P R I V A C Y  P O L I C Y

download file:

CANOEING SOLUTIONS™

PRIVACY POLICY

This Privacy Policy is intended to provide a comprehensive description of the circumstances and methods of collection and processing your personal data, personal identification data and the personal data concerning health, which includes the following documents:

 

• Concise Privacy Policy (Annex 1)

 

• The Comprehensive Privacy Policy (Annex 2)

 

• Declaration of consent for the collection and processing of personal identification data and the personal data concerning health(Annex 3)

• Declaration of consent for the collection and processing of personal data for the receipt of electronic direct marketing communication and online newsletter (Annex 4)

 

Annex 1

CONCISE PRIVACY POLICY

  • Data Controller:

 

The publisher of this Privacy Policy, also the Data Controller / Consultant Service Provider: Canoeing Solutions Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

Registered office: H-1149 Budapest, Beckó utca 20. 2. fl. 3.

Tax number: 28811411-2-42

Company registration number: 01-09-375085

 

•           The purposes of data processing:

Based on the request of the data subject, the organization of consultations, and to fully inform the client, to keep in touch with the person(s) interested about the service, to enforce any legal claims, as well as to improve the client's physical condition as a result of a provision of professional service tailored to the needs and the health conditions of the client. 

 

Anoymised data may be used for statistical purposes.

 

          Legal basis for data processing:

In the case of specific data to be included and processed in the consultation process, the data subject's explicit consent to the processing of such personal data for consultation purposes pursuant to Article 9 (2) (a) of the GDPR, together with Section 4 (3) of the Act XLVII of 1997 on the processing and protection of health and related personal data. Pursuant to Section 4 (1) (a) of the Act XLVII of 1997 on the Promotion of the Preservation, Improvement and Maintenance of Health, and pursuant to Section 4 (1) c) of the Act on the purpose of monitoring the health status of the data subject

Under Article 6 (1) (c) of the GDPR when processing is necessary for compliance with a legal obligation to which the controller is subject, such as for the purpose of fulfilling tax and accounting obligations (invoicing, bookeeping, taxation), the data controller process the data of natural persons who enter into business relations with it.

Contact with the data subject to organize the consultation and service provision process and to take steps at the request of the data subject before concluding the contract, in accordance with Article 6 (1) (b) of the GDPR).

 

The Consultant Service Provider's overriding legitimate interest in answering inquiries from interested parties, monitoring the high quality of our services and the compliance of its activities with the law, and submitting, enforcing and defending its legal claims is set out in Article 6 (1) (f) of the GDPR.

 

Under Article 6 (1) (a) of the GDPR the explicit consent of the data subject as the recipient of any electronic direct marketing communication as specified by section 6 (1) of the Act LXVIII of 2008 (advertisement Act).

Recipients:

The Consultant Service Provider, as an independent data controller, has access to your data in connection with the organization and conduct of the consulting process on a ‘need to know’ basis, which means that your data is only available for those colleagues of the data controller to whom it is necessary for the appropriate provision of the services.

  • Regarding the consultancy contract, the consultant service provider’s accounting officer performs the accounting tasks on a contractual basis. For more detailed information, please read the Full Privacy Notice.

  • Hosting Partner as a data processor: To operate its IT services, the Service Provider uses a hosting services provider who performs processing of the personal data of the data subject in accordance with the provisions of this section. For more detailed information, please read the Full Privacy Notice.

  • A data processing partner facilitates the maintenance of the website. For more detailed information, please read the Full Privacy Notice.

  • A data processing partner managing the newsletter service. For more detailed information, please read the Full Privacy Notice.

 

Further details: Comprehensive privacy policy can be found in section 2 of this document. Included in its annex.

RIGHT TO OBJECT TO PROCESSING 

AT ANY TIME, YOU MAY DISCLAIM ANY PROCESSING OF YOUR PERSONAL DATA BY THE DATA CONTROLLER, FREE OF CHARGE, FOR YOUR REQUIREMENTS, WHICH MAY CONSTITUTE YOU. IF YOU HAVE THE RIGHT TO PROTEST AND EXERCISE THIS RIGHT, YOUR PERSONAL DATA WILL NOT BE PROCESSED BY THE DATA CONTROLLER FOR SUCH PURPOSES. THE EXERCISE OF THIS RIGHT DOES NOT ENTAIL ANY COSTS.

 

THIS RIGHT DOES NOT APPLY TO YOU WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA TO TAKE STEPS AT THE REQUEST OF THE DATA SUBJECT PRIOR TO ENTERING INTO A CONTRACT; OR PERFORM A CONTRACT ALREADY CONCLUDED.

 

• Right to lodge a complaint: You may lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C., Phone: + 36-1-391-1400, fax: + 36-1-391-1410 , e-mail: ugyfelszolgalat@naih.hu

 

Annex No. 2

COMPREHENSIVE PRIVACY POLICY

 

1. APPLICATION OF THE INFORMATION

This policy ("Comprehensive privacy policy") provides information on the data processing practice of the consultant service provider (Registered office: H-1149 Budapest, Beckó utca 20. 2. fl. 3.; Tax number: 28811411-2-42; Company registration number: 01-09-375085) as an independent data controller in connection with your Personal Data. The Data Controller is committed to the protection of your personal data, personal identification data and the personal data concerning health. 

 

The purpose of the Comprehensive privacy policy is to describe how the Data Controller collects, processes and uses the personal data of the data subject (hereinafter referred to as the "Customer") in the course of its activities by organizing, conducting and coordinating the consultations on training programs and related life counselling.

 

WHO IS THE DATA CONTROLLER?

Data Controller:

The publisher of this Privacy Policy, also the Data Controller / Consultant Service Provider: Canoeing Solutions Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

Registered office: H-1149 Budapest, Beckó utca 20. 2. fl. 3.

Tax number: 28811411-2-42

Company registration number: 01-09-375085

Contact details (telephone, e-mail): development@canoeingsolutions.com +36302852096 or +36703183665

Website of the data controller: www.canoeingsolutions.com

WHAT ARE THE PURPOSES OF THE DATA PROCESSING?

 

  • Elaboration of a training plan suitable for the Customer's lifestyle and the related diet ("Personalized training plan package").

  • The contact between the provider of consulting services and the Client, the appropriate selection of our services, the provision of recommendations, and the answering of the questions of the data subject.

  • Jointly determining the tasks of the consulting service provider and the Client's advisory and / or training cooperation.

  • Storage of personal data in electronic and paper format, preparation of written notes on the counselling process in electronic form. Use of personal data, health identification data and health data in the professional supervision phase.

  • For concluding, performing, terminating the contract, providing a contractual discount for the (if applicable), and for business relations, we process the personal data of the natural persons involved with us for the purpose of fulfilling the contractual obligations.

  • Data processing for tax and accounting purposes for the purpose of fulfilling the statutory tax and accounting obligations (invoicing, bookeeping, taxation).

  • Registration on the website of the consulting services, registration of Customers, differentiation from each other, checking the existence of contract conditions (e.g.: age), providing functions related to registration on the website for shortening the time of the ordering process, viewing previous service orders.

WHAT IS THE SCOPE OF THE PERSONAL DATA PROCESSED?

The Consultant Service Provider processes the following voluntarily provided personal data, personal identification data and special data (concerning health) of the Client and the inquiring parties:

Personal Data processed: Purposes of data processing

Tier I data (personal data and personal identification data)

Based on the request of the data subject, the organization of consultations, to fully inform the client, to keep in touch with the person(s) interested about the service, to enforce any legal claims, as well as to improve the client's physical condition as a result of a provision of professional service tailored to the needs and the needs and the health conditions of the client. 

 

Contact information

Name (surname and first name) of the Customer/Inquiring party:

serves to identify the data subject in relation to all data processing purposes indicated in the data as indicated in the data processing purposes section.

.

Customer's address:

It serves to identify the data subject and to keep in touch for all data processing purposes indicated in the data processing purposes section.

 

Electronic contact(s) of the Customer (e-mail): 

It serves to identify and contact the data subject for all data processing purposes indicated in the data processing purposes section.

Customer's telephone number:

For the purpose of contacting the data subject.

Customer's bank account details required for the purpose of verifying payments

on behalf of the data subject for the purpose of the transaction

and the customer's identity in the case of a transfer order:

In the case of a transfer order, for the purpose of identifying the transaction and the customer.

Date of birth of the customer:

To identify the Customer and to ensure data quality, it is processed by the Data Controller.

 

The signature and/or consent of the Customer:

The Customer's signature is managed by the Data Controller to ensure the quality of the data.

Tier II. personal data

 

Scope of health and identification data processed: 

Processing of Personal Identification Data and the Personal Data Concerning Health provided when ordering the service (both personally or through the website):

 

1.Age,

2.height,

3. body mass index (BMI), body weight,

4. body circle dimensions,

5. Muscle mass%, body fat%,

Visceral fat, skeletal muscle% measurement, 

6. diseases,

7. harmful addictions

8. fact of previous illness surgery

9. sports history,

10. state of health at the time of application (including relevant sicknesses),

11. food allergy, the fact of food sensitivity;

12. Lifestyle, daily, weekly rhythm of life;

13. the purpose(s) to be achieved by the service concerned;

14. Average heart rate, Resting blood pressure, heart rate measurement, 

15. any other personal (health) data provided by the data subject in the comment box;

16. other data necessary for the use of the service, which, due to the nature of the service, may include additional health data to ensure the safety of the data subject's health and the provision of services.

Purposes of data processing:

For providing the service of Customer’s choice, the Data Controller processes the following personal and special (health) data of the categories of data subjects.

The purposes of data processing:

Based on the request of the data subject, the organization of consultations is to fully inform the client, to keep in touch with the person(s) interested about the service, to enforce any legal claims, as well as to improve the client's physical condition as a result of a provision of professional service tailored to the needs and the needs and the health conditions of the client. 

 

WHAT LEGAL BASIS IS APPLICABLE?

Legal basis for data processing:

  • In the case of specific data to be included and processed in the consultation process, the data subject's explicit consent to the processing of such personal data for consultation purposes pursuant to Article 9 (2) (a) of the GDPR, together with Section 4 (3) of the Act XLVII of 1997 on the processing and protection of 

  • Under Article 6 (1) (c) of the GDPR when processing is necessary for compliance with a legal obligation to which the controller is subject.

 

For the purpose of fulfilling tax and accounting obligations (invoicing, bookeeping, taxation), the data controller processes the data of natural persons who enter into business relations with us as specified by section 166 (3) and section 169 (2) of act c of 2000 on accounting and section 78 (3) of the act cl of 2017 on the rules governing taxation. Section 13/A of the Act CVIII. of 2001 on the e-commerce concerning the provision of information society services from the webpage when ordering the service through the website.

 

  • Contact with the data subject to organize the consultation and service provision process and to take steps at the request of the data subject before concluding the contract, in accordance with Article 6 (1) (b) of the GDPR).

  • Under Article 6 (1) (a) of the GDPR the explicit consent of the data subject as the recipient of any electronic direct marketing communication as specified by section 6 (1) of the Act LXVIII of 2008 (advertisement Act).

  • The Consultant Service Provider's overriding legitimate interest in answering inquiries from interested parties, monitoring the high quality of our services and the compliance of its activities with the law, and submitting, enforcing and defending its legal claims is set out in Article 6 (1) (f) of the GDPR.

DATA PROCESSING BASED ON THE LEGITIMATE INTEREST

Purpose of data processing based on legitimate interest:

Results of the balance of interests test

Replying the questions of the data subjects:

The data controller has a legitimate interest through the course of the data processing to respond to questions or comments from Customers and inquiring parties. This is because it is vital that to deal with customers and inquiries if they have questions, as this way they can maintain trust in both customers and inquirers. If customers or inquiring parties contact the data controller with a question, the data controller may have reason to expect that his or her data will be processed to facilitate the response.

 

Processing of the Tier I. category of personal data of the Customers

for the purpose of submitting, enforcing, and protecting the legal claims of the data controller:

 

The data controller has a legitimate interest in the commission fee arising from the consulting activity, as well as any claim(s) arising from the contract.

WHAT RETENTION PERIODS ARE APPLICABLE?

Retention periods for the storage and deletion of data:

The Consultant Service Provider shall process the personal data during the legal relationship of the data subject with the Customer, i.e. during the consultation process about the Customer, or after the termination of the legal relationship, if so provided by law.

Tier I. personal data processed:

All documents documenting the occurrence of an economic event between the Consultant Service Provider and the Customer shall be considered as accounting documents, and the Consultant Service Provider shall keep them for the retention period specified in the tax and accounting rules in force at any time.

In accordance with Section 169 (2) of Act C of 2000 on Accounting, the necessary, purposeful data processing in this respect will be kept for 8 years. Documents of contracts, invoices, receipts, and inspections are such documents.

In the case of documents necessary for the assessment of the tax, it will process your data until the expiry of the right to determine the tax (for the period specified in - Section 78 (3) of Act CL of 2017).

If the data is not required from an accounting point of view, the data may be processed up to the civil limitation period after the termination of the legal relationship with the data subject, if the personal data can be processed during the civil law limitation period, if the Consultant Service Provider has a legal claim against the Customer or Customer has a legal claim against the Consultant Service Provider. Act V of 2013 on the Civil Code 6:22. § may be deleted after 5 years.

Tier II. personal data processed:

Special categories of personal data collected and otherwise processed during the advisory process will be processed based on the Customer's explicit consent (in a manner set by Section 4 (3) of the Act XLVII. of 1997 – Health Data Act – until such explicit consent is revoked, the request for data deletion is fulfilled, or the advisory process is completed.

 

SCOPE OF DATA PROCESSORS WITH AN ACCESS TO THE PERSONAL DATA AND SPECIAL DATA OF THE CUSTOMER

For the purpose of the organizing and conducting of the consultation process the Consultant Service Provider, is an independent data controller, which has an access to the Customer data.

The data controller uses the assistance of a contractual partner for the operation of the website, which qualifies as a data processor to operate the service. The data processor is bound by the obligation of confidentiality regarding the data thus obtained. The data processor processes the personal data in accordance with the agreement concluded between it and the data controller Service Provider, until the performance of its tasks. Please be 

Data processing partner that facilitates the maintenance of the website:

Registered office: 

Company registration number:

Contact details (telephone, e-mail): 

Website of the data processor:

Purpose of data processing: to ensure the proper functioning of the website and the customer interface, the provision of the service.

Legal basis for data processing: the consent of the data subject by placing an order for the service.

Duration and retention period of data processing: until the termination of the contract between the data controller and the data processor or the withdrawal of the data subject's consent.

Scope of the data processing: the data processor may see the personal data provided during the order, not the payment data.

Newsletter service management data processing partner

Registered office:

Company registration number:

Contact details (telephone, e-mail):

Website of the data processor:

Scope of the data processing: surname, first name, e-mail address

You can find more information about the data management activities of our data processing partner here: ……………..

Purpose of data processing: Sending newsletters and advertising material on the subject of the Service Provider's products and services; subscribe to user group(s).

Legal basis for data processing: consent of the data subject.

Duration and retention period of data processing: during the existence of the newsletter service or the withdrawal of the data subject's consent (request for cancellation).

Data processor providing the accounting services

Name of the Data Processor

Registered office:

Company registration number:

Contact details (telephone, e-mail):

Website of the data processor:

Scope of the data processing: name, address, billing information and individual items of the invoice.

Purpose of data processing: The data processor providing the accounting service is provided with the data required 

for the invoice to be issued to the data subjects, which the data processor stores in an online system and issues an invoice on behalf of the data controller.

Legal basis for data processing: with the consent of the data subject using the service, the data transferred to the extent and for the time necessary for the performance of the service within the framework of  its contractual legal relationship with the data processor. 

Duration and retention period of data processing: until the termination of 

the contract between the data controller and the data processor

WHAT DATA SECURITY MEASURES ARE APPLIED?

The Service Provider as the data controller is obliged to fulfil the data protection and confidentiality obligation in accordance with the provisions of this privacy policy and with the applicable data protection legislation and international recommendations and best practices under which it implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, that guarantee the security of the Customers personal data.

In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

 

WHAT ARE YOUR RIGHTS AND LEGAL REMEDIES?

Your Rights: The Data Subject has the following rights (the terms of which are set out in applicable laws (e.g. GDPR)): (i) The right of access that the Data Subject may request from the controller; (ii) The right to rectification; (iii) The right to erasure (right to be forgotten); (iv) The right to restrict data processing; (v) The right to data portability (vi) the right to object the data processing (including objection against profiling and other rights related to automatic decision-making) and (vii) the right to lodge a complaint. The Data Subject may exercise his / her rights by contacting the data controller directly via the contact details specified above.

Below you will find more information about your rights under the GDPR.

(i) Right of Access

You have the right to receive feedback from the data controller as to whether your personal data is being processed and, if such processing is in progress, you have the right to have access to your personal data. The right of access shall cover, inter alia, the following information: the purpose of the processing, the categories of personal data processed, the recipients or categories of recipients to whom or with whom the personal data have been or will be communicated.

You have the right to request a copy of your personal data subject to the data processing. If you request additional copies, we may charge a reasonable fee based on administrative costs.

(ii) Right to rectification

You have the right to get the inaccurate personal information about you rectified upon request. Depending on the purpose of the data processing, you may be entitled to request that the incomplete personal data be amended, including by providing it with a supplementary statement.

(iii)       Right to erasure (right to be forgotten)

In certain cases, you have the right to have your personal data deleted at your request, and we may be obligated to have such personal information deleted.

(iv) Right to Restrict Data Processing

In certain cases, you have the right to restrict the processing of your personal data at your request. In this case, the data concerned will be marked and may only be processed for specific purposes.

(v) Right to Data Portability

In certain cases, you have the right to receive personal data about you that you provide to us in a structured, widely used, machine-readable format, and you have the right to transfer that data to another data controller without hindering it.

(vi) Right to object to processing

RIGHT TO OBJECT TO PROCESSING

AT ANY TIME, YOU MAY DISCLAIM ANY PROCESSING OF YOUR PERSONAL DATA BY THE DATA CONTROLLER, FREE OF CHARGE, FOR YOUR REQUIREMENTS, WHICH MAY CONSTITUTE YOU. IF YOU HAVE THE RIGHT TO PROTEST AND EXERCISE THIS RIGHT, YOUR PERSONAL DATA WILL NOT BE PROCESSED BY THE DATA CONTROLLER FOR SUCH PURPOSES. THE EXERCISE OF THIS RIGHT DOES NOT ENTAIL ANY COSTS.

 

THIS RIGHT DOES NOT APPLY TO YOU WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA TO TAKE STEPS AT THE REQUEST OF THE DATA SUBJECT PRIOR TO ENTERING INTO A CONTRACT; OR PERFORM A CONTRACT ALREADY CONCLUDED.

 

• Right to lodge a complaint: You may lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C., Phone: + 36-1-391-1400, fax: + 36-1-391-1410 , e-mail: ugyfelszolgalat@naih.hu