Name of the Data Controller

Name: JóLÉlek Psychological Foundation
Headquarters: 1122 Budapest, Székács u. 28., Basement
Email: jolelekinfo@gmail.com
Phone: +36 70 555 4057

Data protection requests: if you have any requests or questions regarding data management, you can send your request by post or electronically to the email address above. We will respond without delay, but no later than within 30 days, to the address you provided.

Scope of data processed and purpose of data processing

The Data Controller undertakes to ensure that all data processing related to its activities complies with the expectations set out in this notice, the applicable national legislation, and the legal acts of the European Union. The Data Controller reserves the right to change this notice at any time, notifying its audience in a timely manner.

The Data Controller is committed to protecting the personal data of its clients and considers it particularly important to respect their right to informational self-determination. Personal data is treated confidentially, and all security, technical, and organizational measures are taken to ensure the safety of the data.

Scope of data actually processed

1. Name of the Client or Inquirer: serves the purpose of identifying the data subject and establishing contact during registration for all data processing purposes indicated under the purposes of data processing.
2. Client’s electronic contact information (email): serves the purpose of identifying the data subject and establishing and maintaining contact during registration for all data processing purposes indicated under the purposes of data processing.
3. Client’s phone number: serves the purpose of identifying the data subject and establishing and maintaining contact during registration for all data processing purposes indicated under the purposes of data processing.
4. Client’s address: for the purpose of issuing an invoice.

Purposes of data processing

The Data Controller processes data for the following purposes in accordance with the relevant legislation:

1. To establish and maintain contact via electronic means, phone, or SMS;
2. To perform our verbal therapeutic agreement in the context of psychological consultations;
3. In connection with the provision of psychological services, processing of the service recipient’s data for the fulfillment of legal obligations (for accounting and tax obligations arising from our activities, issuing invoices).

Legal basis of data processing

In the case of special categories of personal data recorded and processed during the counseling process, based on Article 9(2)(a) of the GDPR, processing is based on the data subject’s explicit consent for the specific purpose of counseling, and based on Act XLVII of 1997 on the processing and protection of health and related personal data (Health Act) §4(1)(a), for the promotion of health maintenance, improvement, and preservation, and §4(1)(c) for the purpose of monitoring the data subject’s health condition with their written consent.

Organizing the counseling process and taking steps at the request of the data subject prior to the conclusion of the contract is based on Article 6(1)(b) of the GDPR.

The legitimate interest of the Counselor to respond to inquiries, ensure the high quality of services, check compliance with legal regulations, and to assert or defend legal claims is based on Article 6(1)(f) of the GDPR.

6. a) issuing an invoice in accordance with accounting laws – legal basis: GDPR Article 6(1)(c)
7. b) maintaining contact – legal basis: GDPR Article 6(1)(f). The data controller’s legitimate interest: ensuring continuity of communication with individuals using psychological counseling services
8. c) contract performance – legal basis: GDPR Article 6(1)(b), for processing data of contractual partners (counseling participants)
9. d) data subject’s consent – legal basis: for online registration: GDPR Article 6(1)(a)

Duration of data processing

Invoices and data serving as a basis for issuing invoices (name, address) are retained for 8 years in accordance with Act C of 2000 on Accounting §169(2).

Data provided for the purpose of maintaining contact are retained for 1 year after the end of the relationship.

If the data is no longer needed for accounting purposes, it may be processed for up to the limitation period under civil law after the termination of the legal relationship with the data subject, provided the Counselor has a legal claim against the Client or vice versa. In accordance with §6:22 of Act V of 2013 on the Civil Code, it may be deleted after 5 years.

Rights of the data subject and enforcement options

The Data Subject is entitled to the following rights (subject to conditions defined by applicable laws such as the GDPR): (i) Right of access which the Data Subject may request from the Data Controller; (ii) Right to rectification; (iii) Right to erasure (right to be forgotten); (iv) Right to restriction of processing; (v) Right to data portability; (vi) Right to object (including objection to profiling and rights related to automated decision-making); and (vii) Right to lodge a complaint. These rights may be exercised by contacting the Data Controller using the contact details above.

(i) Right of access

The data subject has the right to receive confirmation from the Data Controller as to whether personal data concerning them is being processed, and, if so, to access the personal data and the following information: purposes of the processing; categories of personal data concerned; recipients or categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations; planned duration of data storage; the right to rectification, erasure or restriction of processing, and the right to object; the right to lodge a complaint with a supervisory authority; source of the data; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject. The Data Controller shall provide the information within one month of receiving the request.

Upon request, the Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested, a reasonable fee based on administrative costs may be charged.

(ii) Right to rectification

The data subject has the right to request the correction of inaccurate personal data and the completion of incomplete data held by the Data Controller.

(iii) Right to erasure

The data subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent and there is no other legal ground for processing; the data subject objects to the processing and there are no overriding legitimate grounds; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law; the personal data have been collected in relation to the offer of information society services. Data cannot be erased if processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defense of legal claims.

(iv) Right to restriction of processing

The Data Controller shall restrict processing at the request of the data subject if any of the following applies:

1. the accuracy of the personal data is contested by the data subject, for a period enabling the verification of the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure and requests restriction instead;
3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or the data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

(v) Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller.

(vi) Right to object

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on public interest or the exercise of official authority, or on the legitimate interests pursued by the Data Controller or a third party, including profiling. In such cases, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

(vii) Right to lodge a complaint: You may lodge a complaint with the National Authority for Data Protection and Freedom of Information

Name: JóLÉlek Psychological Foundation
Headquarters: 1122 Budapest, Székács u. 28., Basement
Email: jolelekinfo@gmail.com
Phone: +36 70 555 4057