Description:
Below we would like to inform you about our practices regarding the processing of personal data in connection with the use of the finomrecept website (hereinafter: Website), the organizational and technical measures we have taken to protect your data, as well as your rights in relation to data processing and how to exercise them.
EU Regulation 2016/679 (General Data Protection Regulation, hereinafter referred to as „the Regulation”)
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Act on the Freedom of Information)
Act CVIII of 2001 on certain aspects of electronic commerce services and information society services
Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising.
Basic concepts and our understanding of personal data:
Personal data:any information relating to an identified or identifiable natural person („data subject”). An identifiable person is one who can be identified, directly or indirectly, for example by name, number, location data, online identifier or by one or more factors specific to the natural person, including physical, physiological, genetic, mental, economic, cultural or social identity.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. It includes collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law.
Processor: any natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Data Breach: A breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
The data controller – operator:
Operator: Balázs Tamás
Contact: bbtomka@gmail.com
Data of the hosting provider: RackForest
RackForest.Office address: 1132 Budapest,
Victor Hugo utca 11., 5th floor
1111 Victor Hugo u. 1132 Budapest, Victor Hugo u. 18-22, 3rd floor, 1132 Budapest, District XIII. | District VIII 1087 Budapest, Asztalos Sándor u. 13. | District X 1108 Budapest, Kozma u. 2.
1132 Budapest, Victor Hugo u. 11., 5. floor. B05001
Tax number: 32056842-2-41
Principles of data management:
The processing of personal data shall be carried out lawfully and fairly, ensuring transparency for the data subjects.
The collection of personal data must be purposeful, specific, explicit and legitimate. The data processed must be relevant and adequate to the purpose of the processing and the processing must be limited to what is necessary.
The information contained in the processing must be accurate and, where necessary, kept up to date. All reasonable steps should be taken to ensure that inaccurate personal data which are not relevant for the purpose of the processing are promptly deleted or rectified.
Personal data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the data are processed.
Processing should be carried out in such a way that appropriate technical or organisational measures are taken to ensure adequate security of personal data. These measures include protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
Data subjects:
The data subjects concerned by the processing are the persons visiting the Website operated by the Data Controller, subscribers to the newsletter, Facebook fans and subscribers to the Website.
The data processed:
Data processed by visitors to the Website: during the use of the Website, different types of cookies may be installed on the device of the visitor concerned (for details on cookies, see section 11). Each cookie may store the visitor’s IP address or part of it, the type of browser, data on the use of the Website (time of visit, pages visited, session duration, number of clicks).
If the visitor marks the Website as „liked” by using the Facebook plugin on the Website or subscribes to the Website’s Facebook page, the Data Controller will process data relating to the Facebook profile of the data subject (name, profile picture).
Purpose of the processing:
The purpose of the cookies used in the operation of the Website is described in a later section.
The purpose of the processing when using the Facebook plugin placed on the Website is to enable the data subject to bookmark the page and subscribe to it.
Legal basis for processing:
The legal bases for the processing of cookies via the Website:
Cookies that are technically necessary for the operation of the Website and for the use of the services and functions provided: the legal basis for the processing is Article 13/A of the Act and Article 6 (1) (b) of the Regulation.
Cookies used for convenience or marketing purposes and for the purpose of analysing the use of the website and improving its performance: the legal basis for processing is the data subject’s voluntary consent (Article 6(1)(a) of the Regulation). The legal basis for processing in connection with the use of the Facebook plugin is Article 13/A of the Act and Article 6(1)(a) of the Regulation.
The Data Controller may process the data subject’s data for the purposes of pursuing his or her legitimate interests, unless the interests or fundamental rights and freedoms of the data subject override the interests of the data subject which require the protection of personal data (Article 6(1)(f) of the Regulation). An example of this could be where the Data Controller has a claim against the data subject (e.g. an unpaid bill) which he or she wishes to enforce.
Duration of processing:
The Data Controller stores the data processed in case of enquiries sent via the Website until the data subject receives the requested information. The Data Controller will automatically delete the data after 1 year at the latest, unless the data subject has contacted the Data Controller again. If the data subject is contacted again, the Controller shall store the personal data for a period of no more than 1 year from the date of the provision of the information.
Please see information on the lifetime of cookies in a later section. In the case of marking the Website as „liked” on Facebook or subscribing to it, the data processing lasts until the data subject requests the deletion of the data (unsubscription, removal of the marking).
Who has access to the data (recipients):
The Data Controller uses Google Analytics, a service operated by Google, Inc. to analyse the use of the website. This service collects information and generates statistical reports on the use of the website without identifying individual visitors. Google Analytics uses cookies, which are installed on the computer of the data subject. The data they collect is stored on servers of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; phone: 650-253-0000; e-mail: data-protection-office@google.com).
Google LLC is included in the compliance list under the Privacy Shield Framework Convention.
The data controller for the processing of data related to the use of the Facebook plugin is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA; phone: +1 650-543-4800; e-mail: privacyshield@support.facebook.com.
Facebook Inc. is also on the compliance list under the Privacy Shield Framework Convention.
Personal data security:
The Data Controller uses appropriate technical measures (such as firewalls) to ensure the security of the data processed and stored. These measures are used to prevent access by unauthorised persons and to protect the data from unauthorised modification or alteration.
The Data Controller shall ensure that the required level of protection is ensured throughout all data processing operations to ensure adequate protection of sensitive personal data.
Children
Our services are not intended for individuals under the age of 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete that information from our systems.
Data subjects’ rights in relation to data processing, legal remedies:
As a data subject, you have the right to request the Controller to access, rectify, erase or restrict the processing of personal data concerning you and to object to the processing of such personal data.
You have the right to receive feedback from the Data Controller on whether or not your personal data are being processed. Where processing is ongoing, you have the right to be informed of the purposes of the processing, the categories of personal data concerned, the categories of recipients of the data and the envisaged storage period of the personal data (where this is not possible, information on the criteria for determining the storage period).
The Data Controller shall provide the data subject with a copy of the personal data processed and the data subject shall have the right to request copies against payment of a reasonable fee based on administrative costs. Where the request is made electronically, the information shall be provided in a commonly used electronic format unless you request otherwise.
Personal data shall be deleted if they are no longer necessary for the original purpose, you withdraw your consent, you object to processing, the data have been unlawfully processed or are necessary for compliance with a legal obligation.
If the data subject considers that the processing of his or her personal data is unlawful or unlawful, he or she may request the restriction of processing. This provides an opportunity to verify the accuracy of the data or to enforce the data subject’s legal rights.
The data subject has the right to receive his or her personal data in a structured, machine-readable format and the right to transmit these data to another controller.
The data subject may object at any time to the processing of his or her personal data, in particular where the processing is based on a public interest or legitimate interest. If the data subject objects to processing, the controller may no longer process the data unless the interests of the controller override the legitimate interests of the data subject.
Where the data subject considers that the processing of his or her personal data infringes his or her rights, he or she may seek redress from the Data Controller. If the Controller fails to take action or if the action taken is unsatisfactory, the data subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information.
The data subject shall have the right to take legal action against the Controller if he or she considers that the processing of his or her personal data is unlawful. The action may be brought before the courts of the place of residence or domicile.
For all data protection issues, please contact the Data Controller.
If you have any complaints or concerns about the processing of your personal data, please contact the Data Controller before initiating any of the above procedures.
Privacy Notice and Policy Amendment:
The Operator reserves the right to amend this Privacy Policy at any time in order to comply as closely as possible with the law.
Date: 29. November 2023.