top of page

Adatvédelmi szabályzat

Data Processing Policy
 
 
1. INTRODUCTION
 
This Data Processing Policy (hereinafter referred to as: Policy) provides information on the processing of data and on the rights and remedies concerning the data processing of the natural persons (hereinafter referred to as: Data Subject) whose personal data are processed by Natura Labs Korlátolt Felelősségű Társaság (7623 Pécs, Kálvin utca 1. 4. em. 8. ajtó; tax number: 28831990-2-02, represented by: Pauschka Krisztián managing director, hereinafter referred to as: Controller) and who requested an offer from the Controller in connection with services of the Controller and/or subsequently concluded a contract with the Controller and to whom Controller provided the services available on the website https://www.pelove.online/ (hereinafter referred to as "Website"). hence their personal data is processed by the Data Controller in accordance with this policy.
 
The Data Controller is committed to protecting the personal data of the Data Subjects. The Controller is obliged to treat personal data confidentially and takes all security, technical and organisational measures to guarantee its security.
 
2. the Controller’s Name and Contact Details
 
Name:                              Natura Labs Korlátolt Felelősségű Társaság
Registered seat:            7623 Pécs, Kálvin utca 1. 4. em. 8. ajtó
 
Person responsible (contact) for data protection:
Elvira Pauschka, T: +36309155587, email: hello@pelove.online
 
3. THE MOST IMPORTANT LEGAL REGULATIONS UNDERLYING THE DATA PROCESSING
 

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR)

 
4. Purpose of Data Processing
 
The purpose of the data processing is to provide patient pathway management and related services including document management.
 
5. Legal Basis of Data Processing
 

  • One legal basis of data processing is point (a) of Article 6 (1) and point (a) of Article 9 (2) of GDPR, so that the consent of the Data Subject;

Consent to data processing also means that the Data Subject ticks a checkbox when viewing the Data Controller's website, makes technical settings, and any other statement or action that clearly indicates the Data Subject's consent to the intended personal data processing in the given context.
 

  • in relation to data provided for entering into a contract and processed by the Data Controller without the consent of the Data Subject: is point (b) of Article 6 (1) of GDPR (if processing is necessary for the performance of a contract to which the Data Subject is party)

 
-       in the event of consumer complaint is point (c) of Article 6 (1) of GDPR (data processing is necessary to fulfill legal obligations of the Data Controller)
 

  • in the event of legitimate interests pursued by the Controller is point (f) of Article 6 (1) of GDPR (it is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party)

 
6. data processing terms
 
Processed personal data and their categories
Purpose of
data processing
Legal basis of data processing
Term of data processing (the envisaged time limits for erasure)
The interested party, natural person’s

  • name

  • email address

  • phone number (only when given)

Fulfill the service needs of the inquirer, send an offer, send information, and keeping contact.
 
point (a) of Article 6 (1) of GDPR, so that the consent of the Data Subject
Until the withdrawal of Data Subject’s consent, but not later than 1 (one) year from the provision of data submission, if no contract is concluded between the Parties.
 
Natural person’s

  • name,

  • mother’s maiden name;

  • place and date of birth;

  • address

accepting the offer
 
Other voluntarily provided personal data in connection with each transaction (e.g. e-mail address, phone number)
 
Conclude and fulfill the a service contract, keeping contact.
 
Article 6 (1) (b) of the GDPR, i.e. the processing of data is necessary for the performance of such contract where one party is the Data Subject
 
Article 6 (1) (a) of the GDPR, i.e. the Data Subject's voluntary consent to the processing of personal data
 
The general limitation period of 5 (five) years (Section 6:22 (1) of Ptk from the termination of the contract in relation to data processing.
 
Where data processing is based on consent, until the withdrawal of the Data Subject’s consent, but not later than the general limitation period of (5 (five) years (Section 6:22 (1) of Ptk) after the termination of the contract.
 
In order to provide health related and consultancy services, courses, learning material: any data, information, documents related to the medical condition (physical), in particular, but not limited to:
 

  • illness, information of risk factors that is relevant to the services of the Data Controller

  • data and information that may affect the health of the Data Subject

  • photos, videos uploaded or sent by the Data Subject

 
Other voluntarily provided health-related data or personal data (e.g. any other data that carries information about Data Subject’s health status – especially in the Data Controller’s questionnaire – e.g. information on sexual life, pelvic health, age, cycle, etc.).
Assessing, qualifying, evaluating the state of health, providing services, promoting the preservation, improvement and maintenance of health, fulfill the service contract, and to to evaluate correctness, provide feedback and also track progress of the Data Subject.
 
Article 6 (1) (b) of the GDPR, i.e. the processing of data is necessary for the performance of such contract where one party is the Data Subject
 
Article 6 (1) (a) of the GDPR, i.e. the Data Subject's voluntary consent to the processing of personal data
 
This data is stored and processed by the Controller, if sent by whatsapp, until one week after the services have been provided in full, for the Data Subject might still need to submit additonal data after conclusion of the services. This data is stored and processed by the Controller, if uploaded to the portal, until 3 months after the services have been provided in full, for the Data Subject is able to access the full service content for 3 months after conclusion of the services.
After the above period the data may be processed only in case of voluntary consent of the Data Subject, but for not longer than 1 (one) year from the provision of data, if no other contract is concluded between the Parties. Data is also deleted upon revoking the consent by the Data Subject.
Natural person’s

  • name,

  • address,

  • other billing information

 
Other voluntarily provided personal data in connection with the contract (e.g. e-mail address, phone number)
 
Issue and save financial documents according to the Accounting Act
Point (b) of Article 6 (1) of the GDPR
 
The general limitation period after the termination of the contract is 5 (five) years (Section 6:22 (1) of the Ptk.).
 
According to the Accounting Act with regard to the data processed for the purpose of issuing and saving receipts, the period of data processing is 8 (eight) years after the termination of the contract (Section 169 (2) of the Accounting Act).
 
Processing and storing financial documents until the lapse of the right to issue taxes therefrom, i.e. for 5 (five) years from the end of the tax year in which the tax return based on the given document was filed (Art. 47 (1), 164 (1))
 
Natural person’s

  • name,

  • mother’s maiden name;

  • place and date of birth;

  • address

For the purpose of enforcing Data Controller's claims arising from the above legal relations (managing accounts receivables, collection, enforcement of other claims)
 
Point (f) of Article 6 (1) of the GDPR
 
Identification of legitimate interests: enforceability of claims
 
Until the expiry of the general limitation period of 5 (five) years following the termination of the contract/legal transaction or, if the Controller enforce claim or claim is enforced against the Controller in relation to Data Subject, following the final judgement of the claim (Section 6:22 (1) of Ptk.)
Natural person’s

  • name,

  • email address

 
Legal person, a representative of a natural person of an organisational unit without legal personality

  • name,

  • email address.

 
Sending information and/or newsletters electronically to present and promote Data Controller’s services.
Point (a) of Article 6 (1) of the GDPR
Until withdrawal of the consent.
Personal data provided to the Data Controller in a complaint submitted in connection with its activities, but at least the name and address of the individual making the complaint, and in the case of an electronic complaint, his / her email address
Document recording: Keep report of the complaint and a copy of the response
Handling complaints
Point (c) of Article 6 (1) of the GDPR
 
 
According to 17/A § (7) of the Act CLV of 1997 on consumer protection, the report of the complaint and copy of the response shall be kept for 5 (five) years.
Communication, messages concerning individual needs, personal data provided during requests sent to the Data Controller in connection with the activities of the Data Controller (name, address, phone number, e-mail address of the Data Subject, if provided)
 
Handling, complaints and messages, satisfying customer needs
Point (a) of Article 6 (1) of the GDPR, i.e. the consent of the Data Subject.
Deleted immediately after the settlement and response of notifications, complaints, messages or until the withdrawal of consent to data processsing.
Name and feedback for purpose of review on https://www.pelove.online/reviews, information given in the feedback
Publishing the client feedbacks
Point (a) of Article 6 (1) of the GDPR, i.e. the consent of the Data Subject.
Deleted upon request of the Data Subject
 
In order to provide the highest possible quality of services, Data Controller has a contractual relationship with other service providers and specialists, who participate in the related data processing as contributors.
 
On the side of the Data Controller, the following personnel are entitled to have access to the data above: managing director and persons providing the services to the Data Subjects, all only to the extent absolutely necessary for them for the performance of their task and job, and for the purpose of data processing.
 
The data is stored in a password-protected, closed system, to which only the Data Controller (managing director and persons performing the services directly) have access. No backup-files are created and data is not exposed to third parties aside from those set forth herein. The location of storing the data is: HUNGARY, (server name: Pepyaka).
 
7. Data processing and transfer
 
The Data Controller notifies the Data Subjects that only such persons have access to the personal data who are considered to be essential for the performance of the given task.
 
Data processors:
 

  • Website services: WIX.com (registered seat: Tel-Aviv, Israel. email: support@wix.com

 
The Data Controller shall transfer the data of the Data Subject to a third party only with prior written consent of the Data Subject or in the event of fulfilment of an obligation stipulated by law.
 
On the basis of point (f) of Article 13 (1) of GDPR, Controller declares that it does not transfer any personal data processed by it to a third country or to an international organization. No profiling is made.
 
 
8. Rights of the Data Subject
 
Right to withdraw
If the data processing is based on the Data Subject's consent, the Data Subject may at any time withdraw his or her consent to the data processing by a written statement sent to the Data Controller, which does not affect the lawfulness of data processing before withdrawal of  such consent and on other legal grounds.
 
Right of Access
The Data Subject shall have the right to obtain from the Controller confirmation at his/her request as to whether or not personal data concerning him or her are being processed and, where that is the case, to access to the personal data.
 
Right to Rectification
The Data Subject shall have the right to ask the Controller for the rectification or completion of the processed data concerning him or her.
 
Right to erasure (‘Right to be forgotten’)
The Data Subject shall have the right to ask the Controller for the erasure of his/her processed personal data. The request for erasure will be refused if there is an obligation to store the data.
 
Right to restriction
The Data Subject shall have the right to ask for the restriction of his /her processed data (marking clearly the restricted processing and ensuring that it is be kept separately from other data). The restriction shall continue until the reason given by the Data Subject requires it.
 
Right to objection
The Data Subject shall have the right to object, thus he/she shall have the right to object, - on grounds relating to his or her particular situation, at any time - to processing of his/her personal data concerning a task carried out in the public interest or in the exercise of official authority vested in the Controller; or to processing for the purposes of the Controller’s or a third party’s legitimate interests.
 
Complaints and Remedy
The Data Subject shall have the right to lodge a complaint with a supervisory authority or to commence the proceedings thereof, furthermore, seeking a judicial remedy, if he/she considers that his or her rights relating to the data processing or exercising the rights in connection with the data processing are infringed.
 
Contact details of the supervisory authority:
Nemzeti Adatvédelmi és Információsszabadság Hatóság
address: Budapest, Falk Miksa u. 9-11, 1055
email address: ugyfelszolgalat@naih.hu
 
In case of judicial remedy the territorial competency of the court is based on the registered office of the Controller, but the legal proceedings may also be commenced – at the Data Subject’s sole discretion – in front of the court in whose area of competence the Data Subject’s home or habitual residence is located.
 
Beside the compliance with the foregoing rights, we kindly ask the Data Subjects to contact our company before turning to the supervisory authority or to court with their complaints, in order to consult and to solve the arisen problems as soon as possible.
 
***
 
 
 
Statement of consent for data management
 
I, the undersigned - after reading and understanding the DATA PROCESSING POLICY - expressly and voluntarily agree to Natura Labs Korlátolt Felelősségű Társaság (7623 Pécs, Kálvin utca 1. 4. em. 8. ajtó; tax number: 28831990-2-02, represented by: Pauschka Krisztián managing director, hereinafter referred to as: Controller) process my data according to point (a) of Article 6 (1) and point (a) of Article 9 (1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) for the as set out in the data processing policy referred to above.
 
I, hereby declare that I have read and understood the DATA PROCESSING POLICY of Natura Labs Korlátolt Felelősségű Társaság, also that I consent to the processing of the following data:
 
any data, information, documents related to the medical condition (physical), in particular, but not limited to:

  • illness, information of risk factors that is relevant to the services of the Data Controller

  • data and information that may affect the health of the Data Subject

  • photos, videos uploaded or sent by the Data Subject

  • Other voluntarily provided health-related data or personal data (e.g. any other data that carries information about Data Subject’s health status – especially in the Data Controller’s questionnaire – e.g. information on sexual life, pelvic health, age, cycle, etc.).

shall be processed by the Controller according to my express consent according to point (a) of Article 6 (1) and point (a) of Article 9 (1) of the GDPR, also that this data shall be deleted by the Controller upon revoking the consent, but latest at one week / 3 months (as applicable) after providing the services by the Controller.
 
I also acknowledge that I may at any time withdraw my consent, and I accept that the withdrawal of consent does not affect the lawfulness of data processing before withdrawal of such consent and on other legal grounds.
 
I declare that I have reached the age of 18.
 

bottom of page