Gallery

GENERAL TERMS AND CONDITIONS BRAHMAYURVEDA CENTER KFT.

I. General provisions

The present General Terms and Conditions (hereinafter: GTC) serve for setting out the rules – in a consolidated format – of services provided by Brahmayurveda Center Korlátolt Felelősségű Társaság (company registration number: 01-09355132; Tax no.: 27344994-2-42; registered office: 1101 Budapest, Expo tér 5-7; hereinafter: Company) at its branch office operating at 2730 Albertirsa, Kossuth Lajos utca 2.

II. Terms

Company: The Company provides the following information regarding the details of the Company under Act CLV of 1997 on Consumer Protection:

Name: Registered office:

Web address:

Phone number:

Brahmayurveda Center Korlátolt Felelősségű Társaság 1101 Budapest, Expo tér 5-7

Kezdőlap

+36 30 255 2508

1

Place of management of complaints:

1065 Budapest, Podmaniczky u. 18 2730 Albertirsa, Kossuth Lajos u. 2

Electronic mailing address:

panasz@brahmayurveda.com adatkezeles@brahmayurveda.hu info@brahmayurveda.com

“Consumer” shall mean any natural person who is acting for purposes of purchasing, ordering, receiving and using goods which are outside their trade, business or profession, or who is the target of any representation or commercial communication directly connected with a product.

“Complaint” shall mean a request for redress for a violation of an individual right or interest, which is not subject to any other procedure, in particular judicial or administrative. A complaint may also contain a proposal.

“Service” shall mean, with the exception of the sale of products, immovable property and rights, any activity carried out for consideration aimed to achieve a certain result or performance, or to engage in some similar forms of conduct with a view to satisfying the needs of the customer or employer.

“Conciliation Body” shall mean a body registered by the organ (person) provided for in the Consumer Protection Act, established on a long-term basis for the purpose of resolving consumer disputes within the framework of alternative dispute resolution procedures.

III. General terms and conditions
The rules for using our services are summarized below.

1. Reservation

All our services can be booked in person or by phone (+36 30 223 4062). These reservations will be confirmed to our guests by email or SMS.

In addition, our Company also offers the possibility to book appointments electronically. It is possible to book an appointment with Krishna Kumar exclusively for consultation, control and Vedic astrology electronically on the Company’s website.

Our services are primarily based on a personalized treatment program. As a result, each treatment must be preceded by a preliminary assessment, where our Ayurvedic healers will tailor a targeted and recommended treatment program.

Without a prior assessment and a treatment plan, we only offer the following services: massages except partial treatments.

2

2. Participation in treatments and consultations

Our guests are required to arrive at least 5-10 minutes before each appointment. If the Consumer arrives late for a treatment, the duration of the treatment will be shortened by the length of the delay.

Our Company expressly reserves the right to refuse to provide the service if the Guest has been found to be drunk or intoxicated.

All Guests are required to notify us in advance if there has been a significant change in their medical condition since the consultation, or if they are pregnant, undergoing surgery, skin disease, open wound, treatment (chemo, radiation).

Our guests are required to declare any food allergies or intolerances in advance.

Our guests are required to present their identity documents (identity card or photographic driving license, address card, passport) when checking in at the Retreat House.

Our guests must comply with the House Rules of the Retreat House during their stay in the Retreat House.

3. Payment and cancellation
Payment for treatment programs can be made on each occasion or in advance. We are not able to provide a cash refund as a result of a treatment cancellation.

4. Purchase of gift cards

Our gift cards can be purchased in specified denominations and redeemed for a year either at our Budapest headquarters or at the Brahmayurveda Retreat House in Albertirsa. Gift cards can only be purchased in person. Gift cards can only be redeemed for our human health services (consultations, follow up examinations, treatments (massages), but not for our products or other services (including, but not limited to light chiropractic, astrology, yoga and mediation). They cannot be redeemed for cash.

3

IV.Brahma Loyalty Program

1. Purpose of the Program
The Brahma Loyalty Program (hereinafter: “Program”) is a bonus collecting customer loyalty program organized by the Company, whereby Consumers (hereinafter: “Consumer” or “Program Member”) can earn a bonus amount (hereinafter: “Bonus”) that can be used for purchases up to a certain amount after using our services. The accrued rebates under the Program may be applied to subsequent purchases prior to the transaction at the specific request of the Program Member. The collected discounts can be used for later purchases at the request of the Program member prior to the transaction.

2. Terms and Conditions of Participation
Participation in the Program is not subject to registration and the Bonus will be credited to the Program Member’s profile after the first purchase of the Program Member – irrespective of age – if requested either after notification on social platforms (Instagram, Facebook, Company’s newsletter) or if the Company informs verbally the Program Member about it.

Please note that we will inform you separately about the amount of the bonus and discounts collected during the participation in the Program before each purchase. Accordingly, all Program Members will be able to declare the amount of the discount they wish to claim and the amount of the discount they wish to claim prior to the purchase.

If a Program Member is a minor under the age of 18 (eighteen) with limited legal capacity, the minor’s legal representative must give his/her verbal or written consent to the use of the discount. There is no extra charge for participation in the program.

3. Claiming of the Bonus
The Bonus shall only be redeemed in accordance with the present GTC. The Bonus is not convertible, has no cash value and cannot be redeemed for cash or vouchers.
The Bonus will be credited in a banded system. The Bonus will be calculated as a percentage of the Bonus, depending on the achievement of the thresholds set out in these rules. The Bonus will be

4

credited for each valid transaction as set out in the table below and will be available for use on the purchase following the crediting. The discount is calculated on the basis of the total amount invoiced for each purchase, based on the service and product purchased. The amount of previous purchases will not be taken into account when crediting bonus points.

Amount of minimum (HUF)

5.000 30.001 50.001

Amount of maximum (HUF)

30.000 50.000 –

Amount of Bonus %

1 3 5

Only one discount can be credited per purchase. If the amount of the earned bonus is not used during the purchase, the amount of the new Bonus will be increased by the amount of the newly earned Bonus credited during each visit.

The Bonus will accordingly be an amount equal to a specified percentage of the value of the purchase.

Example of a calculation:
“The Consumer purchases products at the Company’s Budapest site in the amount of HUF 10,000.00 after the bonus program is launched. Accordingly, the Company will credit the Consumer with 1% of the gross value of the purchase, which is HUF 100. Then the consumer makes a second purchase in the amount of HUF 20.000. Before the payment of the total amount of the second purchase, the Company’s representative will ask the Consumer whether or not he/she wishes to use the previously acquired bonus of HUF 100.

– If yes, the value of the purchase will be reduced by the amount of the bonus. The Consumer will then be credited with a bonus (199 Ft., which is equal to 1% of HUF 19.900) for the amount reduced by the bonus.
– If no, the bonus amount will be increased by a further HUF 200 (which is equal to 1% of HUF 20,000).”

5

The bonus amount can only be credited to full-priced products or services, the crediting of the discount cannot be combined with any other discount, nor can it be combined with any other promotions.

Please note that the Company is not able to retroactively apply the discount after the purchase.

4. Bonus Balance

Program Members can check the current balance of the collected bonus before each purchase by means of a separate communication from the Company. Accordingly, all Program Members will be able to state the discount they wish to claim prior to the purchase.

5. Period of Validity

Our Program Members may use the credited Bonus within 1 (one) calendar year, after which the Bonus cannot be validly used, and the unused amount will be automatically deleted from the records. Bonus may be collected and used at the following premises operated by the Service Provider for all available full-priced services and products:

  • 1065 Budapest, Podmaniczky u. 18.

  • 2730 Albertirsa, Kossuth Lajos u. 2.

    6. Prohibition of Transfer

    The Bonus may not be transferred to a third party, nor may the Program Member give the Bonus away or otherwise transfer it.

7. Termination of Membership of the Program

The Program Member may request the termination of his/her participation in the Program at any time during the Program period without giving any explanation.

The Program Member may request the termination of his/her participation in the Program by sending a message to the Company’s telephone number or e-mail address or by visiting any of the Company’s premises during business hours.

Upon receipt of a request for termination, the Company will immediately delete the Program Member and the credited and claimable Bonus from the Program’s register.

6

8. Amendments

The Company reserves the right to terminate the Program in its entirety and to withdraw if from individual Programme Members. The Company also reserves the right to unilaterally modify the value or percentage of the Bonus, provided that no retroactive change will be made.

The Company will notify the Program Members of any change to the revised Terms and Conditions on the Company’s website and will also provide verbal information at the time of purchase following the change.

V. Provisions on complaint handling

1. Purpose of the Rules

The provisions on complaint handling contained in the present GTC (hereinafter referred to as the “Rules”) serve for setting out – in a consolidated format – the principles and procedures for handling complaints that may arise as a result of the services provided by Brahmayurveda Center Korlátolt Felelősségű Társaság and to clearly inform consumers thereof.

2. Principles of complaint handling

The Company’s express aim is to investigate all complaints fully, taking into account the consumer interests, and to provide feedback to the Consumer as soon as possible.

The Company will endeavor to resolve any disputes and complaints primarily through amicable means. During the investigations, the Company will explicitly strive to maintain equal treatment and to protect the personal data processed and to handle them in a discreet manner.

3. Scope of the Rules

These Rules apply to all written or verbal communications that constitute a complaint under Act CLV of 1997 on Consumer Protection.

4. Handling and investigating complaints

The Consumers are hereby informed that they may make a complaint verbally or in writing to the Company about the conduct, activity or omission of the Company or any person acting in the interest

7

of or on behalf of the Company directly related to the marketing or sale of goods to consumers, as follows.

Consumers have the option to make a complaint in Hungarian or English. a. Verbal complaint

The Company will investigate the verbal complaint immediately and, if possible, remedy it on the spot as necessary.

If the Consumer does not agree with the handling of the complaint or if it is not possible to investigate the complaint immediately, the Company shall immediately take a record of the complaint and its position on it.

b. Written complaint
A written complaint may be submitted to the Company at any of the following addresses:

Email address: panasz@brahmayurveda.com Phone number: +36 30 255 2508

In your complaint, please try to fully describe the facts of the case you are complaining about so that the complaint can be investigated as soon as possible.

The Company will reply to the written complaint within 30 days of receipt in writing in a substantively verifiable manner and will arrange for its communication.

Consumers are hereby informed that they have the right to turn to the competent conciliation body in their place of residence or domicile in the event of a dispute with our Company.

It falls within the competence of the conciliation body to settle consumer disputes out of court. The conciliation body’s task is to attempt to reach an agreement between the parties to resolve the consumer dispute and, if this is unsuccessful, to rule on the case in order to ensure that consumer rights are enforced in a simple, quick, efficient and cost-effective manner. The conciliation body

8

shall, at the request of the consumer or the business, advise on the rights and obligations of the consumer.

The county conciliation bodies can be found at the following link: https://bekeltetes.hu/udvozlo

Conciliation bodies are available in all counties, and the following conciliation bodies can be reached in the immediate vicinity of the Company’s service locations indicated in Clause II:

– Budapest Conciliation Body
o mailing address: 1016 Budapest, Krisztina krt. 99. o email address: bekelteto.testulet@bkik.hu
o phone number: 06-1-488-2131
o web address: bekeltet.bkik.hu

– Pest County Conciliation Body
o mailing address: 1055 Budapest, Balassi Bálint utca 25. IV/2. o e mail address: pmbekelteto@pmkik.hu
o phone number: 06-1-792-7881
o web address: www.pestmegyeibekelteto.hu

In addition, Consumers have the possibility to lodge a complaint with the following bodies:

– –

VI.

filing a lawsuit with the competent court;
Consumer Protection Authority (Fogyasztóvédelmi Hatóság) (in case of infringement of the law); contact: https://fogyasztovedelem.kormany.hu/#/nyitolap

Product complaints

The Company provides the following information in relation to the warranty and product guarantee rights:

1. Warranty rights
In which case can you exercise your warranty rights?

In the event of defective performance by the Company, you may assert a claim against the Company under the rules of the Civil Code.

9

What rights are you entitled to based on your warranty claim?

You can – at your option – assert the following warranty claims:

You can request either repair or replacement, unless compliance with the chosen warranty right is impossible or it results in disproportionate expenses on the part of the Company as compared to the alternative remedy. If you did not or could not ask for repair or replacement, you can request a commensurate reduction in the consideration, or you can repair the defect yourself or have it repaired at the Company’s expense, or – as a last resort – you can also withdraw from the contract. You are entitled to switch from the warranty right you have selected to another, however, the cost of the switch-over shall be covered by you, unless it was justified, or made necessary by the Company’s conduct.

What is the deadline for asserting your warranty claim?

You are obliged to report the defect immediately after discovering it, but no later than within two months of discovering the defect. However, I would like to draw your attention to the fact that you can no longer enforce your warranty rights beyond the two-year limitation period from the performance of the contract.

Who can you bring your warranty claim against?
You can bring your warranty claim against the Company.
What additional conditions are there for exercising your warranty rights?

Within one year from the date of performance, there are no additional conditions for exercising your warranty rights other than reporting the defect, provided that you prove that the goods or services were provided by the Company. However, after one year from the date of performance, you must prove that the defect which you have discovered existed at the time of performance.

2. Product guarantee
In which cases can you exercise your product guarantee rights?

10

In the event of a defect in a movable item (product), you may, at your option, exercise your rights under Clause 1 or make a product guarantee claim.

What rights do you have under your product guarantee claim?

As a product guarantee claim, you can only ask for the defective product to be repaired or replaced.

In which cases is the product considered to be defective?

A product is defective if it does not meet the quality requirements in force when it was placed on the market or if it does not have the characteristics described by the manufacturer.

What is the deadline for making a product guarantee claim?

You have two years from the date on which the product was placed on the market by the manufacturer to assert a product guarantee claim. After this period, you will lose this right.

Who can you bring your product guarantee claim against and what additional conditions are there for it?

You can only enforce your product guarantee claim under against the manufacturer or distributor of the movable item. You must prove that the product is defective in order to make a product guarantee claim.

In what cases is the manufacturer (distributor) exempt from product warranty obligation?

The manufacturer (distributor) shall only be relieved of the product guarantee obligation if able to prove that:

  • –  it manufactured or placed the product on the market in the course of operations other than in the course of its business activity;

  • –  the state of scientific and technical knowledge at the time when the product was placed on the market was not such as to enable the existence of a defect to be discovered; or

  • –  the defect in the product was caused by the application of a regulation or a regulatory provision prescribed by the authorities.

    It is sufficient for the manufacturer (distributor) to prove one reason to be exempted.

    11

Please note that due to the same defect, you cannot assert a warranty claim and a product guarantee claim at the same time, parallel to each other. However, if your product guarantee claim is successful, you may assert your warranty claim against the manufacturer for the replaced product or repaired part.

VII. Final provisions
In matters not regulated in the present GTC, primarily the provisions of Act V of 2013 shall apply.
Dated: Budapest, February 2, 2024

Brahmayurveda Kft.
Company
Represented by:
Világi Szidónia
Managing Director

Privacy Policy

Brahmayurveda Center Korlátolt Felelősségű Társaság

Effective as of: 2nd of February 2024

The following information contains the criteria for the activities of the Brahmayurveda Center Korlátolt Felelősségű Társaság (hereinafter: ‘Brahmayurveda’) in relation to the processing of personal data concerning you.

1. Definitions

Personal data: any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Special category of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation.

Health data: all data relating to the physical and mental condition of a natural person, as well as all data relating to their state of health in connection with the health care they have received.

Data Subject: an identified or identifiable natural person.

Processing: any operation or totality of operations on data, regardless of the procedure used, in particular the collection, recording, registration, organisation, storage, alteration, processing, querying, utilisation (including transfer and disclosure), coordination or linking of personal data, as well as the blocking, erasure and destruction of personal data. Processing includes the production of photographs, voice or image recordings and the recording of physical characteristics suitable for personal identification (e.g.: finger or palm print, DNA sample and iris images);

Controller: any person who performs the processing, determines the purpose of the processing, makes and implements decisions on the processing (including the tools used), or implements them through the processor.

Processing: performance of the technical tasks related to processing operations, regardless of the method and means used to perform the operations and the place of application.

Data transfer: where the data is made available to specific third parties; Disclosure: where data is made available to everyone.

Processor: the natural or legal person or organisation without legal personality performing the processing of personal data on behalf of the Controller;

1

Data erasure: rendering the data unrecognisable in a manner that their recovery is no longer possible.

Automated data file: a series of data to be processed automatically.

Automatic processing: includes the following operations when performed through partially or fully automated means: storage of data, logical or arithmetic operations on data, alteration, erasure, retrieval and distribution of data.

Customer: a natural person, who requests an appointment at Brahmayurveda (www.brahmayurveda.com) by e-mail, telephone or in person, personally subscribes to a newsletter, uses a private health care service, or purchases a product.

Where this Notice uses the term Data Subject, it shall also apply to the Customer.

2. The Controller

Brahmayurveda Center Kft. undertakes to ensure that the processing related to its services meets the requirements set out in this Notice and in all applicable legislation.

This Privacy Notice is available at http://www.brahmayurveda.com/

Company name: Brahmayurveda Center Korlátolt Felelősségű Társaság
Registered office: 1101 Budapest, Expo tér 5-7
Business site: 1065 Budapest, Podmaniczky utca 18, Ground Floor 2 (Brahmayurveda Center) Branch: 2730 Albertirsa, Kossuth Lajos utca 2 (Brahmayurveda Guesthouse)
Company reg. no.: 01-09-355132
Tax number: 27344994-2-42
Represented by: Szidónia Világi, Managing Director independently
Phone number: + 36-70 396-9-668,
Website: www.brahmayurveda.com
Data Protection Officer: IDBC Creative Solutions Kft.
E-mail: adatkezeles@brahmayurveda.hu
(hereinafter: ‘Brahmayurveda’)

3. During which activities does Brahmayurveda process personal data?
3.1. Administration relating to a contract for health and physical well-

being improving services.

Purpose
processing:
Grounds for processing:

Concluding, amending and terminating a contract for health and physical well-being improving services
Performance of a contract for the provision of health care and physical well-being improving services (Article 6 (1) b) of the GDPR)

The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is

of the

2

Data subject categories:

Categories of personal data processed:

governed by Article 9 (2) h) of the GDPR in addition to the above legal grounds.
Natural persons using health and physical well-being improving services, in the case of a minor, who is a user, their legal representative.

Personal identification data (name, name at birth, date of birth, mother’s name, gender)
Contact data (address, postal address, telephone number, e- mail address)

Health data generated in connection with health care, physical well-being services, health status before and after treatments, recommended treatments and dietary supplements, name, date and time of requested service

Social security number
Existence of health fund membership/health insurance
If the service is used by a minor, the scope of the processed data is expanded with the data of the legal representative indicated in the contract.
Details of the guest category and loyalty card
Notification settings set in the customer management system Medical records: 30 years from the recording of the data (Section 30 of the Act on the Processing of Health Data)

Contact and other contractual data processed separately from the medical records: During the term of the contract concluded with the data subject/customer +5 years limitation period/deadline for claim enforcement.

In case of health fund membership/health insurance: Brahmayurveda transfers the personal identification and contact data to the health insurance company in order to provide the health service.

Term of processing:

Recipients:

3.2. Provision of health and physical well-being services

Purpose
processing:
Grounds for processing:

Provision of health and physical well-being services

Performance of a contract for the provision of health care and physical well-being improving services (Article 6 (1) b) of the GDPR)
The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) h) of the GDPR in addition to the above legal grounds.

The provision of data to the Electronic Health Service Space (hereinafter: ‘EESZT’) maintained by the National Healthcare Service Center (hereinafter: ‘ÁEEK’) is necessary to fulfil the legal obligation of the Controller (Article 6 (1) c) of the GDPR), according to Act XLVII of 1997 and the Decree of the Minister of Human Capacities 39/2016 (21 December) EMMI.

of the

3

Data subject categories:

Categories of personal data processed:

Natural persons using health and physical well-being improving services, in the case of a minor, who is a user, their legal representative.
Personal identification data (name, name at birth, date of birth, mother’s name, gender)

Contact data (address, postal address, telephone number, e- mail address)
Health data generated in connection with health care, physical well-being services, health status before and after treatments, recommended treatments and dietary supplements, name, date and time of requested service

Social security number
Existence of health fund membership/health insurance
If the service is used by a minor, the scope of the processed data is expanded with the data of the legal representative indicated in the contract.
Medical records: 30 years from the recording of the data (Section 30 of the Act on the Processing of Health Data) Contact and other contractual data processed separately from the medical records: During the term of the contract concluded with the data subject/customer + 5 years limitation period/deadline for claim enforcement.
Mandatory data supply to the EESZT maintained by the ÁEEK.

Term of processing:

Recipients:
3.3. Enforcement of claims relating to a contract

of the Grounds for processing:

Data subject categories:

Categories of personal data processed:

Enforcement of claims related to a contract for health and physical well-being improving services, and a contract for the adult education service
Brahmayurveda’s legitimate interest in enforcing claims (Article 6 (1) f) of the GDPR)

Fulfilment of a legal obligation (Article 6 (1) c) of the GDPR) The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) f) of the GDPR in addition to the above legal grounds.

Natural persons using health and physical well-being improving services and adult education service, in the case of a minor, who is a user, their legal representative.
a) For health and physical well-being improving services:

Personal identification data (name, name at birth, date of birth, mother’s name, gender)
Contact data (address, postal address, telephone number, e-mail address)

Health data generated in connection with health care, physical well-being services, health status before and after treatments, recommended treatments and dietary supplements, name, date and time of requested service Social security number

Purpose processing:

4

Term of processing:

Recipients:

Existence of health fund membership/health insurance If the service is used by a minor, the scope of the processed data is expanded with the data of the legal representative indicated in the contract.

Details of guest category and loyalty card
b) For the adult education service, personal data processed in connection with the processing of data relating to the adult education service, i.e. data relating to the person participating in the training and to the training – including the name, date and time of the training.
Medical records: 30 years from the recording of the data (Section 30 of the Act on the Processing of Health Data) Contact and other contractual data processed separately from the medical records: During the term of the contract concluded with the data subject/customer + 5 years limitation period/deadline for claim enforcement.
In case of health fund membership/health insurance: Brahmayurveda transfers the personal identification and contact data to the health insurance company in order to provide the health service.

3.4. Accommodation

Purpose of the processing:
Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

Provision of accommodation services

The processing is necessary for the performance of a contract, in which the Data Subject is a party, or to take steps at the request of the Data Subject prior to the conclusion of the contract (Article 6 (1) b) of the GDPR).

Natural persons using the hotel services, in the case of a minor, who is a user, their legal representative.
Personal identification data (e.g.: name, name at birth, date of birth)

Contact data (address, telephone number, e-mail address) Special diet
Date of commencement, expected and actual date of end of the use of the accommodation

The duration of the processing is 5 years after the receipt of the request (limitation period)
The provision of data for the National Tourist Data Service Center (NTAK) is set out in section 3.14 as an independent data processing activity.

3.5. Providing care during the use of the accommodation and/or the adult education service

Purpose of the Providing care during the use of the accommodation processing:

5

Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

The processing is necessary for the performance of a contract, in which the Data Subject is a party, or to take steps at the request of the Data Subject prior to the conclusion of the contract (Article 6 (1) b) of the GDPR).

The processing of special categories of personal data, in so far as this is necessary for the performance of the contract, is governed by Article 9 (2) h) of the GDPR in addition to the above legal grounds.

Natural persons using the hotel services, in the case of a minor, who is a user, their legal representative.
Personal identification data (e.g.: name, name at birth, date of birth, gender)

Contact data (address, telephone number, e-mail address) Special diet
The duration of the processing is 5 years after the receipt of the request (limitation period)
Brahmayurveda does not transfer the personal data affected by this processing.

3.6.Providing adult education services

Purpose of the processing:

Grounds for processing:

Data subject categories: Categories of personal data processed:

Providing services aimed at the provision of Ayurveda Lifestyle Training and/or Ayurvedic Masseur Training organised on the basis of an adult education contract
The processing is necessary for the performance of a contract, in which the Data Subject is a party, or to take steps at the request of the Data Subject prior to the conclusion of the contract (Article 6 (1) b) of the GDPR).

The content elements of the adult education legal relationship are provided for in Section 12/A-13/B of Act LXXVII of 2013 on Adult Education (hereinafter: ‘Adult Education Act’), while the content elements of the adult education contract are regulated in Section 21 of Government Decree 11/2020 (7 February) on the Implementation of the Adult Education Act. Natural persons participating in adult education

The natural personal identification data of the person participating in the training and, in connection with the issuance of the educational identification code, the educational identification code, e-mail address and data on the highest level of education. (Section 21 (1) a) of the Adult Education Act)

The training-related data relating to the person’s highest level of education, professional qualifications, skills and knowledge of a foreign language, entry into and completion of the training, or exit from the training, assessment and qualification during the training, payment obligations relating to the training and the training loan used. (Section 21 (1) b) of the Adult Education Act)

6

Term of processing: Recipients:

The above data may be used for statistical purposes and transferred in a manner unsuitable for personal identification for statistical purposes, and may be transferred in a manner suitable for individual identification for statistical purposes to the Central Statistical Office free of charge to, and used.

Until the last day of the eighth year from the conclusion of the adult education contract (Section 21 (5) of the Adult Education Act)
The adult education data supply system (Section 20/A of the Adult Education Act), based on the above legal provision, the vocational education and adult education module of the Public Education Registration and Scholastic System (NEPTUN KRÉTA) must be used; the KRÉTA system is owned by SDA Informatika Zrt.

3.7.

Purpose
processing:
Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing:

Recipients:

3.8. Contact

Purpose of processing:
Grounds for processing:

Complaint processing

of the

Complaint processing

Fulfilment of the legal obligation to process complaints (Article 6 (1) c) GDPR) pursuant to the Civil Code, the Consumer Protection Act and the Healthcare Act.
The natural persons using the service provided by the company and submitting a complaint based thereon, in the case of a minor, who is a user, their legal representative submitting the complaint.

The personal identification data of the complainant provided in the complaint (typically: name, e-mail address, home address), as well as personal and, if applicable, health data included in the complaint, if the complaint is lodged orally via phone or by other means of electronic telecommunications, the unique identification number of the complaint.

In the case of consumer protection complaints, the retention period of complaint report shall be 3 years. (Article 17/A(7) of the Consumer Protection Act)
In the case of complaints related to the healthcare service, the retention period of the documents related to the complaint and its investigation shall be 5 years. (Article 29(4) of the Healthcare Act)

The authorities and courts specified in legislation, at their official request or invitation, in accordance with the law.

Contact

The processing is necessary to take steps at the request of the Data Subject prior to the conclusion of the contract for the

the

7

Data subject categories:

Categories of personal data processed:

Term of processing:

Joint Controller: Recipients:

provision of health and physical well-being improving services and accommodation services (Article 6 (1) b) of the GDPR). The natural persons using or intending to use the services provided by the company, in the case of a minor, who is a user, their legal representative.

Name
Telephone number
E-mail address
Personal data set out in the message
Messenger ID based on the decision of the Data Subject During the term of the contract concluded with the Data Subject/Customer + 5 years limitation period/deadline for claim enforcement.
If no contract is concluded, 5 years from the receipt of the request.
In the case of communication via Messenger, Facebook is considered the Joint Controller, see the relevant section of the list of Controllers.
Brahmayurveda does not transfer the personal data affected by this processing.

3.9. Newsletter service

Purpose processing:

of the

Newsletter service: marketing and business development, direct business acquisition, promotion of Brahmayurveda’s services, facilitation of the use of its services, notification about current promotions, products, information and recommended diet, PR events.

Consent of the Data Subject/Customer. Article 6 (1) a) of the GDPR and Section 6 (5) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

Data Subjects of adult age or the adult representatives of Data Subjects of minor age, who have subscribed to the Company’s newsletter.
Name

E-mail address
How the data subject heard about the Controller
Until unsubscription/withdrawal of consent
Brahmayurveda does not transfer the personal data affected by this processing.

Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

3.10. Operation of a surveillance system

Purpose of the Operation of an electronic surveillance system
processing:
Grounds for processing: The legitimate interest of Brahmayurveda in the protection of

human life, physical integrity, personal liberty and property, 8

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

Camera processing at the Controller’s registered office:

3.11. Invoicing

Purpose of the processing:
Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

the protection of hazardous materials, the protection of business, payment, banking and securities secrets and customer data (including personal data and health data), the protection of the property of the Controller and the property of those in the territory supervised by the Controller, as well as the continuous, safe operation of the Controller and the control of the work (Article 6 (1) f) of the GDPR).

The natural persons entering the Brahmayurveda Center and the Brahmayurveda Guesthouse.
Image recording taken of the Data Subject, the behaviour of the Data Subject as seen in the image recording, and the time the image recording was taken

In the absence of official or court use, 30 calendar days from its recording.
The camera recordings will be forwarded only to the authorities and courts specified by law, at their official request or order, in accordance with the law or for the purpose of initiating official proceedings.

It is not Brahmayurveda, but DoclerPro Kft., that operates a surveillance system on the premises of the Docler Office Building and the related outdoor properties located at the Controller’s registered office. The Privacy Policy is available at the reception of the Docler Office Building.

The fulfilment of Brahmayurveda’s legal obligations regarding the issuance of invoices and receipts.
With regard to the data processed in connection with invoicing, the grounds for the processing is Article 6 (1) c) of the GDPR, with reference to Section 169 of Act C of 2000 on Accounting and Section 228 of Act CL of 2017 on Taxation, as well as Section 169 of Act CXXVII of 2007 on Value Added Tax. The natural persons purchasing Brahmayurveda’s products and using its services, and in the case of a minor, who is a user, their legal representative.

The name and address (billing address) of the Customer/Data Subject, if necessary, the health insurance or health fund, where the Data Subject is a policyholder or member, the membership certificate number, and the purchased product or service used. At least 8 years, in accordance with Section 169 of the Accounting Act.

The processed data is transferred by Brahmayurveda to the authorities and courts specified in legislation, upon their official request and order, in accordance with the law.

9

3.12. Processing related to social media sites

Purpose of the processing:

Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

Operation and moderation of Brahmayurveda’s social media profiles (facebook and instagram), description of Brahmayurveda’s services, continuous development of Brahmayurveda’s services through the analysis of traffic data. The Data Subject’s consent pursuant to Article 6 (1) a) of the GDPR, given by their activities on the social media profile of Brahmayurveda (writing an opinion or comment, reaction, sharing, etc.).

Brahmayurveda’s legitimate interest in the proper operation and moderation of its social media profiles pursuant to Article 6 (1) f) of the GDPR (e.g.: in the deleting of offensive posts).
The natural persons who view Brahmayurveda’s social media sites, post a rating about it, post a reaction (like, etc.) to the posts shared on the social media sites, or share those posts. The name and any personal data that the Data Subject shares or publishes in a comment about themselves on the social media site and in relation to the social media profile of Brahmayurveda.

Until consent is withdrawn or the entry/group is deleted Brahmayurveda does not transfer the personal data affected by this processing.

3.13. Processing related to the Controller’s website, cookie policy

3.13.1. Web server

During the visit to the website maintained by the Controller, available at www.brahmayurveda.hu and www.brahmayurveda.com (hereinafter: ‘Website’), the web server does not log the user’s activities, such processing does not take place.

3.13.2. Request for quotation

In case of concluding a contract, the personal data provided on the quotation request page of the Website or provided to us by e-mail or telephone is processed for the purposes specified in Sections 3.1-3.8 and 3.11 above. If the visit is cancelled, i.e. no contract is concluded between the parties based on the quotation request, the personal data are erased within 5 business days from the notification of the cancellation.

3.13.3. Cookie policy
The information regarding the cookies used on the websites www.brahmayurveda.hu and

www.brahmayurveda.com shall be set out in the Cookie Policy of the Controller. 10

3.14. Data forwarding to the National Tourist Data Service Center

Purpose of the processing:

Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing:

Recipients:

Protection of the rights, safety and assets of the Data Subject and others, ensuring compliance with the provisions regarding stay and residence of third country nationals and persons with freedom of movement and of residence.

Article 6 (1) c) of the GDPR – legal obligation to which Brahmayurveda is subject, in particular, Article 9/H of Act CLVI of 2016, Articles 7, 14 and 14/C of Government Decree No. 235/2019. (X. 15.).

Natural persons using the accommodation service provided by Brahmayurveda.
a) family name and given name, birth family and given name, sex, nationality of the person using the accommodation service, mother’s birth family and given name, identifiers of the identification or travel document of the person using the accommodation service, in the case of third party nationals, number of the visa or residence permit, date and place of entry, b) address of the accommodation service, date of commencement, expected and actual date of end of the use of the accommodation

Brahmayurveda shall process the above categories of personal data until the last day of the year following the year of recording, then the categories of personal data set out in subsection a) shall be erased and thereby the categories of personal data set out in subsection b) shall become anonymized.

The processed data is transferred by Brahmayurveda to the authorities and courts specified in legislation, upon their official request and order, in accordance with the law.

Brahmayurveda shall, on the basis of statutory obligation, record the above categories of personal data concerning the data subject with the accommodation management software in the course of the check-in. The data subject shall, in the course of the check-in, produce their identification or travel documents to Brahmayurveda to allow the recording of personal data. In case no identification or travel document is produced, Brahmayurveda shall refuse the provision of the accommodation service. The data not included in the identification or travel document produced shall not be recorded. The police may perform queries in the database of the National Touristic Data Service Center, and may request the forwarding of data processed by Brahmayurveda, for the purposes of law enforcement, crime prevention, the protection of public order, public security, the order of the state border, the rights, security and assets of the data subject and others, and to issue arrest warrants.

11

3.15. Quality assurance, investigation of customer complaints, inspection of employees

Purpose of the processing:

Grounds for processing:

Data subject categories:

Categories of personal data processed:

Term of processing: Recipients:

Ensuring the quality of Ayurvedic treatments covering the whole body, investigating customer complaints, inspection of employees.
The legitimate interest pursued by Brahmayurveda to ensure the quality of its Ayurvedic treatments covering the whole body, investigating customer complaints and inspection of employees. (Article 6(1)f of GDPR)

In case the data subjects communicate health data during the treatments in oral form, the processing of special category of personal data is based on Article 9(2)h of GDPR.
Natural persons using services that improve health and physical well-being.

Audio recording made in the course of the treatment covering the whole body, date, time and location of the recording, name of the therapist and the client.
3 months

Brahmayurveda does not transfer the personal data affected by this processing.

Brahmayurveda creates audio recordings in the course of the Ayurvedic treatments in order to ensure the quality of the treatments, investigate customer complaints and inspect employees. The audio recordings will only be played back in the event of a customer complaint. Only the professional leader shall be entitled to access the audio recordings. The data subjects shall be entitled to request information on the processing of the personal data concerning them, listen to the audio recording(s) and to object to the processing.

3.16. Processing for the Brahma Loyalty Program

Purpose of processing:

Grounds for processing:

Categories of data subjects:
Categories of personal data:

To reward the loyalty of data subjects to the services provided by the Controller and to ensure participation in the Brahma Loyalty Program (hereinafter: Program) operated by the Controller. The purpose of the Program is to enable the Controller to offer a discount to data subjects in proportion to the number of visits and the value of the services used, in accordance with the rules detailed in the Controller’s General Terms and Conditions.

The Controller’s legitimate interest in offering discounts to returning customers based on the value of certain services previously used, thereby increasing customer satisfaction and turnover (Article 6 (1)(f) of GDPR)

Natural persons using health and physical well-being services, and in the case of minors, their legal representative.
Name;
Name and date of the service received;

The value of the service received; 12

Duration of processing: Recipients:

4. Processors

Rate of discount
1 year
The Controller uses a Processor for the operation of the reservation system it uses and for the proper functioning and management of the Programme. Details of the Processor: Altegio Europe Korlátolt Felelősségű Társaság (company registration number: 01-09-302414; tax number: 26110123-2- 41; registered office: 1054 Budapest, Széchenyi István tér 7.)

The Processors shall not use another data processor in the performance of their activities without the prior written ad hoc or general authorisation of Brahmayurveda. The Processors shall not make a substantive decision regarding processing, they shall process the personal data made known to them only in accordance with the provisions of Brahmayurveda, shall not process the data for their own purposes, and shall store and preserve the personal data in accordance with the provisions of Brahmayurveda. The Data Subjects may contact Brahmayurveda, as the Controller, in relation to the processing or may enforce their rights against it.

a. Contributing physician

In order to use the private healthcare services and the services improving physical well-being, the health data of the Data Subjects are processed by a physician employed by Brahmayurveda.

The provision of data to the Electronic Health Service Space (hereinafter: ‘EESZT’) maintained by the National Healthcare Service Center (hereinafter: ‘ÁEEK’) takes place according to Act XLVII of 1997 and the Decree of the Minister of Human Capacities 39/2016 (21 December) EMMI, with this activity performed accordance with the law by the contributing physician, as an independent Controller.

b. Appointment booking system

For the performance of appointment booking and customer management tasks related to our services we use the YClients customer management system provided by YCLIENTS HUNGARY Kft. (registered office: 1211 Budapest, II. Rákóczi Ferenc út 107-115. D. lház. 3. em. 9., company registration number: 01-09-302414, mailing address: 1211 Budapest, II. Rákóczi Ferenc út 107-115. D. lház. 3. em. 9., e-mail: info@yclients.hu, customer support hotline: +36 1 700 8108), which is accessible to our staff, including the contributing physician. The present privacy policy of Brahmayurveda Center Kft. is also accessible from Brahmayurveda’s YClients website. The data processor is involved in the following activities: performance of technical tasks related to the signing up, appointment booking service, user account, newsletter service, and other services available on the website of YClients. The

13

technical tasks related to the operation of the system provided by the data processor are carried out by the following subprocessor: PELETINO LIMITED (registered office: 1066 Nicosia, Cyprus, 5 Themistocles Dervis Elenion Building, registration number: 370539, Cyprus).

c. Invoicing

The electronic invoices to be issued by Brahmayurveda are issued by Kulcs-Soft Nyrt. which provides the Kulcs-Soft service. Its Privacy Notice can be found at: https://www.kulcs- soft.hu/adatvedelem.

Company name: Kulcs-Soft Nyilvánosan Működő Részvénytársaság Registered office: 1016 Budapest, Mészáros utca 13.
Company reg. no.: 01-10-045531
Tax number: 13812203-2-41

E-mail: adatvedelem@kulcs-soft.hu d. Bookkeeping

Docler Services Korlátolt Felelősségű Társaság (registered office: 1101 Budapest, Expo tér 5- 7, company reg. no.: 01-09-186181, tax number: 24856984-2-42), as a Processor, participates in the bookkeeping of accounting documents based on a written contract concluded with the Controller. In doing so, the Processor processes the name and address of the Data Subject to the extent necessary for the accounting records, for a period corresponding to Section 169 (2) of the Accounting Act (at least 8 years), after which it erases them without any delay. The Privacy Notice of the Processor is available at https://www.doclerholding.hu/hu/imprint/#GDPR.

e. IT service provider

Our company uses a Processor to maintain and manage its website, which provides IT services (storage space and domain name services) and, within the framework of our contract with it, processes the personal data provided on the website. The operations performed by it include the recording, collection and storage of personal data on the server and their destruction.

The storage space service provider protects the data against damage, destruction, loss, alteration, access or disclosure by unauthorised persons, and against any other unauthorised processing methods.

These Processors are the following:

i. Storage space and domain name service provider

Company name: Webonic Kft.
Registered office: 8000 Székesfehérvár, Budai út 9-11 Company reg. no.: 07-09-025725

14

Tax number: 25138205-2-07
Bank account: OTP 11742001-29904501-00000000
The Privacy Notice of the storage space service provider, as Processor, is available at: https://www.webonic.hu/aszf, under Section 17.

ii. Web and software developer

Name: Docler Services S.à r.l.
Registered office: 44, Avenue John F. Kennedy L-1855 Luxembourg Company registration number: B 207.465
VAT number: LU28676305
Website: www.doclerholding.com

f. Security cameras

The operation of the security camera system is performed by DoclerPro Kft. (registered office: 1101 Budapest, Expo tér 5-7, company reg. no.: 01-09-889799, tax number: 14119699-2-42), as Processor.

A sign and/or pictogram informs the Data Subjects at the entrances of the Brahmayurveda Center and the Brahmayurveda Guesthouse of camera processing. The Privacy Notice on camera processing is available at the reception of the Brahmayurveda Center and the Brahmayurveda Guesthouse.

The Customer/Data Subject may request that Brahmayurveda not erase the recordings until a court or authority has requested it, but for a maximum of 30 days if this is necessary to enforce the Data Subject’s right or legitimate interest (e.g.: to uncover the circumstances of a possible crime).

g. Facebook Messenger

If the Data Subject maintains contact with Brahmayurveda via Facebook Messenger, Meta Platforms, Inc. and Meta Platforms Ireland Limited (European registered office: Grand Canal Harbour, Grand Canal Square 4, Dublin 2, Ireland), as the provider of Messenger, is considered a Joint Controller. The erasure of the message exchange via Messenger can be done by the Data Subject in relation to their own account, with regard to the Brahmayurveda account, the message exchange via Messenger can be erased by Brahmayurveda at the request of the Data Subject. Apart from erasure, Brahmayurveda has no direct impact on the other features of the processing, it cooperates with Facebook upon request. The Privacy Notice of Facebook is available at: https://www.facebook.com/full_data_use_policy

h. Facebook and Instagram social media sites

If the data subject interacts with Brahmayurveda’s Facebook and/or Instagram social media profile (post a rating of the page, likes the page, likes a post, comments, shares, etc.), Meta Platforms, Inc. and Meta Platforms Ireland Limited (European registered office: Grand Canal Harbour, Grand Canal Square 4, Dublin 2, Ireland) , as the service provider for the Facebook

15

and Instagram social media sites, is considered a Joint Controller. The rating, reaction, sharing, post, subscription, etc. can be erased or modified by the Data Subject themselves on the interface of the social media site. With respect to the other data processed, Brahmayurveda either proceeds itself or cooperates with Facebook, depending on what action it is authorised to perform in relation to the given personal data. The Privacy Notice of the Facebook social media site is available at: https://www.facebook.com/full_data_use_policy. The Privacy Notice of the Instagram social media site is available at: https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram%20Help& bc[1]=Privacy%20and%20Safety%20Center.

i. Contracting, completing declarations in electronic form

The Controller uses the TabLog software service to make the following legal declarations electronically: concluding a contract between the Data Subject and the Controller, the Data Subject’s consent to the processing, consent to processing for marketing purposes. The TabLog service provider is Floor99 Proptech Fejlesztő Kft. (registered office: 9023 Győr, Körkemence u. 8, tax number: 26568526-2-08, company reg. no.: 08-09-030459), the Privacy Notice of which is available at: https://www.tablog.hu/hu/adatkezelesi-tajekoztato.

j. Statutory registration of accommodation-related data

National Tourist Data Service Center (Nemzeti Turisztikai Adatszolgálató Központ, NTAK) shall act as the processor of Brahmayurveda on statutory grounds. NTAK is operated by Magyar Turisztikai Ügynökség Zrt. (registered office: 1027 Budapest, Kacsa u. 15-23; company registration no.: 01-10-041364; tax number: 10356113-2-43), the privacy notice is available at https://info.ntak.hu/adatkezelesi-tajekoztato (in Hungarian). The terms and conditions of the controller-to-processor relationship between Brahmayurveda and NTAK shall be set out in Article 14 of the Government Decree No. 235/2019. (X. 15.) en lieu of a data processing agreement.

k. Booking and CRM system

The booking and CRM system used by the Controller is provided by Altegio Europe Korlátolt Felelősségű Társaság (company registration number: 01-09-302414; tax number: 26110123-2- 41; registered office: 1054 Budapest, Széchenyi István tér 7.).

5. Data security measures

In order to make the processing of the personal data as secure as possible, Brahmayurveda or its contracted physician partner, as Processor, only collects health data from the Data Subject in person, in a paper-based form. Therefore, we ask our Customers not to send us health data or documents containing health data by e-mail or by post.

16

The recordings recorded by the security camera system are stored exclusively by Brahmayurveda Center Kft. on servers located in a locked room, with enhanced data security measures. Unauthorised persons may not access the recordings, only the authorised employees and contributors of Docler Services Kft. and Brahmayurveda, to the extent necessary for the performance of their duties.

6. Rights of the Data Subject during processing

During the period of processing, you have the following rights:

a. Right to information

The Data Subject may request information from the Controller on the processing of their personal data within the period of processing. The Controller shall inform the Data Subject in writing, in a comprehensible form, as soon as possible after the submission of the request, but not later than within 25 days, of the processed data, the purpose, legal ground and duration of the processing and, if the data were transferred, of the recipients of the data and the purpose for their transfer, and whether the Controller provided access thereto to a third party.

The information shall be provided by Brahmayurveda free of charge, but Brahmayurveda may charge a reasonable fee (proportionate to the administrative costs) or choose not to comply with a request for information, which is clearly unfounded or repetitive in nature. Brahmayurveda draws the attention of the Data Subjects to the fact that their right to information can be exercised either in writing (by e-mail) or in person.

b. Access to data and the right to data portability

The Data Subject has the right to receive notification from the Controller regarding whether or not their personal data are being processed, and if they are, the Data Subject has the right to access their personal data and the following information:

  1. a)  the purposes of the processing;

  2. b)  the categories of the personal data concerned;

  3. c)  the recipients or categories of recipients to whom the personal data have been or will be

    communicated;

  4. d)  the planned preservation period of the personal data;

  5. e)  the right of the data subject to request the Controller to rectify, erase or restrict the

    processing of the personal data concerning them and to object to the processing of such

    personal data;

  6. f)  the right to lodge a complaint with a supervisory authority;

  7. g)  if the data were not collected from the Data Subject, all available information on their

    source;

  8. h)  the fact of automated decision-making, including profiling.

The Data Subject may request the issuance of a copy of their personal data, in return for which Brahmayurveda may charge a reasonable fee (proportionate to the administrative costs).

17

The Data Subject may request to receive the personal data concerning them, and provided to the Controller, in a structured, commonly used and machine-readable format, and shall have the right to transfer those data to another controller without hindrance from the Controller to which the personal data were provided if:

  1. a)  the processing is based on consent pursuant to Article 6 (1) a) or Article 9 (2) a) or a contract pursuant to Article 6 (1) b); and

  2. b)  the processing is automated.

Brahmayurveda fulfils its obligations regarding these rights of the Data Subject by respecting the rights of others and its own rights (especially the right to the protection of trade secrets and intellectual property) and accordingly does not pass on data containing trade secrets (e.g.: details of processing) to the Data Subject.

c. Right to the rectification of data

If the Data Subject becomes aware that any of their personal data (in particular, e.g.: contact details, e-mail address, telephone number) processed by Brahmayurveda and stored in its registration systems is incorrect (e.g.: due to misspelling) or incomplete, then, according to their request sent to the contact details specified in Section 3, Brahmayurveda shall supplement their incomplete personal data and rectify their incorrect data in its registration systems.

The Controller shall comply with their request for rectification without undue delay and at the latest within 3 business days.

d. The right to block data and restrict processing

At the contact details provided in Section 3, the Data Subject may request a restriction on the processing of their personal data, in which case Brahmayurveda may only store their personal data without using it or performing any further processing operation (e.g.: transfer, erasure); the latter may take place during the restriction only if the Data Subject consents to them or they are necessary for the submission, enforcement and defence of a legal claim or the protection of the rights of a third party, the European Union or an important public interest of an EU Member State.

They can request a restriction on processing if

  • they believe that their data are inaccurate and they do not want them to be used by Brahmayurveda until they are corrected, or if they consider the processing to be unlawful, or

  • the purpose of the processing by Brahmayurveda has ceased, but they do not want their data to be erased, as they require it, for example, for the submission, defence or enforcement of their legal claim.

    The Data Subject may request that the Controller block the personal data if the final erasure of the data would harm the Data Subject’s legitimate interests. The personal data blocked in this

18

way may only be processed for as long as the purpose, which precluded the erasure of the personal data, exists.

e. Right to the erasure of data

The Data Subject has the option to request the erasure of their personal data, which the Controller shall comply with without undue delay, but no later than within 3 business days. The right to erasure does not extend to cases where the Controller is obliged by law to continue storing the data (e.g.: in connection with invoicing).

The Data Subject has the right to withdraw their consent to the processing at any time, which, however, does not affect the lawfulness of the processing performed prior to the withdrawal.

If the Data Subject withdraws their consent to the processing and

  • there is no other legal ground for the processing, or

  • if the purpose of the processing has ceased, or

  • the processing is unlawful, or

  • the data must be erased by law,

then, according to their request sent to the contact details specified in Section 3, Brahmayurveda shall permanently erase their personal data and copies thereof from its registration systems and destroy them.

f. Right to object to processing

The Data Subject shall have the right to object to the processing of their personal data, including profiling, at any time for reasons related to their situation, if the processing is necessary for the performance of a task in the public interest or to perform a task in the exercise of official authority vested in the Controller, or the processing is necessary to protect the legitimate interests of the Controller or of a third party. In such a case the Controller shall no longer process the personal data unless the they demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the Data Subject or which relate to the submission, enforcement or defence of legal claims.

The Controller shall review the objection within the shortest possible time or within no more than 3 business days following the submission of the request, shall make a decision on its merits and shall notify the Data Subject in writing of its decision. If the Data Controller does not comply with the Data Subject’s request for rectification, blocking or erasure, it shall notify the factual and legal reasons for rejecting the request for rectification, blocking or erasure in writing, or with the consent of the Data Subject, electronically, within 25 days of the receipt of the request.

19

7. How can the rights relating to processing be enforced?

The Data Subject may submit their application or request for the exercising of their rights relating to the processing detailed above at the contact details specified in Section 3.

Please provide at least two pieces of personal data in your request that will allow Brahmayurveda to identify you (e.g.: name and phone number, name and e-mail address). You can make your request or remark verbally, in person, however, Brahmayurveda will always provide a written reply (primarily in the form of your choice, failing which Brahmayurveda will respond electronically by e-mail or in a paper-based form, by post). Please indicate in your written request (by e-mail or on paper) the form in which you would like to receive a reply (e.g.: electronically by e-mail or in a paper-based form, in person), otherwise the reply will be sent to the Data Subject by Brahmayurveda in the form corresponding to the form of your request. Brahmayurveda will provide a substantive response to your application or request regarding the processing within 30 days of receipt, or in exceptional cased (e.g.: due to the complexity of the request) within 60 days. In the latter case, it shall, within 1 month of the receipt of the request, inform you separately of the extension of the time limit for the reply and the reasons therefor.

8. Processing in the case of minors

In the case of the services provided by Brahmayurveda, the performance of the service contract provides a legal ground for the processing, therefore the processing does not require separate parental consent. Other related processing (invoicing, claim enforcement, security camera processing, etc.) is also not based on the Data Subject’s consent. Only our newsletter service is based on the consent of the Data Subject. In the case of a Data Subject, who is minor, the adult representative of the minor Data Subject is entitled to subscribe to our newsletter service.

Brahmayurveda does not provide information society services directly to children, nor does it perform automated decision-making and profiling. The terms and conditions of Facebook registration and use govern communication via Messenger and the processing of data related to the social media sites, as a user account with the service provider is required to use these services.

The general data subject rights (right to information, access, rectification, restriction, data portability, objection or legal remedy) apply to the child individually and jointly with the parent. Where appropriate, Brahmayurveda may also request a declaration from the parent entitled to make a declaration of rights (e.g.: when exercising the right to erasure). These requests must be considered on a case-by-case basis, taking into account all the circumstances of the case.

9. Amendment of the Privacy Notice

Brahmayurveda Kft. reserves the right to amend this Privacy Notice at any time, especially in case of introduction of new processing or changes in the processing already in progress. Following the amendment of the Privacy Notice, all Customers/Data Subjects must be informed

20

in an appropriate manner (newsletter, pop-up window upon login, displayed at their registered office). By continuing to use the service, the Customers/Data Subjects acknowledge the changed processing rules, with no further consent required. If you have any questions or comments regarding the processing or the contents of this Notice, please send them to the dpo@idbc.hu e-mail address.

10.Enforcement

For all questions relating to the processing and the exercising of the rights detailed above, as well as in response to Brahmayurveda’s processing questions and inquiries, the Data Subject may contact Brahmayurveda Kft. at the following contact details:

Data Protection Officer: IDBC Creative Solutions Kft. E-mail address: adatkezeles@brahmayurveda.hu Mailing address: 1101 Budapest, Expo tér 5-7

The Data Subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NADPFI) (registered office: 1055 Budapest Falk Miksa utca 9-11, http://naih.hu, e-mail: ugyfelszolgalat@naih.hu, postal address: 1363 Budapest, P.O. Box: 9, phone number: +36 (1) 391-1400, fax: +36 (1) 391-1410) regarding the processing performed by Brahmayurveda.

In addition to the above, the Data Subject may enforce their rights before a court pursuant to the GDPR, the Infotv. and the effective Civil Code. The Data Subject may bring proceedings before the general court competent according to their habitual place of residence.

This Privacy Notice enters into effect on the date of signature. Dated in Budapest on the 2nd day of February 2024.

Szidónia Világi Managing Director

Cookie Policy

When you visit the website of Brahmayurveda Center Kft. (hereinafter: ‘Controller’) (www.brahmayurveda.com), a small file called a ‘cookie’ (hereinafter: ‘cookie’) is placed on your computer device (e.g. computer, laptop, tablet, mobile phone, hereinafter: ‘device’).

 

General information about cookies

In general, different cookies serve different purposes. Some cookies, for example, allow the server to distinguish between users who visit the website at the same time and may also store the activity and preferences of the website visitor. The Controller may also use cookies to collect data about the Data Subject’s device and activity (e.g. browser type and other data, computer operating system, IP address, pages viewed by the user and website functions used by the user).

Some cookies are essential for the proper functioning of the website, without them the website cannot function properly, others collect information about the use of the website to make it more convenient and useful.

Some cookies are only temporary and disappear when the browser session is closed, but others remain on the device for a longer period of time. Persistent cookies are those that, unlike session cookies, are stored permanently on the Data Subject’s computer, so they are not automatically erased when the browser program is closed. Cookies may also be used to collect anonymous statistical data (not linked to an identified individual), which can help the Controller to gain an insight into the browsing habits and user experience of visitors to its website.

The Controller may use its own cookies on the website; the purpose and function of these cookies are determined by the Controller and are not influenced by third parties. The Controller may also allow third party service providers to place their own cookies on the website. Third parties include, for example, data analysis service providers who help the Controller to understand what content the user is viewing, for how long, or what services/features the user is using, what interests them, etc. Based on this data, the Controller can plan the development of its website and/or services, content, etc.

Different browsers allow you to change the cookie settings, which you can do at any time on your own device.

 

Information on the use of cookies by Brahmayurveda Center Kft.

 

Necessary cookies

The proper functioning of the www.brahmayurveda.com website is ensured in accordance with the provisions of Section 13/A (3) of the E-commerce Act. The necessary cookies used by Brahmayurveda Center Kft. (see table) cannot, by themselves, identify the Data Subject visiting the website. The following cookies cannot be switched off and do not require the consent of the Data Subject, the legal basis for processing is the legitimate interest pursued by the Data Controller in the proper functioning of the website (Article 6(1)(f) of GDPR). Without these cookies, the website cannot be used for its intended purpose.

Domain: brahmayurveda.com

Cookie provider: Polylang

Function: to store the consent of the user regarding the use of cookies

Category: Necessary

Expiry: persistent

Categories of data stored: consent given/declined

Domain: brahmayurveda.com

Cookie provider: Brahmayurveda (own cookie)

Function: to identify user sessions and ensure the correct operation of the website

Category: Necessary

Expiry: Session (expires when the user ends the session or quits the browser)

Categories of data stored: unknown

Analytics cookies

These cookies are used exclusively for statistical and analytical purposes, in accordance with the provisions of Article 13/A (4) – (6) of the E-commerce Act. The analytical cookies used by Brahmayurveda Center Kft. (see table) cannot in themselves identify the Data Subject visiting the website. The following cookies can be disabled. The use of these cookies is subject to the consent of the Data Subject (Article 13/A (4) of the E-commerce Act, Article 6(1)(a) of GDPR).

Domain: alteg.io

Cookie provider: Google Analytics

Function: to store and count pageviews

Category: Analytics

Expiry: 2 years

Categories of data stored: unknown

Domain: brahmayurveda.com

Cookie provider: Google Analytics

Function: to store and count pageviews

Category: Analytics

Expiry: 1 year

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Google Analytics

Function: to store and count pageviews

Category: Analytics

Expiry: 1 year

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Google Analytics

Function: to store a unique user ID

Category: Analytics

Expiry: 1 minute

Categories of data stored: user ID

Domain: alteg.io

Cookie provider: Google Analytics

Function: to store and count pageviews

Category: Analytics

Expiry: 1 day

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google

Function: to store preferences, custom settings (language, number of search results per page, Google SafeSearch filter status)

Category: Analytics

Expiry: 6 months

Categories of data stored: uniqe ID

Domain: brahmayurveda.com

Cookie provider: PixelYourSite

Function: to store statistical data on visitor activity

Category: Analytics

Expiry: Session (expires when the user ends the session or quits the browser)

Categories of data stored: statistical data

Marketing cookies

These cookies are used to help the service provider to display customized advertisements to the user or to track the user’s activity on the website. These cookies are used in accordance with the provisions of Article 13/A (4) – (6) of the E-commerce Act. The marketing cookies (see table) used by Brahmayurveda Center Kft. cannot in themselves identify the Data Subject visiting the website. The following cookies can be disabled. The use of these cookies is based on the consent of the Data Subject (Article 13/A (4) of the E-commerce Act, Article 6(1)(a) of GDPR).

Domain: alteg.io

Cookie provider: Facebook

Function: to track visitors across websites and to store their data

Category: Marketing

Expiry: 3 months

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google AdSense

Function: to store and track conversions

Category: Marketing

Expiry: persistent

Categories of data stored: browsing behaviour

Domain: alteg.io

Cookie provider: Google AdSense

Function: to store and track conversions

Category: Marketing

Expiry: persistent

Categories of data stored: user ID

Domain: youtube.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 1 year

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Analytics

Function: to collect information about user interactions with Google services and ads

Category: Marketing

Expiry: 1 year

Categories of data stored: uniqe ID

Domain: google.com

Cookie provider: Google Analytics

Function: to collect information about user interactions with Google services and ads

Category: Marketing

Expiry: 1 year

Categories of data stored: uniqe ID

Domain: youtube.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.hu

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.hu

Cookie provider: Google Analytics

Function: to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Analytics

Function: to build a profile of website visitor interests to show relevant and personalized ads through retargeting

Category: Marketing

Expiry: 1 year

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to build a profile of website visitor interests to show relevant and personalized ads through retargeting

Category: Marketing

Expiry: 1 year

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Analytics

Function: to store interactions with Google services and advertisements. Measures advertisement efficiency and delivers personalized content based on the interest of the user.

Category: Marketing

Expiry: 2 years

Categories of data stored: uniqe ID

Domain: google.com

Cookie provider: Google Analytics

Function: to store interactions with Google services and advertisements. Measures advertisement efficiency and delivers personalized content based on the interest of the user.

Category: Marketing

Expiry: 2 years

Categories of data stored: uniqe ID

Domain: google.com

Cookie provider: Google Analytics

Function: to provide digitally signed and encrypted data from unique Google ID and stores last login time, which Google uses to 12 months identify visitors, prevent misuse of login data and protect visitor data from unauthorized parties.

Category: Marketing

Expiry: 12 months

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to link user activities on other devices the user has previously logged into using the same Google account. Based on this, the ads displayed on the devices of the user are coordinated and conversion events are measured.

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io/google/facebook etc.

Function: to track the marketing campaign source

Category: Marketing

Expiry: 1000 days

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io/google/facebook etc.

Function: to track the marketing campaign source

Category: Marketing

Expiry: 1000 days

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io/google/facebook etc.

Function: to track the marketing campaign source

Category: Marketing

Expiry: 1000 days

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io

Function: if Google Analytics added

Category: Marketing

Expiry: 368 days

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Ads Optimization

Function: to deliver personalized Google advertisements on websites based on recent searches and interactions

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: doubleclick.net

Cookie provider: Google Doubleclick

Function: Google to store and track conversions

Category: Marketing

Expiry: 1 year

Categories of data stored: unknown

Domain: region1.google-analytics.com

Cookie provider: Google Doubleclick

Function: to store and track conversions

Category: Marketing

Expiry: 1 year

Categories of data stored: unknown

Domain: doubleclick.net

Cookie provider: Google Doubleclick

Function: to store Google ID across different devices to deliver targeted advertisements

Category: Marketing

Expiry: 2 weeks

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google

Function: to identify Google users to deliver personalized advertisements

Category: Marketing

Expiry: 2 years

Categories of data stored: user identifier, date and time of last login

Domain: doubleclick.net

Cookie provider: Google Doubleclick

Function: to deliver or retarget advertisements

Category: Marketing

Expiry: 13 months

Categories of data stored: uniqe ID

Domain: youtube.com

Cookie provider: Google

Function: to play embedded youtube videos

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google

Function: to store user preferences (e.g. YouTube user preferences, autoplay, shuffle enabled/disabled, player size, in the case of YouTube Music, volume, repeat, autoplay enabled/disabled)

Category: Marketing

Expiry: 8 months

Categories of data stored: user preferences

Domain: youtube.com

Cookie provider: Google

Function: to store user information related to YouTube videos

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google

Function: to store user information related to YouTube videos

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: facebook.com

Cookie provider: Facebook

Function: to store browser details

Category: Marketing

Expiry: 2 years

Categories of data stored: browsing device information

Domain: google.com

Cookie provider: Google

Function: to prevent the browser from sending this cookie with cross-site requests

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Ads Optimization

Function: to deliver or retarget advertisements, fraud prevention

Category: Marketing

Expiry: 2 years

Categories of data stored: uniqe ID

Domain: youtube.com

Cookie provider: Google

Function: to store website activity, advertisements delivered before visiting the website, recent searches, interactions with the advertisements of the advertiser or with search results, and advertiser website view data

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google

Function: to store website activity, advertisements delivered before visiting the website, recent searches, interactions with the advertisements of the advertiser or with search results, and advertiser website view data

Category: Marketing

Expiry: 2 years

Categories of data stored: unknown

Domain: facebook.com

Cookie provider: Facebook

Function: to store the combination of the browser type and unique identifier to deliver targeted advertisements

Category: Marketing

Expiry: Session (expires when the user ends the session or quits the browser)

Categories of data stored: browser type, unique user ID

Domain: youtube.com

Cookie provider: Google

Function: to deliver or retarget advertisements, store and track user identifier and interactions

Category: Marketing

Expiry: 6 months

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google

Function: to store visitor privacy metadata

Category: Marketing

Expiry: 13 months

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google

Function: to store and track interactions

Category: Marketing

Expiry: Session (expires when the user ends the session or quits the browser)

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Alteg.io/google/facebook etc.

Function: to track the marketing campaign source

Category: Marketing

Expiry: 1000 days

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io/google/facebook etc.

Function: to track the marketing campaign source

Category: Marketing

Expiry: 1000 days

Categories of data stored: unknown

Functional/preference cookies

These cookies are used for storing settings related to certain functions (e.g. selection of the language of the website) and are used in accordance with the provisions of Section 13/A (4)-(6) of the E-commerce Act. The functional/convenience cookies (see table) used by Brahmayurveda Center Kft. cannot in themselves identify the Data Subject visiting the website. The following cookies can be disabled. These cookies are used on the basis of the Data Subject’s consent (Article 13/A (4) of the E-commerce Act, Article 6(1)(a) of GDPR).

Domain: alteg.io

Cookie provider: CloudFlare

Function: to read and filter requests from bots

Category: Functional

Expiry: 30 minutes

Categories of data stored: Time stamp

Domain: alteg.io

Cookie provider: Google Analytics

Function: to read and filter requests from bots.

Category: Functional

Expiry: 1 minute

Categories of data stored: unknown

Domain: google.com

Cookie provider: Google Analytics

Function: to filter user-initiated requests from third party website-initiated requests

Category: Functional

Expiry: 6 months

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io

Function: to determine the language of the user

Category: Functional

Expiry: 1000 days

Categories of data stored: unknown

Domain: youtube.com

Cookie provider: Google Ads Optimization

Function: to store cookie persistent preferences

Category: Functional

Expiry: 20 years

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io

Function: to determine the language of the user

Category: Functional

Expiry: 388 days

Categories of data stored: unknown

Domain: brahmayurveda.com

Cookie provider: Polylang

Function: to store website language settings

Category: Functional

Expiry: persistent

Categories of data stored: browser language

Domain: google.com

Cookie provider: Google Maps

Function: to identify trusted web traffic (protects against unauthorized access)

Category: Functional

Expiry: 1 year

Categories of data stored: anonymous identifier

Domain: alteg.io

Cookie provider: Alteg.io/google/facebook etc.

Function: to determine the promo code that user can use later after registration

Category: Functional

Expiry: 1000 days

Categories of data stored: unknown

Unclassified cookies

These cookies are still being classified by the cookie provider and the Controller.

Domain: alteg.io

Cookie provider: Alteg.io

Function: Unknown

Category: Not classified

Expiry: 400 days

Categories of data stored: unknown

Domain: alteg.io

Cookie provider: Alteg.io

Function: Unknown

Category: Not classified

Expiry: it expires when the user ends the session or quits the browser

Categories of data stored: unknown