The operator of the website www.korrepkristof.hu informs visitors of the website about its practices in the processing of personal data and the organizational and technical measures taken to protect data. This data management policy contains basic information on the handling, processing, registration and storage of personal data of website visitors and persons purchasing on the website (hereinafter: User), as well as the related rights of Users and the possibilities for enforcing them.
Name: Kristóf Róbert Molnár, Sole Proprietor
Headquarters:
1028 Budapest Hidegkuti út 107, Tax number: 51394310-1-41
Phone number: +36 30 335 9094
Email: korrepcristof@gmail.com
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation)
Opinion No 16/2011 on the EASA/IAB Recommendation on best practice in online behavioural advertising.
Recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements for prior information
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC.
„"personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
„"data processing" means any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
„controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
„"processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
„recipient” means the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by such public authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing;
„"Consent of the data subject" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
„"data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal data:
processing must be carried out lawfully and fairly, and in a manner that is transparent to the data subject.
collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes („purpose limitation”) shall not be considered incompatible with the initial purpose in accordance with Article 89(1);
they must be adequate and relevant in relation to the purposes of the processing and limited to what is necessary („data economy”);
they must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes of the processing, are erased or rectified without delay, thereby meeting the requirement of accuracy.
It must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the personal data are processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of data subjects as provided for in this Regulation. Subject to the "limited storage".
It must be processed in such a way that appropriate technical or organizational measures are used to ensure the appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to the data ("integrity and confidentiality").
The data controller is responsible for compliance with the above and must be able to demonstrate this compliance ("accountability").
Personal data
Purpose of data processing
Password:
It serves as a secure login to the user account.
Last name and first name:
It is necessary for contact, purchase and issuing a proper invoice.
Email address:
Staying in touch.
Phone number:
More efficient coordination of communication, billing, or shipping issues.
Billing name and address:
Issuing a proper invoice, as well as creating a contract, defining its content, modifying it, monitoring its performance, validating and invoicing the fees arising from it, and handling related claims
The email address does not need to contain any personal information.
Scope of data subjects: All data subjects who purchase on the website.
Duration of data processing, deadline for data deletion: Immediately upon registration deletion. The data controller shall inform the data subject electronically, pursuant to Article 19 of the GDPR, of the deletion of any personal data provided by the data subject. If the data subject's request for deletion also covers the e-mail address provided by him/her, the data controller shall also delete the e-mail address after the information has been provided. Except in the case of accounting documents, since these data must be retained for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
Accounting documents (including general ledger accounts, analytical and detailed records) that directly and indirectly support accounting records must be kept in a legible form for at least 8 years, and must be retrievable by reference to the accounting records.
The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and may object to the processing of such personal data, and the data subject has the right to data portability and the right to withdraw consent at any time.
VII. The data subject can initiate access to personal data, their deletion, modification or restriction of processing, data portability, and objection to data processing in the following ways: by post to Molnár Kristóf Róbert, 1028 Budapest Hidegkuti út 107.
by e-mail at korrepkristof@gmail.com,
by phone at +36 30 335 9094.
Article 6(1)(b) of the GDPR,
Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society (hereinafter referred to as:
Elker Act) Section 13/A. (3):
The service provider may process personal data for the purpose of providing the service that is technically indispensable for the provision of the service. All other conditions being the same, the service provider must select and in all cases operate the means used in the provision of the information society service in such a way that personal data are processed only if this is absolutely necessary for the provision of the service and for the fulfilment of other purposes specified in this Act, but even then only to the extent and for the period necessary.
We inform you that
You are required to provide personal information so that we can fulfill your order.
Failure to provide data will result in us being unable to process your order.
It is noted that the website operated by the Data Controller can be visited by anyone without providing personal data or registering. The website does not collect or process personal data regarding visitors.
The Data Controller may place an anonymous user identifier (cookie) on the User's computer, which in itself is not capable of identifying the User concerned in any way, but is only suitable for recognizing the User's machine. The purpose of these cookies (session cookies) is to allow visitors to browse the website completely and smoothly without providing their name, email address or any other personal information and to make the use of the services as convenient as possible. The purpose of managing cookies is to facilitate the use of the website and to allow the Data Controller to learn more about the Users' information acquisition and usage habits, thus improving the quality of its services.
3. The validity period of the types of cookies described in point 2 lasts until the end of the browsing session on the website operated by the Data Controller. When the browser is closed, they are automatically deleted from the computer or other device used for browsing, no later than 14 days after the browser is closed.
4. The User has the option to prohibit the placement of identification marks (cookies) on his computer by setting his browser. By doing so, he acknowledges that certain services will not work or will not work properly. In this case, he can ignore the pop-up section of the website for managing cookies.
5. The User gives his/her clear and voluntary consent to the processing of his/her personal data by browsing the website (by clicking on any link or menu item). If the User accepts the use of cookies by using the website, he/she also clearly and firmly accepts the data processing policy and information, which can be downloaded and read in full at https://www.korrepkristof.hu/adatvedelmi-falykozat.
1. Extensions are disabled by default on the Portal. Extensions are only enabled if the User clicks on the dedicated button. By enabling the extension, the User establishes a connection with the social network and consents to the transfer of their data to Facebook, Instagram, Youtube, WordPress, Chatbot.
If the User is logged in to any of the above social media sites, the given social network may associate the visit with the User's social media account.
If the User clicks on the appropriate button, their browser transmits the relevant information directly to the given social network and stores it there.
Information on the scope and purpose of data collection, the further processing and use of data by Facebook, Instagram, Youtube, WordPress, Chatbot, and your rights and settings for the protection of personal data can be found in the privacy statements of Facebook, Instagram, Youtube, WordPress, Chatbot.
Activity provided by the data processor: Hosting service
Name and contact details of the data processor: Sybell Informatikai Kft. | https//:sybell.hu
Budapest, Kesmark Street 7/b, 1158
The fact of data processing, the scope of data processed: All personal data provided by the data subject.
Scope of data subjects: All data subjects using the website.
Purpose of data management: Making the website available and operating it properly.
Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data controller and the hosting service provider, or until the data subject submits a deletion request to the hosting service provider.
The legal basis for data processing is Article 6(1)(c) and (f) and Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
It is recorded that, using the data provided on the website managed by the Data Controller, the Data Controller will contact the User to clarify and verify their billing information, who will then pay the issued invoice by bank transfer.
The handling of additional personal and bank account data provided in this way is governed by the provisions of this policy.
The legal basis for data processing by the Data Controller is always the consent of the Data Subject.
1. Data processed based on the User's consent may be processed until the consent is modified or withdrawn. The Data Controller stores the data related to logins for the purpose of providing evidence in possible legal disputes until the expiry of the general limitation period, i.e. 5 (five) years, and in the case of accounting documents, Section 169 of Act C of 2000 on Accounting.
(2) of the Data Protection Act. The data controller is obliged to delete the User's personal data upon the expiry of the data management period.
2. The User may request the deletion or modification of his/her personal data via e-mail, which the Data Controller will comply with within 3 days.
The data is primarily accessible to the data controller and its internal employees, but it is not published or passed on to third parties.
The data controller does not transfer personal data to third parties other than those specified. This does not apply to any mandatory data transfers required by law, which may only take place in exceptional cases. Before fulfilling each official data request, the data controller examines whether the legal basis for the data transfer actually exists for each individual data.
The user has the right to request information about the personal data concerning him or her processed by the data controller at any time and to modify them at any time. He or she also has the right to request the correction and deletion of his or her incorrectly recorded data via the contact details provided in point I. The data controller will delete the data within 3 working days of receiving the request. Deletion does not apply to data processing required by law, which the data controller will retain for the necessary period. Deletion means rendering the data unrecognizable in such a way that their recovery is no longer possible.
The User may contact the data controller and its employees with any questions or comments related to data management at the contact details provided in Section I.
The data subject may request from the data controller access to personal data concerning him or her, rectification, erasure or restriction of processing, and may object to the processing of such personal data. The data subject has the right to data portability and the right to withdraw consent at any time.
We inform you that:
The provision of personal data is based on a contractual obligation.
The processing of personal data is a prerequisite for concluding a contract.
You are required to provide personal data so that we can handle your complaint.
Failure to provide data will result in our inability to handle the complaint you have received.
Rights in detail:
The right of access
You have the right to receive feedback from the controller as to whether your personal data is being processed and, if such processing is taking place, you have the right to access the personal data and the information listed in the regulation.
2. Right to rectification
You have the right to request that the controller rectify inaccurate personal data concerning you without undue delay. Taking into account the purpose of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.
3. Right to erasure
You have the right to request that the controller erase your personal data without undue delay, and the controller is obliged to erase your personal data without undue delay under certain conditions.
4. The right to be forgotten
Where the controller has made the personal data public and is obliged to erase them, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers processing the data that you have requested the erasure of links to the personal data in question or of copies or replications of those personal data.
5. Right to restriction of data processing
You have the right to request that the data controller restrict data processing if one of the following conditions is met:
You dispute the accuracy of the personal data, in which case the restriction applies for a period of time that allows the controller to verify the accuracy of the personal data.
-The processing is unlawful and you oppose the erasure of the data and instead request the restriction of its use;
The data controller no longer needs the personal data for the purposes of data processing, but you require them for the establishment, exercise or defense of legal claims;
You have objected to the processing; in this case, the restriction applies for a period of time until it is determined whether the legitimate grounds of the data controller override your legitimate grounds.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided (…).
7. The right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data (…), including profiling based on the aforementioned provisions.
8. Objection in case of direct marketing
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, insofar as it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.
9.Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The previous paragraph shall not apply if the decision:
Necessary for the conclusion or performance of a contract between you and the data controller;
is permitted by Union or Member State law applicable to the controller, which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
It is based on your express consent.
The data controller will inform you of the measures taken in response to the above requests without undue delay, but in any case within 1 month of receipt of the request.
If necessary, this can be extended by 2 months. The data controller will inform you about the extension of the deadline within 1 month of receipt of the request, indicating the reasons for the delay.
If the controller does not take action on your request, it shall inform you without delay, but no later than one month from the date of receipt of the request, of the reasons for the failure to take action and of the possibility of lodging a complaint with a supervisory authority and of exercising your right to a judicial remedy.
The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of data security appropriate to the risk, taking into account the state of the art and the costs of implementation, the nature, scope, circumstances and purposes of the processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons, including, where appropriate:
pseudonymization and encryption of personal data;
ensuring the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;
the ability to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident;
a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data processing.
If the data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data breach without undue delay.
The information provided to the data subject shall describe in a clear and comprehensible manner the nature of the data protection incident and shall include the name and contact details of the data protection officer or other contact person who can provide further information; the likely consequences of the data protection incident shall be described; the measures taken or planned by the controller to remedy the data protection incident, including, where applicable, measures to mitigate any adverse consequences resulting from the data protection incident. The data subject shall not be informed if any of the following conditions are met:
the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the data breach, in particular measures – such as the use of encryption – that make the data unintelligible to persons not authorised to access the personal data;
the data controller has taken further measures following the data protection incident to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
information would require a disproportionate effort. In such cases, the data subjects should be informed by means of publicly published information or a similar measure should be taken to ensure that the data subjects are informed in a similarly effective manner.
If the data controller has not yet notified the data subject of the data breach, the supervisory authority may, after considering whether the data breach is likely to involve a high risk, order the data subject to be informed.
The controller shall notify the personal data breach to the supervisory authority competent pursuant to Article 55 without undue delay and, where feasible, not later than 72 hours after having become aware of the personal data breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.
If the data controller has any questions or problems while using our services, the data subject can contact the data controller via the methods provided on the website (telephone, e-mail, social media, etc.).
The data controller deletes received e-mails, messages, data provided by telephone, Facebook, etc., together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, no later than 2 years after the data was disclosed.
We will provide information about data processing not listed in this information when the data is collected.
In the event of an exceptional official request or a request from other bodies based on legal authorization, the Service Provider is obliged to provide information, communicate and transfer data, or make documents available.
In these cases, the Service Provider will only provide the requester with personal data to the extent and insofar as it is absolutely necessary to achieve the purpose of the request, provided that the requester has indicated the precise purpose and scope of the data.
1. In the event of a violation of the User's rights related to his/her personal data, he/she may apply to court. The court shall proceed with the case ex officio. In the event of a violation of the User's rights, he/she may apply to the Office of the Data Protection Commissioner (1051 Budapest, Nádor u. 22.) and to the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.) for legal redress.
The Data Controller undertakes to ensure the security of the data and to take technical measures to ensure that the recorded, stored and processed data are protected, and to do everything possible to prevent the destruction, unauthorized use and unauthorized alteration of the data.
Molnár Kristóf Róbert Egyéni Vállalkozó, as data controller, acknowledges the content of this legal notice as binding on itself. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this notice and in the applicable laws.
3. All employees, workers and persons in other legal relationships with the Data Controller operating this website are obliged to comply with the provisions of the data protection regulations and information, to consider them as binding on them, and to act fairly and legally during data processing, taking into account the basic principles of data processing, to the best of their knowledge and with the increased care expected in the given situation.
