1.1 The purpose of this Privacy Policy is to set out the data protection and management principles applied by Miron Health Solutions Limited Liability Company (registered office: 2724 Újlengyel, Nyári Pál utca 15., company registration number: 13-09-228220; representative: Tamás Holl, sole managing director; hereinafter referred to as "the Company" or "the Data Controller") and the Company's data protection and management policy, which the Company as the Data Controller acknowledges as its own mandatory policy.
1.2 This Privacy Policy contains the principles for the processing of personal data voluntarily provided by Users on the Website in order to use the services provided by the Company.
1.3 In compiling the provisions of this Privacy Policy, the Company has taken particular account of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "General Data Protection Regulation" or "GDPR"), and repealing Regulation (EC) No 95/46/EC , the provisions of the Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (hereinafter referred to as "Privacy Act"), Act V of 2013 on the Civil Code (hereinafter referred to as "CC.") and Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter referred to as "GRTV.").
1.4 Unless otherwise informed, the scope of this Privacy Policy does not cover services and data processing related to promotions, sweepstakes, services, other campaigns and content published by third parties other than the Data Controller, advertising on the Website referred below or otherwise appearing on the Website.
1.5 Unless otherwise stated, the scope of the Privacy Policy also does not cover the services and data processing of websites, service providers to which there is a link on the Website covered by the Privacy Policy. Such services shall be governed by the provisions of the third-party privacy policy of the service provider and the Controller shall not be liable for such processing.
2.1 "Data Management" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, accessibility, usage, disclosure by transmission, dissemination or making it available by other means, alignment or combination, restriction, erasure or destruction.
2.2 "Data Controller" means the person who, alone or in cooperation with others determines the purposes and means of personal data handling.
2.3 "Personal Data" means any information regarding an identified or identifiable natural person ("data subject"); one who can be identified, directly or indirectly, in particular by reference to a name, number, location data, an online reference or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.4 "Data Breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the personal data that has been transmitted, stored or otherwise processed.
2.5 "Processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. Processors for the services referred to in this Privacy Policy may be:
2.5.1 "Website": the Internet site or press product operated by the Data Controller, https://mironseminars.eu .
2.5.2 "Service(s)" means the services operated by the Data Controller and provided by the Data Controller which are accessible through the Website.
2.5.3 "User" means the natural person who registers for the Services and, in doing so, provides the data listed below.
2.5.4 "Privacy Policy" means this Privacy Policy of the Controller.
3.1 When the User visits the Website, the IP address of the User is automatically recorded by the Controller's system.
3.2 Based on the User's choice, the Data Controller may process the following data in relation to the use of the Services available on the Website, for certain Services:
3.2.1. Registration:
- name
- e-mail address
3.2.2. Online shopping:
- purchased courses and course modules
- address
3.2.3. Newsletter subscription:
- name
- e-mail address
- selected topic or topics
3.2.4: Complaints handling
- name
- address
- other data voluntarily provided by the User
3.2.5. Contacting:
If the User sends an e-mail or postal letter to the Data Controller, the Data Controller shall record the User's e-mail address, if provided, the address and other data voluntarily provided by the User and shall process it to the extent and for the duration necessary for the provision of the service.
3.2.6 Content Editing:
During its content editing activities, the Data Controller processes the data of all natural persons who have contributed to the production of the content, either as a source or by being linked to the edited content. In this case, the personal data most commonly processed by the Data Controller may include: the name, position, job title, age, place of residence of the data subject, or any other data indicating how the data subject relates to the subject matter of the edited content.
3.3 Apart from the above, it may happen that a service provider technically related to the operation of the Services, without informing the Data Controller, carries out data processing activities on the Website. Such activity shall not constitute data processing by the Controller. The Controller will use its best efforts to prevent and detect such processing.
4.1 The Data Controller may place a small data packet (a so-called "cookie") on the User's computer in order to provide a personalized service. The purpose of the cookie is to ensure the highest possible quality of the operation of the site, to provide personalized services and to enhance the user experience. The User can delete the cookie from his/her computer or set his/her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie, the functionality of the site is not fully effective.
4.2 In providing personalized services, the Data Controller processes the following Personal Data by using cookies: demographic data (based on the data referred to above) and interest information, habits, preferences (based on browsing history).
4.3. Data technically recorded during the operation of the systems: the data of the User's computer logging in, which are generated during the use of the Service and which are recorded by the Data Controller's system as an automatic result of technical processes. Without any specific declaration or action on the part of the User, the automatically recorded data are automatically logged by the system at the time of logging in or out.
5.1: The Purpose of the Data Management carried out by the Data Controller:
5.1.1.1: Registration:
- to maintain contact with the User,
- to provide services to the User,
- to provide statistics and analyses,
- protection of Users' rights,
- enforcing the legitimate interests of the Data Controller.
5.1.2. Online shopping:
- maintaining contact with the User,
- provision of services,
- to provide statistics and analyses,
- protection of Users' rights,
- enforcing the legitimate interests of the Data Controller.
5.1.3. Subscription to newsletters:
- online content provision,
- maintaining contact with the User,
- provision of services,
- to provide statistics and analyses,
- direct marketing or sales enquiries (e.g. newsletter, event notifications, etc.),
- protecting the rights of Users,
- enforcing the legitimate interests of the Data Controller.
5.1.4. Contacting:
- contacting the User
- provision of services
- handling and managing individual requests from Users
- to provide statistics and analyses,
- protection of Users' rights,
- enforcing the legitimate interests of the Data Controller.
5.1.5: Complaints handling
- maintaining contact with the User,
- provision of services,
- processing and handling individual requests from users,
- to provide statistics and analyses,
- protection of Users' rights,
- enforcing the legitimate interests of the Data Controller.
5.1.6: Content Editing:
- online content provision,
- provision of services,
- protection of the rights of Users,
- enforcement of the legitimate interests of the Data Controller.
5.2 The Data Controller declares that it will not use the Personal Data provided for purposes other than those described in subsections 5.1.
5.2.1 The processing of Personal Data is based on a voluntary and duly informed declaration by the Users, which contains their explicit consent to the use of their Personal Data provided by them during the use of the Website and the Personal Data generated about them. In case of processing based on consent, the User has the right to withdraw his/her consent at any time, without affecting the lawfulness of the data processing prior to the withdrawal.
5.2.2 The Data Controller records the User's IP address when the User accesses the Website in connection with the provision of the Service, with regard to the legitimate interest of the Data Controller and for the lawful provision of the Service (e.g. to prevent unlawful use or to filter out unlawful content), without the User's consent.
5.2.3 The legal basis for the processing of data within the framework of the content service is, in addition to the User's voluntary consent, in certain cases, the provision of fundamental rights to information and expression of opinion, within the legal framework.
5.2.4.The User warrants that, before providing or making available personal data about other natural persons (e.g. gifts) in the course of using the Services, the consent of the natural person in question has been obtained lawfully and in accordance with the applicable laws.
5.2.5 The User shall be responsible for the User Content provided by the User. By providing his/her e-mail address and the data provided during registration, any User shall be responsible for using the Service exclusively from the e-mail address and with the data provided by him/her. With regard to this responsibility, any and all liability in connection with accessing the Service from an e-mail address and/or other data provided by the User shall be exclusively borne by the User who provided the e-mail address or other data.
6.1 The Data Controller shall process Personal Data in accordance with the principles of good faith, fairness and transparency, as well as in accordance with the applicable laws and the provisions of this Privacy Policy.
6.2 The Data Controller shall use Personal Data that are indispensable for the use of the Services based on the consent of the User concerned and only for the purposes for which they are intended.
6.3 The Data Controller shall process Personal Data only for the purposes set out in this Privacy Policy and in the applicable legislation. The scope of the Personal Data processed shall be proportionate to the purpose of the processing and shall not go beyond that purpose. In all cases where the Data Controller intends to use the Personal Data for a purpose other than that for which it was originally collected, the Data Controller shall inform the User thereof and obtain his or her prior explicit consent or provide the User with the opportunity to object to such use.
6.4 The Data Controller does not supervise the Personal Data provided. Only the person providing the Personal Data shall be responsible for the accuracy of the Personal Data provided, however, the Controller shall take all reasonable steps to promptly delete or correct Personal Data that is inaccurate for the purposes of processing.
6.5 The Data Controller shall not transfer Personal Data processed by it to third parties other than the Processors specified in this Privacy Policy.
6.6 The use of data in a statistically aggregated form, which may not contain any other form of data that can identify the User concerned, is an exception to the provision of this clause, and therefore does not constitute Data Processing or Data Transfer.
6.7 The Data Controller shall notify the User concerned and all those to whom the Personal Data was previously disclosed for the purpose of processing of the rectification, restriction or erasure of the Personal Data processed by the Data Controller. The notification may be omitted if this does not harm the legitimate interests of the data subject regarding the purposes of the Processing.
6.8 The Data Controller shall ensure the security of Personal Data, take technical and organisational measures and establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their accidental loss, unlawful destruction, unauthorised access, unauthorised use and unauthorised alteration or unauthorised disclosure. The Data Controller shall invite all third parties to whom it transfers Personal Data to fulfil this obligation.
6.9 In view of the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer.
7.1 The Data Controller stores the automatically recorded IP addresses for a maximum of 30 days after their recording.
7.2 In the case of e-mails and postal letters sent by the User for the sole purpose of contacting the Data Controller or handling complaints, the Data Controller shall delete the e-mail address or any address indicated in the letter on the 90th day following the closure of the case referred to in the request, unless in a specific case the legitimate interest of the Data Controller justifies the continued processing of the Personal Data, until the legitimate interest of the Data Controller has been established.
7.3 The processing of the Personal Data provided by the User shall continue until the User deletes the account created during registration, unsubscribes from the Service, otherwise requests the deletion of the Personal Data, withdraws the consent given or the Controller terminates the provision of the Service. In such case, the Personal Data will be deleted from the Controller's systems in an irreversible manner.
7.4. The User's right to use the Service is not affected by the User's request to terminate the Processing without deleting his/her registered account or unsubscribing from the Service, but he/she may not be able to use certain Services due to the lack of Personal Data.
7.5 In the event of unlawful or fraudulent use of Personal Data or in the event of a criminal offence or system attack committed by the User, the Data Controller is entitled to delete the User's Personal Data without delay, but in the event of suspected criminal offences or civil liability, the Data Controller is entitled to retain the Personal Data for the duration of the proceedings.
7.6 If a court or public authority has issued a final order for the erasure of Personal Data, the erasure shall be carried out by the Controller.
8.1 The User may request that the Data Controller inform him/her whether it processes his/her Personal Data and, if so, provide him/her with access to the Personal Data processed by the Data Controller, particularly regarding:
- the purposes of the Data Processing;
- the categories of Personal Data concerned;
- the recipients or categories of recipients to whom or with whom the Personal Data have been or will be disclosed, including in particular recipients in third countries or international organisations;
- where applicable, the envisaged duration of the storage of the Personal Data or, where this is not possible, the criteria for determining that duration;
- the right of the User to request the Controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
- the right to lodge a complaint with a supervisory authority;
- where the data have not been collected from the data subject, any available information concerning their source;
- the fact of any automated decision-making, including profiling, and, at least in these cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
8.2 The User may request information about the processing of his/her Personal Data at any time in writing, by registered or certified mail sent to the address of the Data Controller or by e-mail sent to info@mironseminars.eu.
8.3 The Data Controller shall consider a request for information sent by mail as authentic if the User can be clearly identified by the sent request. A request for information sent by e-mail shall be considered authentic by the Data Controller only if the User sends it from the e-mail address provided.
8.4 The User may request the correction or modification of his/her Personal Data processed by the Controller.
8.5 Taking into account the purpose of the Data Processing, the User may request the completion of incomplete Personal Data.
8.6. The Personal Data provided by the User in relation to a particular Service may be modified by sending an e-mail to the above e-mail address of the Data Controller, by clicking on the link at the end of each Newsletter or by editing the account settings in the User's registered account. Once a request to modify personal data has been fulfilled, the previous (deleted) data can no longer be restored.
8.7 The User may request the erasure of his/her Personal Data processed by the Controller. The deletion may be refused,
- for the purpose of exercising the right to freedom of expression and information, or
- where the processing of Personal Data is authorised by law; and
- to the extent necessary for the establishment, exercise or defence of legal claims.
8.8 The Data Controller shall in any case inform the User of the refusal of a request for erasure, indicating the reasons for the refusal. Once the request for erasure of personal data has been complied with, the previous (erased) data can no longer be restored.
8.9 Newsletters sent by the Data Controller can be unsubscribed via the unsubscribe link provided in the newsletter. In case of unsubscription, the Data Controller shall delete the User's Personal Data in the newsletter database.
8.10. The User may request the Controller to restrict the processing of his/her Personal Data if
- the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
- the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
- the data subject has objected the data processing, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
8.11. The User may request the Controller, if any, to transfer Personal Data provided by the User and processed by the Controller in an automated manner to the User in a structured, commonly used, machine-readable format and/or to another controller.
8.12. The User may object to the processing of his/her Personal Data
- if the processing of the Personal Data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller or a third party;
- if the purpose of the processing is for direct marketing, public opinion polling or scientific research; or
- where the data processing is carried out for the performance of a task in the public interest.
8.13. The Data Controller shall examine the lawfulness of the User's objection and, if the objection is justified, shall terminate the data processing and block the Personal Data processed, and shall notify the objection and the action taken on the basis thereof to all those to whom the Personal Data concerned by the objection were previously disclosed.
8.14. Where the Data Breach is likely to result in a high risk to the rights and freedoms of Users, the Data Controller shall inform the User of the Data Breach without undue delay. The User need not be informed if any of the following conditions are met:
- the Data Controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the Data Breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;
- the Data Controller has taken additional measures following the Data Protection Incident to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
- disclosure would require a disproportionate effort. In such cases, the Data Controller shall inform the data subjects by means of publicly disclosed information or by taking similar measures to ensure that the data subjects are informed in a similarly effective manner.
9.1 For the performance of its activities, the Data Controller shall use the Data Processors identified above in this Privacy Policy.
9.2 Processors do not take independent decisions, they are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received.
9.3 The Controller shall monitor the work of the Processors.
9.4 The Processors shall be entitled to use additional Processors only with the consent of the Controller.
9.5 By accepting this Privacy Notice, the User expressly accepts and consents to the Controller's transfer of Personal Data to the Data Processors.
10.1 Transfers of Data to the Processors specified in this Privacy Policy may be made without the User's specific, case-by-case consent, as the User gives his/her explicit and unambiguous consent to such transfers by accepting this Privacy Policy. Unless otherwise provided by law, the disclosure of personal data to third parties or public authorities is only possible based on the decision by a public authority or with the prior explicit consent of the User.
10.2 The Data Controller is entitled and obliged to transfer to the competent authorities any Personal Data at its disposal and stored by it in accordance with the law, which Personal Data it is obliged to transfer by law or by a final and binding administrative order. The Controller shall not be held liable for such transfers and the consequences thereof.
10.3 The Data Controller shall keep records of data transfers for the purpose of verifying the lawfulness of the transfer and providing information to the User.
11.1 The Data Controller reserves the right to amend this Privacy Policy at any time by unilateral decision.
11.2 Applicable laws and practices may change from time to time. If the Controller decides to update this Privacy Policy, it will post the changes on the Website. In the event of a material change in the way in which the Controller processes the User's personal data, the Controller will provide the User with prior notice or, where required by law, seek the User's consent before making such changes. The Controller strongly recommends that the User reads this Privacy Policy and keeps informed about the practices followed by the Controller. This Privacy Notice was amended on 1 May 2022.
12.1 Any questions or comments regarding data management can be addressed to the Data Controller's staff at the e-mail address info@mironseminars.eu.
12.2 The User may directly contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; Website: www.naih.hu).
12.3. In case of violation of the User's rights, he/she may take legal action. The court of law shall have jurisdiction to decide on the action. The action may also be brought, at the option of the person concerned, before the courts of the place of residence or domicile of the person concerned. Upon request, the Data Controller shall inform the User of the possibilities and means of legal remedy.
Budapest, 17.10.2023.