Privacy Notice

for website visitors

Dr. Ágoston Gajdos self-employed psychiatrist carries out specialist medical care and psychotherapy activities, for which he manages data to perform the service.

Dr. Ágoston Gajdos self-employed medical specialist (hereinafter: the Service Provider) handles the personal data of those interested in the website (hereinafter collectively Affected) and those requesting the offer during the operation of the www.gondosszavak.hu website (hereinafter: the Website).

1. Contact of the data controller

Name: Dr. Ágoston Gajdos EV.
Head office and mailing address: 4028 Debrecen, Szigligeti utca 8. Base floor, Door 1
Name and telephone number of the representative: Dr. Ágoston Gajdos +36 30 352 6211
Email address: drgajdos.agoston@gmail.com

2. Scope of personal data processed

In order to access different services from users, we ask for different personal data, taking into account the principle of data saving. This Privacy Policy covers only the processing of the data of natural persons visiting the website, given that personal data can only be interpreted in relation to natural persons.
Anonymous information that is collected by a data controller without the possibility of personal identification and cannot be linked to a natural person is not considered personal data, nor is demographic data that is collected without linking it to the personal data of identifiable persons, thus not a relationship with a natural person can be established.

Listed item by item, the range of data managed is as follows:

2.1 Contracting authorities, interested parties
-    Name
-    E-mail address
- Phone number

2.2 Children
Our products and services are not intended for persons under the age of 18 and we ask that persons under the age of 18 do not provide Personal Data to the Data Controller. If we become aware that we have collected personal information from a child under the age of 18, we will take the necessary steps to delete the information as soon as possible.

3. Cookie (anonymous user ID) management information

The Data Controller places an anonymous user ID (cookie, cookie) on the Data Subject's computer, which in itself is not capable of identifying the Data Subject in any way. They are only suitable for recognizing the data subject's machine, but they do not store an IP address and do not transmit an IP address as personal data to the Service Provider. The cookies used are simple, short, small text files. It is not necessary to provide personal data or information, because when applying the solution, the User does not transfer personal data to the Service Provider, the data exchange takes place only and exclusively between the machines.

The website requires its own cookies
It is essential for the operation of the website to place some cookies on the affected computer, thus making the website load faster, allowing its own browser to store certain information on the website, and this helps the Data Subject to function properly.

S_LANG (Session)
Function: Stores the visitor's preferred language code so that error pages (e.g. 404) load the page in the preferred language and do not return to the page's base language if it is different.

b-lvt (1 hour)
Function: Specifies the display type of the Blog List view.

COOKIE-CONSENT (1 year)
Function: Prevents reloading after accepting the cookie bar. If the Data Subject chooses “OK”, our choice will be saved, so we will not ask for further consent for 1 year.

KRID (Session)
Function: It is important for registration and shopping cart functions. This requires that if the user leaves the cart and continues to browse the site, the products remain in the cart, or if they enter a registered interface, they are not logged out while browsing the page.

Analytics cookies
In order to extract traffic data and other web analytics data from our website, the service provider uses the services of independent analytics servers, namely Hotjar and Google Anatitycs software. These service providers can provide detailed information on the management of the measurement data to the Data Subject.

In the case of Google Analytics, the Service Provider has made the settings in the website code according to which Google Analytics anonymizes the IP address of the Affected Person, so that it can no longer be identified and will not be handed over to the Service Provider yet. You can read more about this technology here:
https://support.google.com/analytics/answer/2763052?hl=en_US

The aim is to analyze the traffic and functional use of our website with the anonymized information provided by the above software in order to improve the user experience (eg: providing optimized navigation, the order of placing the information on each subpage).

These measurements do not store user-identifiable data about the user, nor an IP address or personal data.

The Google Inc. Privacy Policy is available at http://www.google.com/intl/en ALL / privacypolicy.html.
Hotjar’s privacy policy is available at https://www.hotjar.com/legal/policies/privacy.

Relevant service providers can provide more information about the cookies used:

You can read more about Hotjar cookies at https://www.hotjar.com/legal/policies/cookie-information.
Find answers to Google Anlytics cookies and features here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Cookies used for advertising
The Service Provider may use 21st century online marketing solutions, specifically Google AdWords and Facebook ads. These advertising solutions use cookies in their operation. These cookies help to ensure that the system does not display irrelevant advertisements to the Stakeholders, but ones that are part of their current interests. On the Portal, the Service Provider uses the remarketing codes provided by Google Adwords and Facebook. The remarketing code also uses cookies.
The installed cookie does not transmit personal data to the Service Provider, it only helps to ensure that advertisements related to the Service Provider's products and services are displayed on other websites of the Google Display network visited by the Portal visitor and on Facebook.

Manually override, intervene, and adjust automatic ad preferences
The user can disable cookies at any time and personalize the ads in the Google or Facebook advertising settings interface.

You can configure the privacy settings for your Google Account here under Affiliate:
https://myaccount.google.com/privacy

The privacy settings for your Facebook user account are available under the Settings and Ads Settings tab under Settings.
https://www.facebook.com/ads/preferences

Stop or disable the use of cookies

To change your browser settings:
The "Help" feature in the menu bar of most browsers provides information about the browser

  •     how to disable cookies
  •     how to accept new cookies, or
  •     how to instruct your browser to set a new cookie, or
  •     how to turn off other cookies.

Blocking browser add-ons:
If the Data Subject does not want Google Analytics to measure the above data in the manner and for the purpose described, install the add-on that blocks this in your browser.

Using an external solution for cookie management:
You can use Affected External Websites to manage which Service Providers you allow advertising coockie activity on your computer. One solution, AdChoices, is also available in Hungarian.

4. Social Media Additions

Extensions on the Portal are disabled by default. These plug-ins are also cookies. By enabling the plug-in, i.e. by pressing the "like button", the Data Subject will establish a link with the social site, ie he / she will clearly state that he / she consents to the transfer of his / her data to Facebook / Twitter / Linked-in / Pinterest / Instagram.
If the Data Subject is logged in to Facebook / Twitter / Linked-in / Pinterest / Instagram, that social network may associate their visit with the Data Subject's social account.

If the Data Subject clicks on one of the social media buttons mentioned above, their browser will transmit the relevant information directly to that social network and store it there.

Information on the scope and purpose of data collection, the further processing and use of your data by Facebook / Twitter / Linked-in / Pinterest / Instagram, your rights and settings to protect your personal data can be found in the privacy statement of the respective social media.
The user of the website acknowledges that he has consented to the processing of his data by Google by using the website

5. Technical data - log files

The following information is automatically logged in order to use the services:
- the dynamic IP address of the user's computer
- Depending on the settings of the user's computer, the type of browser and operating system used by the user
- user activity related to the website
The use of this data is for technical purposes, such as the analysis and subsequent verification of the secure operation of the servers. It is an automated IT security process that is recorded in server logs without a statement from the person concerned.
The above data is not suitable for the identification of the user and is not linked to other personal data by the Data Controller. Logging data is stored for 6 months from the date of the visit.

6. Legal basis and purpose of data processing

6.1 For contracting authorities and interested parties
the data management is necessary for the steps prior to the conclusion of the contract, the purpose of the data management is to provide personalized service to the Stakeholders or to send a price offer at the request of the Stakeholders, which may serve as a basis for any subsequent contract or order.

7. Duration of data management

7.1 Contracting authorities and interested parties
if the contract is concluded, it will be processed during the term of the contract or for 8 years after the year of performance according to the Accounting Act. If the contract has not been concluded, ie the purpose has not been achieved, the data will be handled by the Service Provider by 1 March of the year following the expiry of the offer.

8. The circle of those who get to know the data, data transmission, data processing

The personal data of the data subjects collected by the Service Provider are not published and only members of the inner circle of the Service Provider are entitled to get acquainted with them. It shall be forwarded to a third party for processing purposes only at the request of the data subject to the addressee specified by the data subject.

The Service Provider may use a data processor for the performance of tasks arising during its activities (accounting, issuing an electronic invoice, sending a newsletter).

Categories of data processors and recipients of the data transmission:

Name: GrandZero Kft.
Headquarters: 4028 Debrecen, Rózsahegy utca 10. fszt. 1.
Category: accounting

Name: Medi-Comp 2D Kft.
Headquarters: 4026 Debrecen, Bem tér 19. A. ép. D. lház. 1. em. 2.
Category: electronic billing software

Name: DBI Software Ltd.
Headquarters: 4034 Debrecen, Vágóhíd utca 2.
Category: web hosting operator

9. The rights of the data subjects, legal remedies

9.1 The Data Subject may apply to the Data Controller
a) information on the processing of your personal data,
(b) the rectification of his personal data; and
c) the erasure or blocking of your personal data, with the exception of mandatory data processing,
(d) the transfer of your personal data to another controller.

9.2 At the request of the Data Subject, the Data Controller shall, no later than 30 days after the submission of the request to this end, provide written information on the data of the Data Subject processed by him or by the processor entrusted by him or her or at his disposal, their source, the purpose, legal basis, duration of the processing, the name, address and activities of the data processor, as well as the legal basis and recipient of the transfer of the data subject's personal data.

The information shall be free of charge if the applicant has not yet submitted a request for information on the same area to the Data Controller in the current year. Otherwise, the Data Controller shall determine reimbursement of costs by the need to reimburse the already paid reimbursement if the data have been unlawfully processed or the request for information has led to correction.

For the purpose of verifying the legality of the transfer and informing the data subject, the Data Controller shall keep a data transfer register containing the date of transmission of the personal data processed by him, the legal basis and recipient of the transfer, the definition of the scope of the personal data transmitted and other data specified in the legislation requiring the processing.

For the purpose of verifying the measures relating to the data breach and informing the Data Subject, the Service Provider shall keep a data breach record containing the scope of the Personal Data Subject, the scope and number of data subjects involved in the data breach, the date, circumstances, effects and measures taken to avert the data breach, as well as other data specified in the law requiring data processing.

9.3 The Data Subject shall have the right at any time to request the correction or deletion of his or her incorrectly recorded data. You must submit your request in writing by post or e-mail. The Service Provider will delete the data within 3 working days of receipt of the request, in which case they will not be recoverable again. The deletion does not apply to data processing required under the law (e.g. accounting regulation), they are retained by the Service Provider for the necessary period of time.

9.4 The Data Subject may also request the blocking of his data and the transfer of his data to another controller. The Service Provider shall block the personal data if the data subject so requests, or if, on the basis of the information available to him, it can be assumed that the deletion would be in the interests of the Data Subject. The personal data thus locked may only be processed for as long as there is a purpose for processing, which has excluded the deletion of the personal data.

The Data Subject shall be informed of the rectification, blocking and deletion, as well as of all persons to whom the data have previously been transmitted for the purpose of data processing. The notification may be omission if this does not prejudice the legitimate interest of the Data Subject in view of the purpose of the processing.
If the Service Provider fails to comply with the Data Subject's request for rectification, blocking or deletion, the Service Provider shall provide in writing within 30 days of receipt of the request for rectification, blocking or cancellation the factual and legal reasons for rejecting the request for rectification, blocking or cancellation.
 
Furthermore, the Data Subject may provide the Data Controller with the following information at one of the contact addresses indicated in point 9.5:

    request the transfer of your data to another data controller if the data processing is based on a contract or consent and is handled by the Service Provider through an automated procedure.
    provide for the withdrawal of your consent to the processing in the past

The Data Subject may object to the processing of his or her personal data. The Service Provider shall examine the objection as soon as possible after the submission of the application, but not more than 15 days, decide on its merits and inform the applicant in writing of its decision. In the event of rejection of the request for rectification, deletion or blocking, the Data Controller shall inform the Data Subject of the possibility of judicial redress and of the possibility of applying to the Authority.

Information on data security measures:
The data controller ensures data protection by default and by design. To this end, the Data Controller shall apply appropriate technical and organisational measures to:
• controls access to data accurately;
• only allow access to persons whose data is necessary to carry out the task with it, and only data that is minimally necessary for the performance of the task can be accessed;
• carefully select the processors it mandates and ensure the security of the data with an appropriate data processor contract;
• ensure that the data processed remains unchanged (data integrity), authenticity and protection.

The Data Controller shall apply reasonable physical, technical and organisational security measures to protect the Data Subject, in particular against the accidental, unauthorised, unlawful destruction, loss, alteration, transfer, use, access or processing of the Data Subject. The Data Controller shall immediately notify the Data Subject in the event of known unauthorised access to or use of personal data and a high risk to the data subject.
 
The Data Controller shall ensure that the data transmitted is adequately protected, for example by encrypting the data file, if the transmission of the Data Subject is necessary. The Data Controller is fully responsible for the Data Subject's processing carried out by third parties.
 
The Data Controller shall ensure that the Data Subject's data is protected against destruction or loss by appropriate and regular backups.

9.5 The data subject may exercise his rights by contacting
Mailing address: Dr. Ágoston Gajdos, 4028 Debrecen, Szigligeti utca 8.
Email: drgajdos.agoston@gmail.com
The Data Subject may contact the Service Provider's staff via contact details in point 9.5 for any questions or comments related to the processing.
 
9.6 Subject to the GDPR, the Info.tv and the Civil Code (Act V of 2013)
• You can apply to the National Data Protection and Budapest Authority (1125, Erzsébet Szilágyi fasor 22/c.; www.naih.hu) or
 
• Enforce your rights before the court.
 
9.7 If the Service Provider is entitled to claim compensation against the Data Subject if he/she has provided third party data or caused damage in any way during the use of the Website during the registration process, when registering the newsletter. In such a case, the Service Provider shall provide the competent authorities with all possible assistance in order to establish the identity of the off-person.