A soulgym.hu in order to fully comply with the requirements of Regulation 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (Infotv.), provides the following information on the processing of natural persons’ data.
This Privacy Notice a Soul Gym may unilaterally modify it at any time. This Privacy Notice and any amendments thereto a Soul Gym are published on the website of the European Commission (soulgym.hu).
It is also important to check frequently that our Privacy Notice has not been updated. The latest version of the Privacy Notice can always be found at the above web address. And you can easily find out when our Privacy Policy was last updated by looking at the “effective date” (at the top of the page).
Data of the controller
Név: Soul Fitness Szolgáltató Kft. (továbbiakban: „soulgym.hu” vagy „Szolgáltató”)
Cégjegyzékszám: 20-09-079419
Adószám: 32675683-2-20
Telephely: 7624 Pécs, Honvéd utca 2.
Telefon: +36 (20) 463 30 91
E-mail: contact@soulgym.hu
Weboldal: Soul Gym
1. What personal data we process, for how long, what we use it for and under what authority
The legal bases for our processing may include:
the voluntary informed consent of the user to the processing of personal data pursuant to Article 6(1)(a) of the GDPR (hereinafter: Consent);
the processing is necessary for the performance of a contract to which the User, as data subject, is a party (hereinafter referred to as ” performance of the contract“), pursuant to Article 6(1)(b) of the GDPR.
the processing is necessary for compliance with a legal obligation to which the controller is subject (such as the fulfilment of an accounting or bookkeeping obligation – hereinafter: ” compliance with a legal obligation“), pursuant to Article 6(1)(c) of the GDPR
the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party pursuant to Article 6(1)(f) of the GDPR (hereinafter: Legitimate Interest)
The legal basis for processing is set out below, separately for each category of data and for each purpose of processing, with reference to the list above.
| Service used by Érinett | Scope of personal data processed | Purpose of data processing | Legal basis for data processing | Duration of data processing |
| Sending electronic direct marketing messages, such as newsletters, direct mail advertising (e-mail, push messages) | E-mail address Name | Identifying the Erinett Ensuring communication | Contribution | Until consent is withdrawn. |
| User account and registration | E-mail address Name Billing address Delivery address | Creating, defining, amending and fulfilling contracts Billing of fees resulting from contracts Claims and enforcement Identifying the beneficiary Ensuring communication | Performance of a contract Performance of a legal obligation – issuing an invoice Legal interest | Name – for contract fulfillment and billing: for 8 years from the date of deletion of the account and registration by the User (reason: billing information). E-mail address – for contract fulfillment and billing purposes: for 3 months from the date of cancellation of the account and registration by the User, and for legitimate interest: for 6 months thereafter. Billing address – for contract fulfillment and billing purposes: for 8 years from the date of cancellation of the account and registration by the User (reason: billing information). Delivery address – for the performance of the contract: for 3 months from the date of cancellation of the account and registration by the User, and for legitimate interest: for 6 months thereafter. |
| User account and registration | Phone number Password Facebook account email (if different from user account email) Facebook account name (if different from user account name) Google account email (if different from user account email) Google account name (if different from user account name) | Identifying the Erinett Ensuring communication | Performance of the contract | For contract fulfilment and billing: for 3 months from the date of cancellation of the account and registration by the User. |
| Comment | Name E-mail address Website IP address Browser ID string | Identifying the Erinett Ensuring communication | Contribution | When submitting a comment, in addition to the information provided in the comment form, the commenter’s IP address and browser ID string are collected to filter out unsolicited content. |
| General use of the webshop | Identifier of the transaction | Creating, defining, amending and fulfilling contracts Billing of fees arising from contracts Claims and enforcement | Performance of the contract Legitimate interest | For contract fulfilment and billing: for 3 months from the date of cancellation of the account and registration by the User. For legitimate interest: for 6 months thereafter. |
| General use of the webshop | Transaction amount Transaction subject (product or service purchased) Billing name and address (if different from the one provided during registration) | Creating, defining, amending and fulfilling contracts Billing of fees arising from contracts Claims and enforcement | Performance of a contract Performance of a legal obligation – issuing an invoice Legal interest | For contract fulfilment and billing: for 8 years from the date of deletion of the account and registration by the User (reason: billing information). |
| General use of the webshop | Delivery address (if different from the one you provided during registration) | Creation, definition, modification and performance of contracts Claims and enforcement | Performance of the contract Legitimate interest | For contract fulfilment and billing: for 3 months from the date of cancellation of the account and registration by the User. For legitimate interest: for 6 months thereafter. |
| Contacting customer service, making a complaint | Name E-mail address | Identifying the User Communicating with the User during the request Fulfilling the contract Responding to the request, dealing with the substance Claims and enforcement | Legitimate interest | In the case of a complaint, within the general limitation period under civil law, i.e. 5 years from the date of the complaint. In the case of a request for other purposes: within 6 months from the date of the request or 3 months from the date of the deletion of the account and registration by the User. |
| Contacting customer service, making a complaint | Subject of the request, complaint | Replying to enquiries, dealing with the substance Claims and enforcement | Legitimate interest | In the case of a complaint, within the general limitation period under civil law, i.e. 5 years from the date of the complaint. In the case of a request for other purposes: within 6 months from the date of the request or 3 months from the date of the deletion of the account and registration by the User. |
| System message by e-mail or push message | Name E-mail address for Push message: User account | Sending a system message for the performance of the contract | Performance of the contract | 3 months after the termination of the contract. |
| Lottery, promotional game | Name E-mail address | Participation in a promotion, sweepstakes Communication, notification of the result Identification of the User | Contribution | Until consent is withdrawn. |
| Warranty, guarantee claims | Name/billing name Address/billing address E-mail address Phone number Goods or services purchased Bank account number Transaction ID | Identification of the rightful claimant Communication Modification and performance of the contract Claims and enforcement | Performance of a contract Performance of a legal obligation – issuing an invoice Legal interest | Within the general limitation period under civil law, i.e. 5 years from the date of the claim or the date of its settlement. |
| Career database | Name E-mail address Other information provided by the User in the CV and cover letter | Identification of the candidate Communication Participation in the selection procedure In case of selection – Creation, definition, modification, execution of the contract | Consent In case of selection – Contract performance | Until consent is withdrawn, but for a maximum of 1 year from the date of electronic uploading and submission of the CV to the system. |
The Service Provider a soulgym.hu sends system messages to registered Users from time to time. System messages are all messages related to the operation of the Service Provider’s website, possible service interruptions, maintenance, website functions, changes to existing and new functions, new functions, the range of services available on the website and how to use them, the General Terms of Use, the Privacy Policy or any modification thereof, the rights and obligations of the Users in relation to the Website, the services used, including confirmation messages, certificates, notifications, confirmations, electronic receipts, invoices sent for each service used.
2. Automatic data collections, why and what they entail
What tools and what data do we collect automatically?
When visiting the Service Provider’s website and using its services, small programs, so-called cookies, are placed in the User’s browser and HTML-based e-mails in accordance with this Privacy Policy.
In general, a cookie is a small file consisting of letters and numbers that is sent to the User’s device from our server. The cookie allows us to recognize when the User last logged on to the website, the main purpose of the cookie is to allow the User to receive personalized offers, advertisements, which personalize the User’s experience when using the website and express the User’s personal needs.
Purpose limitation and usability of cookies.
Security: to promote and enable security and to assist the Service Provider in detecting infringing behaviour.
Preferences, features and services: cookies are able to tell the Service Provider which language the User prefers, what the User’s communication preferences are, help the User fill in forms on the website, making them easier.
Post a comment: when you post a comment on the website, the name, email and website address you provide will be stored in cookies. The storage is for convenience purposes only, so you do not need to fill in these fields the next time you post. When you post a comment, the comment and its metadata will remain in the system for an indefinite period of time. This is to ensure that all subsequent posts are known and approved by us, i.e. they are not added to the list of posts to be moderated.
Advertising: the Service Provider may use cookies to show the User relevant advertisements on and off the Website. Cookies may also be used to show whether Users who have seen an advertisement on the Website will subsequently visit the advertiser’s website. Similarly, the Service Provider’s business partners may use cookies to determine whether and how their advertisements have been served by the Service Provider on the Website and to send the Service Provider information about how the User behaves in relation to the advertisements. The Service Provider may also cooperate with a partner that displays an advertisement to the User on or off the Website after the User has visited the partner’s Website.
Performance, analytics and research: such cookies help the Service Provider to understand how the website is performing in different places. Cookies may also be used by the Service Provider to evaluate, improve and research the website, products, features, services, including when the User accesses the website from other websites or devices such as the User’s computer or mobile device.
In the context of the use of cookies, we consider Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Data Protection Directive”), Article 29. which is an independent European advisory body on data protection and privacy issues, whose opinion on EU law is the basis for the interpretation of national legislation in all Member States, on the exemption from consent to cookies (hereinafter ‘Opinion 2012/4’, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2012/wp194_hu.pdf).
On the basis of the grouping in Opinion 2012/4, it is not necessary to obtain consent for the following types of cookies, but only to inform the User of their use.
Based on the above, the types of cookies we use:
A. Cookies necessary for the functioning of the site (Basic cookies):
- User-input cookies: these are session cookies that are based on a session identifier (a random temporary identification number) and expire at the latest at the end of the session when you exit the browser. They provide user input, i.e. they are linked to the user’s activity when exchanging messages with the service provider (e.g. to fill in a form or click on a button).
- Multimedia player session cookies: used to store technical data (image quality, network connection speed and buffering parameters) necessary to play back video or audio content. These cookies also expire when you exit the browser program.
- Social content sharing cookies: allow social network users to share the content they like with their friends. These cookies are deleted when the user “logs out” of the social networking platform or closes the browser.
B. Cookies for “convenience services” (Functional cookies):
Cookies with such purposes are not considered “strictly necessary” to provide the services explicitly requested by the user and therefore require specific consent for their use.
- Social content sharing tracking cookies: where members of social networks have opted-in to “tracking” in the social network setting, for example to display behavioural advertising.
- Proprietary traffic analysers: traffic analysers are statistical tools that measure the number of visits to a website, using cookies. These tools estimate the number of unique visitors, identify the most frequently used keywords on search engines that lead to a particular website, and track certain web navigation issues. They are used solely for their own aggregate statistics purposes, to serve visitor needs faster and more accurately.
C. Performance cookies (Performance cookies):
Analytics cookie management (Google Analytics): this website uses Google Analytics, an analytics service provided by Google Inc. (“Google”). Google Analytics (“GA”) uses “cookies” (see above), text files stored on users’ computers, to analyse user interactions on the website, i.e. these cookies collect information about the use of the website, e.g. In the context of using the GA service, the Service Provider does not collect any personal data, does not store your name or address, and the data collected is not used to identify you. These cookies cannot – and are not intended to – specifically identify visitors (the IP address you are using is only partially recorded). The information stored in the “cookies” about your use of the website is transferred to and stored by Google on servers in the USA.
The above information is processed by Google on behalf of the operator of the websites in order to evaluate users’ browsing habits, compile reports on website usage patterns and provide other services related to website usage. However, you may at any time choose to disable cookies that monitor anonymous browsing activity within the website for analytical purposes.
The storage of cookies can be prevented by setting your browser software accordingly. Click on the link for more information on how to disable cookies:
http://www.google.com/analytics/learn/privacy.html
Visitors who do not want GA to report on their activities on this website may install GA’s browser add-on to block their activities. This add-on instructs GA not to send visit information to Google. If you wish to block GA’s web activity, please visit the Google Analytics blocking page and install the add-on to your browser. For more information on how to install and uninstall the extension, please refer to the help for your browser.
Please make sure that the disabling browser extension only runs directly on the browser and computer used to download it, do not deactivate or delete the disabling extension after downloading, otherwise your browser will restore itself and GA will be functional again. Data collection can also be prevented via Google Analytics. In this case, an “Opt-Out-Cookie” will be placed on your computer to prevent future collection of visit information.
D. “Remarketing” cookies (advertising cookies):
The Service Provider uses Google AdWords, Criteo and Facebook Pixel advertising services (so-called remarketing cookies) to increase the number of visitors. These are used to display targeted ads to visitors to the site. Google AdWords is Google’s click-based advertising system, which displays personalised ads to internet users based on their search and browsing habits. The Facebook Pixel service requires a cookie to be set on users’ devices. Facebook and Google can control and set this processing activity in your Facebook and Google account.
These cookies do not link the data to an individual. Advertisements are displayed by advertisers depending on your browsing habits.
Control and management of cookies:
Most browsers allow Users to control the use of cookies through their settings. However, if the User restricts the website’s use of the cookie, this may degrade the user experience as it is no longer personalised to the user. In addition, the User may also choose to stop saving personalized settings, such as login information.
If the User does not want the Service Provider to use cookies when visiting the website, the User can opt out of the use of certain cookies in the settings menu. In order for the Service Provider to be aware that the User has disabled the use of certain cookies, the Service Provider will place a disable cookie on the User’s device so that the Service Provider will know that it cannot place cookies the next time the User visits the Website. If the User does not wish to receive cookies, the User may change the browser settings on his/her computer. If the User uses the Website without changing the browser settings, the Service Provider will consider that the User has given his/her consent to the sending of any cookies on the Website. The Website will not function properly without cookies.
For more information about cookies, including the types of cookies, how to manage them and how to delete them, visit www.allaboutcookies.org or www.aboutcookies.org.
Users can also control and enable cookies at the following links: https:\\www.aboutads.info/choices and https://www.youronlinechoices.eu.
You can also block cookies from other third party service providers at http://www.networkadvertising.org/choices/.
Browser settings:
Internet Explorer Tools > Internet Options > Privacy > Websites
Mozilla Firefox Tools > Options > Privacy
Safari Changes > Settings > Privacy
Google Chrome: Settings > Show advanced settings… > Privacy > Content settings…Preferences area > Advanced > Cookie
3. Who can process and access your data
The data controller
The data controller of the data specified in point 1 is the Service Provider, whose contact details and company data are as follows:
Név: Soul Fitness Szolgáltató Kft. (továbbiakban: „soulgym.hu” vagy „Szolgáltató”)
Cégjegyzékszám: 20-09-079419
Adószám: 32675683-2-20
Telephely: 7624 Pécs, Honvéd utca 2.
Telefon: +36 (20) 463 30 91
E-mail: contact@soulgym.hu
Weboldal: Soul Gym
Your data will be accessed by the Service Provider’s employees to the extent strictly necessary for the performance of their work. Access to your personal data is governed by strict internal rules.
Data processors
We use various companies to process and store your data, with whom we have concluded a data processing contract in accordance with the law. The following data processors process your data:
| Name of data processor | Address | Activity |
| Dobos Dániel E.V. (‘DB Group’) | dbgroup.hu | website maintenance and administration |
| Facebook, Inc. (USA) | Palo Alto, California, USA | Profiling, advertising, analytics and measurement services, behavioural advertising display |
| GOOGLE LLC ( | USA – Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043) | Profiling, advertising, analytics and measurement services, behavioural advertising display |
Information on data transfers abroad:
Google LLC and its affiliates and Facebook, Inc. are included in the European Commission’s GDPR Article 45 Compliance Decision and Commission Implementing Decision 2016/1260 and the US-EU Privacy Shield List established on the basis thereof, meaning that transfers to them do not constitute transfers to third countries outside the European Union and do not require the consent of the data subjects and are permitted under Article 45 of the GDPR. These companies have undertaken to comply with the GDPR.
4. Personal data rights and safeguards
a. Right of access: request information about what data we use, for what purpose and for how long we process it, to whom we disclose it and where it comes from.
b. Right of rectification: if your data change or are incorrectly recorded, you can request that your data be corrected, corrected or clarified.
c. Right of cancellation: request the deletion of your data processed by us in the cases specified by law.
d. Right to restriction of processing: request that we restrict the processing in the cases specified by law.
e. Right to data portability: by filling in the data portability request form attached to this notice, you may request the portability of your data, exercising your right to request that we disclose your data to you in the categories specified by law or, upon your specific request and authorisation, to transfer it directly to another service provider designated by you.
If you make such a request, we will act in accordance with the law and inform you within one month of the action we have taken on your request.
f. Right to withdraw consent: where we process your data on the basis of your consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of our processing prior to the withdrawal of your consent.
g. Right to complain: if you have suffered a breach of rights in relation to our processing, you have the right to lodge a complaint with the competent supervisory authority:
National Authority for Data Protection and Freedom of Information
Website: http://naih.hu
Postal address: 1530 Budapest, Pf.: 5.
E-mail: ugyfelszolgalat@naih.hu
Phone number: +36 (1) 391-1400
(Article 79 of the GDPR): if you consider that your rights listed in the GDPR have been infringed in the processing of your personal data, you may bring legal proceedings against the Service Provider before the courts of the Member State where the Service Provider is established. Such proceedings may also be brought before the courts of the Member State where you have your habitual residence.
Right to object:
- Where we process your data on the basis of legitimate interests as set out above, you have the right to object separately to the processing on the basis of such legitimate interests.
- You may also object to the processing of your data for profiling purposes.
If you object, we will no longer process your personal data.
5. How do we ensure the security of your data?
We have a comprehensive and detailed information security policy to ensure the security of the data and information we handle, which is binding on all our employees and which all our employees are aware of and apply.
We regularly educate and train our employees on data and information security requirements.
5.1. Data security in IT infrastructure
Personal data is stored on servers on the ground, to which only a very limited number of staff and employees have access, based on strict access control rules. Our IT systems are tested and audited periodically, recurrently and regularly to ensure and maintain data and IT security.
Office workstations are password-protected, and the use of foreign media is restricted and only allowed under secure conditions and after verification.
Regular and continuous protection against malicious software is provided for all systems and system components of the Service Provider.
We prioritise and separate security functions in the design, development, testing and operation of programmes, applications and tools.
Access keys (e.g. passwords) to the information system are stored and transmitted in encrypted form, and data affecting the security of the system (e.g. passwords, privileges, logs) are protected when access rights are assigned.
5.2. Physical data security
To ensure physical data security, we ensure that our doors are properly closed and protected, and we have strict visitor and access control procedures.
The rooms where the storage media are located are designed to provide sufficient security against unauthorised or forced entry, fire or natural disaster. And storage of data media used for data transmission, backup and archiving must be in a reliably locked place.
6. Data breach procedure
In accordance with the law, we notify the supervisory authority of a data protection incident within 72 hours of becoming aware of it and we keep records of data protection incidents. In cases specified by law, we also inform the users concerned.
7. Changes to this privacy notice
If the scope of the data processed or other circumstances of data processing change, we will amend this Privacy Notice in accordance with the GDPR within 30 days and publish it on our website, or post a notice of the change by email or on the website.
Utolsó módosítás dátuma: 2025. April 6.