top of page

Data Protection

Privacy Policy

23155-40369

Effective: from 24/07/2024 until revoked

Bernadett Gangó

Protecting the personal data provided by visitors is a primary goal and commitment for Bernadett Gangó (Self-employed) (hereinafter: Service Provider, Data Controller). As the data controller, the Service Provider hereby informs visitors to https://imaelangel.co.uk and its associated sites (hereinafter: Website, imaelangel.co.uk) about the personal data processed in connection with the operation of the website and its services, the identity and details of the data controller(s), the principles and practices followed in the processing of personal data, data transfers, the organizational and technical measures taken to protect personal data, as well as the manner and possibilities for exercising the rights of data subjects. This Privacy Policy forms part of the Terms of Use and must be interpreted together with those provisions. By using the Website, using or initiating any of its services or applications, you as the User consent to the processing of your personal data in accordance with this Privacy Policy. For data processing related to the operation of the Website and the Service Provider’s services not listed in this notice, the Service Provider will provide information at the time the data are collected.

I. Data Controller, Data Processor

1. Website Services

Data Controller: Bernadett Gangó
Registered seat: IP11 2XJ Felixstowe
Place of business: IP11 2XJ Felixstowe
Tax number: 23155-40369
Customer service: Email: info.imaelangel@gmail.com

2. Partners selling products on the Service Provider’s Website and associated pages act as independent data controllers with respect to personal data provided during purchase/enquiry. For the operation of the IT system underlying the platform, the Service Provider uses Wix as a data processor (Address: 500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158).

Additionally, the Service Provider uses Stripe, Inc. (354 Oyster Point Boulevard, San Francisco, California, 94103) as a data processor.

II. Definitions

The terms used in this Privacy Notice shall be interpreted in accordance with the definitions set out in Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Info Act”) (http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.322945), as well as the terms defined in the Terms of Use.

Under the Info Act:

  1. Personal data: data relating to the Data Subject — in particular the data subject’s name, an identifier, and one or more pieces of information characteristic of their physical, physiological, mental, economic, cultural or social identity — and any conclusions that can be drawn from the data regarding the data subject.

  2. Data Subject: any identified or — directly or indirectly — identifiable natural person on the basis of personal data.

  3. Consent: the voluntary and explicit declaration of the data subject’s will, based on adequate information, by which they give their unambiguous agreement to the processing — either comprehensively or for specific operations — of the personal data concerning them.

  4. Data processing: any operation or set of operations performed on data, regardless of the procedure used, including collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion and destruction, as well as preventing further use of data; making photo, audio or video recordings; and recording physical characteristics suitable for identifying a person (e.g., fingerprints or palm prints, DNA sample, iris image, voice).

  5. Data Controller: the natural or legal person, or organization without legal personality, who alone or jointly with others determines the purposes of data processing, makes and implements decisions regarding data processing (including the means used), or has them implemented by a data processor.

  6. Data transmission: making data available to a specified third party.

  7. Disclosure: making data available to anyone.

  8. Data deletion: rendering data unrecognizable in such a way that their restoration is no longer possible.

  9. Data marking: labeling data with an identifier for the purpose of distinction.

  10. Data blocking: labeling data with an identifier to limit further processing for a definite or indefinite period.

  11. Data processing (technical): performing technical tasks related to data processing operations, regardless of the methods and means used for implementation or the location of the application, provided that the technical tasks are performed on the data.

  12. Data Processor: the natural or legal person, or organization without legal personality, who, under a contract concluded with the data controller — including contracts concluded pursuant to a legal provision — processes data.

  13. System: the totality of technical solutions operating the Data Controller’s machine processing (hereinafter: “System”). Otherwise, the terms in this Policy shall be understood as defined in Section 3 of the Info Act.

III. Principles, Source of Data, Method of Data Collection

  1. Principles of data processing: Personal data may only be obtained and processed fairly and lawfully. Personal data may only be stored for specific and lawful purposes and shall not be used in a manner incompatible with those purposes. The scope of personal data processed must be proportionate to the purpose of their storage and must meet that purpose; it must not be extended beyond it. Appropriate security measures must be taken to protect personal data stored in automated data files against accidental or unlawful destruction or accidental loss, and against unauthorized access, alteration, or dissemination.

  2. Voluntary consent: The Data Controller processes the personal data of natural persons (Data Subjects) set out in this Policy on the basis of an agreement arising from a real act between the parties (voluntary consent), pursuant to the Data Subjects’ voluntary, informed and explicit consent under Section 5(1) of the Info Act; and where necessary to fulfill a legal obligation, or for the purposes of the legitimate interests of the data controller or a third party, provided that enforcing such interests is proportionate to the restriction of the right to the protection of personal data, pursuant to Section 6(1) of the Info Act.

Given that personal data are in all cases processed by the Data Controller with the voluntary, informed and explicit consent of the Data Subject, where the person of the Data Subject and the person providing the personal data are not the same, the Data Subject is responsible for the accuracy and processability of the personal data; except where any bad faith on the part of the Data Controller would exclude such responsibility.

  1. Source of data: The data processed are obtained directly from the Data Subject.

  2. The Data Controller processes the personal data included in this Policy in accordance with the applicable data protection laws, in particular pursuant to Section 5(1) and Section 6(5) of the Info Act on the basis of the Data Subjects’ voluntary consent, in harmony with international data protection agreements, EU legal acts and other applicable legislation, in accordance with this notice; and, where necessary to fulfill a legal obligation, or for the purposes of the legitimate interests of the data controller or a third party, provided that enforcing such interests is proportionate to the restriction of the right to the protection of personal data, pursuant to Section 6(1) of the Info Act and relevant sectoral legislation.

  3. Accordingly, under Article 6(1) of Chapter II of the GDPR, the Data Controller lawfully processes data on the basis that: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the data subject’s request prior to entering into a contract”; “processing is necessary for compliance with a legal obligation to which the controller is subject”; “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

  4. Method of data collection: The Data Controller receives/obtains the Data Subjects’ data under this Policy directly from the Data Subjects, based on their voluntary consent, either in person or via its Website and associated pages. The Data Subject is in all cases responsible for the accuracy of the personal data provided. The Data Controller does not verify the personal data provided to it. By concluding any contract covered by the scope of this Policy, Data Subjects explicitly accept this Policy as well.

IV. Legal Basis of Data Processing

  1. In processing related to the operation of the Website and its services, the collection and processing of personal data is based on the data subject’s voluntary consent.

  2. The User gives consent by using (e.g., subscription, enquiry) or initiating the use of a service on the Website.

  3. The User may consent to the use of their personal data for direct marketing and marketing communications (e.g., Newsletter, e-DM), which consent may be withdrawn at any time without restriction and without justification from the Data Controller. The User may also give consent during the use of certain services (e.g., subscription, enquiry) by ticking a checkbox.

  4. By participating in prize draws, the Player consents to the processing of their personal data, the details of which are defined by the description of the relevant Game and the Prize Draw Rules.

  5. Consent for data processing for minors under the age of 14 and otherwise legally incompetent Users may be given by their legal representative. A minor who has turned 14 but not yet 16, as well as a User with limited legal capacity, may give consent to data processing with the consent or subsequent approval of their legal representative. A minor who has turned 16 may give consent independently, and their legal representative’s consent or subsequent approval is not required for the validity of their legal statement. The Service Provider is not in a position to verify the authority of the consenting person or to learn the content of the legal representative’s statement; therefore, the User or their legal representative warrants that the consent complies with the laws. The Service Provider considers the appropriate consent of the legal representative to have been given.

  6. The User warrants that, during the service, they have lawfully obtained the consent of third-party natural persons for the processing of personal data provided or made accessible about them.

  7. In the absence of a legal provision to the contrary, the Service Provider may process the personal data collected, without further separate consent and even after the withdrawal of the User’s consent, for the purpose of fulfilling legal obligations (in particular accounting obligations and contractual obligations towards Partners) or for enforcing its own or a third party’s legitimate interests, provided that enforcing such interests is proportionate to the restriction of the right to the protection of personal data.

V. Scope of Data Processed

  1. The Data Controller declares that it only processes personal data for the purpose of exercising rights or fulfilling obligations. The personal data processed are not used for private purposes, and processing always complies with the principle of purpose limitation — if the purpose of processing ceases or processing otherwise becomes unlawful, the data will be deleted.

  2. The User is solely responsible for the accuracy of personal data. The scope of personal data processed is influenced and partly determined by the nature of the Services and the rules on e-commerce, accounting and advertising, in particular Section 13/A of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services, and Section 6 of Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities.

  3. Subscription: Data processed during online subscription: name, email address, list of purchased subscriptions, Telegram username.

VI. Purpose of Data Processing

  1. The purpose of the Policy is to determine the scope of data processed by the Data Controller regarding Data Subjects, the method, purpose and legal basis of processing, to ensure the enforcement of constitutional principles of data protection and the requirements of data security, and to prevent unauthorized access to, alteration, disclosure or use of Data Subjects’ data.

  2. The purpose of processing the User’s personal data is to provide the Website Services, in particular: identification of Users, distinguishing them from other Users, preventing unauthorized access to personal data; forwarding User data for purchase purposes; identifying User rights (sub-services available to the User); administration via the Service’s customer service; contact with the User; sending system messages related to the status of the product order; sending system messages related to the Service; providing hosting for publishing User Content (e.g., product reviews); development and improvement of the Website’s services and enhancement of user experience; searching for products, finding relevant products and facilitating ordering; preventing abuses; fulfilling accounting obligations; fulfilling legal obligations towards Partners.

  3. Based on consent, the Service Provider may also use the User’s personal data for direct marketing and marketing communications (e.g., newsletter, e-DM, Telegram message, Discord message).

  4. The following data (username, email address), if the purchase on the Website was made by bank card, are forwarded by Wix to Stripe Inc. (Address: 354 Oyster Point Boulevard, San Francisco, California, 94103) as an independent data controller. The purpose of the data transfer: providing customer support for users, executing orders, confirming transactions, and fraud monitoring carried out to protect users.

The Data Controller may process the Data Subjects’ personal data for the following purposes, scope and proportion:

VII. Data Protection Legislation

Legislation of particular importance for this Policy:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”); Fundamental Law of Hungary.

  2. Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Info Act”); Act V of 2013 on the Civil Code (“Ptk”).

  3. Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (in particular Sections 13/A–13/B).

  4. Electronic commerce services and information society services (as above).

VIII. Data Transfer

  1. The Data Controller is entitled and obliged to transfer to the competent authorities any personal data at its disposal and lawfully stored which it is required to transfer by law or by a final and binding official decision. The Data Controller cannot be held liable for such data transfer and its consequences.

  2. Beyond the above, the Data Controller transfers data only to its co-data controllers and/or data processors with whom it has a contractual relationship, and only to those who are subject to contractual obligations regarding the Data Subject; accordingly, the Data Controller transfers data to third parties solely for the purposes and to the extent set out in this Policy. Such transfer may not place the Data Subject in a disadvantageous position compared to the data processing and data security rules set out in the currently effective text of this Policy.

IX. Duration of Data Processing

  1. Data processed in connection with the use of Services: The Service Provider processes personal data related to purchases and requests for quotations initiated by the User for 8 years pursuant to Section 169 of Act C of 2000 on Accounting, and for the limitation period defined in Act XCII of 2003 on the Rules of Taxation.

  2. Data processed for contact/marketing: The Service Provider processes the User’s personal data for direct marketing and marketing communications until the consent is withdrawn as per point X.3. The termination of certain Services on the Website, the closure of a prize draw, or the deletion of a Facebook application does not constitute withdrawal of consent given for sending direct marketing/marketing communications. Consent must be withdrawn separately — for each type of communication (e.g., newsletter, e-DM, etc.) — by the User.

  3. Customer service: The Service Provider stores complaints, questions and requests sent to customer service for 48 months from submission and then deletes them — except for correspondence in ongoing cases.

  4. In summary:

  • The duration of processing is for the periods indicated under the purposes of processing, but

  • As a general rule, until the purpose of processing is achieved. For rights and obligations related to the legal relationship, until those cease.

  • Otherwise, for the period prescribed by applicable legislation.

  • Finally, until the Data Subject withdraws consent and/or until the circumstance giving rise to the intended purpose ceases or fails.

X. Modification, Deletion, Blocking of Data; Right to Object to Processing; Information

  1. The User may indicate modification of data provided during subscription to the Service Provider at info.imaelangel@gmail.com. If the User notifies the Service Provider of the intention to modify data via the customer service email address info.imaelangel@gmail.com or by phone, the Service Provider will forward the request to the Partner.

  2. Consent for direct marketing or marketing communications can be withdrawn, by type of communication (e.g., Telegram channel, Discord channel), via the email address info.imaelangel@gmail.com with respect to the data controller.

  3. In cases other than the above — with the exception of mandatory processing — the User may request the deletion of personal data from the Service Provider by sending a letter to info.imaelangel@gmail.com. The Service Provider will also delete the User’s personal data without a request if processing is unlawful; the purpose of processing has ceased; or the statutory retention period has expired; or deletion is ordered by a court or by the National Authority for Data Protection and Freedom of Information; or if the data are incomplete or incorrect — and this state cannot be lawfully remedied — provided that deletion is not excluded by law. Instead of deletion, the Service Provider will block the personal data if the User so requests, or if, based on the information available, it can be assumed that deletion would harm the User’s legitimate interests. The Service Provider will process the blocked personal data only as long as the purpose of processing exists which excludes deletion of the personal data. Following the withdrawal of the User’s consent, the Service Provider may continue to process the personal data concerning the data subject in accordance with the table in Section VI.

  4. The Data Subject may object to the processing of personal data pursuant to Section 21(2) of the Info Act, in particular:

  • if the processing or transfer of personal data is necessary solely for compliance with a legal obligation imposed on the Data Controller or for the enforcement of the legitimate interests of the Data Controller, the data recipient or a third party, except in the case of mandatory processing;

  • if the use or transfer of personal data is for direct marketing, public opinion polling or scientific research purposes; and

  • in other cases defined by law.

  1. The Data Subject may object to the processing of personal data by sending a letter to the customer service email address info.imaelangel@gmail.com.

  2. The Data Controller will examine the objection within the shortest possible time from the submission of the request, but no later than fifteen (15) days, make a decision on its merits, and inform the applicant in writing of its decision. For the duration of the examination, but for no more than five (5) days, the Data Controller will suspend processing. If the objection is justified, the head of the organizational unit processing the data shall proceed as specified in Section 21(3) of the Info Act. If the Data Controller finds the Data Subject’s objection justified, it will cease processing — including further data collection and data transfer — and will block the data, and will notify all those to whom the personal data affected by the objection were previously transmitted and who are obliged to take action to enforce the right to object. If the Data Subject disagrees with the Data Controller’s decision, or if the Data Controller misses the deadline, the Data Subject may turn to a court within thirty (30) days from the notification of the decision or from the last day of the deadline.

  3. If processing (e.g., accounting) is required by law, the Service Provider cannot delete the User’s data, but will not transfer the personal data to the recipient if it agrees with the objection or if a court has established the legitimacy of the objection.

  4. The User is entitled at any time to request information, via info.imaelangel@gmail.com, about the personal data processed by the Service Provider concerning them in connection with the Website’s services. Upon the User’s request, the Service Provider will provide information about the data relating to the User which it processes in connection with the given service and which are processed by a data processor commissioned by it; the source of the data; the purpose, legal basis and duration of processing; the name and address of the data processor; the legal basis and recipient of data transfer; and its activities related to data processing. The Service Provider will provide the requested information within no more than 30 days from submission of the request.

  5. The courts, the prosecutor, investigative authorities, administrative offense authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, and other bodies authorized by law may contact the Service Provider to request information, data, transfer of data, or the provision of documents. The Service Provider will make available to the requesting body — provided the exact purpose and scope of data are specified — the personal data essential to achieving the purpose of the request.

  6. The Data Subject may request information about the processing of their personal data and may request the rectification of personal data or — except for processing mandated by law — their deletion under this Policy, in particular via the contact details provided above.

  7. Upon the Data Subject’s email request, the Data Controller provides information on the data it processes, the purpose, legal basis and duration of processing, the name and address (registered office) of the data processor and its activities related to processing, and who receives or has received the data and for what purpose. The Data Controller must provide the information as soon as possible, but no later than within thirty (30) days from the submission of the request, in writing, in a clear and understandable form, free of charge — the Data Controller may only charge costs in the case specified in Section 15(5) of the Info Act. The information covers the items specified in Section 15(1) of the Info Act, insofar as providing information to the data subject is not prohibited by law.

  8. The Data Controller is obliged to rectify personal data that do not correspond to reality. The Data Controller shall delete personal data if processing is unlawful, at the request of the data subject — in this case within a maximum of five (5) working days —, the data are incomplete or incorrect and this state cannot be lawfully remedied, provided deletion is not excluded by law; the purpose of processing has ceased; the statutory retention period has expired; or deletion is ordered by a court or the National Authority for Data Protection and Freedom of Information. The Data Controller shall notify the Data Subject of the rectification or deletion and all those to whom the data were previously transmitted for processing. Notification may be omitted if it does not harm the Data Subject’s legitimate interest with regard to the purpose of processing.

  9. If the Data Subject uses personal data unlawfully or misleadingly, or commits a criminal offense, the Data Controller reserves the right to retain the relevant data for the purpose of evidence in possible judicial or non-judicial proceedings until the proceedings are concluded. The above applies accordingly where the Data Subject requests deletion of personal data with the aim of frustrating or at least hindering the enforcement of the Data Controller’s legitimate claims.

  10. The Data Controller shall compensate any damage caused to others by unlawful processing of data or by breaching the technical requirements of data protection. The Data Controller shall be exempt from liability if it proves that the damage was caused by an unavoidable cause outside the scope of processing. No compensation is due to the extent the damage resulted from the victim’s intentional or negligent conduct.

  11. Information to Data Subjects may be omitted/rejected or restricted in the cases defined in Section 16(2) of the Info Act — with detailed justification and with regard to the provisions of Section 9(1) or Section 19 of the Info Act — if:

  • the data subject already has the information;

  • providing the information proves impossible or would involve a disproportionate effort, particularly in the case of processing for archiving in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1) of the GDPR, or if the obligation to provide information would likely render impossible or seriously impair achievement of the objectives of such processing. In such cases, the data controller must take appropriate measures — including making the information publicly available — to protect the rights, freedoms and legitimate interests of the data subject;

  • obtaining or disclosure of the data is expressly provided for by Union or Member State law applicable to the controller, which provides for appropriate measures to protect the data subject’s legitimate interests; or

  • the personal data must remain confidential under a professional secrecy obligation prescribed by Union or Member State law, including statutory confidentiality.

  1. Otherwise, the Data Subject has the right to access the personal data concerning them and the following information:

  • a copy of the personal data (additional copies may incur a fee);

  • the purposes of processing;

  • the categories of data;

  • information on automated decision-making and profiling;

  • information on the source when data were not obtained from the data subject;

  • recipients to whom the data have been or will be disclosed;

  • information and safeguards relating to transfer to third countries;

  • storage period and criteria for determining it;

  • the data subject’s rights;

  • the right to lodge a complaint with a supervisory authority.

  1. Manner of exercising the right of access: If the data subject submits the request electronically, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.

  2. Where the data controller has made the data public and is obliged to delete them, it shall, taking into account available technology and cost of implementation, take reasonable steps to inform other controllers processing the data that the data subject has requested deletion of links to, copies of, or replication of those data. The right to erasure/“to be forgotten” cannot be exercised where processing is necessary for freedom of expression, compliance with a legal obligation or performance of a task carried out in the public interest or in the exercise of official authority, public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes, or the establishment, exercise or defense of legal claims.

  3. The Data Controller restricts processing at the Data Subject’s request if:

  • the Data Subject contests the accuracy of personal data;

  • processing is unlawful and the Data Subject opposes deletion;

  • the Data Controller no longer needs the personal data but the Data Subject requires them for the establishment, exercise or defense of legal claims; or

  • the Data Subject has objected to processing and the Data Controller is still verifying.

  1. Notification obligation: The Data Controller shall inform all recipients of any rectification, deletion or restriction of processing to whom the data have been disclosed, unless this proves impossible or involves disproportionate effort.

  2. Data portability: The Data Subject has the right to receive the data they have provided to the Data Controller:

  • in a structured, commonly used and machine-readable format,

  • to transmit those data to another controller,

  • and to request direct transmission to another controller where technically feasible, except where processing is carried out in the public interest or in the exercise of official authority.

  1. Remedies: In case of infringement of their rights, Data Subjects may enforce their claims before the arbitration body specified in the Data Controller’s then-current general terms and conditions, and may turn to the National Authority for Data Protection and Freedom of Information (Mailing address: 1534 Budapest, P.O. Box 834; Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.). The court proceeds without delay.

XI. Enforcement of Claims

  1. A claim received from the email address previously provided to the Service Provider will be considered a claim from the User. In the case of claims sent from other email addresses or in writing, the User may submit a claim if they have properly verified their user status in the manner determined by the Service Provider or by law.

  2. If the Service Provider’s processing is not based on the data subject’s consent but was unlawfully initiated by a third party, the data subject may request deletion of personal data published about them by a User, and request information on processing, upon proper verification of their identity and their connection to the personal data.

  3. In the event of the User’s death, upon presentation or sending a copy of the death certificate to the customer service address info.imaelangel@gmail.com, any close relative of the User or a person receiving testamentary benefit may request deletion of the User’s data, upon verification of their relationship to the User.

XII. Legal Remedies

  1. In the event of perceived infringement related to the processing of personal data, the data subject may apply to the competent court, or in Budapest to the Budapest-Capital Regional Court, or initiate an investigation with the National Authority for Data Protection and Freedom of Information (President: Dr. Attila Péterfalvi, 1024 Budapest, Szilágyi Erzsébet fasor 22/C., ugyfelszolgalat@naih.hu, +36-1-391-1400, www.naih.hu).

  2. Any questions or comments related to data processing may also be addressed directly to the Data Controller at the following email: info.imaelangel@gmail.com

XIII. Data Security, Security of Processing

  1. The Service Provider takes the necessary technical and organizational measures and establishes the necessary procedural rules to ensure the security of personal data provided or made accessible by the User throughout the entire processing.

  2. In accordance with its obligation under Section 7 of the Info Act, the Data Controller does everything to ensure the security of Data Subjects’ data, and takes the necessary technical and organizational measures and establishes the procedural rules required to enforce the Info Act and other data and secrecy protection regulations.

  3. The Data Controller protects data in particular against unauthorized access, alteration, transfer, disclosure, deletion or destruction, and against accidental destruction and damage. Data automatically recorded during the operation of the Data Controller’s system(s) are stored in the System for a period justified by the need to ensure the operation of the System. The Data Controller ensures that such automatically recorded data cannot be linked to other personal data — except in cases required by law. If the Data Subject withdraws consent to the processing of personal data or objects to processing, then thereafter their person will not be identifiable from technical data — excluding investigative authorities and their experts.

  4. Where applicable, employees performing data processing at the Data Controller’s organizational units are obliged to treat personal data as business secrets. For this purpose, staff handling personal data and having access to them have signed confidentiality undertakings. The Data Controller’s staff must also ensure in their work that unauthorized persons cannot access personal data. The storage and placement of personal data are designed so that they are not accessible, learnable, alterable or destroyable by unauthorized persons.

  5. The Data Controller’s executive with decision-making competence determines the data protection organization taking into account the Data Controller’s characteristics, defines tasks and powers related to data protection and associated activities, and designates the person supervising processing.

XIV. Log Data

When using the Website, the time of website visits and certain conversion events (e.g., registration, subscription, newsletter signup and e-DM signup, prize draw registration), the visitor’s IP address, and the address of the page viewed are recorded. The system continuously logs these data to prevent abuses, to prepare statistics, and to check the performance and operation of the Website’s services, and retains them together with personal data relating to the specific event.

XV. Cookies

The Service Provider uses “cookies” on its Website and associated pages to provide more complete services to visitors. For personalized service and convenience functions, the browser cookie stores, until deletion, the product viewed, the time of last page visit, identification in the chat function, items placed in the cart, and the closing of the newsletter (popup) window. The use of browser cookies can be refused by selecting the appropriate settings in the browser(s); however, in that case the User will not be able to use these convenience functions.

XVI. External Intermediary Services

  1. With regard to content made available under the Services and shared on various social networking sites, the operators of external services enabling content sharing (e.g., Instagram, Twitter, Facebook, Pinterest, etc.) are considered data controllers of personal data; their own terms of use and privacy policies apply to their activities. For services embedded within the Services but maintained by an external provider, the operator of the given service also acts as data controller.

  2. When installing applications available on the Service Provider’s Facebook page, the personal data specified in the information made available by Facebook Inc. during installation are provided to the Service Provider based on the User’s voluntary consent, in compliance with Facebook Inc.’s privacy policies. If a Facebook application refers to this notice, this Privacy Notice applies, mutatis mutandis, to the Service Provider’s processing; otherwise, Facebook’s privacy policies apply to processing within the Facebook service (e.g., deleting the application, commenting, etc.). Deleting applications can be initiated in Facebook’s user settings under the applications menu. Details of data processing related to prize draws available on the Service Provider’s Facebook page are defined by the description of the current Game and the Prize Draw Rules. Deleting one of the Service Provider’s Facebook applications does not constitute withdrawal of consent given for sending direct marketing or marketing communications.

XVII. Web Analytics and Ad-Serving External Companies

  1. For the operation of the Website, the Service Provider uses external web analytics and ad-serving companies that operate independently of the Service Provider.

  2. The Service Provider uses Google Inc.’s Google Analytics and Google Adwords services. Google Inc. uses cookies and web beacons to collect information and to help analyze the use of the Website. The information stored by the cookie (including the User’s IP address) is stored on Google Inc.’s servers in the United States. Google Inc. may transfer collected information to third parties if required by law or where third parties process the information on behalf of Google Inc. Within the framework of Google Adwords remarketing, Google Inc. places tracking cookies on Users’ devices that monitor users’ online behavior and based on which Google Inc. makes interest-based advertising available to them on other websites. The tracking cookie enables Google Inc. to identify the User on other websites as well. Google Inc.’s “Privacy Policy” is available at http://www.google.hu/intl/hu/policies/privacy/. On Google Inc.’s website, further useful information can be found about Google Inc.’s data activities, disabling cookies, and personalizing ads at http://www.google.com/intl/hu/policies/privacy/ads/. There is no possibility to refuse web beacons.

XVIII. Amendment of the Privacy Policy

  1. The Data Controller reserves the right to amend this Privacy Policy at any time by unilateral decision. By logging in, the User accepts the provisions of the Privacy Policy in force at any time; no further consent from the User is required.

  2. Possibility of amendment: The Data Controller reserves the right to unilaterally amend this Policy for the future. The new Policy will be published on the website under the domain imaelangel.co.uk (https://imaelangel.co.uk/adatkezelesi-tajekoztato).

  3. Record of processing activities: The Data Controller and — where applicable — its representative shall maintain a record of processing activities under their responsibility. This record contains the following information:

  • the name and contact details of the data controller and — where applicable — of any joint controllers, the controller’s representative, and the data protection officer;

  • the purposes of processing;

  • a description of the categories of data subjects and of the categories of personal data;

  • the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations;

  • where applicable, information on transfers of personal data to a third country or an international organization, including the identification of that third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, the documentation of suitable safeguards;

  • where possible, the envisaged time limits for erasure of the different categories of data;

  • where possible, a general description of the technical and organizational security measures referred to in Article 32(1).

  1. Upon request, the Data Controller shall make the record available to the supervisory authority.

I accept and bring this Policy into force today.

Dated: Budapest, 24/07/2024

imaelangel.co.uk

If you want this formatted as a downloadable PDF or Word doc, say the word and I’ll package it.

Serenity Healing

Transforming lives through the ancient art of Reiki energy healing.

Connect
  • Instagram
  • Facebook
  • YouTube
  • TikTok

All materials on this site are for informational purposes only. We do not guarantee any medical or health outcomes, and nothing we do or teach is a substitute for medical care. Always consult a qualified healthcare professional for any health concerns. Reiki aims to harmonize and balance the body, mind, and soul by equalizing energies.

Reiki is not a replacement for traditional medical treatments, but it can be complementary.

bottom of page