The data controller uses the online advertising program called „Google Ads” and uses Google’s conversion tracking service within its framework. Google conversion tracking is Google’s analytics service, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google”).
When the User accesses a website through a Google ad, a cookie necessary for conversion tracking is placed on his/her computer. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.
When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User responds to the advertisement
Each Google Ads customer receives a different cookie, so they cannot be tracked across Ads customers’ websites.
The information obtained through conversion tracking cookies is used to compile conversion statistics for Ads customers who opt for conversion tracking. In this way, customers are informed about the number of users who clicked on their advertisement and were forwarded to a page with a conversion tracking tag. However, they do not receive any information that identifies any user
If you do not wish to participate in conversion tracking, you can opt out by disabling the option to install cookies in your browser. You will no longer be included in conversion tracking statistics.
Further information and Google’s privacy statement are available at: https://policies.google.com/privacy
Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google („Google”). Google Analytics uses so-called „cookies”, text files that are stored on your computer to help analyze the use of the website visited by the User.
The information generated by cookies related to the website used by the User is usually transferred to a Google server in the USA and stored. By activating IP anonymization on the website, Google shortens the User’s IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area beforehand.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate how the User has used the website, to compile reports on website activity for the website operator and to provide other services related to website and internet usage.
The IP address transmitted by the User’s browser within the framework of Google Analytics will not be merged with other Google data. The User may prevent the storage of cookies by setting his/her browser accordingly, however, please note that in this case not all functions of this website may be fully usable. You can also prevent Google from collecting and processing data generated by cookies about your use of the website (including your IP address) by downloading and installing the browser https://tools.google.com/dlpage/gaoptout?hl=hu available at the following link.
Manage cookies
The so-called „password-protected session cookie”, „shopping cart cookies”, „security cookies”, „necessary cookies”, „functional cookies”, and „responsible for managing website statistics cookies” does not require prior consent from data subjects.
Fact of data processing, scope of processed data: Unique identification number, dates, times
Data subjects: All data subjects visiting the website.
Purpose of data processing: Identification of users, tracking of visitors, ensuring customized operation.
Duration of data processing, deadline for erasure of data:
|
Type of cookie
|
Legal basis for data processing
|
Duration of data processing
|
|
Session cookies or other cookies that are essential for the operation of the website
|
Article 6 (1) GDPR (f).
The legitimate interest of the data controller for the purpose of operating the website, ensuring the functionality and basic functions of the website, and the security of the computer system.
|
The relevant
until the end of the visitor session period
|
|
Persistent or saved cookies
|
Article 6 (1) GDPR (f).
The legitimate interest of the data controller for the purpose of operating the website, ensuring the functionality and basic functions of the website, and the security of the computer system
|
Data processing lasts until the deletion of the data subject, or cookies with an exact validity period (permanent, saved) are stored on the computer until they are deleted, but at the latest until their validity period expires
|
|
Statistical, marketing cookies
|
Article 6(1) GDPR point (a)
|
1 month – 2 years
|
Potential data controllers entitled to access the data: Personal data may be known to the data controller.
Description of data subjects’ rights related to data processing: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually in the settings of the Privacy menu.
Most browsers used by our users allow you to set which cookies should be saved and allow (specific) cookies to be deleted again. If you use the cookie
You restrict your storage on certain websites or do not allow third-party cookies, so under certain circumstances this may result in our website no longer being used in its entirety. Here you can find information on how to customize cookie settings for standard browsers:
Google Chrome
(https://support.google.com/chrome/answer/95647?hl=hu)
Internet Explorer
(https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies )
Firefox
(https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-has zn)
Safari
(https://support.apple.com/hu-hu/guide/safari/sfri11471/mac)
Data processors used
Hosting provider
Activity performed by data processor: Hosting service.
Name and contact details of data processor: Linetec Linux Network Technologies GmbH, Address: 1230 Vienna, Kronfeldgasse 7., E-mail: office@linetec.co.at
Fact of data processing, scope of processed data: All personal data provided by the data subject
Data subjects: All data subjects using the website/mobile application.
Purpose of data processing: To make the website/mobile application available and to operate it properly.
Duration of data processing, deadline for erasure of data: Data processing lasts until the termination of the agreement between the data controller and the hosting service provider or until the data subject’s request for erasure is addressed to the hosting service provider.
Legal basis for data processing: Article 6(1)(c) and (f) and Section 13/A(3) of Act CVIII of the year on certain issues of electronic commerce services and information society services. A legitimate interest is the proper operation of the website, protection against attacks and fraud.
Social media
The fact of data collection, the scope of data processed: name registered on social media sites Meta/Twitter/Pinterest/Youtube/Instagram and public profile picture of the user.
Data subjects: All data subjects who have registered on the social media sites Meta/Twitter/Pinterest/Youtube/Instagram, and „liked” the Service Provider’s social media page or contacted the data controller through the social media site.
Purpose of data collection: To share, „like”, follow and promote certain content elements, products, promotions of the website or the website itself on social media sites.
Duration of data processing, deadline for erasure of data, identity of potential data controllers entitled to access the data and description of the rights of data subjects related to data processing: The data subject may obtain information about the source of the data, their processing, as well as the method and legal basis of the transfer on the given social media site. Data management takes place on social media sites, so the duration and method of data processing, as well as the possibilities of deleting and modifying data are regulated by the respective social media site
Legal basis for data processing: voluntary consent of the data subject to the processing of his or her personal data in accordance with the Community
Customer relations and other data processing
If the data subject has any questions or problems while using our data processing services, he or she may contact the data controller using the methods provided on the website (phone, e-mail, social networks). The Data Controller deletes the received e-mails, messages, data provided by phone, Meta, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, after a maximum of 2 years from the date of disclosure. Information on data processing not listed in this prospectus will be provided at the time of data collection. At exceptional request from the authority or at the request of other bodies authorized by law, the Service Provider is obliged to provide information, disclose and transfer data and make documents available. In these cases, the Service Provider shall provide personal data to the requester – provided that it has indicated the exact purpose and scope of the data – only to the extent and to the extent that is strictly necessary to achieve the purpose of the request.
Rights of data subjects
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the information listed in the Regulation.
2. Right to rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay under certain conditions.
4. Right to be forgotten
Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.
5. Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following conditions is met:
you contest the accuracy of the personal data, in which case the restriction applies for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
you have objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate reasons of the controller override your legitimate reasons.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (…)
7. Right to object
In the case of processing based on legitimate interest or official authority as legal basis, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data (…), including profiling based on those provisions.
8. Objection in case of direct marketing
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. The preceding paragraph shall not apply where the decision:
necessary for entering into, or performance of, a contract between you and the controller;
is authorized by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard your rights and freedoms and legitimate interests; or based on your explicit consent.
Time limit for action
The controller shall inform you without undue delay and in any event within 1 month of receipt of the request of the measures taken in response to the above requests.
If necessary, it may be extended by 2 months. The controller shall inform you of the extension of the deadline within 1 month of receipt of the request, indicating the reasons for the delay.
If the controller does not take action on your request, it shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Security of data processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing and the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, inter alia, where appropriate:
1. pseudonymization and encryption of personal data;
2. ensuring the continued confidentiality, integrity, availability and resilience of systems and services used for processing personal data;
3. the ability to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident;
4. a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to ensure the security of processing.
5. The processed data must be stored in such a way that unauthorized persons cannot access them. In the case of paper-based data carriers, by establishing the order of physical storage and archiving, in the case of data processed in electronic form, by using a central authorization management system.
6. The method of storing data using IT methods must be chosen in such a way that their erasure can be carried out at the end of the data deletion period or, if necessary for other reasons, subject to any different deletion deadline.
7. Paper-based data carriers shall be deprived of personal data by means of shredders or by using an external organization specializing in shredding. In the case of electronic data carriers, physical destruction and, where necessary, secure and irreversible deletion of data shall be ensured in accordance with the rules applicable to the disposal of electronic storage media.
The controller shall take the following specific data security measures: In order to ensure the security of personal data processed on paper, the Service Provider applies the following measures (physical protection): Place documents in a secure, lockable dry room; Where personal data processed on paper are digitized, the rules governing; digitally stored documents should apply: The Service Provider’s employee performing data processing in the course of his work only; You can leave the room where data processing takes place to lock the data carriers entrusted to you or to close the given room; Personal data can only be accessed by authorized persons, and third parties cannot access them; The Service Provider’s building and premises are equipped with fire protection and property protection equipment.
IT protection
- The computers and mobile devices (other data carriers) used during data management are the property of the Service Provider.
- The computer system containing the personal data used by the Service Provider is equipped with virus protection.
- In order to ensure the security of digitally stored data, the Service Provider shall perform data backups and archiving.
- The central server machine can only be accessed with appropriate authorization and only by designated persons.
- You must have a username and password to access data on your computer.
Communication of the personal data breach to the data subject
Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate it to the data subject without undue delay.
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and indicate the name and contact details of the data protection officer or other contact point for further information; describe the likely consequences of the personal data breach; describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures aimed at mitigating possible adverse consequences resulting from a personal data breach.
The data subject need not be informed if any of the following conditions are met:
the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the data affected by the personal data breach, in particular those that render the personal data unintelligible to persons who are not authorized to access them, such as encryption;
the controller has taken further measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize;
providing information would require disproportionate effort. In such cases, the data subjects shall be informed by means of publicly available information or a similar measure shall be taken to ensure that the data subjects are informed in an equally effective manner.
Where the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered whether the personal data breach is likely to result in a high risk, may order it to do so.
Report a personal data breach to the authority
The controller shall notify the personal data breach to the supervisory authority competent pursuant to Article 55 without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.
Review in case of mandatory data processing
If the duration of mandatory data processing or the periodic review of its necessity is not specified by law, local government decree or binding legal act of the European Union, the data controller shall review at least every three years from the commencement of data processing whether the processing of personal data processed by it or by a data processor acting on its behalf or on its instructions is necessary to achieve the purpose of data processing.
The circumstances and outcome of this review shall be documented by the data controller, this documentation shall be kept for ten years after the completion of the review and shall be made available to the Authority upon request of the National Authority for Data Protection and Freedom of Information (hereinafter: the Authority).
Possibility to file a complaint
A complaint may be lodged against a possible infringement of the data controller with the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu
Closing remarks
During the preparation of this prospectus, we took into account the following legal regulations:
Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (GDP) (GDP) (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
2011 Act CXII of the year on Informational Self-Determination and Freedom of Information (hereinafter: Privacy Act);
2012 Act CVIII of the year on certain issues of electronic commerce services and information society services (mainly Section 13/A);
2013 Act XLVII of the year on the prohibition of unfair commercial practices against consumers;
2014 Act XLVIII of the year on the basic conditions and certain restrictions of commercial advertising activities (in particular Section 6a);
2015 Act XC of the year on freedom of electronic information;
2016 Act C of the year on electronic communications (specifically Section 155); Opinion No 16/2011 on EASA/IAB Recommendation on best practice in online behavioral advertising;
Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information.
Privacy Policy
Version 1 Adopted on 10/10/2024
Generated on 2024.10.10
Updated on 2024.10.10
Koloman Handler Hungary Kft.
