top of page

 Information leaflet about processing of personal data (privacy notice)

The purpose of this Privacy Notice is to provide Data Subjects with appropriate information about the data processed by Jeromos Kun, a sole entrepreneur (hereinafter referred to as the "Data Controller"), the purpose, legal basis and duration of the processing, and - in case of the transfer of the Data Subject's personal data - the legal basis and the recipient of the transfer.

DEFINITIONS

  • data subject: a natural person who is or can be identified on the basis of any information,

  • personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • recipient: a natural or legal person, public authority, agency or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

  • consent: a freely given, explicit and properly informed indication of the data subject's wishes by which he or she signifies, by means of a statement or other conduct unambiguously expressing his or her wishes, his or her agreement to the processing of personal data relating to him or her,

  • controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the processing (including the means used) or has the data processed by a processor, within the limits set by law or by a legally binding act of the European Union,

  • data processing: any operation or set of operations which is performed upon the data, regardless of the method used, in particular collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as prevention of further use of the data, taking of photographs, sound recordings or images, and physical features which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans),

  • transfer: making data available to a specified third party,

  • data erasure: rendering data unrecognisable in such a way that it is no longer possible to recover it,

  • processing: the set of processing operations carried out by a processor acting on behalf of or under the authority of the controller,

  • data processor: a natural or legal person or an unincorporated body which processes personal data on behalf of or under the instructions of the controller, within the limits and under the conditions laid down by law or by a legally binding act of the European Union,

  • third party: a natural or legal person or an unincorporated body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or the processor, carry out operations for the processing of personal data,

  • a personal data breach: a breach of data security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or transmission of, or access to, personal data transmitted, stored or otherwise processed.

 

GOVERNING LEGISLATION

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation; hereinafter "GDPR", Data Processing Regulation),

  • Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter "Infotv."),

  • Act CVIII of 2020 - on certain aspects of electronic commerce services and information society services (hereinafter referred to as "Eker. tv."),

  • Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (hereinafter "Act XLVIII"),

  • Act V of 2013 on the Civil Code (hereinafter referred to as "Civil Code")

 

DATA OF THE DATA CONTROLLER

 

PRINCIPLES OF DATA MANAGEMENT

The Data Controller follows the following principles in its data processing:

● Process personal data lawfully and fairly and in a transparent manner for the Data Subjects,

● collects personal data only for specified, explicit and legitimate purposes and does not process them in a way incompatible with those purposes,

● the Data Controller shall take all reasonable steps to ensure that the data it processes are accurate and up to date, and shall promptly delete or rectify inaccurate personal data,

● the Data Controller shall ensure the security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical and organisational measures.

 

DATA PROSESSING ACTIVITIES

Purpose of processing:

1. Use of personal data for the purpose of delivering electronic newsletters, information or other targeted content. Registration for programs, events, etc.

2. Completing an online purchase

3. Fulfillment of delivery

4. Invoicing, accounting

  1. Use of personal data for the purpose of delivering electronic newsletters, information or other addressed content. Registration for programs, events.

  • Duration of data storage: Personal data are processed until they are deleted at the request of the Data Subject or until consent is withdrawn.

  • Source: Directly from the data subject.

  • List or categories of personal data processed (different for each program or event) and the reasons why it is necessary:

  • Full name

For fulfilling the purposes under 1.) or for the organisation and implementation of a further event to be organised by the Data Controller following the program, for the purposes of sending electronic advertising, newsletters, information or other addressed content.

  • Email address

Data required for registration. It is required for contacting the participant as a natural person and for registration.

  • Phone number

Optional. Required for contacting the natural person applying for the program in order to agree on the details of the program.

  • Have you been to an Ajiit programme before? (For example: Retreat, Soul Dialogue, JIAIDO Camp)

In order to establish contact and explore channels of communication about Ajiit's activities and methods.

  • "How did you hear about the programme?"

To identify channels of communication about Ajiit's activities and methods.

 

Legal basis for processing:

By using the maunahouse.com website or by registering on the basis of this Privacy Notice, you consent to the processing of your personal data by the Controller (i.e. the collection, recording, organisation, storage, use, retrieval, disclosure, blocking, erasure, destruction, prevention of further use of the data) for the purposes of the processing identified above. The processing of personal data starts with the application (by ticking the checkbox) and the Controller deletes the personal data at the end of the storage period (see above).

You may voluntarily withdraw your consent at any time, however, the withdrawal of consent shall not affect the lawfulness of the processing prior to the withdrawal. An incomplete, contradictory or incomprehensible marking shall be interpreted by the Controller as a refusal to give consent.

  • Automated decision-making or profiling

Does the Data Controller use it?

No.

  • Information on the logic used:

Not relevant

  • What is the significance and consequences for the data subject:

Not relevant

 

  • Newsletter provider: mailchimp.com

 

  • Who can access your personal data?

As a general rule, the personal data of the data subject may be disclosed to the Data Controller's trusted volunteers for the performance of their tasks. For example, the Controller's volunteers who deal with the organisation of the event.

Only in exceptional cases will the Controller transfer the personal data of the data subject to other public bodies. For example, if a dispute between the data subject and the Data Controller is the subject of legal proceedings and the court in charge requires the transfer of documents containing the data subject's personal data, the police will contact the Data Controller and request the transfer of documents containing the data subject's personal data for the purposes of the investigation. In addition, for example, the lawyer representing the Controller will also have access to the personal data in the event of a dispute between the data subject and the Controller.

2. Completing an online purchase

 

Purpose of data processing:

Online shopping management, notification of delivery, shipping, payment management, complaint management, warranty management.

Scope of the data processed:

Name, telephone number, e-mail address, delivery address, order information, billing and payment details.

Duration of data processing:

Until performance of the contract and expiry of warranty rights. Thereafter, the Data Controller shall keep the information required under commercial and tax law for the period specified in the legislation.

Legal basis for processing:

● The consent of the Data Subject (Article 6(1)(a) GDPR),

● Processing is necessary for the performance of a contract to which the Data Subject is a party (Article 6(1)(b) GDPR),

● Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) GDPR).

To provide a payment service, it acts as a processor in relation to your personal data:

Name: Stripe Technology Europe, Limited

Address: Dublin 2, Grand Canal Street Lower The One Building

Website: https://stripe.com/en-hu,

The processing of card data is governed by the policy of Stripe Technology Europe Ltd: https://stripe.com/en-hu/privacy

 

3. Fulfillment of delivery

Purpose of processing:

The delivery of the ordered product to the specified delivery address.

Scope of the data processed:

Name, address, e-mail address, telephone number.

Legal basis for processing:

Processing is necessary for the performance of a contract to which the Data Subject is a party (Article 6(1)(b) GDPR).

To provide a delivery service, we act as a data processor in relation to your personal data:

Name: Magyar Posta Zrt., Data Controller can be found at the following link: https://www.posta.hu/adatkezelesi_tajekoztato

Address: 1138 Budapest, Dunavirág utca 2-6.

Data processing period: 3 years after the delivery of the ordered goods.

 

4. Invoicing

Purpose of data processing:

To comply with legal requirements.

Scope of data processed:

Order number, billing name, billing address, transaction amount, transaction date.

Duration of processing:

8 years pursuant to Article 169 of Act C of 2000.

Legal basis for processing:

Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) GDPR).

In order to complete accounting tasks, we act as a data processor in relation to your personal data:

Name: Értem Érted Kft.

Address: 1191 Budapest, Hunyadi utca 31.6.18.a;
 

         Name: Billingo Technologies Private Limited Company,

Its Privacy Policy is available at the following link: https://www.billingo.hu/adatkezelesi-tajekoztato?gclid=CjwKCAjw2OiaBhBSEiwAh2ZSPxP2WNF9EoGecGGngpNEcKZUCtn3qW3weuTQjrwkW5JqRyvsbYga2xoCKNMQAvD_BwE

Address: 1133 Budapest, Árbóc utca 6. First floor

 

HOSTING SERVICE

maunahouse.com is hosted by Wix.com Ltd. The service provider undertakes to store its database on a system so that only authorised persons have access to the data contained therein.

Data of the service provider:

Name: Wix.com Ltd, its Privacy Policy is available at the following link: https://www.wix.com/about/privacy

Address: 40 Namal Tel Aviv Street Tel Aviv, 6350671 Israel

 

COOKIES ON THE WEBSITE

The Data Controller uses cookies in the operation of the website. A cookie is a short text file that is stored on the hard drive of your computer or mobile device and is activated on subsequent visits.

Cookies facilitate and secure the use of the website, save certain user preferences and help to collect some relevant, statistical information about visitors to the website.

Some of the cookies do not contain any personal information and are not suitable to identify the individual user, but some of them contain a unique identifier that is stored on the Data Subject's device, thus ensuring the Data Subject's identifiability.

The majority of browser programs accept cookies by default, but the Data Subject may also use a setting to refuse to accept cookies or to indicate when they are received. The Data Subject can delete cookies using his or her browser.

The use of cookies which do not contain personal information and which are strictly necessary for the functioning of the website does not require the consent of the Data Subject. Cookies for data collection purposes are only loaded after the Data Subject has accepted the notification to this effect.

Google Analytics: It may use cookies to collect information and generate reports on website usage statistics without individually identifying visitors to Google. For more information, please click on the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook Pixel: Facebook Pixel is used to display personalized offers and ads to website visitors on Facebook. For more information, please click on the following link: https://www.facebook.com/policies/cookies/

Wix: For more information, please click on the following link: https://www.wix.com/about/cookie-policy

Stripe: For more information, please click on the following link: https://stripe.com/en-hu/legal/cookies-policy

 

RIGHTS OF THE DATA SUBJECT

The Data Subject has the right to.

● to be informed of the facts relating to the processing before the processing starts (right to prior information),

● to have his or her personal data and information relating to the processing of those data made available to him or her by the controller at his or her request (right of access),

● to have his/her personal data rectified or completed by the controller at his/her request (right of rectification),

● at your request, restrict the processing of your personal data by the controller (right to restriction of processing),

● at your request, have your personal data erased by the controller (right to erasure).

 

Right to request information (based on Articles 13-14 of the General Data Protection Regulation)

 

The Data Subject may request in writing to be informed in writing by the Controller that

- which personal data,

- on what legal basis,

- for what purpose,

- from what source,

- for how long it is processed,

- whether it employs a data processor, and if so, the name and address of the processor, if any, and the data controller's activities in relation to the processing,

- to whom, when, under what law, to which personal data, to which personal data the Controller has given access or to whom the Controller has transferred the personal data,

- the circumstances of any data breach, its effects and the measures taken to remedy it.

  • Right of access (under Article 15 of the General Data Protection Regulation)

The Data Subject has the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to obtain access to the personal data processed and to request the Controller to do so in writing.

The Controller shall provide the data subject with a copy of the personal data which are the subject of the processing, unless there are other legal obstacles. If the Data Subject has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the Data Subject requests otherwise.

 

  • The right to correction or supplement (under Article 16 of the General Data Protection Regulation)

 

The Data Subject may request in writing that the Controller amend any of his or her personal data (for example, he or she may at any time change his or her e-mail address or postal address or request that the Controller correct any inaccurate personal data processed by the Controller).

Taking into account the purpose of the processing, the Data Subject has the right to request that his or her incomplete personal data processed by the Controller be duly completed.

 

  • Right to delete (based on Article 17 of the General Data Protection Regulation)

The Data Subject may request to delete his or her personal data by the Data Controller in writing.

In principle, delete of personal data may be requested if our processing is based on your consent, e.g. you have given your consent to the processing of your data (telephone number, e-mail address) for the purpose of contacting you. In such a case, we will delete your personal data.

If you have provided us with your personal data for the performance of a contract or on the basis of a law, the related processing of this personal data will not automatically cease upon termination of the contract, nor will we be able to comply with your request for erasure.

In this case, in accordance with the applicable law, your personal data will continue to be processed after the termination of the contract for the processing period set out in this Privacy Notice.

  • Right to blocking (restriction of processing) (Article 18 of the General Data Protection Regulation)

A Data Subject may request in writing that his or her personal data be blocked by the Controller (by clearly indicating the limited nature of the processing and ensuring that it is kept separate from other data).

The blocking shall last as long as the reason indicated by the Data Subject makes it necessary to store the data.

For example, the Data Subject may request the blocking of data if he or she believes that his or her submission has been unlawfully processed by the Data Controller, but the Data Controller is required not to delete the submission in order to comply with the administrative or judicial procedure initiated by the Data Subject.

In this case, the Controller will continue to store the personal data (for example, the submission in question) until the authority or court requests it, after which it will delete the data.

 

  • Right to data portability (under Article 20 of the General Data Protection Regulation)

The Data Subject may request in writing to receive personal data relating to him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and has the right to transmit such data to another controller without hindrance from the Controller, if:

- the processing is based on consent in accordance with Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation, or

- a contract within the meaning of Article 6(1)(b); and

- the processing is carried out by automated means.

 

  • The right to object (based on Article 21 of the General Data Protection Regulation)

A Data Subject may object in writing to the processing of his or her personal data pursuant to Article 6(1)(f) of the General Data Protection Regulation necessary for the purposes of the legitimate interests pursued by the Controller or a third party, including profiling based on those provisions. In such a case, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for those purposes.

LEGAL REMEDIES

If you have any comments or objections about the processing of your data, please contact us at kozpont@maunahouse.com

 

If you consider that the Data Controller is processing your personal data in breach of the provisions of the law on the processing of personal data or of a legally binding act of the European Union, you have the right to bring an action before the competent territorial court.

You may also lodge a complaint with the National Authority for Data Protection and Freedom of Information to enforce your rights:

Name: National Authority for Data Protection and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1363 Budapest, PO Box 9.

Phone: (+36-1) 391-1400

E-mail: ugyfelszolgalat@naih.hu

PROSESSING OF PERSONAL DATA

The Data Controller keeps the data it processes in electronic form at its headquarters.

The Data Controller shall not disclose the data and information provided by the Data Subject in the course of the performance of the contract to third parties.

The Data Controller shall use an IT system for its operation which ensures that the data:

● are accessible to the authorised persons (availability),

● its integrity can be verified (data integrity),

● its authenticity is ensured (authenticity of data processing),

● that it is protected against unauthorised access (data confidentiality).

In order to protect the electronically processed data, the Data Controller uses state-of-the-art solutions providing an appropriate level of security. The IT security shall ensure that the stored data cannot be directly attributed or linked to Data Subjects (unless permitted by law).

The Data Controller shall ensure that, in the course of processing:

● only those who are authorised to do so have access to the information,

● the data can be accessed by those who have the right to access it when they need to,

● the accuracy and completeness of the information and the processing method are protected.

RULES OF PROCEDURE

The Data Subject may request the erasure or modification of his or her personal data or request information on data processing by sending an e-mail to the following address: kozpont@maunahouse.com

 

At the Data Subject's request, the Data Controller shall provide information about the data processed by the Data Controller, the legal basis, the purposes and the duration of the processing. The Data Controller shall provide the information in writing within the shortest possible time from the date of the request, but not later than one month.

If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The data controller shall inform the data subject of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request.

If the data subject has made the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.

The information shall be provided to the natural person in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

If the controller fails to act on the data subject's request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for the failure to act and of the possibility for the data subject to lodge a complaint with a supervisory authority and to exercise his or her right of judicial remedy.

The Controller shall provide the information free of charge, except in the following cases:

● the Data Subject repeatedly requests information or action on substantially unchanged content,

● the request is clearly unfounded and excessive.

OTHER

The personal data processing detailed in this Privacy Notice does not involve automated decision-making or profiling.

Personal data will not be transferred to third countries or international organisations.

The Data Controller reserves the right to amend this Privacy Notice. The current Privacy Notice is always available to Data Subjects at www.maunahouse.com.

bottom of page