- Data Controller
Name of data controller: Melinda Gál
Post address: Határ u. 8. 2462 Martonvásár, Hungary
E-mail address: firstname.lastname@example.org
VAT No.: HU69275603
Phone : +36 30 4756782
- Data Protection Officer
- Purpose of data processing, the pleas
- Purpose of the current information leaflet is that visitors of this website and future partners can see in a transparent and unambiguous manner what personal information I am processing and on what basis. I only see that clarity is ensured if I list the exact legal requirements in a separate paragraph, which I put at the end of this leaflet.
2. When ordering any of our services, we will always enter into a contract with the customer in writing and issue an invoice or partial invoice for the work / performance done, based on the schedule of the contract to which we are legally required, by asking a billing name and address as well as an e-mail address used for verifying data(which is usually in our possession at the time of contract).3. I also access personal information (name, post, private message) on my Facebook page, which allows me to contact people online, post news, provide feedback, advertise my business, and reach potential customers, with the consent of the person concerned.4. In the course of our business / professional relationships, we handle the personal information of our partners’ managers, employees, and contacts based on legitimate interest: name, telephone number, email address, if available with public skype contact information.
A cookie is an alphanumeric information packet, which is usually sent by websites to your browser in order to save certain settings, to facilitate the use of the website and to help gather some relevant, statistical information about visitors. Cookies do not contain personal information and are not capable of identifying an individual user. Cookies often contain a unique identifier, a secret, randomly generated number, that will be stored on your device. Some cookies will cease when you close the site and some will be stored on your computer for an extended period of time.You can prevent all cookies activity, delete the data files you placed during previous visits. Your browser’s guide on how to do this can be found on the following pages:
Manage Cookies and website data in Chrome
Information about Cookies for Firefox
Manage Cookies in Internet Explorer
Some browsers also allow you to automatically clear your browsing data each time you close it. You can read about it here.When downloading portions of this web site, my visit analysis software (Google Analytics powered by Google Inc. (“Google”)) automatically places small data files on your computer, in some cases containing your personal information. According to the currently valid legislation, you will be notified when this happens the first time you visit this site and your approval will be required. The data files are necessary for the operation of certain functions of the website, and the information obtained from previous data files received during your visits is transmitted to the operator. You will find the exact name (_ga, _gat, _gid) and function of these data files on this page. Google Analytics does not associate the IP number given by your browser with other, user related data stored on Google. The data is retained for 26 months, which starts again when a new event occurs for the user (eg starting a new session).I also use Google Adwords pixel (ads / ga-audiences) for marketing purposes on my website, for which I also ask for your approval when you first visit the site. Information about this will also be sent to Google.If you want to prevent Google Analytics from adding a visit to your analytics on any webpage, use this plugin (available for any browser)
If you have previously received a cookie from Facebook – either because you have an account or because you have visited facebook.com – your browser will send information about this cookie when you visit a website with a “Like” button or other social plugin (like this webpage). You can find more information here.Profiasszisztens.hu uses cookie of Facebook as a third party’s cookie on its website. Facebook cookies allow us to show ads to people who have previously visited, purchased, or used apps on uzletiasszisztens.hu, and to offer them products and services based on these activities. Cookies also allow us to limit the number of times you see an ad so you don’t have to see the same ad over and over again. Cookies also help us with analytics and analysis of ads.
- Withdrawal of consent
Data processing (see above) of the following activities are based on approval:
- advertising newsletter
- first contact from interested parties via the website
- operating Facebook page
- blog commenting
- creating website traffic statistics
The consent may be withdrawn at any time in the same simple manner in which it was made. You can withdraw your subscription to the newsletter by clicking on the unsubscribe link at the end of the newsletter. In case of a Facebook page, your can undo your consent by un-liking the page or deleting the private message and comment. For my other consent-based data management operations, please write a short message to email@example.com. Data processing prior to the withdrawal of consent is legal.
- Contract and legal obligation
Keeping billing information and issuing an invoice is a statutory obligation. If the customer does not provide the requested data, the service will be impossible to provide hence it will be legally recorded in the contract before fulfilling the service . After ordering our services, we will enter into contract in a written form with our customers at all times. While our business basically enters into contract with legal entities, we may also include personal information in our contracts, for example: contact name, telephone number, e-mail address, skype contact, or the name, telephone number and / or email address of a legal entity representative. It is a condition of signing a contract that we have this information, we need to know who the other party is, where and through what communication channels is he available.Without the knowledge of these data, the contract will not be deemed concluded and the service cannot be performed.
6. Designation of a legitimate interest We handle the contact details and names of our business partners, business executives or contacts based on legitimate interest. Business partners are people we work with in a day-to-day work relationship, e.g. employees of the commissioning company, who give orders, instructions, take part in the consultation, answer our questions, and in certain cases on the basis of the order must be notified by phone or e-mail. We have obtained this personal information from our stakeholders themselves over many years of working relationships, have already been assured of confidentiality, and by default we sign a confidentiality statement with our customers.
- Duration of Data Storage
Contact Form (Name, Email address) – Closure of business relationship (including inquiry), but forms are re-checked every six months. Comments received on the blog (name, email address, comment) – until cancellation request Skype chat (name, e-mail address, chat text) – untilcancellation request Newsletter signup (name, e-mail address) – until unsubscribtion Facebook page (name, post, private message) – until the page is deleted, the page is unliked by the affected person, until deleting the affected item (comment, private message) Invoicing name and address – for the period prescribed by law, in the case of self-employed persons, the reference year + 5 years Website maintenance work (e.g. backup storage) – until contract existance Business partner details (name, e-mail address, phone number) – existing business relationship, until cancellation request Cookies coming from a website – cookies for the period of validity, respectively as long as the user does not delete them from their browser GA Visitor Statistics – 26 Months
- Safety measures
In our business, we take appropriate security measures to protect personal information. Among other things, against unauthorized access, against false disclosure, or against unauthorized changes. We have taken into account when developing appropriate security measures the · Current state of science· The available and reasonably affordable means and systems of the current technology· The nature, scope, circumstances and purposes of data processing, and· The varying likelihood and severity of the risks to the rights and freedom of natural persons
We use data processors to perform some of our business tasks.
Website Hosing: Magyar Hosting Kft.
Victor Hugo u. 18-22. Budapest 1132 Hungary
(Access to entire content of the website, forwarding e-mails sent to our own domain e-mail addresses)
Sending and receiving e-mails: Magyar Hosting Kft.
Victor Hugo u. 18-22. Budapest 1132 Hungary
(Access to correspondance and its entire data)
Invoicing: KBOSS.hu Kft. (számlázz.hu)
(Access to issued invoices)
Facebook oldal:Facebook Inc.
Menlo Park, California, USA
(Access to user’s name, comments, messages)
Google Analytics: Google Inc., Mountain View, California, USA
(Access to IP addresses of visitors)
Facebook pixel: Facebook Inc.
Menlo Park, California, USA
(Access to header in http [IP address, location of site, redirector, user agent], pixel ID, Facebook cookie)
10. Transfering data to a third country The only third country where data are being transfered to is the United States of America. A confirmity agreement has been made with the U.S. on 12 July, 2016 ,
(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which is also kept by Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield)
It is in compliance with GDPR through the closure in the contract with Minikupon.
- Rights of the data subject
Under this paragraph you will find out what you are entitled to, in what cases and in what ways. 1. Access to personal data Our clients and partners have the right to request feedback on what personal information we currently process and are entitled to receive the following information: · purpose of data handling· categories of the affected personal data· recipients to whom personal data have been or will be communicated, including third country recipients and international organisations· the planned period for which the data will be stored, if this is not possible, the criteria for determining this period Data subjects have the right to request from the data manager the modification or deletion of their personal data or restrict their handling, and may object to the processing of such personal data. Copies of personal data that are electronically stored will be made available upon written request by the owner of the personal data, either electronically or on paper, free of charge after each modification. Additional copies will be charged a reasonable fee for administrative costs. If the application is submitted electronically, the information will be provided in a widely used electronic format (.doc, .pdf, .xls, .jpg, etc.) unless otherwise requested. If you request your data to be forwarded to a cloud or other web storage site, they are solely responsible for the security of the data from the moment of sending.Additional copies will be charged a reasonable fee for administrative costs. Printing is only possible at a charge, since the legislation specifically requires electronic portability. The right to request a copy shall not adversely affect the rights and freedoms of others. 2. The right to rectification Our clients and partners have the right to correct inaccurate personal information about them upon request. Depending on the purpose of the data processing, it is possible to request the completion of incomplete personal data. The rectification shall be communicated to all recipients to whom the personal data have been communicated, unless this is impossible or involves a disproportionate effort. On request, the data subject will be informed of the recipients. 3. Right to erasure We are obliged to delete personal data relating to my client or my principal without undue delay upon or without request, if · the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed· the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing· the data subject objects to the processing pursuant and there are no overriding legitimate grounds for the processing· personal data have been unlawfully processed· the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;· the personal data have been collected in relation to the offer of information society services Where we have made the personal data public and are obliged to erase the personal data, we , taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. We are not obliged to delete personal data, if data management is necessary for the establishment, exercise or defence of legal claims. May we receive a request to delete such data, we will consider and our decision will be sent in writing. Notification of deletion shall be sent to all recipients to whom the personal data have been communicated, unless this is impossible or involves a disproportionate effort. I will inform my clients / principals on request of the recipients, as long as this does not violate their personal data protection rights. 4. Right to restriction of data processing Our clients / principals have the right to request a restriction on data processing, if · disputes the accuracy of personal data, pending clarification· the data processing is unlawful and requests that the use of the data be restricted rather than being deleted;· We no longer need personal data for data management purposes, but are required by our clients / principals to file, enforce or defend legal claims;· our clients / principals have objected to the processing of data based on legitimate interest; in this case, the restriction shall apply for a period until it is established whether the legitimate reasons of the data manager prevail over those of the data subject. If data management is restricted, except where stored, personal data may be with the consent of our clients / principals, or for the purpose of filing, enforcing or defending legal claims or protecting the rights of other natural or legal persons or for important Union or Member State public interest . I will inform our clients / clients in advance of the lifting of the restriction.I must inform all recipients whom I have given personal data about the restriction, unless this is impossible or requires a disproportionate effort. I will inform our clients / principals of the recipients on request, as long as this does not violate the protection of their personal data. 5. Right to data portability The data subject has the right to receive the personal data concerning him or her, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right to portability must not adversely affect the rights and freedoms of others. 6. Right to object Our clients / principals have the right to object to data processing, on grounds relating to their particular situation, at any time to processing of personal data concerning them.We shall no longer process the personal data unless the we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 7. Automated individual decison-making and profiling We do not make automated individual decision-making or profiling 12. Complaint We handle your personal information with the utmost care. If, however, you feel that we have not taken all reasonable steps to protect your personal data, or if you simply have a question, please send us an e-mail to firstname.lastname@example.org In the event of a breach of our data management principles, the parties concerned may pursue their claims in court in civil litigation. The court has juridiction to hear and determine the lawsuit. The lawsuit may also be instituted before the court in the place where the person concerned resides (see the list and contact details of the courts at http://birosag.hu/torvenyszekek)
Additionally, you may contact the Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C. Hungary, post address: 1530 Budapest, Pf.: 5. Hungary, e-mail: email@example.com, website: http://www.naih.hu) with any personal data complaint or question.
- Automated decision making
None of our business decisions are based on an automated decision-making process. We do not use such technology at all and do not plan to use it in the future.
- In determining the legal basis for the data processing, I have taken into account the following law sites:
The sending of advertising newsletters is based on the consent of the recipients, according to the regulation of the European Parliament and of the Council (EU) 2016/679. Article 6 (1) (a) and Act XLVIII of 2008 on the Fundamental Terms and Certain Limits of Commercial Advertising.
In connection with contacting through website, comments on blogs, operating Facebook page, site traffic statistics and conversion measurements, cookies and business relationships and agreements I have taken into consideration the European Parliament and Council (EU)’s 2016/679. regulation par.6. (1) (a).
Billing data processing is based on the European Parliament and Council’s (EU)regulation 2016/679. 6.par. (1) (c) and Act CL. 78§ (3) of 2017 on the rules of taxation (retention period of certificates) and Act CXXVII. 169§ of 2007 on value added tax (required elements of an invoice)