Privacy Policy

I consider it important that my website complies with GDPR regulations as well as legal requirements related to healthcare. Therefore, a detailed legal policy has been prepared with the involvement of GDPR and healthcare law experts, as well as other professionals.

This policy has been effective since 20  May 2025 and remains valid until revoked.
If you require access to a previous version of the policy, please send an email to info@novakhunor.hu specifying the exact time period you are requesting.

Contents:

1. Data Processing Policy

2. DATA PROTECTION NOTICE regarding the use of foreskin101.com

1) Data Processing Policy

I. Purpose and Scope of the Policy

This policy (hereinafter referred to as the Policy) sets forth the data protection and personal data management principles of Novák Online Kft. (2045 Törökbálint, Munkácsy Mihály utca 85.) (hereinafter referred to as the Service Provider). It includes the procedures and commitments made by the Service Provider in relation to the management of personal data, as well as the means of executing relevant legislation, and internal processes.

The purpose of this Policy is to ensure compliance with the regulations on data protection and the handling of personal data.

The core documents of data processing at the Service Provider are the present Policy and its inseparable parts:

– The Data Protection Information Sheet;

– The Data Processing Register;

– The Information Sheet for the use of foreskin101.com and its subpages.

II. Definitions

Unless otherwise stated in this Policy, the definitions contained in Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter GDPR) shall apply.

III. Legal Basis for Data Processing

During its regular operation, the Service Provider processes personal data based on the consent of the data subject [Article 6(1)(a) GDPR]. Certain data processing activities are based on points (b) and (c) of the same article, as recorded in the data processing register.

IV. Consent

When using the Service:

Individuals contacting the Service Provider (hereinafter: clients) do so voluntarily; thus, pursuant to Section 12(1) of Act XLVII of 1997, their consent to the processing of their personally identifiable data is considered granted. Information regarding their rights to limit, revoke, or withdraw consent is provided in the Data Protection Information Sheet.

V. Information

Clients can learn about the facts related to data processing and their associated rights from the Data Protection Information Sheet. This document is available at https://foreskin101.com/privacy. Oral information is also available upon request. Participants in educational programs receive information after registration.

VI. Controller’s Responsibilities and Data Protection Measures

The service provider continuously monitors its data management needs and practices, ensuring compliance with all applicable laws and regulations at all times. It also ensures that all necessary records and documentation related to data management are available.

The service provider protects the security of the personal data it processes through the following measures:

• For paper-based data storage, documents are kept in a lockable cabinet, and all copies of the keys are stored in a secure location inaccessible to others. The room where the documents are kept is also lockable, and the key storage practices follow the same security standards. A backup copy of each paper-based document—either in paper or electronic format—is stored separately.
  
• For electronic data storage, data is:
  
  • either stored on computers or mobile devices equipped with a user authentication system that only allows access to authorized individuals and which are either stored in a securely locked room or remain under the personal supervision of the authorized individual for the entire storage duration. These devices are protected against harmful software and other cyber threats by high-level security solutions;
    
  • or stored on servers or in cloud environments operated by data processors that have contractually committed to fully complying with European data protection laws.
    

A backup copy (either paper-based or electronic) of all electronically stored data is always maintained in a separate location. Devices used for electronic storage by the service provider may not be used for other purposes (especially personal use).

All data processing activities are logged, and the nature, time, and identity of the person performing the processing are traceable. For paper-based data, entries, access logs, and other actions are recorded directly on the document (as annotations).

The technical setup is adequate to allow the data subject to exercise their rights—such as restricting data processing—appropriately.

In the case of using a data processor, the processor must provide written assurance that it complies with European Union data protection regulations, particularly the GDPR, when carrying out processing activities on behalf of the service provider.

VII. Records of Data Processing Activities

The Service Provider maintains a data processing register, which forms part of this

Policy. Technical and organizational measures are applied to ensure the security of the

data processing activities.

VIII. Procedure in the Event of a Data Protection Incident

If the service provider detects any indication of a data protection incident, it will take all legally required steps and, if necessary, simultaneously consult with the relevant data processor partner, legal advisor, or any other person whose expertise is necessary for fact-finding and legal assessment related to the affected data processing. Following this evaluation, the service provider will notify the affected individuals if required.

After reporting the data protection incident, and with the appropriate parties involved as necessary, the service provider will assess what precautionary measures may be implemented to prevent similar incidents in the future, and will enforce such measures where justified.

IX. Data Protection Impact Assessment

Based on the evaluation of its data processing activities,
although the service provider does process personal data, a data protection impact assessment (DPIA) is not conducted because:

• The processing does not involve a “large scale” of such data [as defined in the Guidelines on Data Protection Impact Assessment by the Article 29 Data Protection Working Party, specifically section B) a) 5 of the guidance on determining whether processing is “likely to result in a high risk” under Regulation (EU) 2016/679]; and
  
• None of the other conditions that would legally mandate a DPIA are present.
  

Accordingly, following the acquisition of a legal opinion, the service provider does not carry out a data protection impact assessment for its processing activities.

X. Data Protection Officer

The Service Provider is not required to appoint a Data Protection Officer based on the

analysis provided in the previous section.

2) DATA PROTECTION NOTICE for the use of foreskin101.com and its subpages

Introduction

By accessing any page, article, or subpage of foreskin101.com, you automatically accept the terms outlined below, even if you do not register or purchase a paid service. If you have not read this notice, by using or opening the website you still fully accept the conditions described herein.

For any specific questions, requests, or complaints, please contact: info@novakhunor.hu

Table of Contents

I. Data Protection and Privacy Notice

– Introduction

– Definitions

– Data Controller

– Data Processing Activities

– Use of Data Processors

– Rights of Data Subjects and Remedies

– Data Security

– List of Applicable Laws

II. Provisions Regarding Website Content

– General Provisions

– Use of the Website

– External Links and References

– Liability Provisions

– Modifications to the Legal Notice

II. Data Protection and Privacy Notice

1. Introduction

This Privacy Notice informs users of the data processing practices of the website https://foreskin101.com (hereinafter: Website), operated by Novák Online Kft. (registered office: 2045 Törökbálint, Munkácsy Mihály utca 85.) (hereinafter: Service Provider), and related services in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679). Users can access information about the Service Provider’s content and services published on the Website. The Service Provider places high importance on the users’ informational self-determination rights and handles personal data confidentially, implementing all necessary security, technical, and organizational measures to guarantee data security.

The site adheres fully to the Code of the Hungarian Association of Content Providers.

2. Definitions

„Personal data”: any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

„Data processing”: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

„Restriction of processing”: the marking of stored personal data with the aim of limiting their future processing.

„Controller”: the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

„Processor”: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

„Profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

„Pseudonymization”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

„Filing system”: any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

„Recipient”: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

„Third party”: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data.

„Consent of the data subject”: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

„Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

„Service Provider”: Novák Online Kft., represented by Dr. Hunor Novák (business address: 2045 Törökbálint, Munkácsy Mihály Street 85.), which operates the Website and provides a registration-based service on the Website.

„Website”: the entirety of content and services accessible under the domain foreskin101.com

„User”: a person who visits and browses the Website.

„Service”: the purchase of access to The Foreskin Guideeducational videos.

Visiting the Website is recommended only for individuals over the age of 18.
By accessing the Website, using any of its services, or utilizing its features, the User automatically acknowledges and accepts the terms of this data protection notice without any further legal declaration.

3. Data Controller

The controller is responsible for ensuring that the processing of personal data is compliant.

Data Controller:

Name: Novák Online Kft., represented by Dr. Hunor Novák

Registered address: 2045 Törökbálint, Munkácsy Mihály utca 85.

Email: info@novakhunor.hu

The privacy policy regarding data processing on www.foreskin101.com continuously available at: https://foreskin101.com/privacy/. The Controller reserves the right to amend this notice. Amendments shall enter into force upon publication at the above URL.

4. Data Processing by the Provider

The legal basis for data processing is the data subject’s voluntary consent and, in some cases, the fulfillment of legal obligations or contractual necessity as set out in Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activity, and Article 6(1)(b) and (c) of the GDPR.

Additionally, the legal basis includes:

– Act CLXXXV of 2010 on Media Services and Mass Communication

– Civil Code (Act V of 2013)

– Act CIV of 2010 on the Freedom of the Press and Fundamental Rules of Media

Content

– Supreme Court (Curia) Interpretative Rulings PK 12 and PK 14

4.1 Personal Data Collected During Website Visits:

Purpose: To monitor the functioning of the service and prevent abuse.

Legal basis: User’s consent or Section 13/A(3) of the E-commerce Act.

Data processed: date, time, user’s IP address, visited page, previously visited page, operating system and browser details.

Retention: 30 days from the date of the visit.

4.2 Email Correspondence:

If the user contacts the Provider through the methods listed on the Website, the Provider stores the email, sender’s name, email address, and any other voluntarily provided personal data for up to 2 years from the date of receipt.

 4.3 Data Collected Through Automated Means When Using the Website

The Website uses cookies and various other technologies to help the Service Provider better understand users’ preferences and improve their experience. When visiting the Website and using its services, cookies are placed in the User’s browser and in HTML-based emails, in accordance with this privacy notice. The website foreskin101.com uses so-called “cookies” to provide a more convenient, user-friendly browsing experience. A clear, visible pop-up notice alerts all users that by continuing to browse the site, they accept the use of cookies and the cookie policy.

A cookie is a small data package supported by all major browsers and is essential for many online services, such as login functions or delivering personalized content. Cookies are harmless small files placed on a user’s computer to enhance browsing, and provide the site with statistical data about the user’s interests and demographics. These help the controller optimize the site and may also be used for remarketing purposes (e.g. via Google or Facebook based on past visits or interests). These data are stored in cookies but do not allow the controller to personally identify users—only aggregated statistical data are accessible. Cookies remain on your computer even after restarting or closing the browser. The website may also use third-party cookies (e.g., from Google, Facebook, or YouTube), and the relevant policies for those can be found on the third-party sites.

In general, a cookie is a small file made up of letters and numbers, sent to the User’s device from our server. Cookies can recognize when the User last logged in to the site, and their main purpose is to enable the presentation of personalized offers or advertisements tailored to the User’s needs, improving the user experience.

Purpose of Cookies Used by the Service Provider:

• Security: To support and enable secure browsing, and assist the Service Provider in detecting unlawful behavior.
  
• Preferences, settings, and services: Cookies can tell the Service Provider what language the User prefers, their communication preferences, or help auto-fill forms on the Website.
  
• Performance, analytics, and research: These cookies help the Service Provider understand how the Website performs in different areas. They may evaluate and improve features or services—including how users arrive at the Website (from other sites or devices).
  

Types of Cookies Used by the Service Provider:

• Analytical/tracking cookies
  
• Session cookies: These only function during a single browser session or visit.
  
• Persistent cookies: These help recognize a returning User and allow the Website to log them in automatically. After login, the persistent cookie stays in the browser and is read each time the user returns to the Website.
  

Third-Party Cookies:

Trusted partners assist the Service Provider in displaying ads on and off the Website, and analytics services like Google Analytics may also place cookies on the User’s device.
Users can disable Google cookies through Google’s ad settings page. At http://www.networkadvertising.org/choices/ you can disable cookies from other external providers as well.

Controlling Cookies:

Most browsers allow users to control cookie usage through their settings. Restricting cookies may degrade the user experience, as the site may no longer offer personalized content. Users can also disable the saving of preferences (e.g. login details).

If the User does not wish to allow cookies, they may disable them in their browser settings. However, without cookies, the Website may not function properly.

For more information about cookies, including types, management, and deletion, visit:

• www.wikipedia.org
  
• www.allaboutcookies.org
  
• www.aboutcookies.org
  

You can delete cookies from your computer at any time or disable them in your browser. If you do not agree with the above, you can block cookies in your browser manually. Guides are available at the following links for: Mozilla Firefox, Google Chrome, Internet Explorer, Safari, etc.
You can also opt out of Google’s use of data or block all Google Analytics tracking via Google’s dedicated pages. Additionally, you may opt out of third-party usage on other linked pages. If you do not take these actions, by continuing to browse the website or clicking “Accept” in the cookie pop-up, you accept the use of cookies and the applicable terms.

Further information about cookies is available on Wikipedia and the website of the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
By visiting and browsing the site, Users and Visitors are deemed to have fully accepted the above.

4.4 Image and Video Recordings of Medical Conditions:

Novák Medical Kft. may, with the explicit written consent of the legal representative of the data subject, take photos or video recordings of anatomical conditions caused by illness for educational and illustrative purposes.

Category of data subject: Treated patient

Data categories: name, place and date of birth, mother’s name, legal representative’s name and birth data, anatomical condition due to illness, and likeness (only if the condition affects the face and cannot be properly evaluated otherwise)

Purpose: Scientific publication, medical education, parental counseling, medical conference presentations

Legal basis: Voluntary informed consent (GDPR Article 6(1)(a))

Retention: Until consent is withdrawn

Novák Medical Kft. may forward such materials to Novák Online Kft., including gender, age, medical condition, and likeness (only if facial features are necessary to evaluate the condition).

Purpose: Same as above

Legal basis: Same as above

Retention: Until consent is withdrawn

4.5 Data Processing forThe Foreskin Guide Video Service:

This section pertains to the processing of data by Novák Online Kft. related to The Foreskin Guide video service, which allows customers to access educational video content on

specific topics for a period of 3 months.

During registration for the service, the following data are processed:

– Email address

– Full name

– Billing name

– Billing ZIP code

– Billing city

– Billing street and house number

– Tax number

Purpose: Identification, communication, and contract fulfillment

Legal basis: Contract with the data subject (GDPR Article 6(1)(b))

Retention: During contract and for 5 years thereafter

For issuing accounting or other documents containing personal data, user-provided

information is used:

Legal basis: Legal obligation (GDPR Article 6(1)(c))

Retention: 8 years as required by accounting regulations

4.5 Data Processing Related to the The Foreskin Guide Service

This section contains information regarding the processing of data related to the „The Foreskin Guide Videos” service provided by Novák Online Kft. (registered office: 2045 Törökbálint, Munkácsy Mihály Street 85).

The essence of the service is that clients can watch detailed online educational videos on specific topics, with access available for a period of 3 months.

The conditions for using the service are set forth in the applicable General Terms and Conditions (GTC).
The service can be purchased at: foreskin101.com

During registration for the service, the following personal data is processed:

• Scope of processed personal data: email address, full name, billing name, billing postal code, billing city, billing street and house number, tax number.
  

Purpose of data processing: Identification of the subscriber, establishing and maintaining contact, and concluding the contract related to the use of the service.
Legal basis for data processing: Conclusion of the contract between the data subject and the controller (GDPR Article 6(1)(b))
Data retention period: During the term of the contract and for 5 years after its termination.

To issue accounting documents or certificates that contain personal data, we use the personal data provided by the user for this purpose.
Legal basis for processing: Compliance with a legal obligation (GDPR Article 6(1)(c))
Documents and certificates containing personal data are stored in our own accounting and administrative records. Access is granted to employees or contracted external partners solely for the performance of tasks associated with those records, and always under confidentiality obligations. Accounting documents are retained for 8 years as required by law.

In the context of refund claims described in the GTC, any data provided to support a justified request will be retained for the duration of the accounting documentation retention period.

Any data processing not listed in this notice will be communicated separately at the time the data is collected.

Courts, prosecutors, law enforcement agencies, administrative authorities, the National Authority for Data Protection and Freedom of Information (NAIH), or other bodies authorized by law may request information, disclosure, or documents from the Data Controller. The Service Provider will only disclose personal data to authorities if they specify the exact purpose and scope of the data, and only to the extent absolutely necessary to fulfill the request.

Our servers and website automatically log certain information (e.g., IP addresses, browser and operating system), which we analyze in aggregate to improve the portal. Since IP addresses are not processed in a way that identifies users, and cannot be linked to individuals, they do not qualify as personal data under Hungarian law.

Statistical, aggregated data may be analyzed and shared with third parties (e.g., advertisers) for informational purposes, as long as no individual user can be identified—this does not qualify as data transfer or data processing under current legal frameworks.

The website may collect and store data about users’ activity and browsing behavior to improve its development. These data are not linked with other forms of provided or generated personal data.

foreskin101.com takes all necessary steps to protect the stored and processed data and prevent unauthorized access, use, or alteration. Third parties receiving data under the previously mentioned conditions are also notified of these obligations.

Medical or technical terms found in articles and notices are considered part of the Hungarian language and assumed to be generally understood as part of basic public health and IT literacy.

By visiting and using the website from outside Hungary, the user acknowledges and agrees to comply with Hungarian law.

The Information Act (Act CXII of 2011 on Informational Self-Determination and Freedom of Information) can be found here: National Legislation Database (www.njt.hu)

If you believe our data processing is inappropriate, please send a complaint to info@novakhunor.hu, and we will promptly investigate and respond. If you are unsatisfied with our response, you may assert your rights in civil court or file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).
Address: 1055 Budapest, Falk Miksa Street 9-11
Mailing address: 1363 Budapest, P.O. Box 9
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

foreskin101.com reserves the right to modify the privacy policy, terms of use, and copyright policy at any time without prior notice or consent.
By using or browsing the website, users are deemed to have fully accepted these terms.

5. Data Processors Used

The Provider uses various companies to handle and store data. These data processors

and the scope of data processing are listed below:

– Rackforest Zrt. (1132 Budapest, Victor Hugo utca 11. 5th floor B05001): hosting

services; data related to the website.

– DX Labz Kft. (3623 Borsodszentgyörgy, Horgos út 8): website operation; data

collected automatically through the website.

– Google LLC (USA, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain

View, California 94043 – Google Analytics): analytics service; data collected

automatically through the website.

– SalesAutopilot Kft. (1024 Budapest, Margit krt. 31-33. mezzanine 4): sales system;

payment-related data required to use the service.

– Stripe, Stripe Payments Europe, Limited (SPEL) , 1 Grand Canal Street Lower, 

Grand Canal Dock,Dublin, D02 H210, Ireland: sales system;, payment and credit card transaction data.

– KBOSS.hu Kft. (1031 Budapest, Záhony utca 7): invoicing system (Számlázz.hu); data

required for billing.

– Keller Consult KFT / Keller Könyvelőiroda (1015 Budapest, Ostrom utca 27. 1/1): sales

system and billing-related data processing.

– Optinmonster (https://optinmonster.com/gdpr/): popup and marketing features.

U.S.-based processors (e.g., Google LLC) are included in the European Commission’s GDPR adequacy decisions (e.g., Privacy Shield Framework) and therefore data transfers to them are not considered transfers to a third country requiring specific consent under the GDPR. These entities have committed to full GDPR compliance. The Provider is not obligated to appoint a Data Protection Officer.

6. Rights of the Data Subject and Legal Remedies

Data subjects have the right to request information regarding the processing of their

personal data and may request the correction, deletion (with the exception of mandatory

data processing), restriction of processing, as well as exercise their rights to data

portability and objection, in accordance with the methods indicated during data collection

or via the contact information of the Controller.

6.1 Right to Information:

The Controller shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 of the GDPR and all the communications referred to in Articles 15 to 22 and 34 relating to processing in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.

6.2 Right of Access by the Data Subject:

The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed. Where such processing is taking place, the data subject has the right to access the personal data and the following information:

• the purposes of the processing;
  
• the categories of personal data concerned;
  
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  
• the envisaged period for which the personal data will be stored;
  
• the existence of the right to request rectification or erasure of personal data or restriction of processing, or to object to such processing;
  
• the right to lodge a complaint with a supervisory authority;
  
• information about the source of the data if not collected from the data subject;
  
• the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  

If personal data is transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.

The data controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the request is made electronically, the information shall be provided in a commonly used electronic form.

The right to access information may be exercised in writing through the contact details provided by the data controller, via the email address info@novakhunor.hu. Upon request – following proper identification and authentication – information may also be provided verbally.

6.3 Right to Rectification:

The data subject shall have the right to obtain from the Controller without undue delay

the rectification of inaccurate personal data concerning them.

6.4 Right to Erasure (“Right to be Forgotten”):

The data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  
• the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  
• the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  
• the personal data have been unlawfully processed;
  
• the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
  
• the personal data have been collected in relation to the offer of information society services.
  

However, erasure may not be requested if processing is necessary for the following purposes:

• for exercising the right of freedom of expression and information;
  
• for compliance with a legal obligation that requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  
• for reasons of public interest in the area of public health;
  
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  
• for the establishment, exercise or defence of legal claims.

 6.5 Right to Restriction of Processing:

The data subject shall have the right to obtain from the data controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  
• the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
  

Where processing has been restricted under one of the above conditions, such personal data shall, with the exception of storage, only be processed:

• with the data subject’s consent, or
  
• for the establishment, exercise or defence of legal claims, or
  
• for the protection of the rights of another natural or legal person, or
  
• for reasons of important public interest of the Union or of a Member State.
  

The data controller shall inform the data subject before lifting the restriction of processing.

6.6 Right to Data Portability:

The data subject shall have the right to receive the personal data concerning them,

which they have provided to the Controller, in a structured, commonly used, and

machine-readable format, and have the right to transmit those data to another controller.

6.7 Right to Object

The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on public interest or on the exercise of official authority vested in the controller, or where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions.

In the event of an objection, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

---

6.8 Automated Individual Decision-Making, Including Profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them.

This right does not apply if the decision:

• is necessary for entering into or performance of a contract between the data subject and the controller;
  
• is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests;
  
• is based on the data subject’s explicit consent.
  

---

6.9 Right to Withdraw Consent

The data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

---

6.10 Procedural Rules

The data controller shall provide information on action taken on a request under Articles 15 to 22 of the GDPR to the data subject without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, considering the complexity and number of the requests.

The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible unless otherwise requested by the data subject.

If the controller does not take action on the request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

The controller shall provide information free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may:

• charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
  
• refuse to act on the request.
  

The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic form unless otherwise requested.

6.11 Right to Compensation and Damages

Any person who has suffered material or non-material damage as a result of a violation of the data protection regulation shall be entitled to receive compensation for the damage suffered from the Data Controller or the Data Processor. The Data Processor is only liable for damage caused by data processing if it has not complied with the legal obligations specifically imposed on data processors, or if it has acted contrary to or disregarded the lawful instructions of the Data Controller.

The Data Controller or Data Processor shall be exempt from liability if it proves that it is in no way responsible for the event giving rise to the damage.

---

6.12 Right to Judicial Remedy

If the data subject’s rights are violated, they may turn to court against the Data Controller (at their discretion, before the court with jurisdiction based on the Data Controller’s seat or the data subject’s place of residence). The court shall act in the case with priority. Legal proceedings concerning the protection of personal data are exempt from court fees.

---

6.13 Data Protection Authority Procedure

Complaints may be submitted to the National Authority for Data Protection and Freedom of Information (NAIH):

Name: National Authority for Data Protection and Freedom of Information
Head office: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: H-1530 Budapest, P.O. Box: 5

---

Legal Remedy

The Data Subject may object to the processing of their personal data for the reasons specified in Section 21 of the Hungarian Info Act. In this case, the Data Controller must investigate the objection within 15 calendar days from submission and inform the applicant in writing of the result.

If the Data Subject disagrees with the decision of the Data Controller or if the Data Controller fails to meet the deadline, the Data Subject may bring the matter to court within 30 calendar days of the communication of the decision or the last day of the deadline.

In the event of a violation of rights, the Data Subject may take legal action, specifically before the competent court, or in Budapest, before the Budapest Metropolitan Court, as defined in Section 22 of the Info Act.

Complaints and legal remedies may also be submitted to the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information
Address: H-1055 Budapest, Falk Miksa Street 9-11
Mailing address: H-1363 Budapest, P.O. Box 9
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu

 Data Security

Data processors shall implement appropriate technical and organizational measures to

ensure a level of security appropriate to the risk, taking into account the state of the art,

implementation costs, and the nature, scope, context, and purposes of processing, as

well as the varying likelihood and severity of the risks to the rights and freedoms of

natural persons.

The Provider selects and operates IT tools used in the provision of the service in such a

way that the processed data:

a) is accessible only to those authorized to access it (availability);

b) is authentic and its authenticity can be verified (data integrity);

c) is unchanged and its consistency is ensured (data integrity);

d) is protected against unauthorized access (data confidentiality).

The Data Controller protects the data with appropriate measures, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction, damage, and inaccessibility due to changes in the applied technology. During data transmission on the Data Controller’s website, a security protocol known as SSL (Secure Socket Layer) is applied, which ensures encrypted data transmission and a high level of data security.

To protect electronically managed data in its various records, the Data Controller applies appropriate technical solutions to ensure that stored data – unless permitted by law – cannot be directly linked to and associated with the data subject.

Considering the current state of technology, the Data Controller implements technical, organizational, and administrative measures to ensure the security of data processing, providing a level of protection appropriate to the risks associated with data processing.

Data processing ensures:

a) confidentiality: protecting information from unauthorized access;

b) integrity: safeguarding the accuracy and completeness of information and processing

methods;

c) availability: ensuring that authorized users have access to information when needed.

The IT systems and networks used by the Provider and data processors are protected

against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well

as computer viruses and denial-of-service attacks. Security is provided through server-

level and application-level protection.

Electronic communications transmitted over the internet are vulnerable to network

threats, regardless of protocol (email, web, ftp, etc.), and the Provider takes all

reasonable precautions to protect against such threats.

If the scope of the processed data or other conditions change, the Provider shall amend

this policy within 30 days in accordance with GDPR and publish the revised policy on the

website. Users are encouraged to regularly review changes to this policy, as it contains

important information about the handling of personal data.

Legal Framework

The following laws and guidelines form the legal basis for the data processing described

in this Privacy Policy:

– Regulation (EU) 2016/679 of the European Parliament and of the Council (General

Data Protection Regulation – GDPR)

– Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of

Information (Infotv.)

– Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information

Society Services

– Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against

Consumers

– Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic

Advertising Activity

– Act XC of 2005 on the Freedom of Electronic Information

– Act C of 2003 on Electronic Communications

– Act V of 2013 on the Civil Code (Ptk.)

– Act CIV of 2010 on the Freedom of the Press and the Fundamental Rules of Media

Content

– Opinion No. 16/2011 on EASA/IAB Best Practice Recommendation on Online

Behavioural Advertising

– Guidelines of the Hungarian National Authority for Data Protection and Freedom of

Information (NAIH)

– Accounting Act (Act C of 2000)

By using this website, users accept the provisions of the above laws and regulations as

binding. If users access the site from outside Hungary, they acknowledge that Hungarian

law governs the use of this website and related data processing activities.

II. Provisions Regarding Website Content

1. General Provisions

The information on the website foreskin101.com (hereinafter: the Website) reflects the general professional opinions and views of the Author(s) and does not constitute medical advice, examination, diagnosis, or treatment by a doctor, nurse, or medical professional. The Website content is for informational purposes only.

For risks and side effects related to specific medications, other preparations, and devices mentioned on the Website, always read the relevant package leaflets, user manuals, and seek advice from a qualified medical professional, especially your physician, pharmacist, or healthcare advisor. If you believe your child’s condition is serious, do not wait for an appointment—consult a doctor as soon as possible!

The Provider shall not be held responsible for any damages arising from the use of summaries, articles, videos, or professional information found on the Website, or from any inaccuracies, erroneous or outdated information contained therein. Reading the Website, utilizing the information, and acting upon it are at the User’s own risk. For actual complaints or medical concerns, always consult a doctor or another qualified healthcare provider.

2. Use of the Website

The User uses the Provider’s Website at their own sole responsibility. The Provider is not liable for uninterrupted or error-free access to the Website or for the absence of viruses. The Website does not provide medical advice—its content is for informational purposes only and should not be used as a substitute for professional medical diagnosis and treatment.

The Provider excludes liability for all Website content, especially since access to the Website and its content is provided free of charge. The Provider reserves the right to restrict, suspend, or terminate access to any part or functionality of the Website without prior notice.

3. Links to External Websites

The Service Provider does not assume responsibility for the content, accuracy, or functionality of websites created by third parties. The Service Provider provides links to users in good faith.

The Service Provider shall not be held liable for the websites indicated by such links, nor for any changes made to those websites by third parties. The inclusion of links to other websites does not imply that the Service Provider supports, operates, or agrees with the content of those websites in any way. The User uses both the Service Provider’s Website and the linked external websites at their own and exclusive risk.

The User may refer to materials available on the Website solely at their own risk. The User acknowledges that it is their own responsibility to monitor any potential changes to the materials and data available on the Website.

The website foreskin101.com may place links to external websites. The Service Provider assumes no responsibility for the content, data and privacy policies or practices of such external sites, nor for the accuracy or safety of the information published there. If it becomes evident that a linked external website contains harmful content or violates the laws in force in the respective country, foreskin101.com will promptly remove the link.

On the foreskin101.com pages, external service providers may be used to support features such as video/image viewing, registration, and login (e.g., Google, Facebook, SimplePay, SalesAutopilot, Booked4Us). Additionally, external services may be used to analyze visitor statistics (e.g., Google Analytics, OptinMonster). These service providers are responsible for the processing and security of the data provided on their platforms and are governed by their own privacy policies.

In cases where content is published, transmitted, or shared through such services, the external service provider shall be regarded as the data controller, and their privacy policies and terms of service shall apply.

4. Liability Provisions

The Service Provider and third parties involved in the creation, production, or availability of the Website assume no responsibility for any damage, costs, losses, or liabilities arising from accessing or using the Website or any other websites accessed via hyperlinks from the Website, or from the inability to use them.

The Service Provider is not obligated to maintain the materials and services made available through the Website, nor to make any corrections, updates, or improvements in relation to them. The content available on the Website may change without prior notice.

The Service Provider accepts no responsibility for any loss caused by a virus infection that may affect the User’s computer or other property as a result of accessing or using the Website or downloading any material from it. Users download any materials from the Website at their own risk.

5. Amendments to the Legal Notice

The Provider reserves the right to amend or supplement this legal notice at any time.

Users are encouraged to regularly review the Website for updates.

Novák Online Kft – Dr. Novák Hunor – foreskin101.com

This legal notice is the copyrighted intellectual property of Novák Online Kft.

Any unauthorized use is prohibited.

All rights reserved