PRIVACY NOTICE OF
WWW.INNERTRUTHCONVERSATIONS.COM
WEBSITE

(date of last revision: 21 June 2021)

  1. WHAT IS THIS NOTICE ABOUT AND WHO AND BASED ON WHAT LEGISLATION PROCESSES MY PERSONAL DATA?

The purpose of this privacy notice (hereinafter referred to  as ’Privacy Notice’) is to present the principles based on which Bernadett Dara private entrepreneur (registered seat: 1065 Budapest, Nagymező u. 68.); e-mail address: info@innertruthconversations.com; and Eszter Dara private entrepreneur (registered seat: 1065 Budapest, Nagymező u. 68.); hereinafter referred to as ’Controllers’) process your personal data for the performance of coaching services at www.innertruthconversations.com owned by them jointly (hereinafter referred to as ’Website’).

For the purposes of this notice, data subject/user (Data Subject) shall mean the natural person whose personal data are processed by the Controllers with the view to use the Website and to provide the services available at the Website.

Before you use this Website, please read this Notice attentively.

In the course of processing related to the Website, the Controllers shall fully consider and apply the applicable rules of law in force, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ’GDPR’) and Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

Intellectual property rights – conditions for use of the Website content

The written contents disclosed on the Website are owned by Bernadett Dara and are protected by copyright and any use thereof is subject to a prior permit. If there is any reference to (an)other author(s), such author(s) shall always be indicated in the relevant source.

  1. SCOPE OF THE PERSONAL DATA PROCESSED

We request users to provide various personal data for accessing various services, taking the principle of data minimization into consideration. This Privacy Notice applies solely to the processing of the data of natural persons visiting the Website considering that personal data have sense in respect of natural persons only.

Use of most of the services available on the Website does not require your prior identification, so the Controllers process no personal data relating to you in respect of such services (except the cookies that may be used on the Website).

However, there might be cases when the Controllers nevertheless become in possession of personal data during use of the Website, for example if you contact us using the ‘Book a call’ option available on the Website.

Detailed list of the data processed:

Name

Address (only for invoicing)

E-mail address

Telephone

 

CHILDREN

Our services are not intended for individuals under 18 and they may not use such services. We ask individuals under 18 not to provide any personal data to the Controllers. If we become aware of the fact that we have collected personal data from an individual under 18, we will take the necessary steps for deleting such data as soon as possible. The Controllers are not in a position to verify the age or the content of a statement of the Data Subject, so the Data Subject or the user will be responsible to decide whether he or she is entitled to use the service or not.

  1. PURPOSE OF PROCESSING
  • Use of ‘Book my free discovery call’

If you use the ‘Book my free discovery call’ option, the Controllers will process your personal data specified in chapter 2 for the purposes to appoint the date, time and place of a free 50-minute coaching call you intend to use.

Processing is required for the steps to be taken prior to conclusion of the (coaching service) contract and the purpose of processing is to provide you personalized service and to send a quotation at your request that may underlie a future potential contract or order.

  • Other approach

If you contact us via the e-mail address provided on the Website, the Controller will process your personal data in order to be able to provide the information you requested or, if requested, to send a quotation that may underlie a future potential contract or order.

Detailed list of the data processed:

Name

E-mail address

Content of the message

  1. LEGAL BASIS AND DURATION OF PROCESSING
  • If the ‘Book my free discovery call’ option is used

Pursuant to Article 6(1)a) of the GDPR, the legal basis of processing is your express consent to processing, which may be given on the ‘Book a free call’ page of the Website by ticking the checkbox near the sentence “I have read the Privacy Notice and understood its content and, accordingly, I give my consent to the processing of my personal data by the Controllers.”

The consent is freely given and can be withdrawn at any time, however, withdrawal of the consent shall not affect the lawfulness of processing performed before its withdrawal. If you do not give your consent or withdraw your consent to the processing of your personal data, we might be unable to provide you the information requested.

Please note that the Controllers will only process your personal data:

  • if the (coaching service) contract has been concluded, during the term thereof or, according to the Accounting Act, for 8 years following the year in which it was performed;
  • if the (coaching service) contract has not been concluded, i.e. the purpose has not been achieved, until 1 March of the year following the year in which the offer expired;
  • if the (coaching service) contract has not been concluded and you withdraw your consent, for 15 days after its withdrawal, when the personal data will be erased.

 

  • If you contact us in another way

Pursuant to Article 6(1)a) of the GDPR, the legal basis of processing is your express consent to processing, which may be given to us by your implicit conduct so that you contact us using the contact details indicated on the Website.

When you contact us, please do not share any data that might be deemed to be special (e.g. health-related) information as the Controllers are not in a position to answer your questions of such kind and to process the related special data.

The consent is freely given and can be withdrawn at any time, however, withdrawal of the consent shall not affect the lawfulness of processing performed before its withdrawal. If you do not give your consent or withdraw your consent to the processing of your personal data, we might be unable to provide you the information requested.

Please note that the Controllers will only process your personal data:

  • if the (coaching service) contract has been concluded, during the term thereof or, according to the Accounting Act, for 8 years following the year in which it was performed;
  • if the (coaching service) contract has not been concluded, i.e. the purpose has not been achieved, until 1 March of the year following the year in which the offer expired;
  • if the (coaching service) contract has not been concluded and you withdraw your consent, for 15 days after its withdrawal, when the personal data will be erased.
  1. DATA PROCESSING; DATA TRANSFER

In the course of the above processing activities, the Controllers may employ data processors for performing certain data processing activities (for example to provide the server hosting and system manager’s services required for operation of the Website, e-mail communication, accounting, electronic invoicing, for providing the coaching service online). Currently, the Controller employs the following data processors:

Name: Tárhely.Eu Szolgáltató Kft.

Registered seat: 1144 Budapest, Ormánság u. 4.

Category: web hosting operator

Name: Microsoft Office 365 Business

Registered seat (data servers): Microsoft EMEA (Austria (Vienna), Finland (Helsinki), France (Paris, Marseille), Ireland (Dublin), Netherlands (Amsterdam)

Category: e-mail and video/audio meeting provider

Name: Billingo Technologies Zrt.

Registered seat: 1133 Budapest, Árbóc utca 6. Fl. 3

Billingo’s Privacy Notice

Category: electronic invoicing

The Controller reserves the right to change and extend, as appropriate, the above list of data processors so that you may request information at any time about the names and contact details of the data processors employed by e-mail at info@innertruthconversations.com.

Data transfer to the data processors defined in this Notice may be carried out without the User’s special consent. Unless otherwise provided in law, personal data may only be released to third parties or authorities on the basis of an official decision or with the User’s prior explicit consent.

  1. WHAT RIGHTS AM I ENTITLED TO IN RELATION TO THE PROCESSING OF MY PERSONAL DATA?

According to the applicable Hungarian and EU data protection rules, you are entitled to:

  • obtain confirmation/feedback of whether the processing of your personal data is in progress and if so, whether you are entitled to request access to your personal data. In this regard you may obtain – among others – information about the following: the purposes of processing, the categories of the personal data concerned, the recipients or categories of the recipients to whom the personal data have been or will be disclosed, the duration of processing, the source of the personal data processed, the right to lodge a complaint with a supervisory authority (for detailed description of these rights see Article 15 of the GDPR);
  • to request to have your inaccurate personal data rectified or to have your incomplete personal data completed (for detailed description of these rights see Article 16 of the GDPR);
  • to request erasure of your personal data in the cases defined in the GDPR (for example if you have withdrawn your consent to processing or the personal data are no longer necessary to achieve the purpose of processing) (for detailed description of these rights see Article 17 of the GDPR);
  • to request restriction of processing of your personal data in the cases defined in the GDPR. You may be entitled to restriction of processing if you contest the accuracy of your personal data being in possession of the Controllers or you have objected to the processing of your personal data or the Controllers process your personal data unlawfully and you prefer restriction of processing to erasure. Furthermore, you are entitled to request restriction of processing of your data if the Controllers no longer need your personal data but the personal data concerned are required by you for the exercise or defence of legal claims. In the event you have requested restriction of processing of your personal data as described above, further processing of the data concerned is allowed (in addition to their storage) only within the narrow scope defined in the GDPR (so for example if the personal data subject to restriction are required for the exercise of a legal claim) (for detailed description of these rights see Article 18 of the GDPR);
  • in exercise of your right to data portability, to request the Controllers to provide the personal data relating to you in a commonly used and machine-readable format or to transmit those data to another controller. You are entitled to the rights for data portability if processing is based on your consent or performance of a contract to which you are a party, in both cases provided also that processing is carried out by automated means (e.g. using a computer system) (for detailed description of these rights see Article 20 of the GDPR).

The Controller may refuse your request for access or rectification if one of the following conditions exists:

  • The Controllers will not process the data covered by the request.
  • The applicant has not provided sufficient information to enable the Controller:
  • to identify the applicant (if for example the Controller has access only to pseudonymized or encrypted data). In this relation the Controllers may take all reasonable measures in order to identify the applicant data subject. The Controllers may forward the request and/or redirect the data subject to an individual who can address his or her request;
  • to find the personal data;
  • to establish that the personal data covered by the request of rectification is inaccurate, incomplete, deceiving or not up-to-date.
  • The charges and expenses related to provision of access are not proportionate to the risk of violation of the applicant’s privacy.
  • The Controller is unable to meet the request for access without providing personal data based on which any individual other than the applicant can be identified.
  • Another controller processes the data relating to the request for access so that it hinders meeting of the request for access.
  • The provision of access:
  • would violate a judicial decision;
  • would result in disclosure of confidential business information; or
  • to the personal data concerned is governed by another legislation.

If you intend to exercise your rights listed above or have any question or comment relating to this Notice or the processing carried out by us, please contact us using the following contact details:

Mail address: 1065 Budapest Nagymező utca 68.

E-mail address: info@innertruthconversations.com

  1. WHAT REMEDIES DO I HAVE?

Please note that if you find that your rights are violated during processing, you will have the following options:

  • you may contact the Controllers directly using the contact details available on the Website;
  • you may lodge a complaint to any supervisory authority [e.g. in Hungary to the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – ‘NAIH’)]. Contact details of NAIH: registered seat: H-1055 Budapest, Falk Miksa utca 9-11.; e-mail: ugyfelszolgalat@naih.hu;
  • you may access a court if your personal data are processed unlawfully and the requirements for data security are infringed. As stipulated in law, you may be entitled to receive a compensation and restitution. You may receive information on the competence and contact details of courts at: birosag.hu

In order to ensure that your problems and comments relating to processing, if any, are solved as quickly and efficiently as possible, we suggest that first you should contact us in connection with any processing-related requests or complaints.

  1. WHAT COOKIES ARE USED BY THE WEBSITE? AUTOMATIC PROCESSING

The Website uses cookies to ensure better user experience. When you visit the Website for the first time you may review and customize the cookies used by the Website in the pop-up dialogue box (hereinafter referred to ’Cookie Panel’) (’Preferences’ button) and allow cookies (’Accept all’ button) or block cookies (’Dismiss’ button).

Please note that cookies indispensable for operation of the Website will be allowed even if you select the ‘Dismiss’ option on the Cookie Panel.

You may modify your cookie settings at any time by clicking on the “Manage consent” button on the bottom of the Website.

The Website may be visited by anyone without the need to provide any personal data other than those required for technically automatic processing. Therefore, in the course of browsing on the Website, only the technical data mentioned above – in particular the data of the browser and operation system and the user’s IP address, as well as the URL of the login and logout pages and the time of visit – will be recorded for statistical purposes. These data correspond to the data of the User’s login computer that are regenerated during use of the Service and that are recorded by the Controllers’ system as automatic result of technical processes. The data to be recorded automatically will be logged by the system automatically when logging in and out without the User’s explicit consent or act.

Purpose of processing: identification and distinction of users from each other, identification of the users’ current session, storage of the data provided thereby, prevention of data loss, identification and tracking of users, web analytic measurements, so in particular:

  • the purpose of cookies placed by Google Analytics is to collect statistical data concerning the visit of the site
  1. MISCELLANEOUS
  • Security measures

The Controllers shall ensure security of the personal data, implement appropriate technical and organizational measures and adequate procedural rules to protect the recorded, stored and processed data, including protection against accidental loss, unlawful destruction, unauthorized access, unauthorized use, unauthorized amendment and unauthorized dissemination thereof. The Controllers will invite all third parties to meet this obligation to whom they transmit personal data.

  • Data processing by external service providers on the Website

External service provider: the Controllers may, in connection with operation of the Website or the provision of the services provided there employ – either directly or indirectly – third party service providing partners to whom the personal data are or may be transferred, or who may transfer personal data to the Controllers. Furthermore, service providers who are not in cooperation with the Controllers but who, by having access to the Website, collect data of the Users that may be suitable to identify the User – either independently or combined with other data – shall also be considered external service providers.

The personal data processed in the systems of external service providers shall be subject to the provisions of the external service providers’ own privacy notices.

Certain service providing partners place short data files, so called “cookies” on the user’s device for the purposes of identification and tracking of users and read them back in future use. If the device returns a cookie saved previously, the service provider managing the cookie is allowed to combine the user’s current visit with the previous ones in respect of the websites which use the cookie of the external service provider.

There are external service providers with whom the Controllers do not have contractual or cooperation relationship intentionally in respect of the relevant processing, but who nevertheless collect data on the Users or user activities, which may be suitable – either independently or combined with the data collected by such other external service provider – for identifying the User. Such external service providers might be, in particular, including but not limited to:  Facebook Ireland LTD, Google LLC, Instagram LLC, Infogram Software Inc, PayPal Holdings Inc, Pinterest Europe Ltd, Playbuzz Ltd, Twitter International Company, Viber Media LLC, Vimeo INC, YouTube LLC, mailchimp, automate.io, Outreach, expandi.io.

Such external service providers process the Personal Data forwarded to them according to their own privacy policies. The Provider shall bear no liability for the data protection rules, guidelines, practices and contents of such websites or other applications. The Users shall always verify the data protection notices of the websites they visited or the applications they downloaded by themselves.

Both the Website and the Application include social media functions (such as Facebook Like and widgets like Facebook Share). The social media functions and widgets are stored by a third party or directly by the website and the related User data are governed by the Data Protection Guidelines of the companies providing them.

  • Other processing

You will be informed concerning processing not mentioned in this Notice at the time of your registration. We inform our clients that, based on the authorization of courts, prosecutors, investigating authorities, authorities dealing with administrative offences, administrative authorities, the National Authority for Data Protection and Freedom of Information, or of law, other bodies may request the Controller to provide information, to disclose and transfer data or to make data available.

The Controller may provide personal data to authorities – provided that the authority has specified the precise purpose and the scope of data – only to an extent as is necessary for the purpose of the request.

  • Rules of procedure

The Controllers will provide information to the data subject on actions taken on a request without undue delay and in any event within one month of receipt of the request referred to in Articles 15 to 22 of the GDPR. That period may be extended by further two months where necessary, taking into account of the complexity and number of the requests. The Controllers shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. The Controllers shall give access to the personal data so that they send the personal data and information processed via e-mail after identification of the data subject. Where the data subject filed the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the Controllers do not take actions on the request of the data subject, the Controllers shall inform the data subject without delay and at the latest within one month after receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. That period may be extended by further two months (60 days) where necessary, taking into account of the complexity and number of the requests.

The Controllers will provide the information, communication and actions requested free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controllers may charge a reasonable fee taking into account of the administrative costs of providing the information or communication or the action requested or may refuse to act on the request.

Any person who has suffered material or non-material damage as a result of an infringement of the GDPR will have the right to receive compensation from the Controllers or data processor for the damage suffered. Any controller involved in processing shall be liable for the damage caused by processing which has infringed the GDPR. A data processor will be liable for the damage caused by processing only where it has not complied with the obligations defined in the GDPR specifically directed to data processors or where it has acted outside or contrary to lawful instructions of the Controller. The Controllers or the data processor will be exempt from liability if they (it) prove(s) that they (it) are (is) in no way responsible for the event giving rise to the damage.

 

The Controller will not be entitled to delete the data subject’s data unless processing was stipulated in law

Track Changes

Version Date of revision Sections concerned Subject of revision
v_01 21 June 2021 new document