and data management information for visitors and users of the website www.udvarheni.com
INTRODUCTION
The operator of www.udvarheni.com – hereinafter referred to as the Website – UHT UDVARI HENRIETTE TÍMEA (hereinafter referred to as the Data Controller), as the Data Controller, by publishing this Privacy Policy and Data Management Information (hereinafter referred to as the Data Controller), explains its principles regarding data management, which the Data Controller acknowledges as binding on itself. The Data Controller takes all reasonable measures to ensure the security of the personal data it processes.
Please read this Privacy Policy before using our Website, which contains in a clear and understandable manner how we process your personal data! In the Privacy Policy, the Data Controller clearly and in detail informs the data subjects about all important facts related to the processing of data.
The Data Controller processes the data of persons registered on the website in order to provide them with appropriate services. The service provider intends to fully comply with the legal requirements regarding the processing of personal data, in particular those contained in Regulation (EU) 2016/679 of the European Parliament and of the Council.
This data management information has been prepared on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to informational self-determination and freedom of information.
Name of service provider, data controller
Name: UHT UDVARI HENRIETTE TÍMEA
Registered office: Norra Gubberogatan 7, 416 63 Gothenburg
Website name, address: www.udvarheni.com
Data controller contact details
Name: UHT UDVARI HENRIETTE TÍMEA
Registered office: Norra Gubberogatan 7, 416 63 Gothenburg
Website name, address: www.udvarheni.com
E-mail: info@udvarheni.com, udvarheni@windowslive.com
Phone: SW +46 72 570 37 16, HU +36 70 940 45 28
DEFINITIONS
personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
data subject: any natural person who is identified or who can be identified, directly or indirectly, by reference to personal data
data subject’s consent: any freely given, specific and informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear and unambiguous indication of his or her consent to the processing of personal data relating to him or her;
data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
data processing: any operation or set of operations which is performed on data, regardless of the method used, such as collection, recording, organisation, storage, alteration, use, consultation, transmission, disclosure by transmission, alignment or combination, blocking, erasure and destruction, as well as preventing further use of the data, taking photographs, sound or image recordings and recording physical characteristics (e.g. fingerprints or palm prints, DNA samples, iris scans)
data erasure: rendering data unrecognizable in such a way that their recovery is no longer possible
data processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
data processing: the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data
data file: a set of data managed in a register
data security incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed.
recipient: the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by such public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;
third party: the natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
information society service: a service provided electronically, to distant parties, usually for consideration, to which the user of the service has individual access
electronic commerce service: an information society service whose purpose is the commercial sale, purchase,
exchange or other use of a tradable movable thing that can be taken into possession – including money and securities, and natural forces that can be utilized as a thing -, services, real estate, property rights (hereinafter collectively: goods).
GDPR (General Data Protection Regulation): the new Data Protection Regulation of the European Union;
USERS
A user is a natural person who is registered on the site, as well as a natural person who is not registered but uses the services of the Website, who is identified or – directly or indirectly – identifiable on the basis of any specific personal data.
DATA PROCESSING POLICIES
The data controller declares that it processes personal data in accordance with the data processing information and complies with the provisions of the relevant legislation, with particular attention to the following:
Personal data must be processed lawfully and fairly, and in a manner transparent to the data subject. Personal data may only be collected for specified, explicit and legitimate purposes.
The purpose of processing personal data must be adequate and relevant and limited to what is necessary.
Personal data must be accurate and up-to-date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in a form that permits identification of data subjects for no longer than is necessary. Personal data may only be stored for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
Personal data must be processed in such a way that appropriate technical or organizational measures are used to ensure the appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage.
The principles of data protection must be applied to all information relating to an identified or identifiable natural person.
IMPORTANT DATA PROCESSING INFORMATION
Purpose of data processing: maintaining contact, providing information and additional services. Legal basis for data processing: consent of the person concerned.
Data subjects: registered users of the website (newsletter subscribers, inquirers via form).
Duration of data processing and deletion of data: The duration of data processing always depends on the specific user purpose, but the data must be deleted immediately if the originally intended purpose has been achieved. The data subject may withdraw his/her consent to data processing at any time by sending a letter to the contact e-mail address. If there is no legal obstacle to the deletion, his/her data will be deleted.
The data controller and its employees are entitled to access the data.
The data subject may request from the data controller access to personal data concerning him/her, rectification, erasure or restriction of processing, and may object to the processing of such personal data, as well as the right to data portability.
The data subject may withdraw his/her consent to data processing at any time, but this shall not affect the lawfulness of the data processing carried out on the basis of consent before its withdrawal.
The data subject may exercise the right to lodge a complaint with a supervisory authority.
If the data subject wishes to use the benefits of registration, i.e. to use the website’s services in this regard, it is necessary to provide the requested personal data. The data subject is not obliged to provide personal data, and failure to provide data will not have any adverse consequences for him/her. However, it is not possible to use certain functions of the website without registration.
The data subject has the right to have the controller correct or complete inaccurate personal data concerning him/her without undue delay upon request.
The data subject has the right to have the controller erase inaccurate personal data concerning him/her without undue delay upon request, and the controller is obliged to erase the personal data concerning him/her without undue delay, unless there is another legal basis for the processing.
Modification or deletion of personal data can be initiated by e-mail, telephone or letter using the contact details provided above.
COMPLETING A CONTACT FORM ON THE WEBSITE
The Data Controller uses the data accessed through the contact form received via the website solely for the purpose of maintaining contact and providing information, and does not store the data in a database.
SENDING A NEWSLETTER
As the operator of the website, we declare that we fully comply with the relevant legal provisions in the information and descriptions we publish. We also declare that when subscribing to a newsletter, we are not able to verify the authenticity of the contact details or determine whether the data provided relates to a private person or a business. We treat businesses that contact us as customer partners.
The purpose of data processing is to send professional descriptions, electronic messages containing advertising, information, and newsletters, from which you can unsubscribe at any time without consequences. You can also unsubscribe without any consequences if your business has ceased to exist in the meantime, you have left the business, or someone has provided us with your contact details.
The legal basis for data processing is your consent. We inform you that the user may give prior and express consent to the service provider contacting him/her with advertising offers, information and other mailings at the e-mail address provided upon registration. As a result, the user may consent to the service provider processing the necessary personal data for this purpose.
We inform you that if you wish to receive a newsletter from us, you must provide the necessary data. If you do not provide the data, we will not be able to send you a newsletter.
Duration of data processing: Data processing takes place until the consent is withdrawn. You can withdraw your consent to data processing at any time by sending an email to the contact e-mail address.
The data is deleted upon withdrawal of consent to data processing. You can withdraw your consent to data processing at any time by sending an email to the contact e-mail address.
Consent can also be withdrawn based on the link appearing in the newsletters sent. The data controller and its employees are entitled to access the data.
Data storage method: electronic.
Data modification or deletion can be initiated by e-mail, telephone or letter using the contact options provided above.
Scope of processed data
Specific purpose of data processing
Name Identification, contact
Email Identification, contact
Date of subscription
Technical information operation IP address
Technical information operation
We would like to inform you that it is not necessary for the e-mail address to contain personal data. For example, it is not necessary for the e-mail address to contain your name. You are completely free to decide whether to provide an e-mail address that contains information about your identity. The e-mail address – which serves to maintain contact – is absolutely necessary for the newsletter or professional information sent to you to reach its destination.
PERSON AUTHORIZED TO PROCESS DATA
The person authorized to process personal data is Henriette Tímea Udvari (hereinafter: Data Processor), as Data Processor. The personal data to be processed may be accessed by the Data Processor’s legal representative(s), employees/agents/collaborators. The Data Processor will not disclose personal data to third parties, except where the data subject expressly consents to this.
Hosting provider
Name/company name: WordPress
Head office: Norra Gubberogatan 7, 416 63 Gothenburg
E-mail: info@udvarheni.com, udvarheni@windowslive.com
Phone: SW +46 72 570 37 16, HU +36 70 940 45 28
E-mail: info@udvarheni.com, udvarheni@windowslive.com
The data you provide is stored on the server operated by the hosting provider. Only our employees and the employees operating the server have access to the data, but they are all responsible for the secure management of the data.
Name of the activity: hosting service, server service. Purpose of data management: ensuring the operation of the website.
The data processed: personal data provided by the data subject
Duration of data processing and deadline for data deletion: Data processing is carried out until the end of the website’s operation, or according to the contractual agreement between the website operator and the hosting service provider. If necessary, the data subject may also request the deletion of their data by contacting the hosting service provider.
Legal basis for data processing: the consent of the data subject, or data processing based on law.
DURATION OF DATA PROCESSING
The Data Controller processes personal data provided by the User based on his/her consent until the purpose of the data processing is achieved, or until the User withdraws his/her consent. The Data Controller processes the personal data provided by the User during registration until the User ceases to use the Website, in particular until the registration is deleted.
Unless otherwise provided by law, the Data Controller may process the personal data collected a) for the purpose of fulfilling a legal obligation applicable to it, or b) for the purpose of enforcing the legitimate interests of the data controller or a third party, if the enforcement of this interest is proportionate to the restriction of the right to the protection of personal data without further separate consent, and even after the withdrawal of the consent of the data subject. / Act CXII of 2011, Section 6 (5) /
The Data Controller shall retain and process the personal data provided by the User for the purpose of fulfilling accounting obligations for 8 years pursuant to Section 169 of Act C of 2000, or within the limitation period specified in Act XCII of 2003 on the Taxation System.
DATA TRANSFER, DATA CONNECTION
The Data Controller does not sell, rent or in any way make available the User’s personal data or information to other companies or individuals.
The Data Controller ensures the appropriate security of the data in the manner expected of it and takes the technical and organizational measures that guarantee the enforcement of data protection rules and principles and promote the security of personal data.
We inform Dear Users that the Data Controller transfers personal data to a third party or persons only with the consent of the data subject.
COOKIES
Cookies are placed on the user’s computer by the websites visited and contain information such as page settings or login status.
Cookies are therefore small files created by the websites visited. They improve the user experience by saving browsing data. Cookies help the website remember the website settings and offer locally relevant content.
The service provider’s website sends a small file (cookie) to the website visitors’ computers in order to determine the fact and time of the visit. The service provider informs the website visitor about this.
The scope of data processing: website visitors.
Purpose of data processing: additional services, identification, tracking of visitors.
Legal basis for data processing: The user’s consent is not required if the service provider absolutely needs to use cookies.
Scope of data: unique identification number, time, settings data.
The user has the option to delete cookies from browsers at any time in the Settings menu. Data controllers authorized to view the data: The data controller does not process personal data using cookies. Data storage method: electronic.
SOCIAL SITES
A social site is a media tool where a message is disseminated through social users. Social media uses the Internet and online publishing opportunities to transform users from content receivers into content editors.
Social media is an interface of Internet applications that hosts user-generated content, such as Facebook, Google+, Twitter, etc.
Social media can be displayed in the form of public speeches, lectures, presentations, product or service presentations.
Information published on social media can be in the form of forums, blog posts, images, videos and audio materials, message boards, e-mail messages, etc.
In accordance with the above, the scope of the processed data can also include the user’s public profile picture in addition to personal data. The scope of the data subjects: all registered users.
The purpose of the data collection is to promote the website or the related website. The legal basis for data processing is the voluntary consent of the data subject.
Duration of data processing: according to the regulations available on the given social network. Deadline for data deletion: according to the regulations available on the given social network.
Persons entitled to access the data: according to the regulations available on the given social network. Rights related to data processing: according to the regulations available on the given social network. Method of data storage: electronic.
It is important to note that when the user uploads or submits any personal data, he gives the social network operator worldwide permission to store and use such content. Therefore, it is very important to make sure that the user has full authority to communicate the information published.
GOOGLE ANALYTICS
Our website uses Google Analytics.
When using Google Analytics:
Google Analytics uses internal cookies to compile reports for its customers on the habits of website users.
On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it prepares reports related to website activity for the website operator so that it can provide additional services.
The data is stored in an encrypted format on Google servers to make it more difficult and prevent data misuse.
Google Analytics can be disabled as follows. Quote from the page:
Website users who do not want Google Analytics to create JavaScript reports on their data can install the Google Analytics blocking browser extension. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on is available in most modern browsers. The Google Analytics opt-out browser add-on does not prevent data from being sent to the website itself or to other web analytics services.
https://support.google.com/analytics/answer/6004245?hl=hu
Google’s privacy policy:
https://policies.google.com/privacy?hl=hu?
Detailed information on the use and protection of data can be found at the links above.
Cash on Delivery-Inspector
The fact of data collection, the scope of data processed and the purposes of data processing:
Use of the Cash on Delivery Checker Service. The Data Controller also uses fraud prevention services when determining payment methods. Based on the feedback received from this, the payment methods available to the given visitor are determined – after automatic decision-making – and are selected from the following payment methods: cash on delivery, bank card, transfer.
Scope of data subjects: All data subjects who place an order on the website.
Duration of data processing, deadline for data deletion: If one of the conditions set out in Article 17
(1) of the GDPR applies, in particular point c), it lasts until the data subject has properly objected or requested deletion.
Potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the data controller’s authorized employees based on the provisions of this information.
Description of the data subjects’ rights related to data processing:
The data subject may request access to, rectification, deletion or restriction of processing of personal data concerning him or her from the data controller, and may object to data processing.
The data subject may request access to, erasure, modification or restriction of processing of personal data, or data portability in the following ways:
by post to Norra Gubberogatan 7, 416 63 Gothenburg, by e-mail to info@udvarheni.com, udvarheni@windowslive.com, by telephone to SW +46 72 570 37 16, HU +36 70 940 45 28
.
Legal basis for data processing: Article 6(1)(f). The legal basis for data processing is the legitimate interest of the data controller. The legitimate interest is to prevent abuse of rights and breaches of contract. Note: The buyer commits a breach of contract if
he refuses to take delivery of the ordered product without a legitimate reason or fails to excuse his delay.
DATA PROTECTION IN DETAIL
RIGHTS RELATED TO DATA PROCESSING
Right to request information
You can request information from us via the provided contact details, which data our company processes, on what legal basis, for what data processing purpose, from what source, and for how long. Upon your request, we will send information to the e-mail address you provided without delay, but no later than 30 days.
Right to rectification
You can request that we modify any of your data via the provided contact details. Upon your request, we will take action on this immediately, but no later than 30 days, and we will send information to the e-mail address you provided.
Right to erasure
You can request us to erase your data via the contact details provided. Upon your request, we will do so immediately, but no later than 30 days, and we will send information to the email address you provided.
Right to blocking
You can request us to block your data via the contact details provided. The blocking will last as long as the reason you have indicated requires the storage of the data. Upon your request, we will do so immediately, but no later than 30 days, and we will send information to the email address you provided.
Right to object
You can object to data processing via the contact details provided. We will examine the objection as soon as possible, but no later than 15 days after the submission of the request, make a decision on its merits, and inform you of our decision by email.
RIGHTS TO EXERCISE RIGHTS RELATED TO DATA PROCESSING
In the event of unlawful data processing that you experience, please notify our company, so that the legal situation can be restored within a short time. We will do everything in your interest to resolve the problem outlined.
If, in your opinion, the legal situation cannot be restored, please notify the authority at the following contact details:
National Data Protection and Freedom of Information Authority
Postal address: 1530 Budapest, P.O. Box: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu URL https://naih.hu
Coordinates: N 47°30’56”; N 18°59’57”
LEGISLATION BASED ON DATA PROCESSING
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation).
Act CXII of 2011 on the right to informational self-determination and freedom of information.
Act LXVI of 1995 on public documents, public archives and the protection of private archival material.
Government Decree 335/2005. (XII. 29.) on general requirements for document management of bodies performing public tasks.
Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.
Act C of 2003 on electronic communications.
This Privacy Policy comes into force on 15 August 2022. The data controller reserves the right to make changes.