Privacy Policy

Effective from 1 December 2025

1. Data Controller

Name: Hajnalka Szőllősi, sole proprietor
Registered office: 19/B Népfürdő Street, 1138 Budapest, Hungary
Tax number: 57754891-1-41
Email: vizaflow2025@gmail.com
Telephone: +36 70 339 1625

The Data Controller processes personal data in connection with the premises rental services provided by Viza Flow Mental Studio.

2. Principles of Data Processing

The Data Controller processes personal data only lawfully, fairly, transparently, for specified purposes and to the extent necessary.

The Data Controller does not request or process health-related, psychological or other special-category personal data relating to the Tenant’s clients, patients or participants. The Tenant is independently responsible for the processing of personal data in connection with their own professional activities.

3. Contact and Requests for Quotations

Data processed: name, email address, telephone number, the content of the message, and any professional or booking-related information provided in the enquiry.

Purpose: establishing contact, providing a quotation, arranging a viewing and handling rental enquiries.

Legal basis: taking steps at the request of the data subject prior to entering into a contract.

Retention period: if no contract is concluded, for a maximum of six months following the last contact; if a contract is concluded, for the retention period applicable to the contractual relationship.

4. Booking and Performance of the Contract

Data processed: name, contact details, billing information, booking date and time, rented premises, payment information and communications necessary for the performance of the contract.

Purpose: managing bookings, concluding and performing the contract, maintaining contact, invoicing and handling any complaints.

Legal basis: performance of a contract or taking steps prior to entering into a contract.

Retention period: until the end of the applicable civil-law limitation period following the termination of the contractual relationship. Accounting documents are retained by the Data Controller for the period required by law.

5. Compliance with Legal Obligations

Data processed: data necessary for invoicing and accounting, as well as data required for handling potential legal claims.

Purpose: compliance with tax and accounting obligations and the establishment, exercise or defence of legal claims.

Legal basis: compliance with a legal obligation and the legitimate interests of the Data Controller.

Retention period: for the period prescribed by the applicable laws, in particular eight years in the case of accounting documents.

6. Data Processors and Data Transfers

The Data Controller uses a hosting provider for the operation of the website:

Rackhost – hosting services.

The Data Controller may transfer personal data only to the extent necessary and on an appropriate legal basis to an accountant, authority, legal representative or another recipient authorised by law.

As a general rule, the Data Controller processes personal data within the European Economic Area. In the event of a transfer outside the EEA, the Data Controller applies the appropriate safeguards required under the GDPR.

7. Rights of Data Subjects

The data subject is entitled to:

  • request information about the processing of their personal data;
  • request access to the personal data being processed;
  • request the rectification of their personal data;
  • request the erasure of their personal data where the legal conditions are met;
  • request the restriction of processing;
  • object to processing based on legitimate interests;
  • exercise the right to data portability where the applicable conditions are met;
  • withdraw consent at any time where the processing is based on consent.

The data subject may submit their request by email to vizaflow2025@gmail.com. The Data Controller shall respond to the request without undue delay and, as a general rule, within no more than one month.

8. Complaints and Legal Remedies

The data subject may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information:

Address: 9–11 Falk Miksa Street, 1055 Budapest, Hungary
Postal address: P.O. Box 9, 1363 Budapest, Hungary
Email: ugyfelszolgalat@naih.hu
Website: NAIH information pages

The data subject may also bring proceedings before a court.

9. Data Security

The Data Controller protects personal data against unauthorised access, alteration, disclosure, loss or destruction through appropriate technical and organisational measures.

10. Amendments to this Privacy Notice

The Data Controller is entitled to amend this Privacy Notice, particularly in the event of changes in legislation, changes to the services or the introduction of new data-processing activities. The current version is available on the website.