We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ...
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
Brahmayurveda Center Korlátolt Felelősségű Társaság
Effective as of: January 13, 2025
The following information contains the criteria for the activities of the Brahmayurveda Center Korlátolt Felelősségű Társaság (hereinafter: ‘Brahmayurveda’) in relation to the processing of personal data concerning you.
Personal data: any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Special category of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation.
Health data: all data relating to the physical and mental condition of a natural person, as well as all data relating to their state of health in connection with the health care they have received.
Data Subject: an identified or identifiable natural person.
Processing: any operation or totality of operations on data, regardless of the procedure used, in particular the collection, recording, registration, organisation, storage, alteration, processing, querying, utilisation (including transfer and disclosure), coordination or linking of personal data, as well as the blocking, erasure and destruction of personal data. Processing includes the production of photographs, voice or image recordings and the recording of physical characteristics suitable for personal identification (e.g.: finger or palm print, DNA sample and iris images);
Controller: any person who performs the processing, determines the purpose of the processing, makes and implements decisions on the processing (including the tools used), or implements them through the processor.
Processing: performance of the technical tasks related to processing operations, regardless of the method and means used to perform the operations and the place of application.
Data transfer: where the data is made available to specific third parties;
Disclosure: where data is made available to everyone.
Processor: the natural or legal person or organisation without legal personality performing the processing of personal data on behalf of the Controller;
Data erasure: rendering the data unrecognisable in a manner that their recovery is no longer possible.
Automated data file: a series of data to be processed automatically.
Automatic processing: includes the following operations when performed through partially or fully automated means: storage of data, logical or arithmetic operations on data, alteration, erasure, retrieval and distribution of data.
Customer: a natural person, who requests an appointment at Brahmayurveda (www.brahmayurveda.hu) by e-mail, telephone or in person, personally subscribes to a newsletter, uses a private health care service, or purchases a product.
Where this Notice uses the term Data Subject, it shall also apply to the Customer.
Brahmayurveda Center Kft. undertakes to ensure that the processing related to its services meets the requirements set out in this Notice and in all applicable legislation.
This Privacy Notice is available at http://www.brahmayurveda.com/
Company name: Brahmayurveda Center Korlátolt Felelősségű Társaság
Registered office: 1101 Budapest, Expo tér 5-7
Business site: 1065 Budapest, Podmaniczky utca 18, Ground Floor 2 (Brahmayurveda Center)
Branch: 2730 Albertirsa, Kossuth Lajos utca 2 (Brahmayurveda Guesthouse)
Company reg. no.: 01-09-355132
Tax number: 27344994-2-42
Represented by: Szidónia Világi, Managing Director independently
Phone number: + 36-70 396-9-668,
Website: www.brahmayurveda.com
Data Protection Officer: IDBC Creative Solutions Kft.
E-mail: adatkezeles@brahmayurveda.hu
(hereinafter: ‘Brahmayurveda’)
| Purpose of the processing: | Concluding, amending and terminating a contract for health and physical well-being improving services |
| Grounds for processing: | Performance of a contract for the provision of health care and physical well-being improving services (Article 6 (1) b) of the GDPR) The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) h) of the GDPR in addition to the above legal grounds. |
| Data subject categories: | Natural persons using health and physical well-being improving services, in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | Personal identification data (name, name at birth, date of birth, mother's name, gender) Contact data (address, postal address, telephone number, email address) Health data generated in connection with health care, physical well-being services, health status before and after treatments, recommended treatments and dietary supplements, name, date and time of requested service Social security number Existence of health fund membership/health insurance If the service is used by a minor, the scope of the processed data is expanded with the data of the legal representative indicated in the contract. Details of the guest category and loyalty card Notification settings set in the customer management system |
| Term of processing: | Medical records: 30 years from the recording of the data (Section 30 of the Act on the Processing of Health Data) Contact and other contractual data processed separately from the medical records: During the term of the contract concluded with the data subject/customer +5 years limitation period/deadline for claim enforcement. |
| Recipients: | In case of health fund membership/health insurance: Brahmayurveda transfers the personal identification and contact data to the health insurance company in order to provide the health service. |
| Purpose of the processing: | Provision of health and physical well-being services |
| Grounds for processing: | Performance of a contract for the provision of health care and physical well-being improving services (Article 6 (1) b) of the GDPR) The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) h) of the GDPR in addition to the above legal grounds. The provision of data to the Electronic Health Service Space (hereinafter: ‘EESZT’) maintained by the National Healthcare Service Center (hereinafter: ‘ÁEEK’) is necessary to fulfil the legal obligation of the Controller (Article 6 (1) c) of the GDPR), according to Act XLVII of 1997 and the Decree of the Minister of Human Capacities 39/2016 (21 December) EMMI. |
| Data subject categories: | Natural persons using health and physical well-being improving services, in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | Personal identification data (name, name at birth, date of birth, mother's name, gender) Contact data (address, postal address, telephone number, email address) Health data generated in connection with health care, physical well-being services, health status before and after treatments, recommended treatments and dietary supplements, name, date and time of requested service Social security number Existence of health fund membership/health insurance If the service is used by a minor, the scope of the processed data is expanded with the data of the legal representative indicated in the contract. |
| Term of processing: | Medical records: 30 years from the recording of the data (Section 30 of the Act on the Processing of Health Data) Contact and other contractual data processed separately from the medical records: During the term of the contract concluded with the data subject/customer + 5 years limitation period/deadline for claim enforcement. |
| Recipients: | Mandatory data supply to the EESZT maintained by the ÁEEK. |
| Purpose of the processing: | Enforcement of claims related to a contract for health and physical well-being improving services, and a contract for the adult education service |
| Grounds for processing: | Brahmayurveda's legitimate interest in enforcing claims (Article 6 (1) f) of the GDPR) Fulfilment of a legal obligation (Article 6 (1) c) of the GDPR) The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) f) of the GDPR in addition to the above legal grounds. |
| Data subject categories: | Natural persons using health and physical well-being improving services and adult education service, in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | a) For health and physical well-being improving services: Personal identification data (name, name at birth, date of birth, mother's name, gender) Contact data (address, postal address, telephone number, e-mail address) Health data generated in connection with health care, physical well-being services, health status before and after treatments, recommended treatments and dietary supplements, name, date and time of requested service Social security number Existence of health fund membership/health insurance If the service is used by a minor, the scope of the processed data is expanded with the data of the legal representative indicated in the contract. Details of guest category and loyalty card b) For the adult education service, personal data processed in connection with the processing of data relating to the adult education service, i.e. data relating to the person participating in the training and to the training – including the name, date and time of the training. |
| Term of processing: | Medical records: 30 years from the recording of the data (Section 30 of the Act on the Processing of Health Data) Contact and other contractual data processed separately from the medical records: During the term of the contract concluded with the data subject/customer + 5 years limitation period/deadline for claim enforcement. |
| Recipients: | In case of health fund membership/health insurance: Brahmayurveda transfers the personal identification and contact data to the health insurance company in order to provide the health service. |
| Purpose of the processing: | Provision of accommodation services |
| Grounds for processing: | The processing is necessary for the performance of a contract, in which the Data Subject is a party, or to take steps at the request of the Data Subject prior to the conclusion of the contract (Article 6 (1) b) of the GDPR). |
| Data subject categories: | Natural persons using the hotel services, in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | Personal identification data (e.g.: name, name at birth, date of birth) Contact data (address, telephone number, e-mail address) Special diet Date of commencement, expected and actual date of end of the use of the accommodation (including “no-show” status, if applicable) Booking code, room type, name and place of performance of service |
| Term of processing: | The duration of the processing is 5 years after the receipt of the request (limitation period) |
| Recipients: | The provision of data for the National Tourist Data Service Center (NTAK) is set out in section 3.14 as an independent data processing activity. |
| Purpose of the processing: | Providing care during the use of the accommodation |
| Grounds for processing: | The processing is necessary for the performance of a contract, in which the Data Subject is a party, or to take steps at the request of the Data Subject prior to the conclusion of the contract (Article 6 (1) b) of the GDPR). The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) h) of the GDPR in addition to the above legal grounds. |
| Data subject categories: | Natural persons using the hotel services, in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | Personal identification data (e.g.: name, name at birth, date of birth, gender) Contact data (address, telephone number, e-mail address) Special diet |
| Term of processing: | The duration of the processing is 5 years after the receipt of the request (limitation period) |
| Recipients: | Brahmayurveda does not transfer the personal data affected by this processing. |
| Purpose of the processing: | Providing services aimed at the provision of Ayurveda Lifestyle Training and/or Ayurvedic Masseur Training organised on the basis of an adult education contract |
| Grounds for processing: | The processing is necessary for the performance of a contract, in which the Data Subject is a party, or to take steps at the request of the Data Subject prior to the conclusion of the contract (Article 6 (1) b) of the GDPR). The content elements of the adult education legal relationship are provided for in Section 12/A-13/B of Act LXXVII of 2013 on Adult Education (hereinafter: ‘Adult Education Act’), while the content elements of the adult education contract are regulated in Section 21 of Government Decree 11/2020 (7 February) on the Implementation of the Adult Education Act. |
| Data subject categories: | Natural persons participating in adult education |
| Categories of personal data processed: | The natural personal identification data of the person participating in the training and, in connection with the issuance of the educational identification code, the educational identification code, e-mail address and data on the highest level of education. (Section 21 (1) a) of the Adult Education Act) The training-related data relating to the person's highest level of education, professional qualifications, skills and knowledge of a foreign language, entry into and completion of the training, or exit from the training, assessment and qualification during the training, payment obligations relating to the training and the training loan used. (Section 21 (1) b) of the Adult Education Act) The above data may be used for statistical purposes and transferred in a manner unsuitable for personal identification for statistical purposes, and may be transferred in a manner suitable for individual identification for statistical purposes to the Central Statistical Office free of charge to, and used. |
| Term of processing: | Until the last day of the eighth year from the conclusion of the adult education contract (Section 21 (5) of the Adult Education Act) |
| Recipients: | The adult education data supply system (Section 20/A of the Adult Education Act), based on the above legal provision, the vocational education and adult education module of the Public Education Registration and Scholastic System (NEPTUN KRÉTA) must be used; the KRÉTA system is owned by SDA Informatika Zrt. |
| Purpose of the processing: | Complaint processing |
| Grounds for processing: | Fulfilment of the legal obligation to process complaints (Article 6 (1) c) GDPR) pursuant to the Civil Code, the Consumer Protection Act and the Healthcare Act. |
| Data subject categories: | The natural persons using the service provided by the company and submitting a complaint based thereon, in the case of a minor, who is a user, their legal representative submitting the complaint. |
| Categories of personal data processed: | The personal identification data of the complainant provided in the complaint (typically: name, e-mail address, home address), as well as personal and, if applicable, health data included in the complaint, if the complaint is lodged orally via phone or by other means of electronic telecommunications, the unique identification number of the complaint. |
| Term of processing: | In the case of consumer protection complaints, the retention period of complaint report shall be 3 years. (Article 17/A(7) of the Consumer Protection Act) In the case of complaints related to the healthcare service, the retention period of the documents related to the complaint and its investigation shall be 5 years. (Article 29(4) of the Healthcare Act) |
| Recipients: | The authorities and courts specified in legislation, at their official request or invitation, in accordance with the law. In case the data subject submitted the complaint via the health fund with regards to the membership of the data subject, then personal data is transferred between the fund and Brahmayurveda and vice versa. |
| Purpose of the processing: | Contact |
| Grounds for processing: | The processing is necessary to take steps at the request of the Data Subject prior to the conclusion of the contract for the provision of health and physical well-being improving services and accommodation services (Article 6 (1) b) of the GDPR). |
| Data subject categories: | The natural persons using or intending to use the services provided by the company, in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | Name Telephone number E-mail address Personal data set out in the message Messenger ID based on the decision of the Data Subject |
| Term of processing: | During the term of the contract concluded with the Data Subject/Customer + 5 years limitation period/deadline for claim enforcement. If no contract is concluded, 5 years from the receipt of the request. |
| Joint Controller: | In the case of communication via Messenger, Facebook is considered the Joint Controller, see the relevant section of the list of Controllers. |
| Recipients: | Brahmayurveda does not transfer the personal data affected by this processing. |
| Purpose of the processing: | Newsletter service: marketing and business development, direct business acquisition, promotion of Brahmayurveda's services, facilitation of the use of its services, notification about current promotions, products, information and recommended diet, PR events. |
| Grounds for processing: | Consent of the Data Subject/Customer. Article 6 (1) a) of the GDPR and Section 6 (5) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities. |
| Data subject categories: | Data Subjects of adult age or the adult representatives of Data Subjects of minor age, who have subscribed to the Company's newsletter. |
| Categories of personal data processed: | Name E-mail address How the data subject heard about the Controller |
| Term of processing: | Until unsubscription/withdrawal of consent |
| Recipients: | Brahmayurveda does not transfer the personal data affected by this processing. |
| Purpose of the processing: | Operation of an electronic surveillance system |
| Grounds for processing: | The legitimate interest of Brahmayurveda in the protection of human life, physical integrity, personal liberty and property, the protection of hazardous materials, the protection of business, payment, banking and securities secrets and customer data (including personal data and health data), the protection of the property of the Controller and the property of those in the territory supervised by the Controller, as well as the continuous, safe operation of the Controller and the control of the work (Article 6 (1) f) of the GDPR). |
| Data subject categories: | The natural persons entering the Brahmayurveda Center and the Brahmayurveda Guesthouse. |
| Categories of personal data processed: | Image recording taken of the Data Subject, the behaviour of the Data Subject as seen in the image recording, and the time the image recording was taken |
| Term of processing: | In the absence of official or court use, 30 calendar days from its recording. |
| Recipients: | The camera recordings will be forwarded only to the authorities and courts specified by law, at their official request or order, in accordance with the law or for the purpose of initiating official proceedings. |
| Camera processing at the Controller's registered office: | It is not Brahmayurveda, but DoclerPro Kft., that operates a surveillance system on the premises of the Docler Office Building and the related outdoor properties located at the Controller's registered office. The Privacy Policy is available at the reception of the Docler Office Building. |
| Purpose of the processing: | The fulfilment of Brahmayurveda's legal obligations regarding the issuance of invoices and receipts. |
| Grounds for processing: | With regard to the data processed in connection with invoicing, the grounds for the processing is Article 6 (1) c) of the GDPR, with reference to Section 169 of Act C of 2000 on Accounting and Section 228 of Act CL of 2017 on Taxation, as well as Section 169 of Act CXXVII of 2007 on Value Added Tax. |
| Data subject categories: | The natural persons purchasing Brahmayurveda's products and using its services, and in the case of a minor, who is a user, their legal representative. |
| Categories of personal data processed: | The name and address (billing address) of the Customer/Data Subject, if necessary, the health insurance or health fund, where the Data Subject is a policyholder or member, the membership certificate number/member ID number of the fund/social security number, transaction authorization number, and the purchased product or service used. |
| Term of processing: | At least 8 years, in accordance with Section 169 of the Accounting Act. |
| Recipients: | The processed data is transferred by Brahmayurveda to the authorities and courts specified in legislation, upon their official request and order, in accordance with the law. In case the payment is made via the health fund, the invoice will be forwarded to the subject health fund. |
| Purpose of the processing: | Operation and moderation of Brahmayurveda's social media profiles (facebook and instagram), description of Brahmayurveda's services, continuous development of Brahmayurveda's services through the analysis of traffic data. |
| Grounds for processing: | The Data Subject's consent pursuant to Article 6 (1) a) of the GDPR, given by their activities on the social media profile of Brahmayurveda (writing an opinion or comment, reaction, sharing, etc.). Brahmayurveda's legitimate interest in the proper operation and moderation of its social media profiles pursuant to Article 6 (1) f) of the GDPR (e.g.: in the deleting of offensive posts). |
| Data subject categories: | The natural persons who view Brahmayurveda's social media sites, post a rating about it, post a reaction (like, etc.) to the posts shared on the social media sites, or share those posts. |
| Categories of personal data processed: | The name and any personal data that the Data Subject shares or publishes in a comment about themselves on the social media site and in relation to the social media profile of Brahmayurveda. |
| Term of processing: | Until consent is withdrawn or the entry/group is deleted |
| Recipients: | Brahmayurveda does not transfer the personal data affected by this processing. |
3.13.1. Web server
During the visit to the website maintained by the Controller, available at www.brahmayurveda.hu and www.brahmayurveda.com (hereinafter: ‘Website’), the web server does not log the user's activities, such processing does not take place.
3.13.2. Request for quotation
In case of concluding a contract, the personal data provided on the quotation request page of the Website or provided to us by e-mail or telephone is processed for the purposes specified in Sections 3.1-3.8 and 3.11 above. If the visit is cancelled, i.e. no contract is concluded between the parties based on the quotation request, the personal data are erased within 5 business days from the notification of the cancellation.
3.13.3. Cookie policy
The information regarding the cookies used on the websites www.brahmayurveda.hu and www.brahmayurveda.com shall be set out in the Cookie Policy of the Controller.
| Purpose of the processing: | Protection of the rights, safety and assets of the Data Subject and others, ensuring compliance with the provisions regarding stay and residence of third country nationals and persons with freedom of movement and of residence. |
| Grounds for processing: | Article 6 (1) c) of the GDPR – legal obligation to which Brahmayurveda is subject, in particular, Article 9/H of Act CLVI of 2016, Articles 7, 14 and 14/C of Government Decree No. 235/2019. (X. 15.). |
| Data subject categories: | Natural persons using the accommodation service provided by Brahmayurveda. |
| Categories of personal data processed: | a) family name and given name, birth family and given name, sex, nationality of the person using the accommodation service, mother’s birth family and given name, identifiers of the identification or travel document of the person using the accommodation service, in the case of third party nationals, number of the visa or residence permit, date and place of entry, b) address of the accommodation service, date of commencement, expected and actual date of end of the use of the accommodation |
| Term of processing: | Brahmayurveda shall process the above categories of personal data until the last day of the year following the year of recording, then the categories of personal data set out in subsection a) shall be erased and thereby the categories of personal data set out in subsection b) shall become anonymized. |
| Recipients: | The processed data is transferred by Brahmayurveda to the authorities and courts specified in legislation, upon their official request and order, in accordance with the law. |
Brahmayurveda shall, on the basis of statutory obligation, record the above categories of personal data concerning the data subject with the accommodation management software in the course of the check-in. The data subject shall, in the course of the check-in, produce their identification or travel documents to Brahmayurveda to allow the recording of personal data.
In case no identification or travel document is produced, Brahmayurveda shall refuse the provision of the accommodation service. The data not included in the identification or travel document produced shall not be recorded. The police may perform queries in the database of the National Touristic Data Service Center, and may request the forwarding of data processed by Brahmayurveda, for the purposes of law enforcement, crime prevention, the protection of public order, public security, the order of the state border, the rights, security and assets of the data subject and others, and to issue arrest warrants.
| Purpose of processing: | To reward the loyalty of data subjects to the services provided by the Controller and to ensure participation in the Brahma Loyalty Program (hereinafter: Program) operated by the Controller. The purpose of the Program is to enable the Controller to offer a discount to data subjects in proportion to the number of visits and the value of the services used, in accordance with the rules detailed in the Controller's General Terms and Conditions. |
| Grounds for processing: | The Controller's legitimate interest in offering discounts to returning customers based on the value of certain services previously used, thereby increasing customer satisfaction and turnover (Article 6 (1)(f) of GDPR) |
| Categories of data subjects: | Natural persons using health and physical well-being services, and in the case of minors, their legal representative. |
| Categories of personal data: | Name; Name and date of the service received; The value of the service received; Rate of discount |
| Duration of processing: | 1 year |
| Recipients: | The Controller uses a Processor for the operation of the reservation system it uses and for the proper functioning and management of the Programme. Details of the Processor: Altegio Europe Korlátolt Felelősségű Társaság (company registration number: 01-09-302414; tax number: 26110123-241; registered office: 1054 Budapest, Széchenyi István tér 7.) |
The Processors shall not use another data processor in the performance of their activities without the prior written ad hoc or general authorisation of Brahmayurveda. The Processors shall not make a substantive decision regarding processing, they shall process the personal data made known to them only in accordance with the provisions of Brahmayurveda, shall not process the data for their own purposes, and shall store and preserve the personal data in accordance with the provisions of Brahmayurveda. The Data Subjects may contact Brahmayurveda, as the Controller, in relation to the processing or may enforce their rights against it.
For the performance of appointment booking and customer management tasks related to our services we use the YClients customer management system provided by YCLIENTS HUNGARY Kft. (registered office: 1211 Budapest, II. Rákóczi Ferenc út 107-115. D. lház. 3. em. 9., company registration number: 01-09-302414, mailing address: 1211 Budapest, II. Rákóczi Ferenc út 107-115. D. lház. 3. em. 9., e-mail: info@yclients.hu, customer support hotline: +36 1 700 8108), which is accessible to our staff, including the contributing physician. The present privacy policy of Brahmayurveda Center Kft. is also accessible from Brahmayurveda’s YClients website. The data processor is involved in the following activities: performance of technical tasks related to the signing up, appointment booking service, user account, newsletter service, and other services available on the website of YClients. The technical tasks related to the operation of the system provided by the data processor are carried out by the following subprocessor: PELETINO LIMITED (registered office: 1066 Nicosia, Cyprus, 5 Themistocles Dervis Elenion Building, registration number: 370539, Cyprus).
The electronic invoices to be issued by Brahmayurveda are issued by Kulcs-Soft Nyrt. which provides the Kulcs-Soft service. Its Privacy Notice can be found at: https://www.kulcssoft.hu/adatvedelem.
Company name: Kulcs-Soft Nyilvánosan Működő Részvénytársaság
Registered office: 1016 Budapest, Mészáros utca 13.
Company reg. no.: 01-10-045531
Tax number: 13812203-2-41
E-mail: adatvedelem@kulcs-soft.hu
Docler Services Korlátolt Felelősségű Társaság (registered office: 1101 Budapest, Expo tér 57, company reg. no.: 01-09-186181, tax number: 24856984-2-42), as a Processor, participates in the bookkeeping of accounting documents based on a written contract concluded with the Controller. In doing so, the Processor processes the name and address of the Data Subject to the extent necessary for the accounting records, for a period corresponding to Section 169 (2) of the Accounting Act (at least 8 years), after which it erases them without any delay. The Privacy Notice of the Processor is available at https://www.doclerholding.hu/hu/imprint/#GDPR.
Our company uses a Processor to maintain and manage its website, which provides IT services (storage space and domain name services) and, within the framework of our contract with it, processes the personal data provided on the website. The operations performed by it include the recording, collection and storage of personal data on the server and their destruction.
The storage space service provider protects the data against damage, destruction, loss, alteration, access or disclosure by unauthorised persons, and against any other unauthorised processing methods.
These Processors are the following:
Company name: Webonic Kft.
Registered office: 8000 Székesfehérvár, Budai út 9-11
Company reg. no.: 07-09-025725
Tax number: 25138205-2-07
Bank account: OTP 11742001-29904501-00000000
The Privacy Notice of the storage space service provider, as Processor, is available at: https://www.webonic.hu/aszf, under Section 17.
Name: Docler Services S.à r.l.
Registered office: 44, Avenue John F. Kennedy L-1855 Luxembourg
Company registration number: B 207.465
VAT number: LU28676305
Website: www.doclerholding.com
The operation of the security camera system is performed by DoclerPro Kft. (registered office: 1101 Budapest, Expo tér 5-7, company reg. no.: 01-09-889799, tax number: 14119699-2-42), as Processor.
A sign and/or pictogram informs the Data Subjects at the entrances of the Brahmayurveda Center and the Brahmayurveda Guesthouse of camera processing. The Privacy Notice on camera processing is available at the reception of the Brahmayurveda Center and the Brahmayurveda Guesthouse.
The Customer/Data Subject may request that Brahmayurveda not erase the recordings until a court or authority has requested it, but for a maximum of 30 days if this is necessary to enforce the Data Subject's right or legitimate interest (e.g.: to uncover the circumstances of a possible crime).
If the Data Subject maintains contact with Brahmayurveda via Facebook Messenger, Meta Platforms, Inc. and Meta Platforms Ireland Limited (European registered office: Grand Canal Harbour, Grand Canal Square 4, Dublin 2, Ireland), as the provider of Messenger, is considered a Joint Controller. The erasure of the message exchange via Messenger can be done by the Data Subject in relation to their own account, with regard to the Brahmayurveda account, the message exchange via Messenger can be erased by Brahmayurveda at the request of the Data Subject. Apart from erasure, Brahmayurveda has no direct impact on the other features of the processing, it cooperates with Facebook upon request. The Privacy Notice of Facebook is available at: https://www.facebook.com/full_data_use_policy
If the data subject interacts with Brahmayurveda’s Facebook and/or Instagram social media profile (post a rating of the page, likes the page, likes a post, comments, shares, etc.), Meta Platforms, Inc. and Meta Platforms Ireland Limited (European registered office: Grand Canal Harbour, Grand Canal Square 4, Dublin 2, Ireland) , as the service provider for the Facebook and Instagram social media sites, is considered a Joint Controller. The rating, reaction, sharing, post, subscription, etc. can be erased or modified by the Data Subject themselves on the interface of the social media site. With respect to the other data processed, Brahmayurveda either proceeds itself or cooperates with Facebook, depending on what action it is authorised to perform in relation to the given personal data. The Privacy Notice of the Facebook social media site is available at: https://www.facebook.com/full_data_use_policy. The Privacy Notice of the Instagram social media site is available at: https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram%20Help& bc[1]=Privacy%20and%20Safety%20Center.
The Controller uses the TabLog software service to make the following legal declarations electronically: concluding a contract between the Data Subject and the Controller, the Data Subject's consent to the processing, consent to processing for marketing purposes. The TabLog service provider is Floor99 Proptech Fejlesztő Kft. (registered office: 9023 Győr, Körkemence u. 8, tax number: 26568526-2-08, company reg. no.: 08-09-030459), the Privacy Notice of which is available at: https://www.tablog.hu/hu/adatkezelesi-tajekoztato.
National Tourist Data Service Center (Nemzeti Turisztikai Adatszolgálató Központ, NTAK) shall act as the processor of Brahmayurveda on statutory grounds. NTAK is operated by Magyar Turisztikai Ügynökség Zrt. (registered office: 1027 Budapest, Kacsa u. 15-23; company registration no.: 01-10-041364; tax number: 10356113-2-43), the privacy notice is available at https://info.ntak.hu/adatkezelesi-tajekoztato (in Hungarian). The terms and conditions of the controller-to-processor relationship between Brahmayurveda and NTAK shall be set out in Article 14 of the Government Decree No. 235/2019. (X. 15.) en lieu of a data processing agreement.
The booking and CRM system used by the Controller is provided by Altegio Europe Korlátolt Felelősségű Társaság (company registration number: 01-09-302414; tax number: 26110123-241; registered office: 1054 Budapest, Széchenyi István tér 7.).
Instead of acting upon the instructions given by Brahmayurveda as processors, certain contractual partners of Brahmayurveda access personal data processed by Brahmayurveda on their own right, as controllers based on the agreement between Brahmayurveda and the partner. In this case, the responsibility of Brahmayurveda ends upon the transfer of personal data, since the partner is responsible for its own processing activities.
In order to use the private healthcare services and the services improving physical well-being, the health data of the Data Subjects are processed by a physician employed by Brahmayurveda.
The provision of data to the Electronic Health Service Space (hereinafter: ‘EESZT’) maintained by the National Healthcare Service Center (hereinafter: ‘ÁEEK’) takes place according to Act XLVII of 1997 and the Decree of the Minister of Human Capacities 39/2016 (21 December) EMMI, with this activity performed accordance with the law by the contributing physician, as an independent Controller.
If the data subject is a member of one of the following health funds, Brahmayurveda will issue the invoice for the service, indicating the details of both the health fund and the data subject, and the data content of the invoice will be extended accordingly. Brahmayurveda will forward the invoice to the health fund for settlement. If the data subject lodges a complaint against Brahmayurveda through the health fund, the health fund will contact Brahmayurveda to investigate and address the complaint. Brahmayurveda will transfer to the health fund the personal data necessary for the investigation and handling of the complaint.
The health insurance funds contracted with Brahmayurveda:
OTP Országos Egészség- és Önsegélyező Pénztár (registered office: 1138 Budapest, Váci út 135-139., registration number: 01-04-0000237, VAT number: 18105564-2-41, website: https://www.otpegeszsegpenztar.hu/).
PRÉMIUM Önkéntes Egészség- és Önsegélyező Pénztár (registered office: 1138 Budapest, Dunavirág utca 2–6., registration number: 01-04-0000240, VAT number: 18177734-2-41, website: https://premiumegeszsegpenztar.hu/).
MBH Gondoskodás Egészség- és Önsegélyező Pénztár (registered office: 1134 Budapest, Váci út 23-27., registration number: 01-04-0000198, VAT number: 18232761-1-41, website: https://www.mbhep.hu/)
In order to make the processing of the personal data as secure as possible, Brahmayurveda or its contracted physician partner, as Processor, only collects health data from the Data Subject in person, in a paper-based form. Therefore, we ask our Customers not to send us health data or documents containing health data by e-mail or by post.
The recordings recorded by the security camera system are stored exclusively by Brahmayurveda Center Kft. on servers located in a locked room, with enhanced data security measures. Unauthorised persons may not access the recordings, only the authorised employees and contributors of Docler Services Kft. and Brahmayurveda, to the extent necessary for the performance of their duties.
During the period of processing, you have the following rights:
The Data Subject may request information from the Controller on the processing of their personal data within the period of processing. The Controller shall inform the Data Subject in writing, in a comprehensible form, as soon as possible after the submission of the request, but not later than within 25 days, of the processed data, the purpose, legal ground and duration of the processing and, if the data were transferred, of the recipients of the data and the purpose for their transfer, and whether the Controller provided access thereto to a third party.
The information shall be provided by Brahmayurveda free of charge, but Brahmayurveda may charge a reasonable fee (proportionate to the administrative costs) or choose not to comply with a request for information, which is clearly unfounded or repetitive in nature. Brahmayurveda draws the attention of the Data Subjects to the fact that their right to information can be exercised either in writing (by e-mail) or in person.
The Data Subject has the right to receive notification from the Controller regarding whether or not their personal data are being processed, and if they are, the Data Subject has the right to access their personal data and the following information:
The Data Subject may request the issuance of a copy of their personal data, in return for which Brahmayurveda may charge a reasonable fee (proportionate to the administrative costs).
The Data Subject may request to receive the personal data concerning them, and provided to the Controller, in a structured, commonly used and machine-readable format, and shall have the right to transfer those data to another controller without hindrance from the Controller to which the personal data were provided if:
Brahmayurveda fulfils its obligations regarding these rights of the Data Subject by respecting the rights of others and its own rights (especially the right to the protection of trade secrets and intellectual property) and accordingly does not pass on data containing trade secrets (e.g.: details of processing) to the Data Subject.
If the Data Subject becomes aware that any of their personal data (in particular, e.g.: contact details, e-mail address, telephone number) processed by Brahmayurveda and stored in its registration systems is incorrect (e.g.: due to misspelling) or incomplete, then, according to their request sent to the contact details specified in Section 3, Brahmayurveda shall supplement their incomplete personal data and rectify their incorrect data in its registration systems.
The Controller shall comply with their request for rectification without undue delay and at the latest within 3 business days.
At the contact details provided in Section 3, the Data Subject may request a restriction on the processing of their personal data, in which case Brahmayurveda may only store their personal data without using it or performing any further processing operation (e.g.: transfer, erasure); the latter may take place during the restriction only if the Data Subject consents to them or they are necessary for the submission, enforcement and defence of a legal claim or the protection of the rights of a third party, the European Union or an important public interest of an EU Member State.
They can request a restriction on processing if
The Data Subject may request that the Controller block the personal data if the final erasure of the data would harm the Data Subject's legitimate interests. The personal data blocked in this way may only be processed for as long as the purpose, which precluded the erasure of the personal data, exists.
The Data Subject has the option to request the erasure of their personal data, which the Controller shall comply with without undue delay, but no later than within 3 business days. The right to erasure does not extend to cases where the Controller is obliged by law to continue storing the data (e.g.: in connection with invoicing).
The Data Subject has the right to withdraw their consent to the processing at any time, which, however, does not affect the lawfulness of the processing performed prior to the withdrawal. If the Data Subject withdraws their consent to the processing and
then, according to their request sent to the contact details specified in Section 3, Brahmayurveda shall permanently erase their personal data and copies thereof from its registration systems and destroy them.
The Data Subject shall have the right to object to the processing of their personal data, including profiling, at any time for reasons related to their situation, if the processing is necessary for the performance of a task in the public interest or to perform a task in the exercise of official authority vested in the Controller, or the processing is necessary to protect the legitimate interests of the Controller or of a third party. In such a case the Controller shall no longer process the personal data unless the they demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the Data Subject or which relate to the submission, enforcement or defence of legal claims.
The Controller shall review the objection within the shortest possible time or within no more than 3 business days following the submission of the request, shall make a decision on its merits and shall notify the Data Subject in writing of its decision. If the Data Controller does not comply with the Data Subject's request for rectification, blocking or erasure, it shall notify the factual and legal reasons for rejecting the request for rectification, blocking or erasure in writing, or with the consent of the Data Subject, electronically, within 25 days of the receipt of the request.
The Data Subject may submit their application or request for the exercising of their rights relating to the processing detailed above at the contact details specified in Section 3.
Please provide at least two pieces of personal data in your request that will allow Brahmayurveda to identify you (e.g.: name and phone number, name and e-mail address). You can make your request or remark verbally, in person, however, Brahmayurveda will always provide a written reply (primarily in the form of your choice, failing which Brahmayurveda will respond electronically by e-mail or in a paper-based form, by post). Please indicate in your written request (by e-mail or on paper) the form in which you would like to receive a reply (e.g.: electronically by e-mail or in a paper-based form, in person), otherwise the reply will be sent to the Data Subject by Brahmayurveda in the form corresponding to the form of your request. Brahmayurveda will provide a substantive response to your application or request regarding the processing within 30 days of receipt, or in exceptional cased (e.g.: due to the complexity of the request) within 60 days. In the latter case, it shall, within 1 month of the receipt of the request, inform you separately of the extension of the time limit for the reply and the reasons therefor.
In the case of the services provided by Brahmayurveda, the performance of the service contract provides a legal ground for the processing, therefore the processing does not require separate parental consent. Other related processing (invoicing, claim enforcement, security camera processing, etc.) is also not based on the Data Subject's consent. Only our newsletter service is based on the consent of the Data Subject. In the case of a Data Subject, who is minor, the adult representative of the minor Data Subject is entitled to subscribe to our newsletter service.
Brahmayurveda does not provide information society services directly to children, nor does it perform automated decision-making and profiling. The terms and conditions of Facebook registration and use govern communication via Messenger and the processing of data related to the social media sites, as a user account with the service provider is required to use these services.
The general data subject rights (right to information, access, rectification, restriction, data portability, objection or legal remedy) apply to the child individually and jointly with the parent. Where appropriate, Brahmayurveda may also request a declaration from the parent entitled to make a declaration of rights (e.g.: when exercising the right to erasure). These requests must be considered on a case-by-case basis, taking into account all the circumstances of the case.
Brahmayurveda Kft. reserves the right to amend this Privacy Notice at any time, especially in case of introduction of new processing or changes in the processing already in progress. Following the amendment of the Privacy Notice, all Customers/Data Subjects must be informed in an appropriate manner (newsletter, pop-up window upon login, displayed at their registered office). By continuing to use the service, the Customers/Data Subjects acknowledge the changed processing rules, with no further consent required. If you have any questions or comments regarding the processing or the contents of this Notice, please send them to the adatkezeles@brahmayurveda.hu e-mail address.
For all questions relating to the processing and the exercising of the rights detailed above, as well as in response to Brahmayurveda's processing questions and inquiries, the Data Subject may contact Brahmayurveda Kft. at the following contact details:
Data Protection Officer: IDBC Creative Solutions Kft.
E-mail address: adatkezeles@brahmayurveda.hu
Mailing address: 1101 Budapest, Expo tér 5-7
The Data Subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NADPFI) (registered office: 1055 Budapest Falk Miksa utca 9-11, http://naih.hu, e-mail: ugyfelszolgalat@naih.hu, postal address: 1363 Budapest, P.O. Box: 9, phone number: +36 (1) 391-1400, fax: +36 (1) 391-1410) regarding the processing performed by Brahmayurveda.
In addition to the above, the Data Subject may enforce their rights before a court pursuant to the GDPR, the Infotv. and the effective Civil Code. The Data Subject may bring proceedings before the general court competent according to their habitual place of residence.
This Privacy Notice enters into effect on the date of signature. Dated in Budapest on the 13th day of January 2025
Szidónia Világi
Managing Director
Try the healing magic of India in downtown Budapest!
Brahmayurveda Center
1065 Budapest, Podmaniczky street 18.
+36 30 223 4062
Retreat house
2730 Albertirsa, Kossuth Lajos street 2.
+36 70 396 9668
Newsletter
Sign up to our monthly newsletter to receive the latest news.
