Privacy Policy

III. Purpose, legal basis, duration of data processing, scope of personal data concerned

1. Data of website visitors

Purpose of data processing: when visiting the website, the service provider records visitor data for the purpose of providing the service, monitoring its operation, and preventing abuse.

Legal basis for data processing: the consent of the data subject and Section 13/A(3) of the Eker. tv.

Scope of data processed: date, time, IP address, address of previously visited page, data related to the user's operating system and browser.

Data processing related to logging by external service providers:

The portal's HTML code contains links from external servers that are independent of the Data Controller and point to external servers. The servers of external service providers are directly connected to the user's computer. We would like to draw the attention of our visitors to the fact that the providers of these links are able to collect user data (e.g., IP address, browser, operating system data, mouse pointer movements, clicks, the address of the page visited, and the time and duration of the visit).

An IP address is a series of numbers that uniquely identifies the computers and mobile devices of users accessing the Internet. IP addresses can even be used to geographically locate the visitor using a given computer. The address of the pages visited and the date and time data are not suitable for identifying the data subject on their own, but when combined with other data (e.g., provided during registration), they can be used to draw conclusions about the user.

Any personalized content for the user is served by the external service provider's server.

Data processing for web auditing purposes and the recording of website visitor data by the web server are common practices on the internet, and are therefore accepted by the user when using the internet and visiting websites.

The data controllers listed below can provide detailed information about the processing of data by external service providers' servers.

The Data Controller uses Google Analytics to perform web analytics and statistical analysis of the portal. The Data Controller provides detailed information on the processing of measurement data at http://www.google.com/intl/hu/policies/.

Data processor:

name: Wix.com, Ltd.

registered office: Yunitsman 5 St, Tel Aviv, Israel

data processing task: website rental, provision of technical conditions

Hosting provider:

name: Wix.com, Ltd.

registered office: Yunitsman 5 St, Tel Aviv, Israel

2. Cookie management on the website

In order to provide a customized service, the data controller places a small data package, known as a cookie, on the user's computer and reads it back during subsequent visits. When the browser returns a previously saved cookie, the cookie management service provider can link the user's current visit to previous visits, but only in terms of its own content.

Most of the cookies used are so-called "session cookies," which are deleted when you finish your browsing session. In addition, there are some long-term cookies that allow us to recognize you as a visitor. Cookies do not cause any damage to your computer and do not contain viruses.

Users can delete cookies from their own computers or disable cookies in their browsers. Cookies can usually be managed in the Tools/Settings menu of your browser under Privacy Settings, under the name cookie or cookie.

3. Electronic newsletter

The Data Controller sends direct marketing (direct sales) messages in electronic newsletters to those who have expressly consented to this.

Purpose of data processing: sending e-mail newsletters containing commercial advertising to interested parties, providing information about current events and offers.

Legal basis for data processing: the voluntary consent of the data subject and Section 6(5) of the Grt.

Scope of data processed: email address, name, date and time of subscription, IP address, and date and time of individual interactions (opens, clicks, feedback, responses, unsubscriptions).

Deadline for data deletion:

- until withdrawal (unless further data processing is necessary for other purposes, in particular to comply with legal obligations, in which case the consent indication will be deleted from the system),

4. Contact

If you have any questions or problems while using our services, you can contact the data controller as indicated on the website or via the contact form.

The data controller will delete the emails received, together with the sender's name and email address and other personal data provided voluntarily, after a maximum of five years from the date of handling the matter.

5. Information and data disclosure to authorities

We inform our customers that the court, the prosecutor, the investigating authority, the administrative authority, administrative authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may request information, data disclosure, data transfer, or the provision of documents from the data controller.

The Data Controller shall only disclose personal data to the authorities, provided that the authority has specified the exact purpose and scope of the data, to the extent that is strictly necessary to achieve the purpose of the request.

Method of storing personal data

Data security

The Data Controller's computer systems and other data storage locations are located at its headquarters (premises) and data processors at Yunitsman 5 St, Tel Aviv, Israel.

The Data Controller selects and operates the IT tools used for the processing of personal data in the course of providing its services in such a way that the data processed:

· accessible to those authorized to do so (availability);

· authentic and authenticated (authenticity of data processing);

· verifiable (data integrity);

· protected against unauthorized access (data confidentiality).

​

The Data Controller shall protect the data with appropriate measures, in particular against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

In order to protect the data files processed electronically in its various records, the Data Controller shall ensure, by means of appropriate technical solutions, that the stored data cannot be directly linked to and assigned to the data subject, unless permitted by law.

The Data Controller shall take technical, organizational, and organizational measures to ensure the security of data processing, taking into account the current state of technology, which provide a level of protection appropriate to the risks associated with data processing.

During data processing, the Data Controller shall maintain

· confidentiality: it shall protect the information so that only those who are authorized to do so may access it;

· integrity: it protects the accuracy and completeness of the information and the processing method;

· availability: it ensures that when an authorized user needs it, they can actually access the desired information and that the related tools are available.

The IT systems and networks of the Data Controller and its partners are protected against computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security through server-level and application-level protection procedures.

Users are advised that electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that may lead to dishonest activity, contract disputes, or the disclosure or modification of information. The service provider takes all reasonable precautions to protect against such threats. It monitors the systems in order to record any security breaches and provide evidence in the event of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be verified.

6. Legal remedies

The data subject may request information about the processing of their personal data, as well as request the correction or, with the exception of mandatory data processing, the deletion or blocking of their personal data in the manner indicated at the time of data collection or through customer service.

At the request of the data subject, the Data Controller, as the data controller, shall provide information on the data processed by it or by the processor commissioned by it, the source of the data, the purpose of the data processing, the legal basis, the duration, the name and address of the data processor and its activities related to data processing, the circumstances and effects of the data protection incident and the measures taken to remedy it, and, in the case of data transfer, the legal basis and recipient thereof. The data controller shall provide the information in an easily understandable form, in writing, at the request of the data subject, as soon as possible after the request is submitted, but within a maximum of 25 days. This information shall be provided free of charge if the person requesting the information has not yet submitted a request for information on the same data set to the data controller in the current year. In other cases, the data controller shall determine the cost of providing the information.

The Data Controller shall correct personal data if it does not correspond to reality and if the Data Controller has access to personal data that corresponds to reality.

The Data Controller shall block personal data if the data subject so requests or if, based on the information available, it can be assumed that deletion would harm the legitimate interests of the data subject. Blocked personal data may only be processed for as long as the purpose of the data processing that precluded the deletion of the personal data exists.

The Data Controller shall mark the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.

The Data Controller shall erase personal data if its processing is unlawful, the data subject requests it, the processed data is incomplete or incorrect and this situation cannot be remedied lawfully, provided that the deletion is not excluded by law, the purpose of the data processing has ceased to exist, or the statutory time limit for the storage of the data has expired, or the court or the National Data Protection and Freedom of Information Authority has ordered it.

The data controller has 25 days to delete, block, or correct personal data. If the data controller does not comply with the data subject's request for correction, blocking, or deletion, it shall communicate the reasons for the refusal in writing within 25 days.

The data controller shall notify the data subject and all those to whom the data has been previously transferred for data processing purposes of the correction, blocking, marking, and deletion. The notification shall be omitted if it does not infringe on the legitimate interests of the data subject in view of the purpose of the data processing.

The data subject may object to the processing of his or her personal data if

· the processing or transfer of personal data is necessary solely for the fulfillment of a legal obligation incumbent on the data controller or for the enforcement of the legitimate interests of the data controller, data recipient or third party, unless the data processing is required by law;

· the use or transfer of personal data is for the purpose of direct marketing, public opinion polling or scientific research;

· in other cases specified by law.

The Data Controller shall examine the objection within the shortest possible time from the date of submission of the request, but within a maximum of 15 days, decide on its merits, and inform the applicant of its decision in writing. If the Data Controller finds that the objection of the data subject is well-founded, it shall terminate the data processing, including further data collection and data transfer, and shall block the data, and shall notify all those to whom it has previously transferred the personal data concerned by the objection and who are obliged to take measures to enforce the right to object.

If the data subject does not agree with the decision taken by the data controller, he or she may appeal to the court within 30 days of its notification.

The data controller may not delete the data subject's data if the data processing is required by law. However, the data may not be transferred to the data recipient if the data controller has agreed to the objection or if the court has found the objection to be justified.

In the event of a violation of their rights, the data subject may take legal action against the data controller. The court shall deal with the case as a matter of priority.

The Data Controller shall compensate for any damage caused to others by the unlawful processing of the data subject's data or by a breach of data security requirements. In the event of a violation of their personal rights, the data subject may claim compensation for damages (Civil Code, Section 2:52).

The Data Controller shall also be liable to the data subject for any damage caused by the data processor.

The Data Controller shall be exempt from liability if the damage was caused by an unavoidable reason outside the scope of data processing.

The Data Controller shall not compensate for the damage and no compensation for damages may be claimed if it resulted from the intentional or grossly negligent conduct of the injured party.

Remedies and complaints may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1530 Budapest, Pf.: 5.

Telephone: 06.1.391.1400

Fax

Website: http://www.naih.hu

E-mail: ugyfelszolgalat@naih.hu