INFORMATION ON DATA PROCESSING


I. Introduction, scope:

Beáta Székely, as Controller, is committed to compliance with effective data protection regulations and to maintaining the legality of processing. This data processing policy specifies the Controller’s activities relating to the Data Processed, in accordance with the GDPR, in simple and clear wording. This policy applies to data transfers via the website operated by the Controller and to the transfer of Personal Data to the Controller, based on a contract or other legal transaction.


II. Definitions:

Controller: Beáta Székely, private individual, whose data are specified in detail in chapter III.

Data Processed: The totality of the data collected by the Controller and affected by processing.

Data Subject: The natural person whose Personal Data are handled by the Controller.

Personal Data: Any information relating to the identified or identifiable natural person (“Data Subject”).

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation)


III. The Controller’s data and contact information:

Name: Beáta Székely, private individual, Registering authority: National Tax and Customs Administration of Hungary, Budapest, Hungary.

E-mail: beata.szekely.paintings@gmail.com


IV. The legal basis and the rules of processing:

The Data Subject may transfer Personal Data to the Controller via the websites operated by the Controller or based on a contract concluded verbally or in writing between the Controller and the Data Subject.

The Controller’s processing activities are performed in accordance with the rules and principles defined by the GDPR, with special consideration for article 32 of the GDPR.

The period of processing is indefinite, from the transfer of Personal Data, unless the Data Subject requests otherwise. In case of verbal or written agreement, fallowing contact, from contractual performance, the processing of Personal Data will last as long as it is necessary in each individual case, depending on the subject of the agreement.

The website operated by the Controller is the following: www.beataszekely.com

At the website operated by the Controller, visitors of the website may provide their Personal Data: their full name, email address, delivery address and telephone number, supplemented with further data qualifying as Personal Data, in the freely editable spaces. 

By accepting data processing rules and by clicking on the 'SEND' and 'Sign Up' buttons, the Data Subject consents to the processing of his or her Personal Data by the Controller (voluntary consent to processing).

The Controller processes the Personal Data provided on the website with the purpose of contacting the Data Subject, in order to send newsletters, to reply to messages and settle the related issues in each individual case, and to answer the Data Subject’s questions.

The Controller protects the Data Processed with appropriate, reasonable measures, primarily against unlawful access, alteration, transfer, unauthorized disclosure, erasure, destruction and rendering inaccessible. The Controller, with consideration for technological developments, shall provide for the efficient protection of processing with technical measures which provide an adequate level of protection regarding risks relating to processing. In the course of processing, only authorized persons may access the Data Processed, and the Controller shall be continuously available to enforce the Data Subject’s interests. While striving to maintain a high level of security, no system can guarantee absolute security, and thus the Controller cannot be held liable for data breaches that may occur despite these efforts.

The Controller does not process any sensitive data, thus especially data on ethnic origin, political opinions, religious or other beliefs, health status or sexual orientation.

The Controller uses Squarespace to host and manage the website. As Squarespace is based in the United States, the Data Subject’s Personal Data may be transferred to and processed in a third country outside the European Economic Area (EEA).


V. Rights relating to processing:

The Controller informs the Data Subject that he or she has the following rights relating to processing:

Right of access. The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, to receive information about the Data Processed and the additional circumstances of processing specified in article 15 (1) of the GDPR.

The right of rectification. The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Data Processed concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete Data Processed completed, including by means of providing a supplementary statement.

Right to erasure (right to be forgotten). The Data Subject shall have the right to obtain from the Controller the erasure of the Data Processed concerning him or her without undue delay, and the Controller shall have the obligation to erase Data Processed concerning the Data Subject without undue delay if the Data Processed are no longer necessary, the Data Subject withdraws consent for processing, or processing was unlawful.

Right to restriction. The Data Subject shall have the right to obtain from the Controller the restriction of processing where one of the following applies: a) The accuracy of the Data Processed is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Data Processed; b) The processing is unlawful, and the Data Subject opposes the erasure of the Data Processed and requests the restriction of their use instead; c) The Controller no longer needs the Data Processed for the purposes of processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims.

Right to data portability. The Data Subject shall have the right to receive the Data Processed concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another controller without hindrance from the Controller to which the Personal Data have been provided.


VI. The contact information of the authority, information on judicial remedy:

The Controller informs the Data Subject that he or she may turn to the following authority with any complaint relating to processing: Hungarian National Authority for Data Protection and Freedom of Information Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Mailing address: 1530 Budapest, Pf. 5. Telephone: +36-1-391-1400; Email address: ugyfelszolgalat@naih.hu


VII. Effective legal provisions:

Legal provisions regulating this area: GDPR, Act CXII of 2011 on information, self determination and the freedom of information.

The Controller provides more information in connection with processing via the contacts specified in chapter III. of this policy, and declarations relating to processing shall be sent to these contacts as well.


The Controller updates this policy from time to time, and will mark the last revision date below.

Budapest, 08. December. 2024.

Beáta Székely, private individual.