1. Introduction, Data Controller details, contact details
  2. Scope of the regulations 
    2.1. Temporary scope
    2.2. Personal scope
    2.3. Subject scope
  3. Data management, their legal basis, purpose, duration, scope of processed data
    3.1. Sending newsletter and advertising offers
  4. Profiling
  5. Data processors
  6. Data transfer
  7. Technical data management related to the use and operation of the website
  8. Rights of data subjects, legal remedies
  9. Security of data management


Data management information

1. Introduction, data of the Data Controller, contact details

In accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (General Data Protection Regulation, hereinafter: GDPR), we provide the following information on data management in connection with the website

By using the Website, the data subject declares that he has reached the age of 16. Persons under the age of 16 may not register on the Website, use services, or subscribe to newsletters, given that, pursuant to Article 8 (1) GDPR, the consent of their legal representative is required for the validity of their legal declaration containing their consent to data management. The Data Controller is unable to verify the consenting person's age and eligibility, so the person concerned guarantees that the data provided is true. The person concerned is responsible for the veracity of the data provided.


Name: Beauty World Net Kft.

Headquarters: 1066 Budapest, Teréz körút 38. I. em. 110/C.

Companies registration number: Cg.01-09-982082 (Commercial Court of the Capital City Court)

Tax number: 23867352-2-42


Phone number: + 36 70 325 7037


Name: Alexandra Győri

Headquarters: 3067 Felsőtold, Széchenyi út 4.


Phone: +36 70 325 7037

Should you contact our Company, at the central e-mail address provided in this information sheet (  you can contact the data controller.

Personal data managed by the Data Controller may be accessed by the Data Controller's employees to the extent necessary to achieve the data management purpose specified in point 2.

 2. Scope of the policy (applies to data provided online and/or in store, right to change)

   2.1. Temporal scope:

Current Regulations 2023. August 1  effective until further disposition or withdrawal.

 2.2. Personal scope:

The personal scope of these Regulations covers:

●     to the Data Manager, and

  • for the persons whose data is included in the data processing covered by these Regulations, and

●     for persons whose rights or legitimate interests are affected by data processing

The Data Controller therefore primarily manages the data of natural persons who

●     through or in any way available to them - for example electronically, with their data sent to any e-mail address of the Data Controller, via social media, by phone  or in person -

  • applied for the purpose of establishing a relationship,
  • the Data Controller's services were used or requested, and their data was provided in the process; or
  • applied for a reason or purpose other than establishing a relationship;

●     Partners of natural persons, representatives, contacts, and possibly other employees of partners of non-natural persons. 

   2.3. Objective scope:

The scope of this information sheet covers all data processing carried out in all organizational units of the Data Controller, affecting the above-mentioned personnel, regardless of whether it is done electronically and/or on paper. In the case of paper-based data management, the Data Controller also introduces a document management policy that is formally separate from this information, which supplements the general provisions of this information, and is therefore considered an annex to these Regulations.

The scope of this information covers, on the one hand, the website of the Data Controller and its sub-pages, the online portal at,, and, on the other hand, the information provided in connection with the use of services at the Data Controller's headquarters/premises/stores to manage personal data.

The Data Controller reserves the right to unilaterally modify this information at any time. It shall notify the parties concerned of the possible amendment at least 15 days before its entry into force. Amendments to the information will come into effect upon publication on the Data Controller's website. 

 3. Data processing, their legal basis, purpose, duration, scope of processed data

The Data Controller processes personal data on the following legal basis, for purposes and for a period of time:

< td>Purpose of data management< td>If no contract is concluded based on the offer and you do not consent to further data management: 30 days from the date of sending the offer. If a contract is concluded: for 5 years after the termination of the contract (until the limitation period according to the Civil Code) Article (1) point c)
Type of data processingLegal basis of data processingScope of processed dataDuration of data management
Data management concerning registered partner (salon, sole trader)To use the service (to make an offer, to fulfill the contract) is necessary (GDPR Article 6 (1) point b)Surname, first name, email address, phone number, position, company data (company name, address, tax number, type of company, phone number, email address, headquarters, whether the salon is barrier-free, number of employees)Offer, Providing services using the website based on a contract (creating a user account and using its functions) Name, addressInvoicing of consideration for goods and servicesUntil the deadline specified in the Accounting Act, i.e. for 8 years
Newsletter sending Consent of the data subject (GDPR Article 6 (1) point a)Name, email address< /td>Sending advertising offers, information, advertisements (newsletter) electronically, providing information about current information, products, promotions, new functionsUntil the consent of the data subject is revoked.
Contact by the data subjectConsent of the data subject or taking steps at the request of the data subject (GDPR Article 6 (1) points a) and b))The data provided by the data subjectAnswering the data subject's question in an email or sending an offer in response to a request for a quoteFor 30 days after the question was asked, or for 3 years in the case of a consumer question.
Data processing related to bank card paymentNecessary for the performance of the contract (GDPR Article 6 (1) para. point b)Bank card number, expiration date, security code, name on the bank cardSettlement of the consideration for the goods or services purchased by the person concerned8 from the date of completion of the payment to.

In the absence of the mandatory data, the Data Controller cannot provide the service that the Data Subject wants to use, so he cannot, for example, create and manage the user account or fulfill the order.

  3.1. Sending newsletter and advertising offers

Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act, the Data Subject may give prior and express consent to the Data Controller's advertising offers and other mailings at the e-mail address provided during registration or when subscribing to the newsletter and to process their data for this purpose.

The Data Controller does not send unsolicited advertising messages, and the Data Subject can unsubscribe from the sending of offers and newsletters free of charge without limitation or justification. In this case, the Data Controller will not contact the Data Subject with further advertising offers. The affected person can unsubscribe from the advertisements by clicking on the link in the message or on the contact details of the Data Controller.

 4. Profiling

The data controller does not perform profiling.

5. Data Processors

The data controller may forward the data to the following data processors for the purpose of registering requests for proposals and orders, fulfilling contracts, operating the website, sending newsletters, and complying with the provisions of the Accounting Act.

The Data Processors carry out the data management according to the instructions of the Data Controller, they cannot make substantive decisions regarding data management, they can only process the personal data they come to know in accordance with the provisions of the Data Controller, they may not carry out data processing for their own purposes, and they are also obliged to store the personal data in accordance with the provisions of the Data Controller, keep and delete. During the data processing, the data can be seen by the employees of the data processors.

Name of data processorAddress of data processorData processing activityData affected by processing Kft.1031 Budapest, Záhony utca 7. billing program td> Name, company name, address, e-mail address, order name and value
OTP Mobil Szolgáltató Kft.1143 Budapest, Hungary krt. 17-19.Otp SimplePay payment processing Customer name, payment amount, date, time
DPD Hungária Kft.1158 Budapest, Késmárk utca 14/BPackage deliveryName, address, phone number, order value
GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.2351 AlsónémediGLS Európa u. 2.Package deliveryName, address, phone number, order value
Adó-Fix Kft.1148 Budapest, Kerepesi út 78.Accounting activity, invoicingName, address, 
Ordenacion Regtsernház
td>1222 Budapest, József Attila utca 21.System management activity, Name, email, address
MailMaster1024 Budapest, Margit krt. 31.Newsletter sendingName, email address
MVPS LTD.Patron 6, Sunnywise Court, Flat 101, Larnaca, 6051, CyprusServer serviceName, email, address, tel.
Billingo Technologies Private Limited Liability Company1133 Budapest, Árbóc utca 6. 3. em.invoicing program  Name, company name, address, e-mail address, order name and value
Facebook Inc. Facebook Headquarters, 1 Hacker Way, Menlo Park, CA 94025 Personalized advertising activity Name, email address, phone number  
6.  Data transfer

The Data Controller forwards the contact details (name, email address, phone number) of the registered guests provided during registration when booking an appointment, group booking and using the online training space service to the service provider with whom the guest books an appointment or whose online training space is available. subscribed to his channel. The transfer of data will only take place if the guest consents to this when booking an appointment, group booking or subscribing to the online teaching space channel, and only to the given service provider. Booking an appointment, registering for a group event, or subscribing to a channel and watching a video in the online training area is only possible if the guest consents to the transfer of data, since without this, the service provider would not know who is entitled to use which service and which service they wish to use. . Therefore, data transfer is a condition for booking an appointment, group booking, or using the online tutor space service, because the service provider can only identify the guest in this way.

In case of special consent of the registered guests, the Data Controller will use the contact details provided during registration (name, email address, telephone number)  in the case of booking an appointment, group booking and using the online tutoring space service, it is forwarded to Facebook as a data processor, in whose system the data can be used by the service provider with whom the guest books an appointment, or whose channel the online tutoring space is subscribed to, in the course of its personalized advertising activities, and who gave their consent when booking or signing up.

We inform the Data Subjects that, based on the authorization of the court or other authority or legislation, other bodies may contact the data controller in order to provide information, communicate or transfer data, or make documents available.

The Data Controller releases personal data to the authorities only in accordance with the provisions of the authority's invitation.

 7. Technical data management related to the use and operation of the website

The website uses the following cookies:

Cookie namePurpose and scope of stored dataHow long it is stored data?
_Fbp facebookUsed to identify the user to facebookOne session - until the browser is closed
Fr facebookUsed to identify the user for facebook3 months
BwnetBwnet working manet is used for identification1 week
_gaUsed for user identification for google analytics2 years
_gidUser identification for google analytics24 hours

Google AdWords remarketing: During visits to the Webshop, the website sends one or more cookies to the visitor's computer, through which the browser can be uniquely identified. These cookies are provided by Google and are used through the Google Adwords system. These cookies are only sent by the website to the visitor's computer when certain sub-pages are visited, so we only store the fact and time of visiting the given sub-page, no other information. With the help of these cookies, Google stores if the person concerned has previously visited the advertiser's website, and based on this, ads are displayed to the user on the websites of partners of external service providers, including Google. Users can disable Google's cookies on the Google ads opt-out page. (You can also indicate to users that they can also disable cookies from third-party providers on the Network Advertising Initiative opt-out page): com/ads/preferences/

 8. Rights of data subjects, legal remedies

Right of access: the Data Subject has the right to request information from the Data Controller as to whether their personal data is being processed by the Data Controller. The data subject is entitled to access his personal data managed by the Data Controller. 

The Data Subject is also entitled to access the information contained in this information.

Right to rectification: the Data Subject has the right to request that the Data Controller correct inaccurate personal data concerning him or her without undue delay, or to request the addition of incomplete personal data.

Right to erasure (“forgetfulness”): the data subject has the right to have the data controller delete his personal data without undue delay at his request. In the case of a deletion request, the Data Controller examines the exact legal basis for data processing (is there a legal basis other than consent), and if the conditions for deletion are met, the data is deleted. In case of deletion, the Data Controller ensures that all those to whom the data was sent through the Data Controller delete the data.

Right to restriction: the data subject has the right to request the restriction of data processing if he disputes the accuracy of the data processing, in case of illegal data processing, he opposes the deletion of the data; the data controller no longer needs the data, but the data subject requires it for the purpose of legal enforcement, or the data subject exercised his right to object to data processing. The Data Controller informs the Data Subject in advance of the lifting of the restriction. The Data Controller informs all recipients to whom the personal data has been disclosed of the restriction.

Right to data portability: the Data Subject has the right to receive his/her personal data in a segmented, widely used, machine-readable format, to forward them to another data controller (or to have them forwarded to the data controller if this is technically feasible). This right belongs to the Data Subject if the data processing is based on consent or a contract and the data processing takes place in an automated manner.

Right to object: the data subject has the right to object to data processing at any time for reasons related to his own situation, if it is necessary for the performance of a task carried out in the public interest or within the framework of a public authority granted to the data controller, or if the legal basis for data processing is the legitimate interest of the Data Controller or a third party (including profiling).

In relation to the Data Controller's direct marketing (advertising offers, newsletter sending) and profiling activities, the data subject may object at any time (The Data Controller does not currently carry out profiling).

The Data Controller shall provide the requested information in writing upon the request of the data subject as soon as possible (without undue delay), however no later than within 30 days, and delete the data in case of withdrawal of consent. In case of correction or deletion, the Data Controller informs all recipients to whom the data was communicated.

If the Data Controller cannot comply with the data subject's request, it will inform the Data Subject within 30 days.

The Data Controller informs the affected parties that the withdrawal of consent to the processing of data does not affect the legality of the data processing carried out on the basis of the consent prior to the withdrawal.

The rights of the data subject related to data management are granted by the Data Controller 1. point you can practice at the specified contact details.

In the case of a legal remedy request by the person concerned, to the National Data Protection and Information Freedom Authority (1055 Budapest, Falk Miksa utca 9-11, postal address: 1363 Budapest, Pf.: 9.,, telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410,, or at your choice, you can apply to the competent court according to the registered office of the Data Controller, the place of residence or residence of the data subject.

 9. Security of data management

The Data Controller selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:

  1. available to those authorized to do so (availability);
  2. its authenticity and authentication are ensured (authenticity of data management);
  3. its immutability can be verified (data integrity);
  4. be protected against unauthorized access (data confidentiality).

The Data Controller ensures the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.

The Data Controller keeps it during data management

  1. confidentiality: protects the information so that only those who are authorized to access it can access it;
  2. integrity: protects the accuracy and completeness of the information and the method of processing;
  3. availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

The Data Controller's IT system and network are both protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.

We inform the Data Subjects that electronic messages transmitted on the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the Data Controller takes all the necessary precautions. Monitors systems to capture any security discrepancies and provide evidence for any security incidents. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used.