The purpose of the Policy is to ensure the protection of natural persons’ data as required by law, to set out the rules relating to the processing of personal data and to lay down the standards of data protection and data security.
This privacy statement governs the processing of personal data by the website fullpotential.academy and summarises the data processing principles and practices of the controller of this website.
The operator of the fullpotential.academy website, Kalmár András e.v., is entitled to obtain the necessary documents and statements concerning the personal data of the natural person client and the natural person representing the client, and to process the personal data contained therein, in order to provide the services provided for in the contract and to fulfil the obligations undertaken, in accordance with the provisions of the GDPR Regulation, other applicable legislation and the contracts concluded with the client.
The Privacy Notice is available on the following page:
In drafting this Guide, account has been taken of the relevant legislation in force and the main international recommendations, in particular:
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)
Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
Act V of 2013 – on the Civil Code (Civil Code);
Act CLV of 1997 – on Consumer Protection (Fgytv.);
Act C of 2000 – on Accounting (Accounting Act);
Act CVIII of 2001 – on electronic commerce services and the
information society services (Eker. tv.);
Act C of 2003 – on Electronic Communications (Eht.);
Act XLVIII of 2008 – on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008).
The background of data processing is provided by the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.) and Act C of 2000 on Accounting (Sztv.). In accordance with Article 5 (1) (a) of the Data Protection Act, the processing of personal data is based on your consent and – in case of withdrawal of consent – on the fulfilment of the legal obligation of the Data Controller under Article 6 (5) (a) of the Data Protection Act. We need your personal data in order to provide you with our services and for our marketing activities in relation to our services.
The data controller
Company name: Kalmár András e.v.
Address: 1. 1/2. Kőporos utca, Miskolc, 3531, Hungary
Tax number: 69445394-1-25
Registration number: 53193548
Electronic contact: firstname.lastname@example.org
Represented by: Kalmár András
Telephone contact: +36304391379
Account number: 12100011 10416190 (Gránit Bank)
Data of hosting provider:
Name: Hostinger International Ltd
Registered office: 61 Lordou Vironos str., 6023 Larnaca, Cyprus
The provisions of the regulations enter into force on the day of signature. The policy is valid until withdrawn or until further notice.
Scope of processed data and stakeholders
In order for you to receive appropriate service or information, you may be obliged to consent to the processing of your personal data. In the absence of this, it may happen that the requested information or requested service (e.g. signing up for a course, providing a personalized offer) cannot be provided to you.
The data controller is responsible for the protection of your personal data, full compliance with the laws related to the protection of personal data, data management and data processing.
At the request of our visitors and customers, in accordance with the contents of their request, we provide detailed information in all cases about the processed personal data, the purpose, legal basis, duration of the data management and the activities related to the data management.
We process sensitive personal data only with your express consent. Sensitive data can be:
• Political opinions
• Union membership
• Sexual orientation
• Health information
• Biometric data
• Genetic data
The general purposes of processing personal data:
• identification of the Customer or his representative,
• exercising the rights and fulfilling obligations contained in the contract (including conducting transactions) and certifying their fulfillment,
• information and marketing related to transactions or the Company’s activities,
• asserting the legitimate interests of the Company,
• settlement according to the legal relationship regulated in the contract,
We can access personal data
In case of entering into a contract, in case of personal contact, or if you send us your data in writing.
In the event that you use one of our services or inquire about one of our services.
Personal data is information that enables the identification of individuals, such as the following:
Name and contact information (e.g. home address, e-mail address, phone number)
Profile information (e.g. username, profile picture, social media account information)
Date and place of birth
Certain technical data (e.g. username, IP address, browser and device information, information collected through cookies or similar, server logs, application usage data and information, other IT settings (monitoring consumer habits and preferred products
Credit and debit card number (in the case of bank card payment, the payer’s ID, transaction amount, date and time will be forwarded to the Bank.)
We also collect personal data about the use of our services through a browser, including tracking your activity on our websites, collecting data about your type, your IP address, screen resolution, operating system name and version number, device type, browser type and version number, from your internet service provider. In all cases, the IP address is identified and your login is recorded by the server every time you enter our site, something is recorded about which pages you visited. We store this data together with the personal data you provide.
Online data collection can take place:
the. Online inquiries about products and services via the ‘Contact’ form on the website
Scope of processed data:
Name, address, phone number, email address
The purpose of data management:
Later contact for information about products and services via email and phone
Duration of data management:
for 5 years
• Regarding ordering a product and issuing an invoice
Legal background and legal basis of data management:
The background of data management is the CXII of 2011 on the right to self-determination of information and freedom of information. Act (Infotv.) and the provisions of Act C of 2000 on accounting (Act.). The legal basis for data management is Infotv. In accordance with Section 5 (1) point a) of your consent, as well as – in case of withdrawal of your consent – Infotv. Pursuant to point a) of § 6, paragraph (5), the fulfillment of the legal obligation imposed on the Data Controller, set forth in the Sztv.
The purpose of data management:
Issuing an invoice in accordance with the legislation and fulfilling the obligation to keep accounting records. The Sztv. Based on paragraphs (1)-(2) of § 169, economic companies must keep the accounting documents directly and indirectly supporting the accounting.
Scope of processed data:
Name, address, e-mail address, phone number, date of birth, age and, in case of purchase by a legal entity, tax number
Duration of data management:
The invoices issued by Sztv. Based on § 169, paragraph (2), it must be kept for 8 years from the date of issue of the invoice. We would like to inform you that if you withdraw your consent to the issuance of the invoice, the Data Controller, Infotv. Based on point a) of § 6, paragraph (5), you are entitled to keep your personal data obtained during the issuance of the invoice for 8 years.
• Community sites
It is possible that we may receive your personal data from other sources, e.g. from social media sites (e.g.: Facebook/Google+/Twitter/Pinterest/Youtube/Instagram/LinkedIn/TikTok) or from other messaging applications (e.g.: Messenger/WhatsApp/Viber/Signal/Telegram) or from persons registered on these platforms , with whom you associate as friends or otherwise on these sites, or from any other third party. If you decide to connect to one of their services with your social media account, the data you provided during registration will be shared with us (e.g. e-mail address, telephone number, mailing address, date of birth, name and username).
When using social networking sites, the data management takes place on the social networking sites, so the regulation of the given social networking site applies to the duration and method of data management, as well as the options for deleting and modifying the data.
The fact of data collection, the scope of processed data:
Facebook/Google+/Twitter/Pinterest/Youtube/Instagram/LinkedIn/TikTok registered name, address, phone number, email address and public profile picture of the user.
In the case of Messenger/WhatsApp/Viber/Signal/Telegram applications, your phone number, public profile picture, email address
The range of stakeholders:
All stakeholders who are registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram/LinkedIn/TikTok social networks or Messenger/WhatsApp/Viber/Signal/Telegram applications and follow the Company’s social profile or visit the website through it, or You use any service of a company
The purpose of data collection: To share certain content elements, services, promotions or the website itself on social media sites, to promote the Company’s online presence, and to increase its social followers.
Description of the duration of data management, the deadline for data deletion, the identity of possible data controllers authorized to access the data and the rights of the data subjects related to data management:
The person concerned can find out about the source of the data, its management, the method of transfer and its legal basis on the given social page.
Legal basis for data management:
the consent of the concerned volunteer to the management of his personal data on social networking sites.
How do we use your personal data?
The purpose of processing your personal data is to fulfill orders, including the use of the ordered services.
This includes all customer service and administrative services that enable the fulfillment of your contract.
The scope of use of your personal data enables:
• the possibility of contacting you and fulfilling our contract, to the extent necessary for this,
• the provision of services in which information and other materials become accessible to you (e.g. messages, chat, profile pages, blogs and other services)
• analyzing your previous activity in order to provide you with even better offers by customizing campaigns. You can unsubscribe from these campaigns at any time. This request can be reported via the e-mail address email@example.com or by using the unsubscribe link in the marketing materials.
Scope of data processors
User data can only be accessed by employees of the data controller and cannot be disclosed to third parties, with the exception of bank card payments, when the payer’s ID, transaction amount, date, and time are transmitted to the service provider processing the payment.
Apart from the above-mentioned cases, the data controller transmits the user’s data to the requesting authority solely out of legal obligation, if the referred authority has the appropriate legal basis.
Exclusion of Liability for Third-Party Infringement
Under no circumstances can the Data Controller be held responsible for the actions, websites or links of third parties. The fact that the website contains a link does not mean that it endorses the site to which the link leads.
Features provided by third parties may allow you to share your activity on, for example, social networking sites. The Data Controller cannot influence this, and therefore cannot be held responsible for the use of any personal data by a third party.
The legal basis of the data management policy and the user’s rights
The consent of the legal representative exercising parental supervision over the data subject is required for the consent-based management of the personal data of children and minors.
The Data Controller declares that it has taken appropriate organizational, technical and administrative security measures in order to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as from accidental destruction and damage, as well as from changes in the used technology against becoming inaccessible.
Your rights during data management
The rights of those concerned and their protection
a.) Transparent measures
The Company will take the organizational and technical measures in order to be able to provide the data subject, based on the aspects defined in the GDPR Regulation, with the information regarding the handling of his personal data within the prescribed time limit (25 days) in writing or orally. The written information must be given to the affected parties before the establishment of the contractual relationship and the processing of personal data: – in the case of contracts, when the contract is concluded; – in other cases when providing or learning personal data. Written information is free of charge. The information is also considered to be in writing if it is sent by electronic mail on an electronic interface designed for the person concerned. Information can only be refused in cases prescribed by law. The data controllers ensure that the internal provisions governing contact with the data subjects and the contractual conditions also cover information, and that such information is easily accessible to the data subjects on the Company’s website. The data subject has the right to withdraw his consent at any time. The revocation does not affect the legality of data processing based on consent, prior to the revocation. Before giving consent, the data subject must be informed of this. It should be possible to withdraw consent in the same way as to give it. 10 The condition for oral information about the rights of the data subjects was the establishment of the identity of the data subject and the conditions for the right to information. The data controller of the data of the data subject is responsible for providing information at the request of the data subject.
b.) Information to be made available if the personal data is obtained from the data subject
The data protection information provided to the data subject must cover the following basic information:
– the identity and contact information of the Company as data controller;
– the identity and contact details of the data protection officer;
– the purpose of processing personal data and the legal basis for processing it (data processing based on consent, fulfillment of a contract, or fulfillment of the legal obligation of the Enterprise);
– categories of personal data concerned.
At the time of obtaining personal data, in order to ensure fair and transparent data management, the data subject must be informed of the following additional information:
– the period of storage of personal data, or if this is not possible, the criteria for determining this period;
– if the legitimate interest of the Company or a third party can be established, then the fact of this;
– if the legal basis of the data processing is the consent of the data subject, then about the right to access, correct, delete, limit the processing of personal data, object to the processing of personal data and the right to data portability, as well as the consequences of withdrawing consent to data processing;
– on the right to submit a complaint to a supervisory authority.
c.) The data subject’s right of access
The Company provides the data subject with continuous access to his personal data and information through data management as follows.
– General information about data management on the website;
– in relation to personal data related to the performance of the contract in the contract conditions or in the data protection information issued for it;
– in relation to specific data subjects, on the basis of written or oral inquiries about operations related to their individual personal data
d.) Right to rectification
The data subject can request the correction of their data or the addition of incomplete data. In order to fulfill the request of the person concerned, the Company may request a document from the person concerned, based on the data of which the correction or addition will be carried out immediately, but within 3 working days at the latest.
e.) The right to erasure (“the right to be forgotten”)
For the reasons specified in the Data Protection Decree, the Company will delete the personal data of the data subject immediately, but no later than within 3 working days. The data subject does not have the right to deletion if the fulfillment of his personal data is necessary for the fulfillment of the Company’s contractual obligations or legal obligations, or if the legitimate interest of the Company requires it. In order to legally refuse the deletion, the data controller is obliged to ask the opinion of the data protection officer.
f.) The right to restrict data processing
Data management may be restricted based on the request of the data subject. Regarding the data subject’s request in this regard, the position of the data protection officer must be sought (if any). If, according to this resolution, there is room for the restriction of data management, the data controller is obliged to indicate the personal data of the data subject on all data carriers and in its records. The marking can be done by indicating the identification number of the person concerned in the register, or in the case of paper-based documentation, by placing a note on the first page of the documents.
g.) Notification obligation related to the correction or deletion of personal data or the limitation of data management
The data controller is obliged to inform the data subject in writing about the correction, deletion and restriction of the data.
h.) The right to data portability
The data subject has the right to request the transmission of his personal data in a widely used, machine-readable format. In contrast to the GDPR, the data subject is entitled to exercise this right even if the Company does not process his data on the basis of the data subject’s consent, provided that the data is processed in an automated manner
In what cases can we share your personal data with others?
• In accordance with the laws in force and in cases,
• In possible legal proceedings
• When contacting state and government bodies
• In order to enforce the contractual conditions
• In order to protect our rights,
• With our partners who carry out the purchased service (in particular: our employees, subcontractors), for the purpose of providing the service
We reserve the right, especially in the event that a legal dispute arises, in order to resolve the legal dispute without hindrance, to enforce and protect your and our rights, we may process personal data beyond the period originally or legally defined for data processing.
Remedies and Applicable Laws
If the data subject considers that the Company has violated the applicable data protection requirements when handling his personal data, then
– you can submit a complaint to the Authority (National Data Protection and Freedom of Information Authority, address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9., E-mail: firstname.lastname@example.org, website: www. naih.hu), or
– you have the option to go to court in order to protect your data, which will act out of turn in the case. In this case, you are free to decide whether to file your claim with the competent court according to your place of residence (permanent address) or place of stay (temporary address), or the seat of the Company. You can find the court according to your place of residence or stay at http://birosag.hu/ugyfelkapsoklatiportal/birosag-kereso. According to the seat of the Company, the Court of Miskolc has jurisdiction over the lawsuit.
Changes to the data protection policy
The data manager reserves the right to unilaterally change this information at any time. It notifies its customers, the users of the published data, of any changes in due time via the website.
This data management policy is effective from 11.01.2024 until withdrawn.
András Kalmár e.v.