Privacy Policy

Privacy Policy

 

If you wish to purchase our services online through our website or subscribe to our newsletter (eDM), you must read and accept the information document on online shopping and newsletter (eDM), in addition to the information related to the use of our sports services, by clicking on the link below: https://www.life1.hu/adatkezeles-vasarlashoz-es-hirlevelhez/

Date of entry into force: 16.02.2024.

  1. General provisions

1.1. The purpose of this Privacy Policy (hereinafter referred to as the “Policy”) is to provide information about the processing of personal data carried out by Fitness Vision Hungary Kft. (registered office: 1134 Budapest, Váci út 29-31.; registration number.: 01-09-376249; tax no.: 12459872-2-41 email address: info@springday.hu, info.corvin@life1.hu, info@gilda-max.hu, website: www.life1.hu (Website)), hereinafter referred to as the “Company” or „Data Controller”.

1.2. Scope of the Privacy Policy

1.2.1 This Notice applies to the personal data of natural persons (hereinafter referred to as “Data Subjects”) concerned by the processing activities of the Company as set out in Section 1.2.2.

1.2.2. The Company’s data processing activities,

(1) data processing in connection with the use and provision of the Company’s services,

(2) data processing for direct marketing purposes,

(3) data processing in connection with CCTV surveillance,

(4) data processing in connection with purchases from the Webshop,

(5) data processing in connection with the provision of a training plan service,

(6) data procession of cookies used on the Website.

1.2.3. The Company cooperates with third parties (coaches, masseurs). The Company confirms that the personal data collected by these third parties will not be transferred to the Company and will not be accessible or processed by the Company. These third parties are independent data controllers.

1.3. Availability and amendment of the Privacy Policy

The current version of the Policy is available at all times on the Website under the menu item “Privacy Policy”. The Company may unilaterally modify the Policy at any time, as necessary, without prior notice, with effect from the date of modification.

1.4. Relevant legislation

The Company declares that its data processing complies with the provisions of the Policy and the applicable legislation [including in particular, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (hereinafter: Infotv.).

1.5. Definitions

The Terms used in this Policy and not specifically defined shall have the meanings gives to the in the legislation referred to in Section 1.5.

1.6. Accuracy of personal data

Personal data is provided by the Data Subject to the Company. The Data Subject is solely responsible for the truthfulness and accuracy of the personal data provided to the Company by any means. The Company shall not be liable for any omissions or any consequences resulting from the incorrectness of the data provided, and expressly excludes its liability in this respect.

1.7. Data Security

The Company is committed to protect all the personal data provided by the Data Subjects. The Company keeps personal data confidential and takes all security, technical and organisational measures to ensure the security of personal data.

 

2. Certain Data Processes

The data processing activities carried out by the Company are presented in separate tables.

  1. Data processing in connection with the use and provision of the Company’s service, the establishment and performance of a contract for the use of the services

1st table

1. Description of the data processing
  The Company provides fitness and wellness services (collectively, the “Services”). A contract is concluded between the natural person using the Services (hereinafter referred to as the “Guest”) and the Company for the use of the Services. The processing of the Guest’s personal data as set out in this table is essential for the conclusion and performance of this contract. The Guest shall provide personal data to the Company in the following ways and they shall be processed in the following ways.
  1.1.  By filling in the registration form, the Guest provides personal data to the Company at the time of the conclusion of the contract.
  1.2.  Following the completion of the registration form by the Guest, the Company shall record the data and the additional personal data specified in Section 2.2 in an electronic database, which shall be supplemented with the data specified in Section 2.2.
  1.3.  The Company takes a picture of the Guest with a web camera, which is stored in the electronic database.
  1.4. A MindBody account is created for the Guest to log in and register for group fitness classes and to record and modify personal data and registration details, in which the personal data and the characteristics of the booked group fitness classes are available.
  1.5. The Company will copy the Guest’s fingerprint to the Guest’s access card at certain fitness facilities, which the Guest will be required to have scanned and compared with the fingerprint upon each entry. The Company does not store the Guest’s fingerprints, they are only stamped on the access card in the Guest’s possession, the Company does not store, access or process the Guest’s fingerprints. The purpose of comparing the fingerprint of the Guest with the fingerprint copied on the access card at each entry is to prevent misuse of the access cards.
2. The personal data processed
  2.1.  Personal data provided on the registration form
                 1.  name
                 2.  date of birth
                 3.  e-mail address
                 4.  phone number
                 5.  address
  2.2.  Personal data recorded in the electronic database (in addition to those recorded in point 2.1)
  1.  customer code
  2.  business partner code (if the Guest is an employee or contractual partner of a business partner)
  3.  customer value
  4.  Details of season tickets purchased by the guest (type of season ticket, expiry date)
  5.  Guest consumption data (product name, gross price)
  2.3.  Personal data collected through image capture by webcam
  1.  Image of the Guest
3. Purpose of the data processing
  The purpose of the processing of personal data as set out in points 2.1 to 2.4 is the establishment and performance of a contract for the use of the Services (the provision of the Services).
4. Legal basis of the data processing
  The processing of the personal data specified in points 2.1, 2.2 and 2.4 is based on Article 6(1)(b) of the GDPR, i.e. the processing is necessary for the establishment and performance of a contract for the use of the Services. The completion of the registration form constitutes an express declaration of intent by the Guest to enter into a contract.
  The processing of personal data as set out in section 2.3 is based on Article 6(1)(f) of the GDPR, i.e. on the basis of the Company’s legitimate interest. The Data Controller’s legitimate interest is to identify the Guest upon entry to the fitness room, to enforce the House Rules and to prevent misuse of the access cards.
5. Duration of processing
  The Data Controller will keep the data for 5 years after provision.
6. Data processors:
  DotRoll Computer Technology Limited Liability Company (registered office: 1148 Budapest, Fogarasi út 3-5., registration number: 01-09-882068, tax number: 13962982-2-42, represented by Zsolt György Komáromi, managing director, email: domreg@dotroll.com), which is the maintainer of the electronic database;

MINDBODY, Inc. (651 Tank Farm Road; San Luis Obispo, CA 93401) is the operator of the Mindbody account. The data processor complies with the requirements of the GDPR and is part of the EU-U.S. Data Privacy Framework Program.

 

2nd table

1. Description of the data processing
  The Company will issue and retain an invoice for the Services used. The processing of data for billing purposes is closely related to, and forms part of, the processing of data relating to the establishment and performance of the contract for the use of the Services, but is carried out on a different legal basis.
2. The personal data processed
  Pursuant to § 169 and § 202 of Act CXXVII of 2017 on Value Added Tax:
  1.  name
  2.  address
  3.  tax number
  4.  tax status
  Based on § 167 of Act C of 2000 on Accounting:
  1.  name
  2.  address
3. Purpose of the data processing
  Issuing and keeping invoices for the Services used, according to the accounting obligations.
4. Legal basis of the data processing
  The processing is carried out on the legal basis pursuant to Article 6(1)(c) of the GDPR, i.e. the processing is necessary for the fulfilment of a legal obligation (tax and accounting obligations) applicable to the Company.
5. Duration of processing
  The Data Controller shall keep the issued invoice as an accounting document for 8 years, after issuing.

 

  1. Data processing for direct marketing purposes

3rd table

1. Description of the data processing
  Pursuant to Section 6 (1) of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter: Grtv.), the Company shall communicate with the Data Subject as the recipient of the advertisement by direct messages, in particular by electronic mail or other equivalent means of individual communication (hereinafter: Newsletter).
2. The personal data processed
  1. name
  2. e-mail address
3. Purpose of the data processing
  Sending direct marketing solicitations promoting the Company and the Services, including advertising content informing about current offers, via e-mail (e-DM) or telephone.
4. Legal basis of the data processing
  Our Company will process your e-mail address for direct marketing purposes either on the basis of your prior, explicit consent or, in the absence of such consent, on the basis of the legitimate interest of the Data Controller. The legitimate interest of the Data Controller is the promotion of the services and facilities of Fitness Vision Hungary Kft. and its legitimate interest to inform you about offers [Article 6 (1) (a) or 6 (1) (f) of the GDPR]. The Data Subject shall have the right to withdraw his/her consent or object to the processing at any time. The Data Subject may withdraw consent (1) by clicking on the “unsubscribe” link in the Newsletter, or (2) by logging into his/her Mindbody account, or (3) by sending a free text request in writing to one of the contact details of the Company specified in Chapter IV of this Notice.
5. Duration of processing
  The processing of your data for direct marketing purposes will begin on the basis of your consent provided as set out in I.3.3 until the data subject withdraw the consent. In the case of processing based on legitimate interest, the processing shall start from the moment you provide us with your e-mail address and shall continue until the implementation of the necessary measures based on your objection to the processing.
6. Data processors:
  DotRoll Számítástechnikai Korlátolt Felelősségű Társaság (registered office: 1148 Budapest, Fogarasi út 3-5., registration number: 01-09-882068, tax number: 13962982-2-42, represented by Zsolt György Komáromi, email: domreg@dotroll.com), which is the maintainer of the electronic newsletter database.

 

  1. Data processing in connection with CCTV surveillance

4th table

1. Description of the data processing
  The cameras are installed and used in order to protect human life, physical integrity and personal freedom on the one hand, and to protect property on the other. The Company does not use cameras in rooms where surveillance would violate the human dignity of the Data Subjects, in particular in changing rooms, showers, toilets.

The cameras will only record images, not sound, and will also record (1) direct (i.e. real time) and (2) recorded footage. Annex 1 to this leaflet lists the areas monitored by the cameras.

2. The personal data processed
  The entire content of the image displayed and/or recorded by the cameras, in particular but not limited to the image, behaviour and movements of the Data Subject.
3. Purpose of the data processing
  The purpose of data processing is to protect the life and physical integrity of the Data Subjects in the monitored areas and to protect the Company’s business secrets and assets.
4. Legal basis of the data processing
  The processing is based on Article 6(1)(f) of the GDPR, i.e. the processing is necessary for the purposes of the legitimate interests of the Company.
5. Duration of processing
  The Company will erase the recordings after 10 working days from the date of recording if they have not been used. Use means the use of the Recording as evidence in judicial or other official proceedings. The reason for keeping the Recordings for 10 working days is that the majority of the Guests purchase a monthly ticket, which is used by the Guest for at least two calendar weeks, even if this is the shortest period. Experience to date has shown that Guests have reported violations to the Company not immediately, but after several days, and that police requests for the release of Recordings have been received by the Company after several days have passed following the occurrence of the violation

 

  1. Data processing in connection with purchases from the Webshop

5th table

1. Description of the data processing
  The Company provides fitness and wellness services (hereinafter collectively referred to as “Services”) to natural persons (hereinafter referred to as “Guest”). The different Services or different combinations thereof are embodied in different season tickets (hereinafter referred to as “Season Tickets”). The Passes are sold at the Company’s registered office or via the Webshop. The Company carries out data processing through the use of the Webshop. By submitting an electronic order in the Webshop and the acceptance of the order by the Company (official confirmation), a service contract is concluded between the person submitting the order as a service user (hereinafter referred to as the “Service User” or “Data Subject”) and the Company as a service provider for the use/provision of the Services constituting the ordered Pass. The processing of the Data Subject’s personal data as defined below is essential for the conclusion and performance of this contract. If the Data Subject does not provide the personal data below or does not provide them in full, the conclusion and/or performance of the contract may be frustrated.
2. The personal data processed
  Name

Address

Phone number

E-mail address

Type and price of the purchased product

3. Purpose of the data processing
  The creation and performance of the service contract, as well as the invoicing.
4. Legal basis of the data processing
  The processing takes place on the legal basis of Article 6(1)(b) of the GDPR, i.e. the processing is necessary for the establishment and performance of the service contract. Processing in relation to registration and log-in is also carried out on the legal basis of Article 6(1)(b) of the GDPR, as it is necessary for the steps taken at the request of the Data Subject prior to the conclusion of the service contract. Furthermore, the processing is carried out on the legal basis of Article 6(1)(c) GDPR, i.e. the processing is necessary for the fulfilment of a legal obligation (tax and accounting obligations) to which the Company is subject.
5. Duration of processing
  The period of processing is 5 years, which corresponds to the limitation period.
6. Data processors:
  DotRoll Computer Technology Limited Liability Company (registered office: 1148 Budapest, Fogarasi út 3-5., registration number: 01-09-882068, tax number: 13962982-2-42, represented by Zsolt György Komáromi, email: domreg@dotroll.com), which is the server provider of the Website.

 

  1. Data processing in connection with the provision of a training plan service

6th table

1. Description and purpose of the data processing
  Our Company may also process your health data, your lifestyle, your dietary habits, your sporting habits and the purpose and history of your sporting activities in order to enable our club to set up a suitable training plan for you, in case you request such a Service. Our colleague acting for the provision of the Service will ask you for the aforementioned habits and data in order to provide you with personalised advice and training plans.
2. The personal data processed
  Name

Health condition

Physical condition and characteristics

Previous medical history

Physical activity and dietary habits

3. Legal basis of the data processing
  The legal basis of the data processing in the Data subject’s expressed written consent to the processing in a separate document [Article 6(1)(a) GDPR and Article 9(2)(a) GDPR].
5. Duration of processing
  Until the purpose is achieved (provision of the Service) or until consent is withdrawn.

 

  1. Data procession of cookies used on the Website

Cookies can usually be managed in the Tools/Preferences menu of browsers under Privacy/Preferences/Preferences, under the menu item cookie, cookie or tracking. On our website www.life1.hu, you can simply withdraw your consent to the setting of cookies that are not essential for the functioning of the website by clicking on the link below:

Detailed information on the characteristics of the cookies used by the website at any given time can be accessed by clicking on the link above, in the interface that appears when you give your consent to the setting of cookies. You can access the interface at any time by clicking on the link.

 

Consent to the use of cookies is given by displaying a pop-up window on the screen when the user first visits the website, informing the user of the cookies used by the website. If the pop-up window is accepted, consent is deemed to have been given, but you can change your settings at any time by clicking on the link above.

 

  • Rights of the Data subject

 

The Data Subject has the following rights in relation to data processes detailed above.

3.1. Right to information

The Data Subject shall have the right to be informed of the facts relating to the processing of his/her personal data processed by the Company before the processing starts. Given that the Data Subject provides the Company with his or her personal data, the Company complies with its obligation to provide information pursuant to Article 13 of the GDPR by means of this Policy.

3.2. Right of access (Article 15 of the GDPR)

The Data Subject has the right to request at any time information about the exact personal data processed by the Company. Upon request, the Company will also provide information on the purposes, legal basis, duration of the processing of the Data Subject’s personal data, as well as on who is receiving or has received his/her data and for what purposes (including in particular recipients in third countries and international organisations, where applicable). The Data Subject shall at any time have the right to obtain access to, the right to request the Company to rectify, erase or restrict the processing of personal data concerning him/her and to object to the processing of such personal data. The Data Subject shall at any time have the right to obtain information and to be informed that he or she may lodge a complaint with a supervisory authority. In the event that data is obtained by the Company from a source other than the Data Subject, the Data Subject may at any time request information about the source of the data(s). Where the Company transfers personal data to a third country or international organisation, the Company will also inform the Data Subject of the appropriate safeguards for the transfer in accordance with Article 46 of the GDPR.

The Company shall provide the Data Subject with a first copy of the personal data processed free of charge. The Company may charge a reasonable fee for additional copies, based on administrative costs and proportionate to the volume of data, the amount of which shall be communicated to the Data Subject in advance. Where the Data Subject has submitted a request for information/access by electronic means, the Company shall provide the information to the Data Subject in a commonly used electronic format, unless the Data Subject requests otherwise. The right to request a copy shall not adversely affect the rights and freedoms of others.

3.3. Right to rectification (Article 16 of the GDPR)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3.4. Right to erasure (’right to be forgotten’) (Article 17 of the GDPR)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • (c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • (d) the personal data have been unlawfully processed;
  • (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • (f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

 

In case the Company has disclosed the personal data and is obliged to delete it, it will take all reasonable steps to inform the other controllers of the obligation to delete the data.

There is no need to delete the data if the processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

3.5. Right to restriction of processing (Article 18 of the GDPR)

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of a Member State. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

3.6. Right to object and automated individual decision-making (Article 21 of the GDPR)

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on grounds of public interest or necessary for the purposes of the legitimate interests pursued by the Company or a third party (Article 6(1)(e) and (f) GDPR), including profiling based on the aforementioned provisions. In such a case, the Company may no longer process the personal data unless it can prove compelling legitimate interests for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

The Data Subject shall have the right to object at any time to the processing of personal data concerning the Data Subject for and in relation to direct marketing purposes, including profiling (if used by the Company, but duly informed), where it is related to direct marketing. In case of objection, the personal data will no longer be processed by the Company for direct marketing purposes.

In the case of processing for statistical purposes, the Data Subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her for such purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

3.7. Right to data portability (Article 20 of the GDPR)

Since the Company also stores the Data Subject’s data in an electronic database, the Data Subject has the right to receive the personal data concerning him/her provided to the Company in a structured, commonly used, machine-readable format and to transmit such data to another controller. The right to data portability applies to Data Subjects whose processing is based on their consent (Article 6(1)(a) or 9(2)(a) GDPR) or on the performance of a contract (Article 6(1)(b) GDPR). Where the Data Subject requests the direct transfer of personal data between controllers, the Company will indicate whether this is technically feasible.

3.8. Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority in Hungary is the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., e-mail: ugyfelszolgalat@naih.hu, +36-1-3911400, www.naih.hu).

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.

3.9. Right to an effective judicial remedy against a supervisory authority (Article 78 of the GDPR)

Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them. Without prejudice to any other administrative or non-judicial remedy, each data subject shall have the right to a an effective judicial remedy where the supervisory authority which is competent pursuant to Articles 55 and 56 does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 77. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

3.10. Right to an effective judicial remedy against a controller or processor (Article 79 of the GDPR)

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.

Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.

3.11. Communication of a personal data breach tot he data subject (Article 34 of the GDPR)

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

This information must clearly and plainly describe the nature of the data breach and include at least the following information and measures:

(a) the name and contact details of the Data Protection Officer or other contact person who can provide further information;

(b) describe the likely consequences of the data breach;

(c) describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

The communication to the data subject shall not be required if any of the following conditions are met:

(a) the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;

(b) the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 1 is no longer likely to materialise;

(c) it would involve disproportionate effort.

In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

  1. Enforcing the rights of the data subjects, contacting and requesting details

The data subjects shall file a request in connection with the rights provided to the data subjects via i) in writing by post ii) deliver it in person to the requested office of the Company iii) send it via e-mail to the Company’s e-mail address.

The Company’s contact details:

Name: Fitness Vision Hungary Limited Company

Registered office: HU – 1134 Budapest, Váci street 29-31.

Registration number: 01-09-376249

Tax number: 12459872-2-41

E-mail: info@springday.hu; info.corvin@life1.hu

Website: www.life1.hu

In case there is any doubt about the identity of the Data Subject or in case the data provided are insufficient for identification, the Company is entitled to request from the Data Subject additional identification data necessary and appropriate to confirm the identity.

If the person making the request is unable to prove his/her identity beyond reasonable doubt and cannot therefore be identified, the Company may refuse to process the request.

The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Information provided under Articles 13 and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:

(a)  charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or

 

(b) refuse to act on the request.

 

Annex 1

The cameras, marked with an Arabic number, are aimed at the following areas.

1066 Budapest, Nyugati square 1-2.

(II.-III. floors)

1082 Budapest,

Futó street 48-50.

1117 Budapest, Október

Huszonharmadika

street 8-10

1115 Budapest,

Etele road 68. (Etele Pláza III. floor)

1033 Budapest, Flórián square 6. 1042 Budapest, Árpád road 47-49.
1.  Weighty section 1.  Rear part of garage 1. Lobby 1.  Area in front of the changing room entrance 1.  Reception , Hallway 1.  Main entrance hallway
2.  Personal trainer section 2. Cardio machines 2.  Reception 2. Cardio section 2.  Reception 2. Reception
3. Spinning room 3. Corridor of group lessons rooms 3.  Reception 3.  Area in front of stairs 3. Reception desk 3.  Rear corridor
4.  Group rooms Lobby 4.  Wellness reception desk on fitness level 4. Reception 4. Cardio section 4. Elevator doors 4.  Functional room
5.  Entrance to group rooms 5.  Women’s changing room back entrance 5.  Personal trainer section 5.  Functional room 5. Great room 5. Fitness section
6.  Entrance from outside 6. Front part of the garage 6. Leg section 6. Fitness section 6.  Entrance hall, lift doors 6. Cardio section
7. Eisberg room 7.  Reception, safe deposit box 7.  Personal trainer desk 7. Fitness  section 7.  Office door 7. Wellness section
8.  Functional room 8.  Staff changing room entrance 8. Cardio section 8. Fitness  section 8.  Corridor outside the changing rooms 8.  Entrance to the playhouse
9. Body & Mind room 9.  Swimming pool

from the Jacuzzi

9.  Confectionery section 9. Spinning room 9.  Rotating villa 9.  Underground garage
10.  Confectionery section 10.  Fitness level emergency exit 10.  Weighty section 10. Body & Mind room 10.  Reception, Rotating villa
11.  Personal trainer section 11. Wellness  emergency exit 11. Back emergency exit 11. Great room 11. Stairs
12.  Paddles, entrance to changing rooms 12.  Women’s changing room front entrance 12. Gallery 12. Gallery 12.  Cleaning room, Women’s changing room door
13. Guest area in front of the buffet 13.  Hand weights section 13. Spinning room 13. Gallery 13.  Sales office, childcare, corridor
14.  Entrance hall, access gates 14.  Men’s changing room front entrance 14.  Round waiting room 14. Body & Mind room 14.  Weighty section
15.  Reception, safe deposit box 15.  Garage entrance 15. Great room 15.  Staff changing room entrance 15.  Confectionery section
16.  Reception desk 16.  Engineering space entrance 16.  Functional room 16.  Guest area next to buffet 16. Boxing room
17. Fitness section 17. Spinning room
18. Reception 18. Boxing room
19. Fitness section 19.  Entrance hall,  Safe deposit box section , revolving villa
20. Terrace 20. Cardio
21. Reception desk 21.  Gym corridor
22. Buffet 22.  Personal trainer section
23. Safe deposit box section
24.  Reception desk