Data protection
DATA PROTECTION STATEMENT – FULL TEXT
INTRODUCTION
The operator of the CHILIFITNESS.HU website, Chili Center Ltd. (hereinafter referred to as the service provider, data controller), acknowledges the content of this legal notice as binding. It undertakes that all data processing related to its activities complies with the expectations set forth in this policy and applicable laws.
The data protection guidelines related to the data processing of the CHILIFITNESS.HU portal operated by Chili Center Ltd. are continuously available at https://CHILIFITNESS.HU/adatvedelmi-nyilatkozat/.
The service provider reserves the right to change this information at any time and will notify its audience of any changes in due time.
If our user has any questions that are not clear based on this notice, please write to us, and our colleague will answer your question.
The content of the service provider's website is protected by copyright, so any visual or textual element can only be used with the prior written permission of the owner. The service provider is not responsible for any damages arising from visiting the website.
The service provider is committed to protecting the personal data of its users and partners, and considers it particularly important to respect its clients' right to informational self-determination. The service provider treats personal data confidentially and takes all necessary security, technical, and organizational measures to guarantee the security of the data. The service provider outlines its data processing practices below:
TYPES OF PERSONAL DATA, PURPOSE, LEGAL BASIS, AND DURATION OF DATA PROCESSING
We draw the attention of data providers to the fact that if they do not provide their own personal data, it is the data provider's obligation to obtain the consent of the data subject.
The service provider outlines its data processing principles below, presenting the expectations it has formulated and adheres to as a data controller. Its data processing principles are in accordance with applicable laws related to data protection, particularly the following:
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
Act CXII of 2011 on the right to informational self-determination and freedom of information (hereinafter Infotv., data protection law)
Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Eker. tv.)
Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities (Grt.).
2.1. DATA OF VISITORS TO THE CHILIFITNESS.HU WEBSITE
Purpose of data processing: during the visit to the website, the service provider records visitor data to monitor the operation of the service and to prevent abuse.
Legal basis for data processing: the data controller has a legitimate interest in identifying users and preventing abuse [GDPR Article 6(1)(f)].
Types of personal data processed: date, time, the IP address of the user's computer, the address of the visited page, the address of the previously visited page, data related to the user's operating system and browser.
Duration of data processing: 30 days from the viewing of the website.
Data processor:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
E-Mail: [email protected]
Hosting service
2.2. CHILIFITNESS.HU CONTACT
The purpose of data processing: contact initiation, maintaining contact.
The legal basis for data processing: the consent of the data subject [ GDPR Article 6 (1) (a) ].
The types of personal data processed: name, email address, subject of the message, text, the IP address of the user's computer, date and time, as well as any other personal data provided by the data subject.
The deadline for data deletion: 2 years from the date of data provision.
The deletion or modification of personal data can be initiated in the following ways:
by post at the service provider's address,
by email at [email protected].
Data processors:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
E-Mail: [email protected]
Hosting service
2.3. CHILIFITNESS.HU NEWSLETTER
The purpose of data processing: sending email newsletters to interested parties, informing about current information and changes.
The legal basis for data processing: the consent of the data subject [ GDPR Article 6 (1) (a) ].
The types of processed personal data: name, email address, date.
Deadline for data deletion: upon withdrawal of consent, in the case of unconfirmed subscriptions, 30 days.
The deletion or modification of personal data can be initiated in the following ways:
by post at the service provider's address,
via email at [email protected],
by clicking the “click here to unsubscribe” link found in the footer of the sent newsletter.
Data processors:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
E-Mail: [email protected]
Hosting service
2.4. COMMENT ON BLOG POST
The purpose of data processing: to comment on CHILIFITNESS.HU blog posts.
The legal basis for data processing: the consent of the data subject [ GDPR Article 6 (1) (a) ].
The types of processed personal data: name, email address, personal website address, the text of the comment, the user's computer's IP address, date and time.
Deadline for data deletion: 5 years.
Disclosure: By using the comment feature, the user consents to the disclosure of their name, as well as the text, date, and time of the comment.
The deletion or modification of personal data can be initiated in the following ways:
by post at the service provider's address,
by email at [email protected].
Data processors:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
E-Mail: [email protected]
Hosting service
2.5. CUSTOMER CORRESPONDENCE OF THE SERVICE
If you have questions or problems while using our services, you can contact the data controller in the ways provided on the website.
The service provider deletes received emails, along with the sender's name and email address, as well as other voluntarily provided personal data, no later than 2 years after the data communication.
Data processors:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Tel.: +49 (0)9831 505-0
Fax: +49 (0)9831 505-3
E-Mail: [email protected]
Hosting service
2.6. OTHER DATA PROCESSINGS
Information about data processing not listed in this notice will be provided at the time of data collection.
We inform our clients that the court, the prosecutor, the investigative authority, the authority for misdemeanors, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may contact the data controller for the purpose of providing information, disclosing data, transferring data, or making documents available.
The service provider shall only disclose personal data to authorities to the extent and in the manner necessary to achieve the purpose of the request, provided that the authority has specified the exact purpose and scope of the data.
THE METHOD OF STORAGE OF PERSONAL DATA, THE SECURITY OF DATA PROCESSING
The service provider and its data processors implement appropriate technical and organizational measures, taking into account the state of technology and the costs of implementation, as well as the nature, scope, circumstances, and purposes of data processing, and the risks of varying likelihood and severity to the rights and freedoms of natural persons, in order to guarantee a level of data security appropriate to the level of risk.
The service provider selects and operates the IT tools used in the provision of services for the processing of personal data in such a way that the processed data:
a) is accessible to authorized persons (availability);
b) its authenticity and verification are ensured (data processing authenticity);
c) its integrity can be verified (data integrity);
d) protected against unauthorized access (data confidentiality)
shall be.
The service provider protects the data with appropriate measures, particularly against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility due to changes in the applied technology.
The service provider ensures, with appropriate technical solutions, the protection of electronically processed data files in its various records, so that the stored data, unless permitted by law, cannot be directly linked and assigned to the data subject.
Considering the current level of technology, the service provider takes technical, organizational, and administrative measures to ensure the security of data processing, which provides a level of protection corresponding to the risks associated with data processing.
The service provider maintains during data processing
a) confidentiality: protects the information so that only those who are authorized can access it;
b) integrity: protects the accuracy and completeness of the information and the processing method;
c) availability: ensures that when the authorized user needs it, they can indeed access the desired information, and the related tools are available.
The IT systems and network of the service provider and its partners are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as against computer viruses, computer intrusions, and denial-of-service attacks. The operator ensures security with server-level and application-level protective procedures.
We inform users that electronic messages transmitted over the internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to dishonest activities, contract disputes, or the disclosure or alteration of information. To protect against such threats, the service provider will take all reasonable precautions. The systems are monitored to record any security deviations and provide evidence for any security incidents. Additionally, system monitoring allows for the assessment of the effectiveness of the precautions taken.
DATA CONTROLLER'S DETAILS, CONTACT INFORMATION
Name: Chili Center Ltd.
Headquarters: 1102 Budapest, Állomás utca 19. X/47.
Company registration number: 01 09 447189
Tax number: 26514101-2-42
Name of the registering court: Company Court of Budapest Regional Court
E-mail: [email protected]
Phone: 06 70 948 4890
RIGHTS OF THE DATA SUBJECT, REMEDIAL OPTIONS
(The entire chapter follows here, with all text unchanged as in the original, nothing is omitted:)
The data subject may request information about the processing of their personal data, as well as request the correction of their personal data, or deletion, withdrawal, and restriction of processing, except for mandatory data processing, and may exercise their right to data portability and objection in the manner indicated at the time of data collection, as well as through the above contact details of the data controller.
Right to information:
At the request of the data subject, the service provider shall take appropriate measures to ensure that all information regarding the processing of personal data, as mentioned in Articles 13 and 14 of the GDPR, and all information according to Articles 15-22 and 34 is provided to the data subjects in a concise, transparent, intelligible, and easily accessible form, clearly and understandably formulated.
Right of access:
The data subject has the right to receive feedback from the data controller on whether their personal data is being processed, and if such processing is ongoing, they have the right to access their personal data and the following information: the purposes of processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, including particularly third country recipients and international organizations; the intended duration of storage of the personal data; the right to rectification, erasure, or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the sources of data; the fact of automated decision-making, including profiling, as well as understandable information on the logic involved and the significance and expected consequences of such processing for the data subject. In the case of the transfer of personal data to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards relating to the transfer.
The service provider shall provide a copy of the personal data subject to processing to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. At the request of the data subject, the information will be provided by the service provider in electronic form.
The right to information can be exercised in writing through the contact details specified in the Introduction and in point 4.
Upon request from the data subject, information may also be provided verbally after credible verification of their identity and identification.
Right to rectification:
The data subject may request the rectification of inaccurate personal data concerning them and the completion of incomplete data processed by the service provider.
Right to erasure:
The data subject is entitled to request the service provider to erase personal data concerning them without undue delay if any of the following grounds apply:
personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing;
the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased for compliance with a legal obligation to which the data controller is subject under Union or Member State law;
The collection of personal data took place in connection with the provision of services related to the information society.
Data deletion cannot be initiated if the data processing is necessary: for the exercise of the right to freedom of expression and the right to information; for the fulfillment of a legal obligation to which the data controller is subject under Union or Member State law, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; for purposes related to public health, or for archiving, scientific and historical research purposes or for statistical purposes, based on public interest; or for the establishment, exercise, or defense of legal claims.
Right to restriction of processing:
At the request of the data subject, the provider shall restrict processing if any of the following conditions are met:
the data subject contests the accuracy of the personal data, in which case the restriction applies for the period that allows the accuracy of the personal data to be verified;
the processing is unlawful, and the data subject opposes the deletion of the data and instead requests the restriction of its use;
the data controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims;
the data subject has objected to the processing; in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.
If processing is restricted, personal data may be processed only with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a Member State, except for storage.
The provider shall inform the data subject in advance about the lifting of the restriction on processing.
Right to data portability:
The data subject has the right to receive the personal data concerning him or her that he or she has provided to the data controller in a structured, commonly used, machine-readable format, and to transmit those data to another data controller.
Right to object:
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, or for the purposes of legitimate interests pursued by the data controller or a third party, including profiling based on those provisions.
In the event of an objection, the data controller shall no longer process the personal data, unless there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or which relate to the establishment, exercise, or defense of legal claims.
If the processing of personal data is for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling to the extent that it is related to direct marketing.
In the event of an objection to the processing of personal data for direct marketing purposes, the provider shall not process the data for that purpose.
Automated decision-making in individual cases, including profiling:
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The above right shall not apply if the processing is:
necessary for the conclusion or performance of a contract between the data subject and the data controller;
is made possible by a Union or Member State law applicable to the data controller, which also establishes appropriate measures for the protection of the rights and freedoms of the data subject, as well as their legitimate interests; or
is based on the explicit consent of the data subject.
Right of withdrawal:
The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
Procedural rules:
The data controller shall inform the data subject without undue delay, but in any case within one month of the receipt of the request, about the measures taken in response to the request under Articles 15-22 of the GDPR. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months.
The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of the receipt of the request. If the data subject submitted the request electronically, the information shall be provided electronically, unless the data subject requests otherwise.
If the data controller does not take action in response to the request of the data subject, it shall inform the data subject without undue delay, but no later than one month from the receipt of the request, of the reasons for the inaction, as well as that the data subject has the right to lodge a complaint with a supervisory authority and to exercise their right to judicial remedy.
The provider shall provide the requested information and guidance free of charge. If the request of the data subject is clearly unfounded or excessive due to its repetitive nature, the data controller may charge a reasonable fee based on the administrative costs of providing the requested information or guidance, or refuse to act on the request.
The data controller shall inform all recipients of any rectification, erasure, or restriction of processing carried out by it, except where this proves impossible or involves a disproportionate effort. At the request of the data subject, the data controller shall inform them of these recipients.
The provider shall make a copy of the personal data subject to processing available to the data subject. For any further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information shall be provided in electronic format, unless the data subject requests otherwise.
Compensation and damages:
Any person who has suffered material or non-material damage as a result of a breach of the data protection regulation is entitled to compensation from the data controller or the data processor for the damage suffered. The data processor shall only be liable for damages caused by processing if it has not complied with the obligations specifically imposed on data processors by law, or if it has disregarded or acted contrary to the lawful instructions of the data controller.
If multiple data controllers or multiple data processors or both the data controller and the data processor are involved in the same processing and are liable for damages caused by the processing, each data controller or data processor shall be jointly and severally liable for the entire damage.
The data controller or the data processor shall be exempt from liability if it proves that it is not responsible for the event causing the damage in any way.
Right to go to court:
In the event of a violation of their rights, the data subject may bring an action against the data controller at the court competent according to the choice of the data subject, either at the seat of the defendant or at the residence of the data subject. The court shall proceed with the case as a matter of priority. Proceedings related to the protection of personal data are exempt from court fees.
Data protection authority procedure:
A complaint may be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa Street 9-11.
Mailing address: 1363 Budapest, P.O. Box: 9.
Budapest, 2025.01.01.
English 
Hungarian 
German 
