Privacy Policy

PRIVACY POLICY

Introduction

Code of Joy Consulting Ltd. (registered office: Anse Boileau, Mahé, Seychelles; registration number: 8419144-1; authorized representative: , hereinafter referred to as the “Company” or “Data Controller”) treats personal data with strict confidentiality and takes all necessary security, technical, and organizational measures to ensure the safety of personal data.

This Privacy Policy aims to set out the principles and rules regarding the processing of personal and other data in the course of the Company’s activities, and to provide necessary information to clients (hereinafter: “data subjects”).

The Company does not engage in automated decision-making or profiling and does not transfer data to third countries. Only the Company and its employees have access to the data.

The Data Controller reserves the right to amend this policy and will notify the data subjects of any changes within the shortest possible time.

Key Definitions

• “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation);
• “Personal Data” – Any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly;
• “Data Processing” – Any operation or set of operations performed on personal data, by automated or non-automated means, such as collection, recording, structuring, storage, alteration, retrieval, use, disclosure, deletion, or destruction;
• “Profiling” – Any automated processing of personal data to evaluate personal aspects relating to a natural person;
• “Pseudonymization” – The processing of personal data in such a manner that it can no longer be attributed to a specific individual without additional information;
• “Filing System” – Any structured set of personal data accessible according to specific criteria;
• “Controller” – The person or body which determines the purposes and means of the processing of personal data;
• “Processor” – A person or body which processes personal data on behalf of the controller;
• “Recipient” – A person or body to whom personal data is disclosed;
• “Consent” – Freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of personal data;
• “Data Breach” – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Data Processing in the Company’s Activities

Types of Personal Data Processed:

The Company’s main activity is wedding planning and related services, during which it processes the following personal data: clients’ name, email address, phone number, and passport number.

When using the Company’s services, clients are required to pay for the services. To issue invoices, in accordance with Act CL of 2017 on the Rules of Taxation and Act CXLVII of 2012 on Small Business Tax, the Company processes the clients’ name and address.

Purpose of Data Processing:

• To contact clients, provide quotations, and deliver services.
• To issue invoices for payments in accordance with relevant tax laws.

Legal Basis for Processing:

• Client’s consent for providing services.
• Legal obligation for invoicing under the applicable tax laws.

Data Retention Period:

• Until the client withdraws consent or 8 working days after service delivery.
• Up to 8 years, as per applicable tax and accounting regulations.

Data Processors:

• The Company does not forward personal data to data processors.

Data Storage and Security

The Company applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the nature, scope, and purposes of the data processing.

• Only authorized personnel can access the data.
• Systems are selected and operated to ensure data integrity, authenticity, and protection from unauthorized access.
• Measures are in place to protect data from destruction, loss, alteration, disclosure, or unauthorized access.
• Systems are secured against cyber-attacks through server-level and application-level protections.

The Company records all data protection incidents and, where required, notifies the National Authority for Data Protection and Freedom of Information within 72 hours.

Data Controller’s Information

• Name: Code of Joy Consulting Ltd.
• Registered Office: Anse Boileau, Mahé, Seychelles
• Tax Number: 731049430
• Company Registration Number: 8419144-1
• Contact: Susann Jonas, +36702430083

Rights of Data Subjects and Legal Remedies

Data subjects have the right to:

• Access their personal data
• Request correction
• Request deletion (with legal exceptions)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

Requests must be made via the contact information provided. A response will be provided within one month (extendable by two months in complex cases).

Access to Information:

Data subjects have the right to receive clear and understandable information regarding:

• The purposes of processing
• Categories of data
• Recipients of data
• Duration of data storage
• Rights and remedies
• Source of data
• Automated decision-making (if any)

Right to Lodge a Complaint and Seek Compensation:

Data subjects can file complaints with the Hungarian National Authority for Data Protection and Freedom of Information:

• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Mailing Address: 1530 Budapest, P.O. Box 5.

They may also seek judicial remedy before a court of competent jurisdiction.

Right to Compensation:

Any person who suffers material or non-material damage as a result of a violation of the GDPR is entitled to receive compensation from the controller or processor.

If you have any questions, please contact us at: info@codeofjoy.com