Audrey Nagy logo e1758012837378
Facebook-f Instagram Tiktok
Audrey Nagy logo e1758012837378
Facebook-f Instagram Tiktok
Audrey Nagy logo e1758012837378

Privacy Policy

This document contains all relevant information on data processing related to the operation of the website in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.).

Controller
Name: Adrienn Nagy
Registered seat: 1138 Budapest Úszódaru u. 5. B101.
Postal address: 1138 Budapest Úszódaru u. 5. B101.
E-mail: studio@audreynagy.com
Phone: +36 30 277 7220
Website: https://audreynagy.com/

Hosting provider
Name: Rackforest Informatikai Kereskedelmi Szolgáltató és Tanácsadó Zrt.
Postal Address: 1132 Bp. Victor Hugo u. 11. 5. emelet
E-mail: info@rackforest.hu
Phone: +36 1 211 0044

1. Information on the use of cookies

1.1. What is a cookie?
During the visit to the website, the Controller uses so-called cookies. A cookie is an information package consisting of letters and numbers that the Controller’s website sends to the User’s browser in order to store certain settings, to facilitate the use of the website and to help collect certain relevant, statistical-type information about Users.​
Some cookies do not contain personal data and are not suitable for identifying the individual user, while others contain such individual identifiers – a secret, randomly generated sequence of numbers – that are stored on the User’s device and thus also ensure identifiability. The duration of operation of each cookie is included in the description relating to the given cookie.​

1.2. Legal background and legal basis of cookies
The legal basis of data processing is the Controller’s legitimate interest under Article 6(1)(f) of the GDPR, which concerns the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. In this case, the data subject’s consent is not required for the processing; it is only necessary to provide appropriate information to the data subject and personal data may be processed solely to the extent and for the period necessary and proportionate to the achievement of the purpose (for session cookies this is the end of the browsing session, i.e. closing the browser).​
The legal basis of data processing is also the User’s consent pursuant to Article 6(1)(a) of the GDPR, having regard to Section 155(4) of Act C of 2003 on Electronic Communications.​

2. Data processed for the conclusion and performance of contracts

2.1. Access to data and data transfer
The Controller’s employees may access personal data for the purpose of performing their duties. The Controller transfers the personal data it processes to other state bodies only in a manner and for a purpose defined by law, for example if the police or the public prosecutor’s office contact the Controller and request the transfer of documents containing certain personal data for the purposes of an investigation.​
The Controller uses Processors in the course of data processing. The Processors do not take independent decisions and are entitled to act solely on the basis of the contract concluded with the Controller and the instructions received. The Controller only uses such Processors that implement appropriate technical and organisational measures in order to guarantee a level of data security appropriate to the degree of risk. The specific tasks and responsibilities of the Processor are governed by the contract concluded between the Controller and the Processor.​
The Controller uses the following Processor(s) in the course of its data processing activities:
– accounting tasks.​

3. Data processing for marketing purposes

Under Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the User may give prior and express consent to being contacted by the Service Provider at the contact details provided at registration with advertising offers and other messages.​
Furthermore, with due regard to the provisions of this notice, the Client may consent to the Service Provider processing their personal data necessary for sending advertising offers.​
The Service Provider does not send unsolicited advertising messages and the User may unsubscribe from receiving offers at any time free of charge, without restriction and without giving reasons. In this case, the Service Provider deletes all of the User’s personal data – that are necessary for sending advertising messages – from its records and does not contact the User with further advertising offers. The User may unsubscribe from advertisements by clicking on the link provided in the message.​

4. Rights of the User during data processing

During the period of data processing, the User has the following rights under the GDPR:​

  • right to withdraw consent
  • right of access to personal data and information relating to data processing
  • right to rectification
  • right to restriction of processing
  • right to erasure
  • right to object
  • right to data portability.

If the User wishes to exercise these rights, this is associated with their identification, therefore, for the purposes of identification personal data must be provided (however, identification may only be based on data that the Controller otherwise also processes about the User), and the User’s complaint regarding data processing will be accessible in the Controller’s e-mail account for the period specified in this notice in connection with complaints.​
The Controller responds to complaints related to data processing within a maximum of 30 days.​

5. Data security measures

The Controller states that it has implemented appropriate security measures in order to protect personal data against unauthorised access, alteration, transfer, disclosure, erasure or destruction, as well as accidental destruction or damage, and against becoming inaccessible due to changes in the applied technology.​
The Controller makes every effort, within the framework of organisational and technical possibilities, to ensure that its processors also apply appropriate data security measures when working with the User’s personal data.​

6. Remedies

If the User considers that the Controller has infringed any legal provision relating to data processing or has not fulfilled any of the User’s requests, the User may, in order to terminate the alleged unlawful data processing, initiate an investigation procedure by the National Authority for Data Protection and Freedom of Information (postal address: 1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu).​
The User is also informed that in the event of a breach of the provisions of law relating to data processing, or if the Controller has not complied with any of the User’s requests, the User may bring a civil action against the Controller before a court.​

7. Amendment of this privacy notice

The Controller reserves the right to amend this privacy notice in a way that does not affect the purpose and legal basis of data processing. By using the website after the entry into force of the amendment, the User accepts the amended privacy notice.​
If the Controller intends to carry out further processing of the collected data for a purpose other than that for which they were collected, the Controller shall, prior to such further processing, inform the User about the purpose of data processing and the following information:​

the period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period

the User’s right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the User and, in the case of processing based on legitimate interest, to object to the processing of personal data, as well as, in the case of processing based on consent or on a contractual relationship, to request the exercise of the right to data portability

in the case of processing based on consent, the fact that the User has the right to withdraw consent at any time

the right to lodge a complaint with a supervisory authority

whether the provision of personal data is based on a legal or contractual requirement or a requirement necessary to enter into a contract, whether the User is obliged to provide the personal data and what the possible consequences of failure to provide such data are

the fact of automated decision-making, including profiling (if such a procedure is applied), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User.

Data processing may only begin after this information has been provided and, where the legal basis of processing is consent, the User must, in addition to receiving the information, give consent to the processing.