What principles do we follow in our data management?

Our company follows the following basic principles in its data management:
a) we handle personal data legally and fairly, as well as transparently for you.
b) we only collect personal data for specific, clear and legal purposes and
we do not treat them in a way that is incompatible with the purposes.
c) the personal data collected and managed by us from the point of view of the purposes of data management
appropriate and relevant and limited to what is necessary.
d) Our company takes all reasonable measures to ensure that the data we manage are accurate and, if necessary, up-to-date, and we delete or correct inaccurate personal data immediately.
e) we store personal data in such a way that you can only be identified for the time necessary to achieve the goals of personal data management.
f) by applying appropriate technical and organizational measures, we ensure the personal
adequate security of data against unauthorized or illegal handling, accidental loss, destruction or damage of data.
Our company your personal data
a) based on your informed and voluntary consent and only a
we handle it to the extent necessary and in each case in a purpose-bound way, i.e. we collect, record, organize, store and use it.
b) in some cases, the processing of your data is based on legal regulations and is mandatory
nature, in such cases we draw your attention to this fact.
c) and in certain cases for our Company to manage your personal data,
or a third party has a legitimate interest, for example the operation, development and security of our website.

Who we are?

LOLO Szépségszalon Kft.

email: loloszalon@gmail.com

Data controller: Gál Csilla

We only ask our website visitors for their personal data if they want to register, subscribe, or participate in a prize draw.
We cannot connect the personal data provided in connection with registration or the use of our marketing services, and the identification of our visitors is basically not our goal. If you have any questions about data management, you can request further information at the above e-mail or postal address, and we will send you a reply without delay, within 20 days (but no later than 1 month) to the contact information you provided.

What are cookies and how do we manage them?
Cookies are small data files (hereinafter referred to as “cookies”) that are transferred to your computer through the use of the website, saved and stored by your Internet browser. The majority of the most commonly used internet browsers (Chrome, Firefox, etc.) accept and enable the download and use of cookies as a default setting, but it depends on you whether you refuse or disable them by changing your browser settings, or you also the cookies already stored on your computer can delete it. The “help” menu item of each browser provides more information on the use of cookies.
There are cookies that do not require your prior consent. Our website provides brief information about these at the start of your first visit, such as authentication, multimedia player, load balancer, session cookies helping to customize the user interface, and user-centric security cookies. Our Company will inform you about cookies that require consent – if data management already starts when you visit the page – at the start of the first visit and we ask for your consent.

More details about third-party cookies here
https://www.google.com/policies/technologies/types/, and about data protection here
https://www.google.com/analytics/learn/privacy.html?hl=en

Other data management issues

We can only transfer your data within the framework defined by law, and in the case of our data processors, we ensure that they cannot be used by stipulating contractual conditions
your personal data for purposes contrary to your consent. More information in 2.
is located in
Our company does not transfer data abroad.
The court, the prosecution and other authorities (e.g. police, tax office, National Data Protection
and Freedom of Information Authority) may contact our Company for providing information, providing data or making documents available. In these cases, data provision
we have to fulfill our obligation, but only to the extent that is absolutely necessary to achieve the purpose of the request.
Contributors involved in the data management and/or data processing of our company and
employees to a predetermined extent – in addition to the burden of confidentiality –
are entitled to know your personal data.
We protect your personal data with appropriate technical and other measures, as well as ensure the security and availability of the data, and protect them from unauthorized access.
from access, alteration, damage or disclosure and any
from other unauthorized use.
As part of organizational measures, we control physical access to our buildings, we continuously train our employees and adequately protect paper-based documents
we keep it closed. The technical measures include encryption, password protection and antivirus
we use software. However, please note that it is via the Internet
data transmission cannot be considered fully secure data transmission. Our company
will do everything in order to make the processes as safe as possible, a
however, we are not fully responsible for data transmission via our website
undertake, but we adhere to strict regulations regarding the data received by our Company
to secure your data and prevent illegal access.
Regarding security issues, we ask for your help in keeping it safe
and your access password for our website and do not share this password with anyone.

What do you need to know about our data processing for direct marketing and newsletter purposes?
With your statement during registration or later, newsletter and/or direct marketing
by modifying your personal data stored on the registration interface (i.e. your intention to consent
with a clear declaration) you can give your consent to your personal data
can also be used for marketing purposes. In this case – until the consent is revoked – it is
We process your data for the purpose of direct marketing and/or sending newsletters, and we send you advertising and other mailings, as well as information and offers and/or forward newsletters (Grtv. § 6).
You can give your consent to direct marketing and the newsletter together or separately, and you can withdraw it/them free of charge and at any time.
Cancellation of registration is always considered a withdrawal of consent. The direct
We do not interpret withdrawal of consent to data management for marketing and/or newsletter purposes
at the same time, the withdrawal of data management consent related to our website. How is this?
what and on what basis do we keep it if the newsletter consent has been revoked? Contributions
in the case of each contribution is for a specific purpose, such as registering tomorrow and the newsletter
application is two separate goals, two separate databases, the two cannot be related.
Registration of revocation or cancellation of individual consents – technical
for reasons – we accept a deadline of … days.

What are your rights and remedies?
You about data management
 you can request information,
 you can request the correction, modification or addition of your personal data managed by us,
 you can object to data processing and request the deletion and blocking of your data (with the exception of mandatory data processing),
 you can take legal action before the court,
 you can file a complaint with the supervisory authority or initiate a procedure
(https://naih.hu/panaszuegyintezes-rendje.html).
Supervisory Authority: National Data Protection and Freedom of Information Authority
 Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
 Mailing address: 1530 Budapest, Pf.: 5.
 Telephone: +36 (1) 391-1400
 Fax: +36 (1) 391-1410
 E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/
Upon your request, we provide information about the data you manage or process by us – or by our commissioned data processor
 about your data,
 about their source,
 the purpose and legal basis of data management,
 its duration, and if this is not possible, the aspects of determining this duration,
 about the name and address of our data processors and their activities related to data management,
 about the circumstances and effects of data protection incidents and the measures we have taken to prevent and eliminate them, and
 if your personal data is forwarded, about the legal basis and recipient of the data transfer.
As soon as possible, within 10 days from the submission of the application (however, at most
within 1 month) we will provide our information. The information is free unless you are a
In the current year, he has already submitted an information request to us for the same data.
We will refund the reimbursement you have already paid in the event that the data
we handled it illegally or the request for information led to a correction. The information
we can only refuse in cases provided for by law by indicating the legal place, as well as by providing information about the possibility of judicial remedy or turning to the Authority.
Our company informs you about the correction, blocking, marking and deletion of personal data,
furthermore, it notifies all those to whom the data was previously transmitted for the purpose of data management,
unless the failure to notify does not harm your legitimate interests.
If we do not fulfill your request for correction, blocking or deletion, the request
in writing within 10 days (but no later than 1 month) of receipt – that
With your consent, we will electronically communicate the reasons for our rejection and inform you
You about the court remedy and the possibility of turning to the Authority.
If you object to the processing of your personal data, we will examine the objection as soon as possible, within 10 days (but no later than 1 month) from the submission of the request, and we will inform you of our decision in writing. If we decided to
that your objection is well-founded, in that case the data management – including further
data collection and data transmission – we terminate and lock the data, as well as prohibit
and the measures taken based on it, we notify all those to whom the
the personal data affected by the protest were forwarded earlier, and those who are obliged to take action
in order to enforce the right to protest.
In the event that we refuse to fulfill the request, we prove that the data management
it is justified by compelling legitimate reasons that take precedence over your interests, rights and freedoms, or that are related to the presentation, enforcement or defense of legal claims. If you do not agree with our decision
one, or if we miss the deadline, you can go to court within 30 days from the notification of the decision or the last day of the deadline.
Adjudication of data protection lawsuits falls under the competence of the court, the trial – at the choice of the data subject – also before the court of the data subject’s place of residence or residence
can be started. A foreign citizen can also file a complaint with the competent supervisory authority according to his place of residence.
Before filing a complaint with a supervisory authority or a court, we ask that you
– in order to negotiate and solve the problem as quickly as possible – look for it
and our company.

What else do you need to know about our data management related to our website?
You voluntarily provide us with your personal data during registration and contact with our Company, which is why we ask that you gradually
ensure that they are true, correct and accurate, as you are responsible for them. Incorrect, inaccurate or incomplete data can be an obstacle to the use of our services.
If you do not provide your own personal data, but someone else’s, we assume that you have the necessary authorization.
You can withdraw your consent to data management at any time free of charge
 by canceling the registration,
 by withdrawing consent to data management, or
 by withdrawing or requesting the blocking of consent to the management or use of any data that must be filled in during registration.
Registration of withdrawal of consent – for technical reasons – with a deadline of … days
undertake, however, we draw your attention to the fact that the fulfillment of our legal obligation is legitimate
in order to assert our interests, we may process certain data even after withdrawing consent.
In case of use of misleading personal data, or if one of our visitors commits a crime or attacks our Company’s system, the registration of the given visitor
at the same time as its termination, we will delete your data immediately, and – if necessary –
we will keep them for the duration of the establishment of civil liability or the conduct of criminal proceedings.

What are the main governing laws for our activities?
 the European Parliament on the management of personal data of natural persons and
Council Regulation (EU) 2016/679 (GDPR)
 2011 on the right to information self-determination and freedom of information
CXII. law – (Info tv.)
 Act V of 2013 on the Civil Code (Ptk.)
 with electronic commercial services and the information society
CVIII of 2001 on certain issues of related services. law – (Eker tv.)
 Act C of 2003 on electronic communications – (Ehtv)
 CLV of 1997 on consumer protection. law (Fogiv tv.)
 CLXV of 2013 on complaints and public interest announcements. law. (Pktv.)
 2008 on the basic conditions and certain limitations of economic advertising activity.
year XLVIII law (Grtv.)
10. Modification of data management information
Our company reserves the right to amend this Data Management Information, of which it will inform the affected parties in an appropriate manner. Information related to data management is published on the website.