Data Protection Rules
PRIVACY NOTICE
Table of contents
- Purpose of the Privacy Notice
- The Data Controller’s data
- Data Protection Officer
- The scope of the personal data processed
- Technical data
- Cookies
- The role of cookies
- Strictly necessary, session cookies
- Third-party cookies (analytics)
- List of cookies on the Data Controller’s websites
- General data processing rules, the description, use and legal basis of the data processing, and retention period
- Data related to online orders
- Physical storage locations of the data
- Data transfers, data processing, persons with access to the data
- Data transfers to third countries
- Rights of the Data Subject and the means of their enforcement
- Right to information
- Right of access
- Right of rectification
- Right to erasure
- Right to the restriction of the data processing
- Right to data portability
- Right to object
- Automated decision-making on individual cases, including profiling
- Right of withdrawal of consent
- Right to apply to the courts
- Other provisions
- PURPOSE OF THE PRIVACY NOTICE
Tibor Bujdosó, a “small taxpayer” sole proprietor (VAT number: 55627179-2-23; address: 6050 Lajosmizse, Petőfi utca 14., hereinafter referred to as the “Service Provider” or the “Data Controller”), as the Data Controller, acknowledges the contents of this legal notice as binding on him.
The Service Provider undertakes to ensure that all data processing performed relating to his activities complies with the requirements set out in this Policy and in the applicable national and EU legislation.
This Privacy Notice covers the following domains and their subdomains:
rolunkszol.hu
The Privacy Notice of the Data Controller in relation to his data processing is continuously available at the following website: rolunkszol.hu/data-processing-policies
The Data Controller reserves the right to amend this Privacy Notice at any time. The changes will be communicated to the Data Subjects in due time.
If you have any questions about this Privacy Notice, please contact us and we will answer them
The Data Controller is committed to protecting the personal data of its clients and business partners and attaches the utmost importance to respecting the right to information selfdetermination of his clients. The Data Controller shall treat all personal data confidentially and shall take all security, technical and organisational measures to ensure the security of the data.
The Data Controller describes his data management practices below.
- THE DATA CONTROLLER’S DATA
If you wish to contact the Data Controller, you can do so by sending an e-mail to the following e-mail address: info@rolunkszol.hu and by contacting by phone: +36 30 243 31 41.
Name: Tibor Bujdosó, “small taxpayer” sole proprietor
Registered office: 6050 Lajosmizse, Petőfi utca 14.
VAT number: 55627179-2-23
Registration number: 54336018
Phone: +36 30 243 3141
E-mail: info@rolunkszol.hu
2.1 DATA PROTECTION OFFICER
The Data Controller does not carry out any activities that would justify the appointment of a Data Protection Officer.
- 3. THE SCOPE OF THE PERSONAL DATA PROCESSED
3.1. TECHNICAL DATA
The Data Controller shall select and operate the IT tools used to process the personal data in the course of providing his services in such a way that the processed data:
is accessible to the authorised persons (availability);
the data’s authenticity and verification are ensured (authenticity of the processing);
can be verified to be unchanged (data integrity);
is protected against unauthorised access (data confidentiality).
The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, transmission, publication, erasure or destruction and against accidental destruction.
The Data Controller shall ensure the security of the data processing by technical and organisational measures that provide a level of protection appropriate to the risks associated with the data processing.
The Data Controller shall, in the course of the data processing, preserve the confidentiality: protect the information so that only those who are entitled to have access to it can do so; preserve the integrity: protect the accuracy and completeness of the information and the method of processing; ensure availability: ensure that the information can be accessed when the authorised user needs it and that the means to do so are available.
3.2 COOKIES
3.2.1 THE ROLE OF COOKIES
Cookies collect information about visitors and their devices; they remember visitors’ individual preferences, which are (can be) used, for example, when making online transactions, so that they do not have to be re-entered; they facilitate the use of the website; they provide a quality user experience; and they are used to collect some statistical information about the visitors.
In order to provide a personalised service, a small piece of data, a cookie, is placed on the user’s computer and read back during a subsequent visit. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user’s current visit to previous visits, but only for its own content.
Some of the cookies do not contain any personally identifiable information about the individual user, while others contain a secret, randomly generated sequence of numbers that are stored on the user’s device and ensure the user’s identity.
3.2.2 STRICTLY NECESSARY, SESSION COOKIES
The purpose of these cookies is to allow visitors to browse the rolunkszol.hu website, and to use its functions and services without any problems. These types of cookies are valid until the end of the session (browsing) and are automatically deleted from your computer or other browsing device when you close your browser.
3.2.3. 3.2.3. THIRD-PARTY COOKIES (ANALYTICS)
The www.rolunkszol.hu website and its subdomain websites also use Google Analytics as a third-party cookie. Using Google Analytics for statistical purposes, rolunkszol.hu and its subdomain websites collect information about how visitors use their websites. The data is used to improve the website and the user experience. These cookies will also remain on thevisitor’s computer or other browsing device, or in the visitor’s browser, until they expire or until the visitor deletes them.
3.2.4. THE LEGAL BASIS FOR COOKIE PROCESSING
The legal basis for cookie processing is the consent of the website visitor, pursuant to Section 6(1)(a) of the GDPR.
If you do not accept the use of cookies, certain features of the websites listed in section 3.2.3 may not be available when you use the websites, or certain features may not function properly.
For more information on deleting cookies for more common browsers, please see the links below:
Firefox: Deleting cookies placed by websites from your computer
Chrome: Clear cache & cookies
Safari: Manage cookies and website data in Safari on Mac
3.2.5. LIST OF COOKIES ON THE DATA CONTROLLER’S WEBSITES
Name | Service Provider | Detailed description | Time of deletion | Their nature |
Cookies necessary for the functioning of the websites | These cookies are essential for the use of the website and allow you to use the basic functions of the website. In their absence, many features of the site will not be unavailable. | End of session | they do not collect personal information | |
Cookies that improve the user experience | These cookies collect information about the use of the website and are used to improve the user experience. | End of session | they do not collect personal information | |
Session cookies | These cookies store the visitor’s location, browser language and payment currency. | Max. 2 hours or when the browser is closed. | ||
Last viewed product cookies | They record the last viewed product. | 60 days | ||
Last viewed product category cookies | They record the last viewed product category. | 60 days | ||
Shopping cart cookies | They store the data of the product placed in the shopping cart. | 360 days | ||
1P_JAR | Google.com and Gstatic.com | These cookies are used to collect site statistics and track conversion rates. | 2 years | they do not collect personal information |
NID | Google.com | These cookies allow our websites to remember how the website works or looks, for example, information that changes the language you have set or the region you are in. | 10 years | they do not collect personal information |
_ga | Google.com | We use Google Analytics cookies to measure traffic to our website. A single text bar is saved to identify the browser, the interactions timestamp and the browser / source page that led the user to our website. | 2 years | they do not collect personal information |
_gat | Google.com | We use Google Analytics cookies to measure traffic to our website. A single text bar is saved to identify the browser, the interactions timestamp and the browser / source page that led the user to our website. | 2 years | they do not collect personal information |
_gid | Google.com | We use Google Analytics cookies to measure traffic to our website. A single text bar is saved to identify the browser, the interactions timestamp and the browser / source page that led the user to our website. | 2 years | they do not collect personal information |
4. GENERAL DATA PROCESSING RULES, THE DESCRIPTION, USE AND LEGAL BASIS OF THE DATA PROCESSING, AND RETENTION PERIOD
The Data Controller’s data processing activities are based on voluntary consent or on legal authorisation. For data processing based on voluntary consent, the Data Subjects may withdraw their consent at any stage of the data processing.
In certain cases, the processing, storage and transmission of some of the data provided is required by law, and we will notify our clients separately. Data Subjects should note that if they do not provide their own personal data, the person providing the information is obliged to obtain the consent of the Data Subject. The Data Controller’s data processing principles comply with the applicable data protection legislation, in particular: Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR); Act V of 2013 on the Civil Code; Act C of 2000 on Accounting (Accounting Act); Act LIII of 2017 – on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.); Act CCXXXVII of 2013 – on Credit Institutions and Financial Undertakings (Hpt.).
The Data Controller has prepared data maps, on the basis of which the scope of the data processed, their use, legal basis and retention period have been defined.
4.1 DATA RELATED TO ONLINE ORDERS
Through the website, it is possible to order services, and the personal data requested during the ordering process are the following:
Name (required)
E-mail address (required)
Wedding details (partially required data, related to the event)
For certain services, such as website maintenance, additional personal data may be transferred.
The purpose of the data processing, and the intended use of the data processed: the data will be used to fulfil the order.
The legal basis for the data processing is a contractual mandate.
Retention period: the duration of the business relationship or a request for cancellation.
5 PHYSICAL STORAGE LOCATIONS OF THE DATA
Your personal data (that is, data that can be associated with you personally) may be acquired by us for processing in the following ways:
on the one hand, technical data relating to your computer, browser program, IP-address and the pages you visit are automatically generated in our computer system,
on the other hand, you may also provide us with your name, contact details or other information when using the website, if you wish to contact us. The data technically recorded during the operation of the system: the data of the computer of the person entering the website, which are recorded by the systems of the rolunkszol.hu domain and its subdomains as an automatic result of the technical processes.
The data that is automatically recorded is automatically logged by the system on entry and exit, without any declaration or action by the Data Subject.
This data cannot be linked to other personal data of the user, except where required by law. Only the rolunkszol.hu domain and its subdomains have access to the data.
6. DATA TRANSFERS, DATA PROCESSING, PERSONS WITH ACCESS TO THE DATA
The Data Controller uses the following data processors in the course of its business activities:
Webhosting services:
Tárhely.EU KFT.,
Address: 1144 Budapest, Ormánság u 4.
Customer service (working days 9 am to 5 pm): +36 1 789 2 789
E-mail: support@tarhely.eu
Scope of the data accessed: the content of the rolunkszol.hu domain and its subdomains, and e-mails sent to the e-mail addresses based on this domain.
Google Analytics:
Google Inc., Mountain View, California, USA
Scope of the data accessed: the IP address of visitors to the rolunkszol.hu website – anonymised, not linked to a specific person.
Facebook page, Instagram page:
Facebook Inc.
Menlo Park, California, USA
Privacy Notice: https://www.facebook.com/about/privacy/update
Scope of the data accessed: username, comments.
6.1 DATA TRANSFER TO A THIRD COUNTRY
Data will be transferred to the US, for which an adequacy decision was issued on 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-usprivacy-shield_en).
The adequacy decision also applies to the data controllers Mailchimp https://mailchimp.com/legal/privacy/, Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).
7. RIGHTS OF THE DATA SUBJECT AND THE MEANS OF THEIR ENFORCEMENT
The Data Subject may request information about the data processing of his/her personal data, and may request the rectification, erasure or withdrawal of his/her personal data, except for mandatory data processing, and may exercise his/her right to data portability and objection in the manner indicated when the data were collected, or by contacting the Data Controller at the above contact details.
7.1 RIGHT TO INFORMATION
The Data Controller shall take appropriate measures to provide the Data Subjects with all the information on the processing of personal data referred to in Sections 13. and 14 of the GDPR and each of the disclosures referred to in Section 15 to 22 and 34. of the GDPR in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
7.2 THE DATA SUBJECT’S RIGHT OF ACCESS
The Data Subject shall have the right to obtain from the Data Controller feedback as to whether or not his/her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:
the purposes of the data processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
the intended duration of the storage of the personal data;
the right to rectification, erasure or restriction of processing and the right to object;
the right to lodge a complaint with a supervisory authority;
information on the data sources;
the fact of automated decision-making, including profiling, as well as the logic used and clear information on the significance of such data processing and its likely consequences for the Data Subject.
The Data Controller shall provide the information within a maximum of one month from the date of the request.
7.3 RIGHT OF RECTIFICATION
The Data Subject may request the correction of inaccurate personal data concerning him/ her processed by the Data Controller and the completion of incomplete data.
7.4 RIGHT TO ERASURE
If one of the following grounds applies, the Data Subject shall have the right to obtain from the Data Controller, upon his/her request, the erasure of personal data concerning him/her without undue delay: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the Data Subject withdraws the consent on the basis of which the data processing was carried out and there is no other legal basis for the data processing; the Data Subject objects to the data processing and there is no overriding legitimate ground for the processing; the personal data have been processed unlawfully; thepersonal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Data Controller is subject; the personal data were collected in connection with the provision of information society services
The erasure of data may not be initiated if the data processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under EU or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
7.5 RIGHT TO RESTRICTION OF DATA PROCESSING
At the request of the Data Subject, the Data Controller shall restrict the data processing if one of the following conditions is met: the Data Subject contests the accuracy of the personal data, in which case the restriction shall be for a period which allows the accuracy of the personal data to be verified; the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead that its use be restricted; the Data Controller no longer needs the personal data for the purposes of the processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims; or the Data Subject has objected to the data processing; in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Data Controller override the legitimate grounds of the Data Subject.
Where the data processing is restricted, personal data, other than storage, may be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the EU or of a Member State.
7.6 RIGHT TO DATA PORTABILITY
The Data Subject has the right to receive personal data relating to him/her which he/she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit such data to another data controller.
7.7 RIGHT TO OBJECT
The Data Subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of his/her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions. In the event of an objection, the Data Controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
7.8 AUTOMATED DECISION-MAKING ON INDIVIDUAL CASES, INCLUDING PROFILING
The Data Subject shall have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning him/her or similarly significantly affects him/her.
7.9 RIGHT OF WITHDRAWAL
The Data Subject has the right to withdraw his/her consent at any time.
7.10 RIGHT TO APPLY TO THE COURTS
The Data Subject may take the Data Controller to court if his/her rights are infringed. The court is acting out of turn in the case. 7.11 Data protection authority procedure complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information, registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, mailing address: 1530 Budapest, Pf.: 5. Phone: +3613911400 Fax: +3613911410
E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
8 OTHER PROVISIONS
Information about data processing not listed in this Privacy Notice is provided at the time of the data collection. We inform our clients that the courts, the prosecutor, the investigating authorities, the law enforcement authorities, the administrative authorities, the National Authority for Data Protection and Freedom of Information, the National Bank of Hungary, or other bodies authorised by law may contact the Data Controller to provide information, to disclose or transfer data, or to provide documents. The Data Controller shall disclose to the public authorities personal data only to the extent that and to the extent that such disclosure is strictly necessary for the purpose of the request, provided that the public authority has indicated the precise purpose and scope of the data.