General Data Protection Regulation - GDPR
The GDPR stands for "General Data Protection Regulation." It is an EU regulation that came into effect on May 25, 2018. The GDPR aims to establish consistent and strong data protection rules within the European Union and provides safeguards for the personal data of individuals.
The purpose of the GDPR is to protect against the collection, processing, and use of personal data and to strengthen the data protection rights of individuals. The regulation defines the obligations of data controllers and processors and outlines the rights of individuals in relation to data processing. It requires the disclosure of privacy practices, reporting of data breaches, and grants individuals rights such as access and erasure of their personal data.
The GDPR applies not only to European businesses and organizations but also to any foreign businesses operating and processing the personal data of EU citizens. Therefore, the GDPR has a significant impact on global data protection and data processing practices.
The owner of the pharm.academy domain and the operator of the website is Dr. Rudolf Laufer.
We may update this PP to reflect changes in our data processing practices. If we do so and the changes are substantial, we will provide at least 7 days' notice prior to the modifications taking effect by sending a notification that we have updated this PP on the website and indicating the date when these terms will become effective. The date of the most recent revision of the current PP can be found at the bottom of the page containing the PP.
Any modification to this PP shall become effective at the end of the earliest seven-day period following the change.
The operator of the website handles the data of registered individuals on the website in order to provide them with appropriate services. By using the website's services, you also provide your own data, part of which is recorded automatically (IP address, browser type), and part of which is recorded with your consent (form submission).
https://pharm.academy fully complies with the legal requirements regarding the processing of personal data, especially those set out in Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Notice (PN) is prepared in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council, regarding the protection of personal data and the free flow of such data, taking into account the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information.
Data Controller - Contact Details of the Website Operator
Name: Dr. Rudolf Laufer e.v.
Address: Nefelejcs utca 22., 2nd floor, apartment 24.
City: 1078 Budapest, Hungary
Tax Identification Number: 60461975-1-42
Phone, Viber, WhatsApp: +36-70-516-37-46
Principles of Data Processing
The data controller declares that the processing of personal data is carried out in accordance with the provisions of the data processing information and complies with the requirements of applicable laws, with particular attention to the following:
The processing of personal data is done lawfully, fairly, and in a transparent manner for the data subject.
The collection of personal data is only done for specified, explicit, and legitimate purposes.
The purpose of processing personal data is adequate, relevant, and limited to what is necessary.
The personal data must be accurate and kept up to date. Inaccurate personal data will be deleted.
The storage of personal data is done in a form that allows identification of the data subjects only for the necessary duration.
The security of personal data is ensured through appropriate technical and organizational measures.
The principles of data protection apply to all information concerning identified or identifiable natural persons.
Important Data Processing Information
The purpose of data processing is to provide additional services to registered individuals on the website during its operation.
Method of data storage: electronic.
The legal basis for data processing is the consent of the data subject.
The scope of individuals affected by data processing includes registered users on the website.
The data subject can withdraw their consent for data processing at any time by sending a letter to the contact email address. In the absence of legal obstacles to deletion, the data will be erased in this case.
Authorized parties to access the data include the data controller and its employees.
The data subject may request access to their personal data, rectification, erasure, or restriction of processing, and object to the processing of such personal data, as well as exercise their right to data portability.
The data subject can withdraw their consent for data processing at any time, but this does not affect the lawfulness of processing based on consent before its withdrawal.
The data subject has the right to lodge a complaint with the supervisory authority.
If the data subject wishes to benefit from the advantages of registration or avail themselves of the related services on the website, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data, but certain functions of the website cannot be accessed without registration.
The data subject has the right to request the data controller to promptly correct or supplement their inaccurate personal data.
The data subject has the right to request the data controller to promptly delete their inaccurate personal data, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if there is no other legal basis for processing.
Requests for modification or deletion of personal data can be initiated via email, telephone, or letter using the contact information provided above.
When visiting the Data Controller's website, the web server automatically logs the user's activities.
The purpose of data processing is to monitor the operation of the services, provide personalized service, and prevent abuses during the visit to the website.
The legal basis for data processing is Article 6(1)(f) of the GDPR, as the Data Controller and the hosting provider have a legitimate interest in ensuring the secure operation of the website, and Section 13/A(3) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information.
The types of personal data processed include identification numbers, date, time, and the address of the visited page.
During the analysis of log files, the Data Controller does not link the resulting data with any other information and does not seek to identify the user.
The addresses of the visited pages, as well as the date and time data, are not suitable for identifying the data subject on their own.
The HTML code of the portal contains external links originating from and pointing to external servers independent of the Data Controller. The servers of external service providers directly interact with the user's computer. Service providers are capable of collecting user data (e.g., IP address, browser, operating system data, mouse movement, visited page address, and visit time) through their connection to their servers.
An IP address is a numerical sequence by which computers and mobile devices connecting to the internet can be uniquely identified. IP addresses can be used to geographically locate the computer used by the visitor. The addresses of the visited pages, as well as the date and time data, are not suitable for identifying the data subject on their own. However, when combined with other data, they can be used to draw conclusions about the user.
Sending Professional Information and Newsletters
As the operator of the website, we declare that we fully comply with the applicable legal regulations regarding the information and descriptions published by us. We also state that when subscribing to a newsletter, we are unable to verify the authenticity of the contact information or determine whether the provided data relates to an individual or a business. Businesses contacting us are treated as client partners.
The purpose of data processing is to send professional descriptions, electronic messages containing advertisements, information, and newsletters, from which you can unsubscribe at any time without consequences. You can unsubscribe without any consequences even if your business has ceased to exist, you have left the business, or someone provided us with your contact information.
The legal basis for data processing is your consent. Please note that users can give prior and explicit consent for the service provider to contact them with advertising offers, information, and other mailings at the email address provided during registration. As a result, users may consent to the service provider processing their necessary personal data for this purpose.
Please be informed that if you wish to receive newsletters from us, you are required to provide the necessary information. If you fail to provide the required data, we will be unable to send you newsletters.
The duration of data processing is until the withdrawal of consent. You can withdraw your consent to data processing at any time by sending a letter to the contact email address.
Data will be deleted upon the withdrawal of consent to data processing. You can withdraw your consent to data processing by sending a letter to the contact email address.
Consent can also be revoked based on the link provided in the sent newsletters.
Those authorized to access the data are the data controller and their employees.
The data is stored electronically.
Requests for data modification or deletion can be initiated via email, phone, or letter using the contact details provided above.
The scope of processed data and the specific purpose of data processing:
Name: Identification, communication.
Email: Identification, communication.
Registration date: Technical information operation.
IP address: Technical information operation.
Registration on the Website
The purpose of data processing is to provide additional services and establish contact.
Providing personal data is necessary for identification and communication within the databases. The accurate name or company name and address are required for billing purposes, which is a legal obligation.
The scope of processed data and the specific purpose of data processing:
Name: Identification, communication, billing.
Company name: Identification, communication, billing.
Address: Identification, communication, billing.
Email: Identification, communication.
Registration date: Technical information operation.
IP address: Technical information operation.
University: Selection of questions.
The user's consent for data processing can be given by intentionally checking the empty checkbox provided specifically for this purpose on the website.
As the data subject, you have the right to object to the processing of your personal data. In this regard, you are entitled to follow the procedures outlined in the above-mentioned data processing information and this notification, as well as the legal regulations described in the notification.
Hosting Service Provider:
Company name: DotRoll Kft.
Address: 1148 Budapest, Fogarasi út 3-5., Hungary
Tax number: 13962982-2-42
The data you provide will be stored on servers operated by the hosting service provider. Only our employees and the employees responsible for operating the server have access to the data, and they are all responsible for securely handling the data.
Activity description: Hosting service, server service.
Purpose of data processing: Ensuring the operation of the website.
Processed data: Personal data provided by the data subject.
Duration of data processing and deadline for data deletion: Data processing lasts until the end of the website operation or according to the contractual agreement between the operator of the website and the hosting service provider.
The legal basis for data processing is the consent of the data subject and data processing based on legal regulations.
Rights related to data processing
Right to information request
You have the right to request information from us about what data our company processes, on what legal basis, for what purpose of data processing, from what source, and for how long. Upon your request, we will provide you with information to the email address you provided, promptly and within a maximum of 30 days.
Right to rectification
You can request us to modify any of your data by contacting us at the provided contact details. Upon your request, we will take immediate action, but no later than within 30 days, and send you information to the email address you provided.
Right to erasure
You can request the deletion of your data by contacting us at the provided contact details. Upon your request, we will delete your data promptly and within a maximum of 30 days, and send you information to the email address you provided.
Right to restriction of processing
You can request the restriction of processing of your data by contacting us at the provided contact details. The restriction will remain in effect as long as the specified reason you indicated necessitates the storage of the data. Upon your request, we will take immediate action, but no later than within 30 days, and send you information to the email address you provided.
Right to object
You have the right to object to data processing by contacting us at the provided contact details. We will examine the objection within the shortest possible time, but no later than 15 days from the submission of the request. We will make a decision on the merits of the objection and inform you of the decision by email.
Options for enforcing rights related to data processing
If you experience any unlawful data processing, please notify our company so that the lawful state can be restored within a short period of time. We will make every effort to resolve the issue outlined in your notification for your benefit.
If, in your opinion, the lawful state cannot be restored, please notify the following authority using the contact details provided:
National Authority for Data Protection and Freedom of Information
Mailing address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat (at) naih.hu
Coordinates: N 47°30'56''; E 18°59'57''
External Service Providers
As part of providing the services, the Data Controller often engages with various External Service Providers, with whom they cooperate.
Regarding Personal Data processed in the systems of External Service Providers, the practices stated in the External Service Providers' own privacy policies apply. The Data Controller makes every effort to ensure that the External Service Providers handle the Personal Data transmitted to them in accordance with the applicable laws and use them solely for the purposes specified by the User or as stated in this notice.
The Data Controller will inform Users about the transfer of data to External Service Providers within the scope of this notice.
Web analytics and ad-serving external service providers
The Data Controllers collaborate with web analytics and ad-serving External Service Providers in connection with the pages of the Services.
External Service Providers handle the Personal Data transmitted to them according to their own privacy policies. Web analytics and ad-serving External Service Providers cooperating with the Data Controller include Facebook Inc., Google Ireland Ltd.
Other external service providers
There are external service providers that neither of the data controllers has a contractual relationship with nor intentionally cooperate with regarding the specific data processing. However, these providers may still access the Website/Services, either through the User's involvement (such as linking their individual account to the Service) or without it, and collect data about Users or user activities on the Services' websites, which, in certain cases, either independently or in combination with other data collected by these external service providers, may be used to identify the User. Such external service providers may include, but are not limited to: Facebook Ireland LTD., Google LLC, Instagram LLC., Infogram Software Inc, PayPal Holdings Inc., Pinterest Europe Ltd., Playbuzz Ltd., Twitter International Company, Viber Media LLC, Vimeo INC., YouTube LLC.
These external service providers handle the Personal Data transmitted to them according to their own privacy policies.
Handling of website traffic data
Certain data and IP addresses of users' computers are logged to generate website traffic data and ensure the proper operation of the service. In some cases, this data may qualify as personal data. Statistics are compiled from the log files, and the log files are stored for a maximum of one year. The users' IP addresses are not linked to any other data that would allow the identification of the user's identity.
Placement, use, and purpose of "cookies" and web beacons
When using certain parts of the service, the operator installs small data files (cookies) on the user's computer, which may contain data that is not directly personally identifiable. These cookies serve the purpose of data logging, user identification, facilitating the user's further visits, improving the efficiency of the service, delivering targeted advertisements or other targeted content to the specific user, or conducting market research.
As a result of using these data files, the data collected by the operator does not link to the user's identifying information.
Regarding cookies, users have the following options in their browsers:
- They can choose to receive notifications if the operator intends to place a cookie on their computer.
- They can prohibit the sending of cookies at any time.
It should be noted that rejecting cookies may result in certain pages or functions not working properly, and the user may be denied access to certain data.
In addition to the cookies placed by the operator, third parties may also install data files on the user's computer. This can occur, for example, when the user visits another website within the scope of the service.
To achieve the aforementioned goals, the operator may embed web beacons (also known as web bugs) from third parties into the operator's website.
Unlike cookies, users do not have the option to disable the downloading of web beacons in their browsers.
Definition of cookies: Cookies are small text files containing data that are stored on a user's computer when visiting a website. Their purpose is to allow websites to remember the user's activities during their time on the site. This enables the storage of information such as whether the user clicked on certain links or pages, whether they logged in with their username, or whether they read certain pages on the website months or even years ago.
When accessing the website, we collect information such as the type of browser and IP address (a unique address that identifies the computer on the internet). When using our mobile application, we collect information about the device type, device ID, and IP address. Additionally, we store certain information from your browser using "cookies," which are data stored on the user's computer and tied to user-related information. We use session identification cookies to verify if users are logged in.
For further information about cookies and their management:
Categories of Cookies:
Strictly Necessary Cookies: These cookies are essential for users to browse the website and use its features. Without these cookies, providing services on the website, such as registration and login, would not be possible. These cookies do not collect user data for marketing purposes.
Performance Cookies: Performance cookies gather information about how users interact with websites, inform the service provider about page visits and error messages. They do not collect personally identifiable information, and all the information is anonymized.
Functional Cookies: Functional cookies enable personalized settings for users, such as language preferences or text size. The service provider does not utilize functional cookies for marketing or advertising purposes.
Targeting Cookies: Targeting cookies connect the service provider's website to social networks. For example, the use of Facebook Pixel on the facebook.com/gazdasagihirek page facilitates users' connection to Facebook. The social network may use this cookie to deliver targeted advertisements to the user.
For the privacy policies related to third-party cookies, you can read them on the providers' websites:
- Google: https://policies.google.com/technologies/types?hl=hu
- Facebook: https://www.facebook.com/about/privacy
The purpose of data processing is to provide efficient service, notifications related to the service, resolution of operational issues, resolution of disputes, accurate advice and quotations, and direct business acquisition.
The operator can only carry out the latter for the purpose of data processing based on consent, during its duration, or until the consent is withdrawn.
Data Transfers, Data Processing by Third Parties
In the absence of explicit legal provisions, the operator shall only transfer personally identifiable data to third parties with the express consent of the respective user. The same applies to the use of data files for data managed by the operator. Personal data may also be disclosed to third parties in the following cases:
In relation to suspicious or unlawful activities detected within the service, the operator is entitled to send notifications or publish communications, using the data of individual users.
Certain parts of the service (e.g., displaying advertisements, generating traffic statistics) may be performed by contractual partners of the operator. In such cases, certain user data may be transferred to these contractual partners. Additionally, these contractual partners are bound by confidentiality obligations. They may collect user data voluntarily, in accordance with the principle of voluntariness, for their own purposes and within the framework of the applicable laws and the privacy statement of the respective individual or company.
The operator cooperates with law enforcement agencies and courts in order to detect and sanction infringements committed within the service (e.g., fraud, infringement of intellectual property rights), and complies with data requests based on legal provisions.
Budapest, November 16, 2019.