website and collect data on how visitors behave on the website. They do not collect information that can identify you, the data is aggregated and stored anonymously (e.g. Google Analytics)

Functional cookies:

These cookies are used to improve the user experience. They detect and store, for example, the device you use to access the website, or information you have previously provided and requested to be stored, such as automatic login, the language you have chosen, or user changes you have made to other customisable elements of the website. These „cookies” do not track your activity on other websites. However, the information they collect may include personally identifiable information that you have shared.

You can delete or disable „cookies” in the browser programs you use. By default, browsers allow cookies to be set. You can disable this in your browser settings and delete existing ones. You can also set the browser to notify the user when a cookie is sent to the device. It is important to stress, however, that disabling or restricting these files will degrade the browsing experience and may also cause errors in the functionality of the website.

The cookies also record the following data to comply with legal obligations:

-viewed therapeutic services

-last activity time.

The cookies used on the site:

11. Data transmission

Our activities in order to provide the functions of the website, the legal basis of which is the consent of the data subject, are governed by the Infotv. Section 5 (1) a) and Section 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

The data processing concerns all users, and the data processed include the name, e-mail address, telephone number and IP address of the contact person at the time of the visit.

The processing lasts until the data subject's consent is withdrawn.

TSZ has the right to access the data and may process the personal data as a data processor in compliance with the law.

Other data processors used:

Parties as defined in point 1 of this privacy statement.

Description of data subjects' rights in relation to data processing:

The data subject may request information from the data controller about the processing of his or her personal data and may request the rectification, erasure or blocking of his or her personal data.

We will provide the information requested by the customer in writing and in an intelligible form within the shortest possible time from the date of the request for information, but not later than 30 days.

If you have any questions, doubts or requests for clarification about your personal data, you can do so by sending an e-mail to. info@calendula.hu sent to the following e-mail address. For a detailed explanation of the data subjects' rights and remedies in relation to data processing, please refer to points 3-4-5 of this notice.

The legal basis for the transfer of data is the consent of the User, in accordance with the Infotv. 5 (1) a) of Article 5, and Article 13/A (3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

(E) Data security

The controller shall design and implement the processing operations in such a way as to ensure the protection of the privacy of the data subjects.

The data controller and the data processor in the scope of their activities shall ensure the security of the data, and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.

In particular, appropriate measures must be taken to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

In order to protect the data files managed electronically in the different registers, appropriate technical arrangements should be in place to ensure that data stored in the registers cannot be directly linked and attributed to the data subject, unless permitted by law.

When personal data are processed automatically, the controller and the processor take additional measures to ensure:

-prevent unauthorised data entry;

-preventing the use of automated data processing systems by unauthorised persons using data transmission equipment;

-the verifiability and ascertainability of the personal data

-which bodies it has been or may be transmitted to using data transmission equipment;

-the verifiability and ascertainability of which personal data have been entered into automated data processing systems, when and by whom;

-the recoverability of the installed systems in the event of a failure, and

-to report errors that occur during automated processing.

The controller and the processor shall take into account the state of the art when defining and implementing measures to ensure the security of the data. The choice between several possible processing solutions should be made which ensure a higher level of protection of personal data, unless this would impose a disproportionate burden on the controller.

12. Community sites

A social networking site is a media tool where the message is spread through social users. Social media uses the Internet and online publishing to enable users to engage with content. A person who fills in a form on the website - or sends a letter to an email address, or a caller on the phone - is not directly or indirectly - automatically - contacted by the social media site of the website.

Social media is the interface of internet applications that hosts user-generated content, such as Facebook, Google+, Twitter, Instagram.

Social media can take the form of public speeches, presentations, demonstrations, product or service launches. On the linked social networking site, visitors are not allowed to create their own posts or content because the data controller does not provide the technical means to do so. However, visitors can comment on published articles, posts with images, video and audio. The moderation of comments is carried out by the data controller. By default, most comments are not displayed (for example, due to the use of a swear filter) and can be approved by the data controller afterwards.

The information published on social media can take the form of forums, blog posts, images, video, audio, message boards, but not email messages.

Stakeholders: Users, Visitors

It is important to note that when a user creates any personal data in his/her comment, he/she grants the social networking site operator a valid worldwide license to store and use such content. Therefore, it is very important to make sure that the user has the right to disclose the posted information.

13. Copyright

13.1 The entire content of the website, including the source code, is intellectual property owned by Viola 30 Ltd. Copying the textual, audiovisual and visual content of the website, in whole or in part, constitutes copyright infringement.

13.2 The User also consents to the Company's use of the copyrighted elements provided by the User (including, without limitation, the text of the advertisement, the attached images and videos) without payment of any consideration, to the extent and scope necessary and useful for the provision of the Services, including the right to copy, reproduce, store, publish, distribute and adapt as necessary, and to grant the right to use to third parties without any time or geographical (territorial) limitation. The right of use is exclusive and the Company is entitled to transfer it to third parties. With regard to the foregoing, the User may only transfer material created by him or other material in respect of which he holds the exclusive rights of use.

13.3. Public communication opportunities.

All users use the public communication channels (e.g. forums) that are part of our services at their own risk. The copyright of the various contributions belongs to the respective user, but Viola 30 Ltd. has the right to quote from them without restriction and to reproduce them.

Comments may only be printed, downloaded or distributed by third parties for personal use and may only be used with the written consent of Viola 30 Ltd.

Please note that different laws apply to comments on public communication channels and public communications. We handle the data that can be used to reach individual users of our communication services with the utmost care, in strict confidence, without any unauthorised access and, apart from the exceptions provided for by law, without any disclosure to third parties.

13.4. Links.

Our website may contain a link to other providers' websites. The Data Controller is not responsible for the data and information protection practices of these service providers.

14. Proper use

The site's data controllers and processors reserve the right to exclude visitors based on their IP address and/or telephone number and/or e-mail address in the event of improper use of the site (for example, but not limited to, DDOS attempts, phishing, or attempts to access the site's administration or other non-public areas), aggressive, abusive, profane or other community-disruptive conduct, or misuse of the site's name. In cases deemed to be more serious, the owner will take the necessary legal action.

15. Google Analytics

calendula.hu uses Google Analytics. This activity is linked to the GA Privacy Statement.

-This website uses Google Analytics, a web analytics service provided by Google Inc. („Google”). Google Analytics uses „cookies”, which are text files placed on your computer, to help the website analyze how users use the site you have visited.

-The information generated by the cookies on the website used by the User is usually sent to and stored on a Google server in the USA. By activating the IP anonymisation on the website, Google will previously shorten the User's IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.

-The full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.

-The IP address transmitted by the User's browser within the framework of Google Analytics will not be merged with other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting and processing information about your use of this website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at the following link.

https://tools.google.com/dlpage/gaoptout?hl=hu

16. Google Adwords

calendula.hu also uses Google Adwords. Google Adwords Privacy Policy is linked to this activity.

-The data controller uses the online advertising program „Google AdWords” and makes use of Google's conversion tracking service. Google Conversion Tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).

-When you reach a website through a Google ad, a cookie is placed on your computer to track conversions. These cookies have a limited validity and do not contain any personal data, so they do not identify the User.

-When the User browses certain pages of the website and the cookie has not expired, Google and the data controller can see that the User has clicked on the advertisement.

-Each Google AdWords client receives a different cookie, so they cannot be tracked through AdWords clients' websites.

-The information obtained through the use of conversion tracking cookies is used to provide conversion statistics to AdWords customers who choose to track conversions. Clients are then informed of the number of users who click on their ad and are referred to a page with a conversion tracking tag. However, they do not have access to information that would allow them to identify any user.

-If you do not want to participate in conversion tracking, you can opt-out by disabling the option to set cookies in your browser. You will then not be included in the conversion tracking statistics.

-Further information and Google's privacy statement can be found on the following page: google.com/policies/privacy/

17. Final provisions

The data you provide is stored on a server operated by the hosting provider. In addition to the owner and operator, only our staff and the staff who maintain the server have access to the data, but they are all responsible for the secure handling of the data.

Activity description: hosting service, server service.

The purpose of the processing: to ensure the functioning of the website.

Data processed: personal data provided by the data subject.

The legal basis for processing is the consent of the data subject or processing based on law.

If you find an error or omission in this privacy notice, please notify us immediately. Our staff will make every effort to deal with the slightest user or visitor conflict promptly and, if necessary, to supplement or amend this Privacy Policy.

THE RIGHTS RELATING TO DATA PROCESSING

The right to request information

You may request information from us, via the contact details provided, about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.

The right to rectification

You can ask us to change any of your details using the contact details provided. Upon your request, we will promptly, but within 30 days at the latest, inform you of this by e-mail to the e-mail address you have provided.

The right to erasure

You can ask us to delete your data using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.

The right to blocking

You can ask us to block your data using the contact details provided. The blocking will last as long as the reason you have given us makes it necessary to store the data. Upon your request, we will do so without delay, but within a maximum of 30 days, by sending you an e-mail to the e-mail address you have provided.

The right to protest

You may object to the processing of your data by using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.

Enforcement possibilities in relation to data processing

If you experience unlawful processing, please notify us so that we can restore the lawful status within a short period of time. The We will do our best to solve the problem you have described.

If you consider that the lawful status cannot be restored, please notify the authority using the following contact details:

National Authority for Data Protection and Freedom of Information

Postal address: 1530 Budapest, Pf.: 5.

Address: 1055 Budapest, Falk Miksa u. 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu
URL https://naih.hu
Coordinates: É 47° 30′ 56″; K 18° 59′ 57″

THE LAW ON WHICH THE PROCESSING IS BASED

- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

-Act LXVI of 1995 on public records, public archives and the protection of private archival material.

-Government Decree 335/2005 (XII. 29.) on the general requirements of document management of public bodies.

-Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

-2003 Act C of 2003 on Electronic Communications.

The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.

This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.

2023. 24 November.