top of page

Privacy Policy

Introduction and Scope


Data Management Information

This Data Protection Policy outlines how Vitaguide Kft., operating the shalabuda.com website, collects, processes, and safeguards user data. This policy is binding on Vitaguide Kft. and applies solely to the shalabuda.com platform.

The shalabuda.com Website

shalabuda.com is an online platform designed for users to explore Vitaguide Kft.'s services, book appointments, and make online payments. By using this platform, users agree to abide by applicable laws and the terms outlined in this policy. Users also consent to data collection and understand that providing personal information is essential for using the platform.

Legal Framework

This policy adheres to the following legal regulations:

  • European Union's General Data Protection Regulation (GDPR)

  • Hungarian Act on the Right to Informational Self-Determination and on Freedom of Information

  • Hungarian Civil Code

  • Guidelines of the National Authority for Data Protection and Freedom of Information

Data Controller and Definitions


Data Controller

Vitaguide Kft. is the data controller responsible for determining the purposes and means of processing personal data.

Definitions

  • Personal Data: Any information related to an identified or identifiable natural person.

  • Data Processing: Any operation or set of operations performed on personal data, whether or not by automated means.

  • Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.  

  • Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • Data Subject: An identified or identifiable natural person whose personal data is being processed.  

  • Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Processing Principles


Personal data must be processed:

  • Lawfully, fairly, and transparently.

  • Collected for specified, explicit, and legitimate purposes.

  • Adequate, relevant, and limited to what is necessary.  

  • Accurate and, where necessary, kept up-to-date.

  • Kept in a form which permits identification of data subjects for no longer than is necessary.  

  • Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage.  


The data controller is responsible for ensuring compliance with these principles and can demonstrate it.

Type of Processed Data


The Data Controller processes the following types of personal data:

  • Identification data: name, date of birth, address, email address, phone number.

  • Contact data: email address, phone number.

  • Service-related data: data related to the use of the shalabuda.com website, appointment bookings, and payments.

  • Technical data: IP address, browser type, operating system, device information.

Purpose of Data Processing


The Data Controller processes personal data for the following purposes:

  • Providing the Service: Managing user accounts, processing appointments, handling payments.

  • Communication: Sending information about the Service, promotions, and updates.

  • Legal Compliance: Fulfilling legal obligations, such as tax and accounting requirements.

  • Security: Protecting the website and user data from unauthorized access.

  • Statistics: Analyzing user behavior to improve the Service.

Legal Basis for Data Processing


The legal basis for processing personal data depends on the specific purpose:

  • Providing the Service: Contractual obligation, legitimate interest.

  • Communication: Consent, legitimate interest.

  • Legal Compliance: Legal obligation.

  • Security: Legitimate interest.

  • Statistics: Legitimate interest.

Data Subject Rights


Data subjects have the following rights:

  • Right to Information: The right to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data.  

  • Right to Rectification: The right to obtain the rectification of inaccurate personal data concerning them.

  • Right to Erasure: The right to obtain the erasure of personal data concerning them without undue delay.

  • Right to Restriction of Processing: The right to obtain restriction of processing of their personal data.

  • Right to Data Portability: The right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.  

  • Right to Object: The right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on legitimate interest.  

  • Right to Withdraw Consent: The right to withdraw consent at any time where processing is based on consent.

  • Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority.

Data Retention


Personal data will be retained for the following periods:

  • Identification and contact data: For the duration of the business relationship and for a period of 5 years thereafter for legal and accounting purposes.

  • Service-related data: For the duration of the service and for a period of 5 years thereafter for legal and accounting purposes.

  • Technical data: For a period of 1 year for statistical purposes.

  • Data will be deleted or anonymized after the retention period, unless there is a legal obligation to retain it for a longer period.

Data Security


The Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: Sensitive data is encrypted both at rest and in transit.  

  • Access Control: Access to personal data is restricted to authorized personnel.

  • Data Integrity: Measures are in place to protect data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

  • Availability: Measures are in place to ensure timely access to personal data in case of incidents.

  • Employee Training: Employees are trained on data protection and security best practices.

  • Incident Response: Procedures are in place to handle data breaches and other security incidents.

Data Processors

The Data Controller may engage data processors to assist in certain data processing activities. These data processors will only process personal data on behalf of the Data Controller and in accordance with the Data Controller's instructions.

Currently, the Data Controller utilizes the following data processors:

  • AF MÜSZOLG KFT: As an accountant, this company processes personal data related to financial and accounting matters.

  • Wix.com, Ltd.: As a website hosting provider, Wix processes technical data related to the website's operation.


Data Transfers

The Data Controller does not transfer personal data to countries outside the European Union or the European Economic Area. However, the Data Controller utilizes the services of Wix.com, Ltd., a company based in Israel, as a website hosting provider. Wix complies with the EU-US Privacy Shield Framework, ensuring an adequate level of data protection for personal data transferred to the United States.

bottom of page