The purpose of this Privacy Notice (hereinafter: Privacy Notice) is to provide Kata Molnár Psychologist sole trader with information to her clients or the visitors of the web page about the processing of their personal data, either through the www.alelekkulcsa.hu or as a result of a personal inquiry.

Kata Molnár, the psychologists of the A Lélek Kulcsa Pszichológiai Központ as a self-employed, independent data controller (hereinafter: Controller), pays particular attention to respecting the right to informational self-determination of her clients as well as of the visitors of the webpage. She acts in accordance with Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and other applicable data protection legislation, as well as in accordance with the data protection practices established in the course of the activities of the National Authority for Data Protection and Freedom of Information.

The Website can be viewed by anyone without providing any personal information.

There is no charge for viewing the website, subscribing to the newsletter and registration. If the user wishes to receive newsletters and subscribes to the newsletter and/or by providing his/her data, the Data Controller applies the following data protection rules.

In issues not provided for herein, the provisions of the Info Act shall apply.

I. Definitions

Personal data: data that can be associated with the data subject, in particular the name, identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from the data concerning the data subject.

Special categories of data: personal data revealing racial or ethnic origin, political opinions or opinions, religious or philosophical beliefs, membership of an interest group, sex life, health, pathological addiction and personal data concerning criminal offences.

Health data: according to Article 3 of Act XLVII of 1997 on the processing and protection of health and related personal data, data concerning the physical, mental and psychological condition, pathological addiction, the circumstances of illness or death, the cause of death of the person concerned, communicated by him or her or by another person, or detected, examined, measured, mapped or derived by the health care network; and any data that may be associated with or affect the foregoing (e.g. behaviour, environment, occupation) and, pursuant to Article 4 (15) of the GDPR: personal data concerning the physical or mental health of a natural person, including data relating to health services provided to a natural person which contain information about the health of the natural person.

Psychological data: the joint Professional Code of Ethics of the Hungarian Psychologists' Association and the Hungarian Psychological Society 5.1.2. The categories of special data, as defined in point 5.1 of the Code of Ethical Psychology of the Society of Psychologists and Psychologists, which are in particular data concerning the mental and psychological state, behaviour, suitability for or exclusion from performing the duties of adoptive parent, foster parent, guardian, carer, or other duties of the person concerned, or the observed, tested, measured, mapped or derived data; and any data that can be associated with or influence the foregoing (e.g. family environment, occupation.)

Biometric data: any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of the natural person, such as facial image or dactyloscopic data.

Consent: a voluntary and explicit expression of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, either in full or in relation to specific operations.

Data Controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or implements them through a processor on its behalf.

Data Processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, sound recordings or images and recording of physical characteristics which can be used to identify a person.

Data Processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

Data Processor: a natural or legal person or an unincorporated body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision.

Third Party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor.

Pursuant to Article 20 of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, "The data subject shall be informed clearly and in detail of all facts relating to the processing of his or her data, in particular the purpose and legal basis of the processing, the person who is entitled to process the data and the data controller, the duration of the processing, if the controller processes the personal data of the data subject pursuant to paragraph (5) of Article 6, and who may access the data. The information shall also cover the rights and remedies of the data subject in relation to the processing". On the basis of the above, the Data Controller informs the visitors of the website and all its registered users and clients who subscribe to the newsletter of the following:
 

II. The Data Controller and Processors

Data Controller:

Molnár Kata e.v.
Seated: 1032 Budapest, Kiscelli utca 16,
E-mail: kata.molnar@alellekulcsa.hu
Tel: +36203544552

Data Processors:

Molnár Kata e.v.
Seated: 1032 Budapest, Kiscelli utca 16.
E-mail: kata.molnar@alellekulcsa.hu
Web: http://alelekkulcsa.hu/

III. Purpose of Data Processing

  1. Registered users of the web site
    Purpose of data processing: to contact users of the website, to send information, to identify the user, to send newsletters to users who have expressly requested it and to other interested parties who have subscribed to the newsletter.
  2. For those seeking psychological services via the website
    Purpose of data processing: to contact users of the website, to send information and to select the appropriate psychologist.
  3. Clients
    Ongoing contact with clients using the service, invoicing and to facilitate the consultation process.
    The Psychologist stores the Client's personal data in electronic and paper form, and keeps written records of the counselling process in electronic/paper form. Life history data is used in professional supervision (with the client's consent).
    Life History Data: data on emotional, thought content, life history, which may include special data and medical data, which are collected during the psychology sessions.

IV. Legal basis and scope of data processed

In the case of specific data collected and processed during the Psychological Process, the explicit consent of the data subject is required for the processing of such personal data for specific counselling purposes pursuant to Article 9 (2) (a) of the GDPR, and the purpose of processing health data is to promote the preservation, improvement and maintenance of health pursuant to Article 4 (1) (a) of Act XLVII of 1997 on the processing and protection of health and related personal data (Eüaktv.), and the monitoring of the health of the data subject pursuant to subsection (c).

Article 6 of the GDPR sets out the lawfulness of data processing:

(1) The processing of personal data shall be lawful only if and to the extent that at least one of the following conditions is met:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or is necessary for the purposes of taking steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

The legal basis for processing is the prior and voluntary consent of the data subject. In the absence of this consent, the service cannot be provided.
The data are processed for as long as the service is being used.

The Data Controller processes the following data in connection with the provision of the service:

1. Surname and first name
2. Permanent address
3. E-mail Address
4. Telephone number
5. Notes, records, test results
6. Date of birth of Client
7. Signature of Client
8. Life History Data
9. Complaint and case data of Client
10. Photo, biometric data

The Data Controller processes the following personal data and special data voluntarily provided by the Customer or interested parties.

Processed personal data in category I:

  • Name of the Client, Interested Party: for the identification of the data subject, contact during registration for all the processing purposes indicated in the purposes of processing section.
  • Customer's address: to identify the data subject and to contact him/her for all the purposes of the processing indicated in the purposes of the processing.
  • Client’s electronic contact details (e-mail): for the purposes of identifying the data subject, contacting him/her during registration and maintaining contact for all the processing purposes specified in the purposes of the processing.
  • The Client’s telephone number: used to identify the data subject, to contact him/her during registration and to maintain contact for all the purposes of processing indicated in the purposes of processing section.
  • Client’s date of birth: processed by the Data Controller for the purpose of the Client’s identifiability and to ensure data quality.
  • Client’s signature: the Customer's signature is processed by the Controller to ensure data quality

Category II personal data (also includes sensitive personal data):

  • Client's case or complaint: the case or complaint indicated in the letter of the person concerned and what he/she is requesting from the Psychologist.
  • Life History Data: data about the emotional, thought content, life history, which may include special data and medical data, as expressed during the psychologist's process.
  • Photograph, biometric data: the client may include a photograph when sharing his/her opinion about the service, which he/she agrees to be included on the website, in order to authenticate it.
  • Notes, records, test results: data about the emotional, thought content, life history, which may include special data and medical data, as expressed verbally or noted in writing during the psychologist's process.
  • The data controller will only transfer the data subject's data to third parties with the prior written consent of the data subject or in the fulfilment of a legal obligation.
  • In the case of specific data collected and processed in the course of the psychological process, the explicit consent of the data subject is required for the processing of such personal data for specific counselling purposes pursuant to Article 9 (2) (a) of the GDPR, and the purpose of processing health data is to promote the preservation, improvement and maintenance of health pursuant to Article 4 (1) (a) of Act XLVII of 1997 on the processing and protection of health and related personal data (Eüaktv.), and the monitoring of the health of the data subject pursuant to Article 9 (2) (c).

Article 6 of the GDPR lays down the lawfulness of data processing:

The processing of personal data shall be lawful only if and to the extent that at least one of the following conditions is met:

(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) Processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract;
(c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) Processing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

The overriding legitimate interests of the Psychologist is to respond to enquiries, to ensure the high quality of our services and to monitor the compliance of our activities with the law, and to present, exercise and defend legal claims pursuant to Article 6(1)(f) GDPR.

V. Duration Of Data Processing

Personal data: all documents documenting the occurrence of an economic event between the Psychologist and the Client are considered accounting documents and are kept by the Psychologist for the period of retention specified in the tax and accounting rules in force. To the extent necessary and for the purpose for which it is required, the data shall be kept for 8 years in accordance with the provisions of Article 169 (2) of Act C of 2000 on Accounting. Such documents include, in particular, contracts, invoices, supporting documents and inspection documents. In the case of documents necessary for the assessment of tax, your data will be processed until the limitation period of the right to assess tax (the period specified in Article 78(3) of Act CL of 2017 on the Rules of Taxation (Art.)).

If the data are not necessary for accounting purposes, the data may be processed after the termination of the legal relationship with the data subject up to the limitation period under civil law, provided that the personal data may be processed up to the limitation period under civil law if the Psychologist has a legal claim against the Client or if the Client asserts a legal claim against the Psychologist. Pursuant to § 6:22 of Act V of 2013 on the Civil Code, the data may be deleted after 5 years.

In case of special data: special data collected and otherwise processed during the Psychology Process will be processed on the basis of the client's written consent until the client's written consent is withdrawn, until the client's request for data erasure is fulfilled or until the Psychology Process is terminated.

Duration of data processing in case of registration: the Data Controller will process the above data until the user cancels the registration or unsubscribes from the newsletter. In the event of a request to cancel registration or unsubscribe from the newsletter, the Data Controller shall delete the data relating to the user's registration.

VI. Who Else Has Access To Your Personal Data

The Psychologist, as an independent data controller, has personal access to your data in connection with the organisation and implementation of the Psychological process. In relation to the consultancy contractual relationship, the Psychologist's accounting tasks are carried out on behalf of a data processor under a data processing contract.

Person and contact details of the data processor (accountant):

For Kata Molnár: Ágnes Balogh 06/30/600-4917, S és G Bt. (2000, Szentendre, Eper utca 11, tax number: 28188625-1-13, representative: Ágnes Bartha). The data processor accountant has access only to the personal data used for invoicing (name, address).

VII. Data Security Measures

The data controller shall store the paper documents separately in a separate, locked room where the consultation takes place. The laptop used by the controller for work purposes shall be password protected.

Electronic communication between the Psychologist and the Client, personal data and specific data, in particular medical data, recorded in relation to what is said during the consultations, shall be made via the Psychologist's dedicated e-mail address. With regard to written (electronic) communication between the Psychologist and the Client, category II personal data (including special data) may also be processed in accordance with the provisions of this Information Notice.

VIII. Other Obligations Of The Data Controller

The data controller takes all necessary measures to protect the personal data processed against unauthorized access, alteration, disclosure, deletion, damage or destruction.

The data controller is bound by the psychologist's duty of confidentiality with respect to his/her psychological and personal data concerning the Client, which are covered by the psychologist's confidentiality, in accordance with the provisions of Section 5 of the Joint Professional Code of Ethics of the Hungarian Psychological Society ("Code of Ethics"). The obligation of confidentiality of the data controller shall survive the termination of his/her relationship with the Client. Your personal data are protected by psychologist-client confidentiality. The data controller is exempted from the confidentiality obligation pursuant to Section 7 (2) of the Eüaktv. only if you have given your written consent to the transfer of the health and personal data within the limitations set out therein; unless the transfer of the data is required by law.

IX. Data Subject's Rights And Remedies In Relation To Data Processing

Rights

Withdrawal of consent

Data subjects have the right to withdraw their consent to the processing they have given at any time during the period of processing, but such withdrawal does not affect the lawfulness of the processing carried out on the basis of their consent prior to the withdrawal.

Access

The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
d) where applicable, the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
e) the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data relating to him or her and to object to the processing of such personal data;
f) the right to lodge a complaint with a supervisory authority;
g) where the data have not been collected from the data subject, any available information concerning their source.

Correction

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data based on the legitimate interests pursued by the controller. In such a case, the Controller may no longer process the personal data, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Employee or for the establishment, exercise or defence of legal claims.

Deletion and restriction

The data subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay and the Data Controller shall be obliged to erase personal data relating to the data subject without undue delay if one of the following grounds applies:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
d) the personal data have been unlawfully processed;
e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
f) the personal data have been collected in connection with the provision of information society services directly to children.

The above provisions shall not apply where the processing is necessary:

  • to comply with an obligation under Union or Member State law to which the controller is subject to which requires the processing of personal data, or for reasons of public interest;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it; or
  • for the establishment, exercise or defence of legal claims.

The data subject shall have the right to obtain, at his or her request, restriction of processing by the controller where one of the following conditions is met:

a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
c) the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
d) the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.

If the processing is subject to restriction, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.
The controller shall inform the data subject at whose request the processing has been restricted in advance of the lifting of the restriction.

Data Portability

The data subject shall have the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which he or she has provided the personal data, if:

a) the processing is based on consent or on a contract; and
b) the processing is carried out by automated means.

In exercising the right to data portability, the data subject shall have the right to request, where technically feasible, the direct transfer of personal data between controllers.

Please note that if it is not technically feasible for the data subject to receive the data, the right to data portability cannot be exercised.

Remedies

Data subjects may lodge a complaint with the National Authority for Data Protection and Freedom of Information in the event of a breach of the law on the processing of personal data:

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság

Seat: 1055 Budapest, Falk Miksa utca 9-11., Telefon: +36 (1) 391-1400; Email: ugyfelszolgalat@naih.hu; honlap: www.naih.hu Postal Address: 1363 Budapest, Pf.: 9.,

Email: ugyfelszolgalat@naih.hu Honlap/Web Page: http://www.naih.hu

Furthermore, the data subject may bring a judicial remedy against the Controller or its data processors before the courts of the place of residence or domicile of the data subject, at the data subject's choice.

X. Webpage Related Data Processing And Cookie Policy

The Data Controller supplements the above Privacy Policy with the following relevant information during the visit to the website, summarising in one point the information relating to the processing of data exclusively during the visit to the website.

Information about visitors to the A Lélek Kulcsa website

By using our website and by sending us an e-mail containing your personal data, you consent to the collection, processing, treatment and transfer of your personal data to the extent necessary for the purposes for which you provided them, in accordance with the policy detailed below, which each data subject accepts as binding on him or her by accessing and using the website.

During visits to the website, one or more cookies - small bits of information sent by the server to the browser and then returned by the browser to the server for each request directed to the server - are sent to the computer of the person visiting the website, through which his/her browser(s) will be uniquely identified, provided that the person visiting the website has given his/her explicit (active) consent to this, after being clearly and unambiguously informed, by his/her behaviour in browsing the website.

Cookies are used solely to improve the user experience and automate the login process. The cookies used on the website do not store personally identifiable information, and the Data Controller does not process personal data in this context.

Contact

In the event of contact initiated by the user, the person concerned voluntarily consents to the processing of his/her data. The contact form will include the name, telephone number, email address of the data subject, the data voluntarily provided by the data subject in a message.

XI. Miscellaneous Provisions

This Privacy Notice is effective from 18 March 2024.