Data of the Data Controller
Name: Medalyst Sport Innovation Kft.
Headquarters: 1071 Budapest, Damjanich utca 45.
Data protection officer: Tamás Horovitz
Complaint handling:hello@medalyst.io
Tax number: 32231867-2-42
Physical location of data storage: 1071 Budapest, Damjanich utca 45.
The personal and material scope of the General Data Management Regulations, the Data Controller
These general data management regulations (hereinafter: "Data Management Regulations") are Medalyst Sport Innovation Kft. (headquarters: 1071 Budapest, Damjanich utca 45., tax number: 32231867-2-42 represented by: Tamás Horovitz) as data controller (hereinafter: " Service Provider" or "Data Controller") followed during the processing of the personal data of its customers, and in particular the users of the medalyst.io website operated by it (hereinafter: "Website") (hereinafter: "User" or "Users") as specified in these Data Management Regulations provides information on principles and practice, as well as on Users' rights and how to exercise them. Accordingly, the scope of this Data Management Policy covers the Service Provider and the User using the service. The Data Management Regulations are in line with current Hungarian and European legislation, including, in particular, CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: "Info TV"), Regulation (EU) 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation"), and Act V of 2013 on the Civil Code (hereinafter: "Ptk .") provisions. The most recent and effective version of this Data Management Policy as of December 4, 2021 is also available and viewable on the Website and at the Service Provider's headquarters.
Data processing by the Data Controller
The Service Provider provides, mediates, and makes available to Users a variety of services that can be used electronically through the Website (hereinafter: "Service" or "Services"). Some of the Services can be used free of charge, while others can be used for a fee. After registration (hereinafter: "Registration"), the Services can only be used by Users. Visiting the Website without using the Services does not require user identification, in such a case no data management takes place, however, certain information of the visitors is stored with the help of the regularized cookies. In order to use the Services available to Users, user identification is required in all cases, the condition of which is the User's Registration on the Website and access to the user account. After registration, the data belonging to the user account will be saved. Users decide to use the Services voluntarily and agree that this requires the provision of their personal data. The name given to the User's profile created during registration can be used in all of our services that require an account registered by the User. When the User contacts us, we keep the communication with the User in our records so that it can later help us in solving the User's possible problems. We may use the User's e-mail address to inform about our services, sending notifications about upcoming changes or improvements. The Service Provider also manages the personal data of the persons invited by the Users to use the Services (hereinafter: "Invited Persons"), as well as the contacts of the contractual partners who are in a contractual relationship with the Users and provided under the conditions specified by the Users, as well as the personal data of the natural persons who They are interested in services and specifically request information about the Services and the Registration (hereinafter: "Prospective User" or "Prospective Users"). Before using the data for purposes other than those specified in this Data Management Policy, we ask for the User's consent. The Service Provider ensures that all phases of data processing comply with the requirements of the General Data Protection Regulation of the European Union. The Service Provider ensures that the processed data only leave the territory of the European Economic Area if authorized by the General Data Protection Regulation. The Service Provider ensures the security of the data, takes the technical and organizational measures and develops the procedural rules that are necessary to enforce the data and confidentiality rules. The data must be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used. The Service Provider guarantees that, when determining and applying measures for data security, it takes into account the state of the art at all times, and in each case chooses the IT solution that ensures a higher level of data protection.
Purpose of data management
In order to manage the Users' data in connection with the use of the Services provided by the Service Provider through the Website and available through the Website, the identification of Users, the enabling, provision, maintenance, documentation and further development of the Services, the development of new services, the enabling of invoicing the consideration for the Services, the It takes place in order to implement promotional activities related to the Services, as well as other administration related to the Services, including, in particular, the fulfillment of official inspections and the conduct of possible legal disputes. The data of Invited Persons and Prospective Users will be processed for the purpose of their Registration. The Data Controller may use the anonymized or pseudonymized personal data of Users, Invited Persons, and Prospective Users for its own statistical purposes, as well as to improve the quality of the Services and to customize some Services. Before using the Services, during their provision, or after the termination of the Services, the User is entitled to request information at any time within the period specified in point 6 regarding which data the Service Provider processes and for what purpose, as well as any other issue related to data management, including, among others, the legal basis and duration of data management, the legal remedies available to the User, as well as who and for what purpose receive or have received the personal data. The detailed procedure for requesting information is contained in point 10.
Scope of collected and processed personal data
The Services are available to eligible Individuals, Users, legal entities registered by Users, unincorporated business associations (kkt., bt.), sole proprietors, and others, pursuant to the Civil Code. can be used by persons who qualify as a business and have a tax number (hereinafter: "Customer" or "Customers"). Customers are registered on the Website by Users who are authorized to do so, with the fact that in the case of self-employed Users, the User is also considered a Customer. The Data Controller manages the personal data of the Users themselves and of other persons provided by them (the contacts of the Customers, the contacts of specified contractual partners), the personal data of other persons invited by the Users and having specific authorization (Invited Persons), as well as the personal data of Prospective Users . The Data Controller only records personal data that the User or Prospective User or a contractual partner invited by the User or contractual partner with the User provides voluntarily; in the case of Services that can be used for a fee, the data related to the conclusion of the contract and the issuing of the invoice, which fall under the scope of mandatory data provision, are an exception to this.
Cookies are used on the Website for various purposes:
-
The purpose of those of a technical nature is to ensure the proper functioning of the website, in order to make it easier for users to use the services;
-
Other cookies are necessary for users to browse the website, in particular to note the actions performed by the visitor on the given page;
-
Cookies used for statistical purposes, which require the User's consent.
Scope of data processed to provide the Services:
-
the IP address of the User's computer;
-
the start and end time of logins on the Website;
-
browser and operating system type;
-
activity performed by the User on the Website.
The range of data handled in the case of Persons Invited by the User, including Prospective Users (with the fact that the Persons Invited become Users themselves upon Registration):
-
the name and e-mail address of the Persons Invited by the User;
-
the range of rights the Invited Person has in terms of using the Services.
Scope of data handled during complaint handling by the User (e.g. error reporting):
the name, e-mail address or telephone number of the User reporting the complaint (depending on how the complaint is reported);
the name of the Client represented by the User, if the User does not act in his own name and on behalf of the Client;
description of the reported complaint;
the Service Provider's statement, if the error/complaint can be investigated immediately;
in the case of a complaint communicated over the phone (orally), data suitable for the unique identification of the complaint.
The range of personal data provided by the Prospective User (with the Prospective Users themselves becoming Users with the Registration):
-
name of the Prospective User;
-
the e-mail address provided by the Prospective User.
Personal data of the contact details of the contractual partners entered into by the User and having a contractual legal relationship with the User:
-
name and email address of the contact person.
Information about the cookies used on the Company's website and the data generated during the visit
Treated during the visitdata circle
During the use of the website, the website of the Service Provider can record and manage the following data about the visitor and the device used for browsing:
-
the IP address used by the visitor,
-
browser type,
-
characteristics of the operating system of the device used for browsing (set language), • time of visit,
-
the (sub)page, function or service visited, click.
Cookies used on the website
Technically, it is absolutely necessary worksession cookies
The purpose of data management is to ensure the proper functioning of the website. These cookies are necessary so that visitors can browse the website, use its functions smoothly and fully, the services available through the website, so - among others - in particular the commenting of the actions performed by the visitor on the given pages or the identification of the logged-in user during a visit . The duration of the data management of these cookies applies only to the visitor's current visit, this type of cookie is automatically deleted from the computer when the session ends or when the browser is closed. The legal basis for this data management is Act CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. § (3), according to which the service provider may process the personal data that is technically absolutely necessary for the provision of the service for the purpose of providing the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time. During the use of the Website, the Service Provider automatically records the User's IP address, the type of operating system and browser used by the User and other information for technical reasons. The system continuously logs this data, but does not link it to the data entered during registration or during use. Only the Service Provider has access to the data obtained in this way, not the Users. The Service Provider may record the data of the Internet pages from which the User reached the Website, as well as those visited on the Website, as well as the time and duration of the visit. The User's identity and profile cannot be inferred from these data.
Cookies facilitating use:
These remember the user's choices, for example in what form the user wants to see the page. These types of cookies essentially mean the setting data stored in the cookie. The legal basis for data management is the User's consent. Purpose of data management: Increasing the efficiency of the service, increasing the user experience, making the use of the website more convenient. This data is on the user's computer, the website can only access and recognize the visitor through it.
Performance cookies:
They collect information about the User's behavior within the visited website, time spent, and clicks. These are typically third-party applications (e.g. Google Analytics, AdWords). Legal basis for data management: the consent of the data subject. Purpose of data management: analysis of the website, sending advertising offers. The Service Provider uses the above information exclusively for the technical operation of the Website and for statistical purposes. The Service Provider only stores the fingerprint (hash) of the User's password, not the password itself.
Legal basis for data management
During Registration, the User provides his/her data voluntarily, in these cases the legal basis for the provision of data is the User's voluntary, definite and informed consent. Prospective Users who are interested in registration provide their data voluntarily, in these cases the legal basis for data provision is the prospective User's voluntary, definite and informed consent. The Service Provider processes the personal data voluntarily provided by the User and the Prospective User exclusively for the purposes specified in point 3 and for the period specified in point 6, or in the case of mandatory data management, for the period specified in the law. The Service Provider's data management activities comply with the above conditions at all times of data management.
By voluntarily providing their data and accepting the Data Management Policy, the User and the Prospective User declare that the Service Provider consents to its data management activities in accordance with this Data Management Policy. This consent is also considered to be the consent of the natural persons designated by the User to represent the Customer (executives, contacts), as well as the Invited Persons designated by the User and the contractual partners in a contractual relationship with the User. The consent of the User and the Prospective User is voluntary, informed and decisive; this consent provides the legal basis for the Service Provider's data management activities. In the case of mandatory data processing (for example, invoicing data), the legal basis for data processing is provided by the laws applicable to the given Service, in particular the following laws: Billing data, receipts: Act C of 2000 - on accounting (Accounting Act). Electronic services, electronic contracting: CVIII of 2001. Act - on certain issues of electronic commercial services and services related to the information society (Eker. tv.). In certain cases (for example, non-payment of the consideration for the Service, the User's debt) or in the event of harm to the public interest, the Service Provider also manages data based on a consideration of interests. In the case of data management based on the consideration of interests, the Service Provider always carries out an interest assessment test, which is carried out on a case-by-case basis by comparing the User's freedoms and the compelling private interests or public interest related to the necessity of data management.
The User's consent provides the legal basis
-
Users who are registered but do not use the service,
-
Users requesting the newsletter, also in the case of contracted partners who provide additional data in addition to the data required for the performance of the contract or required by law,
-
as well as in the case of cookies for statistical purposes that require the User's consent.
Fulfillment of the contract as a Data Controller:
data processing is necessary for the fulfillment of a contract in which the data subject is one of the parties, or it is necessary for taking steps at the request of the data subject prior to the conclusion of the contract. Fulfillment of legal obligations within the scope provided by the following legislation: Applies to data management by the Service Provider as Data Controller • CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act (Ektv.) 45/2014 on contracts concluded between absent parties. (II.26) Government decree; • in the case of issuing own invoices: the Accounting Act (Szmtv.) and • 23/2014 on the tax administration identification of invoices, simplified invoices and receipts, as well as the use of cash registers and taximeters that provide receipts. (VI. 30.) NGM Decree (hereinafter: NGM Decree), • 114/2007 on the rules of digital archiving. (XII.29.) It can take place according to the mandatory provisions of the GKM decree on digital archiving.
The following applies to data processing by the Service Provider as a Data Processor:
-
CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act (Ektv.) 45/2014 on contracts concluded between absent parties. (II.26) Government decree,
-
in the case of own account issuance: the Accounting Act (Szmtv.) and
-
23/2014 on the tax administration identification of invoices, simplified invoices and receipts, as well as the use of cash registers and taximeters that provide receipts. (VI. 30.) NGM Decree (hereinafter: NGM Decree),
-
114/2007 on the rules of digital archiving. (XII.29.) It can take place according to the mandatory provisions of the GKM decree on digital archiving.
Data management based on the Service Provider's legitimate interests
It is the Service Provider's legitimate interest vis-à-vis the user to enforce any claim arising from the contract. The deadline after the termination of the contract is the Civil Code. the general statute of limitations lasts until the end of 5 years. The Data Controller following the termination of the contract under the Civil Code. until the end of the limitation period according to the contract, as long as it is possible to assert a legitimate interest, the data necessary for asserting the interest shall be preserved. (There is an exception to this rule: unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child) Duration of data processing In the case of data processing based on consent, the data management lasts until the withdrawal of consent, but no more than 8 (eight) years from the termination of the possibility of using the Services. If the User has used several Services, the above period starts from the time when the use of the last Service used by the User is validly terminated. If the Prospective User or the Invited Person does not register or does not complete the started Registration for any reason, the Service Provider will send a one-time notification to the e-mail address. No further notification will be sent. If the Prospective User or the Invited Person does not register and become a User for a longer period of time, their data will be stored for an additional 1 (one) year solely to prevent the sending of further notifications.
Data transmission, linking of data
The Service Provider may transfer the personal data it handles on the basis of these Data Management Regulations to a third party only with the prior and informed consent of the person concerned, including the transfer of data necessary for the User to use the Services provided by the third party and available on the Website, as well as the various data management for this purpose connection as well. The Service Provider is also entitled and obliged to forward the personal data of the data subject in the cases specified by law, upon request of the authorized authority, with the fact that the Service Provider is also obliged to check the legal basis of the data transfer in such cases. Otherwise, we share personal data with companies, organizations or persons outside the Service Provider, if we have the User's consent. We will also share personal data with companies, organizations or persons outside the Service Provider if we assume in good faith that the access to the data, the use, preservation or publication of the data is reasonably justified:
-
compliance with applicable laws, regulations, court judgments or official decisions;
-
the implementation of the relevant General Terms and Conditions, including the investigation of their possible violations;
-
detection and prevention of fraud and security or technical problems;
-
in order to defend against threats to the rights, property or safety of the Service Provider, its users or the general public, in the manner required or permitted by law.
Data processing, data processor
The Service Provider's services are provided on the website interface used by the User, within the framework of which the Service Provider is considered a Data Processor in the application of data management and data protection legislation, as it performs data management on behalf of the User. This legal situation also exists in the case of the banking data connection service. As part of the performance of the contract, the Service Provider, as Data Controller, only uses data processors who provide adequate guarantees for data processing to comply with the requirements of legislation and to implement appropriate technical and organizational measures that ensure the protection of the rights of the data subjects. The Data Controller is entitled to use a data processor to carry out its activities. The data processors do not make independent decisions, they are only entitled to act according to the contract concluded with the Data Controller and the instructions received. The Data Controller checks the work of the data processors. Data processors are entitled to use additional data processors only with the consent of the Data Controller. The data processing carried out by the data processor is governed by a contract defining the subject, duration, nature and purpose of data processing, the type of personal data, the categories of data subjects, the obligation of confidentiality, as well as the obligations and rights of the data controller, which binds the data processor to the data controller.
The Data Controller uses the following data processors:
-
Server provider: Mailchimp, The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308)
-
handling and sending of automated emails Rackforest Kft. (1132 Budapest, Victor Hugo utca 18-22.) - web hosting Clearhaus A/S (FT-no. 22006) (PO Pedersens Vej 14, 8200 Aarhus N, Denmark)
-
online payment Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
-
advertising Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) creation of page visit statistics, advertising
Data security
The Data Controller implements appropriate technical and organizational measures, taking into account the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons, in order to guarantee a level of data security appropriate to the degree of risk. The data security measures are prescribed by the contractual obligations for all developers and suppliers and by internal documents containing business secrets, which are mandatory for employees, and in particular the data management and data security regulations. The Service Provider takes all necessary steps to ensure the security of the personal data provided by the Users both during network communication and during data storage and protection. Access to personal data is strictly limited to prevent unauthorized access, unauthorized changes, and unauthorized use of personal data. Users' rights The Data Controller facilitates the exercise of Users' rights with the following information. The Data Controller shall inform the User of the measures taken following his request to exercise his rights without undue delay, but no later than one month from the date of receipt of the request. This deadline can be extended by another two months under the conditions set out in the Regulation, of which the User must be informed. If the Data Controller does not take measures following the User's request, it shall inform the User without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the User may file a complaint with the NAIH and exercise his right to judicial redress . The data controller provides the information and information about the rights of the data subject and measures free of charge, however, in the cases described in the Regulation, a fee may be charged. The Data Controller informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or would require a disproportionately large effort.
The rights of Users are listed as follows:
-
Transparent information, communication and facilitating the exercise of the User's rights
-
Right to prior information - if personal data is collected from the User
-
The User's right of access
-
Right to rectification
-
The right to erasure ("the right to be forgotten")
-
The right to restrict data processing
-
To correct or delete personal data, or to restrict data processing
-
Related notification obligation
-
The right to data portability
-
The right to protest
-
Automated decision-making in individual cases, including profiling
-
Restrictions
-
Informing the User about the data protection incident
-
The right to lodge a complaint with the supervisory authority (right to an official remedy)
-
The right to an effective judicial remedy against the supervisory authority
-
The right to an effective judicial remedy against the controller or processor
User rights in detail
-
Transparent information, communication and facilitating the exercise of the User's rights
-
The User has the right to receive information about the facts and information related to data management before the start of data management.
-
The Data Manager undertakes to provide, at the request of the User, all information and each piece of information regarding the handling of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded.
-
You provide the information in writing or in another way, including, where applicable, the electronic way. Verbal information can also be provided at the request of the data subject, provided that the User's identity has been verified in another way.
Right to prior information
The User has the right to receive information about the facts and information related to data management before the start of data management. In this context, the Data Controller informs the User by compiling this information
a) the identity and contact details of the data controller and his representative,
b) the contact details of the data protection officer (if any),
c) the purpose of the planned processing of personal data and the legal basis of data processing,
d) in the case of data management based on the assertion of a legitimate interest, about the legitimate interests of the data controller or a third party,
e) about the recipients of the personal data - with whom the personal data is communicated - and the categories of recipients, if any;
f) where appropriate, the fact that the data controller wishes to transfer the personal data to a third country or international organization.
The User may request from the Data Controller access to personal data relating to him, their correction, deletion or limitation of processing, and he may object to the processing of such personal data, as well as to assert the User's right to data portability;
In the case of data processing based on the consent of the User, the consent can be revoked at any time without reason, which does not affect the legality of the data processing carried out on the basis of the consent before the revocation. By making this information available, the data controller provides information on whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract within the scope of its data management defined for each data management purpose, as well as whether the data subject is obliged to provide the personal data, and what is possible failure to provide data may have consequences. The Data Controller does not use automated decision-making or profiling. If the Data Controller wishes to carry out further data processing on personal data for a purpose other than the purpose of their collection, the User must be informed of this different purpose and all relevant additional information before further data processing. The Data Manager only manages data that the User has made available to him.
The User's right of access
The User is entitled to receive feedback from the data controller as to whether his personal data is being processed, and if such data is being processed, he is entitled to access the personal data and the related information described in the previous point.
The Data Controller does not transfer personal data to third countries or international organizations. Upon request, the Data Controller will provide the User with a copy of the personal data that is the subject of data management. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs. Detailed rules regarding the User's right of access are contained in Article 15 of the Order.
About Barion Payment
Online bank card payments are executed via the Barion system. The merchant does not get and store bank card data. Barion Payment Inc., the provider of this service, is an institution under the authority of the Central Bank of Hungary, its license number is: H-EN-I-1064/2013.
Right to rectification
Upon the User's request, the Data Controller shall correct inaccurate personal data relating to the User without undue delay. Taking into account the purpose of the data management, the data subject is entitled to request the addition of incomplete personal data, among other things, by means of a supplementary statement. The right to erasure ("the right to be forgotten") Upon the User's request, the Data Controller shall erase the personal data relating to him without undue delay. If: a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed; b) the User withdraws his consent, which is the basis of the data management, and there is no other legal basis for the data management; c) the User objects to the processing of his data and there is no overriding legal reason for the data processing, d) the personal data were processed illegally; e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller; f) the collection of personal data took place in connection with the offering of information society-related services offered directly to children.
Right to be forgotten
The right to be forgotten means that the deletion of personal data made public by individual data controllers or transferred to other recipients must be ensured in such a way that the deletion obligation must be communicated to all other data controllers to whom the personal data was transferred by the Data Controller.
The right to restrict data processing
In the case of data management restrictions, such personal data may only be processed with the consent of the User, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of other natural or legal persons, or in the important public interest of the Union or a member state. The User has the right to have the Data Controller restrict data processing upon request if one of the following is met: a) the User disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the Data Controller to check the accuracy of the personal data; b) the data management is illegal and the User opposes the deletion of the data and instead requests the restriction of their use; c) the Data Controller no longer needs the personal data for the purpose of data management, but the User requires them to submit, enforce or defend legal claims; or d) the User objected to data processing; in this case, the restriction applies to the period until it is established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the User. The User must be informed in advance about the lifting of restrictions on data management.
The right to data portability
Under the conditions set out in the Regulation, the User is entitled to receive the personal data relating to him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller without being hindered by the the data manager to whom the personal data was made available, provided that a) the data management is based on consent or a contract; and b) data management is performed in an automated manner. The User can also request the direct transfer of personal data between data controllers. Exercising the right to data portability cannot violate the right to erasure (to be forgotten). The right to data portability does not apply if the data processing is in the public interest or is necessary for the performance of a task carried out in the context of the exercise of public authority rights vested in the data controller. This right cannot adversely affect the rights and freedoms of others.
The right to protest
The User has the right to object to the processing of his personal data. In this case, the data controller may no longer process the personal data, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the User, or that are necessary for the presentation, enforcement or defense of legal claims are connected. The Data Controller does not engage in direct business acquisition, therefore no data processing takes place on this basis. The User's right to object must be explicitly drawn to the User's attention during the first contact at the latest, and the relevant information must be displayed clearly and separately from all other information. The data subject can also exercise the right to protest using automated means based on technical specifications. Informing the User about the data protection incident If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the data controller must inform the data subject about the data protection incident without undue delay.
The User may submit a complaint addressed to the supervisory authority if he/she has been harmed in the course of data management.
Name of the authority: address: contact information: National Data Protection and Information Freedom Authority (NAIH), 1125 Budapest, Szilágyi Erzsébet fasor 22/C., naih.hu,
E-mail: ugyfelszolgalat@naih.hu
Phone: +36 (1) 391-1400, Fax: +36 (1) 391-1410
NAIH is obliged to inform the customer about the procedural developments related to the complaint and its result, including the fact that the customer is entitled to legal remedies. The right to an effective judicial remedy against the supervisory authority The complainant has the right to an effective judicial remedy against the legally binding decision of the supervisory authority, everyone concerned is entitled to an effective judicial remedy if the competent supervisory authority does not deal with the complaint, or within three months does not inform the User about procedural developments related to the submitted complaint or its result.
The right to an effective judicial remedy against the data manager or data processor Every User is entitled to an effective judicial remedy if, in his judgment, his rights under this regulation have been violated as a result of the processing of his personal data not in accordance with this regulation.