Privacy policy

Data management of the website www.symblify.net, “Symblify – Life Made Simple” and “Symblify Business” applications

Last updated: 26 August, 2018

1. GENERAL INFORMATION

 

Name of the data controller: Symagine Lab Szervezetfejlesztési Limited Company

Seat and address: 4225 Debrecen, Erdőhát utca 75.

Company registration number: 09-09-028683

Tax number: 25907076-2-09

E-mail address: info@symblify.net

Website concerned by data management: www.symblify.net

Information: info@symblify.net

Name of hosting service provider: Magyar Hosting Ltd.

Address of hosting service provider: 1132 Budapest, Victor Hugo utca 18-22.

e-mail address of hosting service provider: info@tarhely.com

    2. INTRODUCTION

     

    1. The validity of this privacy policy will take effect from August 26, 2018 until revocation.
    1. Symagine Lab Szervezetfejlesztési Limited Company (4225 Debrecen, Erdőhát utca 75.) hereinafter as ‘data controller’ and ’service provider’ accepts the content of the present legal statement as binding. It undertakes to perform data management in connection with its activity in accordance with the requirements set forth in this code and legislation in effect.
    1. Data protection policies related to the data controller of the service provider are continuously available from the website symblify.net.
    1. The service provider reserves the right to change this privacy policy at any time. In case of possible changes, the service provider will of course inform the data subjects, his audience.
    1. Should you have any questions about this privacy policy, please write to us (email address: info@simblify.net) and our colleague will answer your question.
    1. The service provider is committed to protect the personal data of its clients and partners, with special emphasis on the users’ right of informational self-determination. The service provider shall treat personal data confidentially and take all security, technical and organisation measures to ensure data security.
    1. Personal data are managed by the service provider with the consent of the data subjects, and their legal representatives, based on Act CXII of 2011 on the Right of Informational Self Determination and on Freedom of Information (hereinafter referred to as Privacy Act) and through its organizational units, takes all data security, technical and organizational measures that guarantee the adequate level of security of the data.
    1. For this purpose, the operation and development of the security, data protection and IT systems at the service provider are separate and independent from each other.
    1. Personal data may only be managed for the purpose of exercising the right or for fulfilment of the obligation. Private use of the personal data managed by the service provider is prohibited. Data management must at all times comply with the purpose limitation principle.
    1. The service provider may only manage personal data for the purpose of exercising the right or for fulfilment of the obligation to a minimal extent and time of achieving the purpose. Data management is fit for purpose at all stages – and if the purpose of data management is terminated or the data is otherwise unlawful, the data will be deleted.
    1. The service provider will manage personal data only if prior consent given by the data subject (written consent for special personal data) or upon either by law or by statutory authorization. Prior to recording the data, the data subject will be informed of the purpose of the data management as well as the legal basis for the data management.
    1. Employees, who manage data for the service provider and employees of organisations, who participate in the data management by performing an operation on behalf of the service provider are obliged to keep the known personal data as business secrets. Persons, who manage and have access to personal data are obliged to make a declaration of confidentiality.
    1. If a person within the scope of the policy becomes aware of the fact that the personal data he/she manages is defective, incomplete or timeless, he or she must rectify it or ask for rectification by the person responsible for recording the data.
    1. Data protection obligations for natural or legal persons or non-legal entities performing data management on behalf of the service provider shall be enforced based on contract with the data processor.
    1. The service provider defines the organization of data protection, the tasks and powers of data protection and related activities and selects the supervisor the data management.
    1. During their work the colleagues of the service provider will ensure that no unauthorised persons may have access to the personal data and to establish the storage and arrangement of personal data in a manner that prevents any unauthorised person from having access to, becoming aware of or having the possibility for modifying or destroying those.
    1. The supervision of the data protection system of Symagine Lab Szervezetfejlesztési Limited Company is provided by a service provider.
    1. The Service Provider applies SSL / TSL for web communication, thus ensuring that its visitors are securely handled by the site so that the site is securely protected, thereby providing information and information provided by the visitor.
    1. Prior to data management, the data subject must be clearly and thoroughly informed about all facts related to his or her data management, in particular about the purpose and legal basis of data management, the data controller and processor, and the duration of the data management.
    1. In order to ensure the right of access, at the request, the data controller shall inform the data subject whether her personal data are managed by the data controller itself or by a data processor acting on the mandate or provision of the data controller.

    If the personal data of the data subject is managed by the data controller or by a data processor acting on the mandate or provision of the data controller, the data controller shall, in addition to the provisions of the preceding paragraph, make the personal data of the data subject, managed by the data controller or by a data processor acting on the mandate or provision of the data controller, available and inform him or her about:

    a) the source of the managed data,

    b) the purpose and legal basis of the data management,

    c) the scope of the managed personal data,

    d) in the case of transmitting the managed personal data, the scope of the addressees of the transmission – including third country addressees and international organizations,

    e) the duration of the retention of the managed personal data, the criteria for determining this period,

    f) a description of the rights of the data subject under this act and the manner in which they are enforced,

    g) in case of profiling, its fact and

    h) occurring conditions of privacy incidents relation to the management of personal data of the data subject, their effects and the measures taken to address them.

    1. This privacy statement addresses the data management of the following websites https://www.symblify.net and is based on the content specification above. The information is available at https://www.symblify.net.
    1. Registration of the data management specified in this privacy policy is not mandatory.
    1. Amendments to the regulations will come into effect by publication at the above address. Behind the sections’ headings of the regulation, legal reference will be indicated as well.
    1. The service provider describes its data management principles below, presents the expectations that he has formulated against himself as a data controller, which he will observe. His data management principles are in line with existing data protection legislation, in particular with the following:

     

    • Act CXII of 2011 on the Right of Informational Self‑Determination and on Freedom of Information (Privacy Act);
    • Act V of 2013 on the Civil Code (Civil Code);
    • Act XIX. of 1998 on Criminal Proceedings (Criminal Proceedings);
    • Act C of 2000 on Accounting (Accounting Act);
    • Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (E‑Commerce Act);
    • Act C of 2003 of electronic communications (Electronic Communications Act);
    • Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators (Security Services Act);
    • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Business Advertising Act);
    • Act II of 2012 on offences, the procedure in relation to offences and the offence record system (Act on Offences)
    • Act CLIX. of 2012 on postal services (Postal Services Act)
    • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the management of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);

    3. DEFINITIONS

    1. data subject: Any natural person identified or identifiable on the basis of any information;
    2. identifiable natural person: Any natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    3. personal data Any information relating to the data subject;
    4. special data: Personal data revealing racial or ethnic origin, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, genetic data, biometric data for the unique identification of natural persons, the data concerning health and personal data concerning sex life,
    5. genetic data: Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
    6. biometric data: Personal data resulting from specific technical management relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
    7. data concerning health: Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
    8. criminal personal data: Personal data relating to the data subject or that pertain to any prior criminal offense committed by the data subject and that is obtained by organizations authorized to conduct criminal proceedings or investigations or by penal institutions during or prior to criminal proceedings in connection with a crime or criminal proceedings;
    9. data of public interest: Information or data other than personal data, registered in any mode or form, controlled by the body or individual performing state or local government responsibilities, as well as other public tasks defined by legislation, concerning their activities or generated in the course of performing their public tasks, irrespective of the method or format in which it is recorded, its single or collective nature; in particular data concerning the scope of authority, competence, organisational structure, professional activities and the evaluation of such activities covering various aspects thereof, the type of data held and the regulations governing operations, as well as data concerning financial management and concluded contracts;
    10. data public on grounds of public interest: Any data, other than public information, that are prescribed by law to be published, made available or otherwise disclosed for the benefit of the general public;
    11. consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies agreement, by a statement or by a clear affirmative action to the management of personal data relating to him or her;
    12. data controller: Natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the management of data; takes and implements decisions concerning data management (including the used terms) or implements them with data processor;
    13. joint data controller: The data controller who, determines the purposes and means of data management, within the framework set out in the law and in the mandatory legal act of the European Union, together with one or more other data controllers, takes and implements decisions about data management (including the used terms) or implements them with the data processor;
    14. data management: Any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transmitting, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);
    15. Law enforcement related data management: data management of persons or bodies (hereinafter referred to collectively as law enforcement) with the functions of prevention and parry of threats to public order or public safety under its statutory tasks and powers, crime prevention, crime detection, and prosecution or participation in these proceedings,, offence prevention, offence detection and conduction or participation in offence proceedings, as well as the enforcement of the legal consequences established in criminal or offence proceedings. In the framework and purpose of this activity, the management of personal data relating to this activity for archival, scientific, statistical or historical purposes (hereinafter referred to collectively as law enforcement;
    16. National security related data management: Data management of national security services as defined by statutory tasks and powers, as well as data management of the police’s counter-terrorism body covered defined by statutory tasks and powers, by the Hungarian National Defence Act;
    17. National defence related data management: Data management covered by the Hungarian National Defence Act and the Act on the Registration of Armed Forces Serving in Hungary, as well as International Military Headquarters and their Military Staff;
    18. data transmission: ensuring access to the data for a third party;
    19. indirect data transmission: Transmission of personal data to a data controller or data processor in a third country or to a data controller or data processor of an international organization;
    20. international organisation: an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
    21. disclosure: ensuring open access to the data;
    22. data deletion: making data unrecognisable in a way that it can never again be restored;
    23. blocking of data: marking data with a special ID tag to indefinitely or definitely restrict its further management;
    24. data destruction: complete physical destruction of the data carrier recording the data;
    25. data process: shall mean performing technical tasks in connection with data management operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;
    26. data processor: any natural or legal person or organisation without legal personality management the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;
    27. data source: the body responsible for undertaking the public responsibility which generated the data of public interest that must be disclosed through electronic means, or during the course of operation in which this data was generated;
    28. data disseminator: the body responsible for undertaking the public responsibility which uploads the data sent by the data source it has not published the data;
    29. data set: all data processed in a single file;
    30. third party: natural or legal person, or organisation without legal personality who or which is different form the data subject, the data controller, the data processor and the persons who carry out personal data management operations under the direct supervision of the data controller or data processor;
    31. EEA Member State: any Member State of the European Union and any State which is party to the Agreement on the European Economic Area, as well as any State the nationals of which enjoy the same legal status as nationals of States which are parties to the Agreement on the European Economic Area, based on an international treaty concluded between the European Union and its Member States and a State which is not party to the Agreement on the European Economic Area;
    32. third country: any State that is not an EEA State;
    33. data protection breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
    34. profiling: any form of automated management of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
    35. recipient: natural or legal person, or organisation without legal personality to whom personal data are disclosed by the data controller or by the data processor;
    36. pseudonymisation: the management of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

    4. PRINCIPLES AND RULES OF DATA MANAGEMENT

     

    1. Data shall be:
    • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
    • collected for specified, explicit and legitimate purposes (‘purpose limitation’);
    • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
    • accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
    • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
    • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful management and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
    1. The Service Provider as a Data Controller is responsible for compliance with the foregoing and, if necessary, is able to substantiate and support this (“accountability”). Data management, at all its stages, must fit to purpose, and if the purpose of data management is terminated or the data is otherwise unlawful, the data will be deleted.
    2. Personal data is managed by the service provider on the prior consent of the concerned party or to the extent required for the fulfilment of the statutory mandate and the legal obligation for the data controller. Prior to recording of data, the service provider shall always inform the data subject of the purpose of the data management, as well as the legal basis of data management, the scope of the data concerned and the retention period.
    3. Employees, who manage data for the service provider and employees of organisations, who participate in the data management by performing an operation on behalf of the service provider are obliged to keep the known personal data as business secrets. Persons, who manage and have access to personal data are obliged to make a declaration of confidentiality. If a person within the scope of the Policy becomes aware of the fact that the personal data he/she manages is defective, incomplete or timeless, he or she must rectify it or ask for rectification by the person responsible for recording the data.
    4. Data protection obligations for natural or legal persons or non-legal entities performing data management on behalf of the service provider shall be enforced in a contract with the data processor. The Data Controller may transmit data to data controllers performing data management in third countries or data processors performing data management in third countries in case the persons concerned gave their express consent, or the above conditions of data management are fulfilled and  the adequate level of protection of personal data is guaranteed during the management and processing of transmitted data in the third country. Data transmitting to EEA states, as well to agencies, offices or organisations, in accordance with the Title V, Chapters 4 and 5 Treaty on the Functioning of the European Union shall be deemed as data transmission within the territory of Hungary.
    5. Data management in connection with the activities of the service provider is based on voluntary consent. However, in some cases the processing, storage or transmitting certain data are set forth by law.
    6. The service provider, by taking into account their activity, defines the inner organization of data protection, the tasks and powers of data protection and related activities and selects the person who manages the data management. During their work the colleagues of the service provider will ensure that no unauthorised persons may have access to the personal data. The practice of storage and arrangement of personal data have been established in a manner that prevents any unauthorised person from having access to, becoming aware of or having the possibility for modifying or destroying those. The internal data protection system of the service provider is supervised by the administrator trough a person responsible for data protection appointed or entrusted by the administrator.

    5. LEGAL BASIS OF DATA MANAGEMENT

     

    Personal data can be managed, if

    • by law or – under the authority of the law within the scope specified therein – in case of data not classified as special data or criminal data – local government decree orders for public interest purposes,
    • in case of the absence of the definitions in point a. it is absolutely necessary for the duties of the data controller defined by law and the data subject has explicitly consented to the processing of personal data,
    • in case of the absence of the definitions in point a. it is necessary or proportionate for the protection of the vital interests of the data subject or of any other person, or it is necessary to eliminate or prevent hazards threatening his or her personal life, physical integrity or assets.
    • in case of the absence of the definitions in point a. the personal data is expressly disclosed by the data subject and it is and necessary and proportionate for the purpose of data management.

     

    6. PURPOSE OF DATA MANAGEMENT

     

    1. Personal data may be managed only for a specific purpose, in order to exercise a right or fulfil an obligation. Data management must correspond to this purpose in all its stages, and the data may be acquired and processed only in a fair manner.
    2. Only personal data that are indispensable for implementing the purpose of data management and suitable for achieving this purpose may be managed, and the data management may take place only to the extent and for the period necessary for implementing the purpose.

    7. OTHER PRINCIPLES OF DATA MANAGEMENT

     

    1. Personal data may be processed only for specified and explicit purposes, where it is necessary for the exercising of certain rights and fulfilment of obligations. The purpose of processing must be satisfied in all stages of data management operations; recording of personal data shall be done under the principle of lawfulness and fairness. 
    2. The personal data processed must be essential for the purpose for which it was recorded, and it must be suitable to achieve that purpose. Personal data may be processed to the extent and for the duration necessary to achieve its purpose.
    3. In the course of data management, the data in question shall be treated as personal as long as the data subject remains identifiable through it. The data subject shall – in particular – be considered identifiable if the data controller is in possession of the technical requirements which are necessary for identification.
    4. Personal data can only be managed with appropriate informed consent.
    5. The data subject shall be informed whether the data management is based on consent or mandatory prior to the commencement of data management. Prior to control being initiated, the data subject must be explicitly and clearly informed in details of every fact relating to the control of his data, and therefore in particular, of the objective of the control and its legal grounds, the individual authorised to control and process the data and the duration of the control process, about the fact that the personal data of the data subject are handled by the data controller with the consent of the data subject, and with respect to the fulfilment of a legal obligation on the data controller or the enforcement of a legitimate interest of a third party and about who may get to know the data. Such information must equally detail the rights and legal redress opportunities the data subject has in connection with the data control.
    6. The accuracy and completeness, and the up-to-date status of the data must be provided for throughout the processing operation and shall be kept in a way to permit identification of the data subject for no longer than is necessary for the purposes for which the data were recorded.
    7. The Data Controller may transmit data to data controllers performing data management in third countries or data processors performing data management in third countries in case the persons concerned gave their express consent, or the above conditions of data management are fulfilled and  the adequate level of protection of personal data is guaranteed during the management and processing of transmitted data in the third country.

    8. RIGHTS OF DATA SUBJECTS

     

    The data subject has the right, in connection with his or her personal data processed by the controller or a processor acting on its behalf or upon its instructions, in accordance with the terms specified:

     

    1. to receive information on the facts related to processing prior to the start of processing (right to prior information),
    2. at his/her request, to receive his/her personal data and information on their processing from the controller (right of access),
    3. at his/her request, and in the other cases specified in this chapter, to have the controller rectify or supplement his/her personal data (right to rectification),
    4. at his/her request, and in the other cases specified in this chapter, to have the controller restrict the management of his/her personal data (right to restrict data management.

    9. FUNCTIONAL DATA MANAGEMENT OF THE WEBSITE www.symblify.net

     

    1. In order to ensure the right of access, at the data subject’s request, the controller specifies whether his or her personal data are processed by the controller itself or by a processor acting on its behalf and at its instructions.
    2. If the personal data of the data subject are processed by the controller or by a processor on its behalf and upon its instructions, in addition to the details listed in point 9.1., the controller will provide the data subject with the personal data processed by it and by a processor acting on its behalf and upon its instructions and inform him or her of
    • the source of the personal data processed,
    • the purpose of and legal ground for processing,
    • the scope of the personal data processed,
    • if the personal data processed are transmitted, the scope of recipients of data transmission, including third-country recipients and international organisations,
    • the retention period of processed personal data, and the way this period has been determined,
    • the rights granted to the data subject by this act, together with the description of the way of enforcing them,
    • if profiling is applied, this fact, and
    • the circumstances of any occurrence of personal data breaches arising in connection with the management of the data subject’s personal data, their impact and the measures taken to manage them.
    1. Term of data management, deadline for deletion of data: According to the obligation set out in article 2 § 169 of Act C of 2000 on Accounting, these data must be retained for 8 (eight) years. The accounting record, confirming both directly and indirectly the accounting (including general ledger accounts, analytical and detailed records) must be retained for at least 8 (eight) years in a legible form, and a retrievable way, based on the bookkeeping references.
    2. Possible controllers authorized to obtain personal data: Personal data may be controlled by colleagues of the data controller, in compliance with the abovementioned principles.
    3. Providing information on the rights of the data subjects in connection with the control of the data: The data subject may initiate the deletion or modification of his personal data by the following means:
    1. The service provider may manage such personal data as a provision of service, which are technically strictly necessary for providing a service. If the other conditions are identical, the service provider must select and always operate the tools used to provide information society services in a way that, that personal data shall be only managed if it’s absolutely necessary for the services and for the fulfilment of purposes described in the E-Commerce Act, but in this case also only to the extent and time necessary.
    2. The service provider may process data related to the use of the service for any other purposes ó – thus, in particular, for the purposes of enhancing the efficiency of the service, forwarding of electronic advertisements or other direct communications addressed to the recipient of the service, or market surveys – only with the prior specification of the objective thereof and subject to the consent of the recipient of the service
    3. Recipient of the services shall be allowed, at all times, prior to and during the course of using the information society service to prohibit the data management.
    4. The processed data must be deleted if the data management is unlawful, the deletion of data is mandatory by law, by the binding legal act of the European Union or if it was ordered by authorities or by the court. or the specified period has elapsed. The data must be deleted if the purpose of data management has been terminated or if the recipient provides so. unless otherwise stated in the law, the deletion of the data shall be made immediately.
    5. The data management processes of service provider’s activities on a voluntary basis. In certain cases, the management, storage and transmitting of certain data is required under legislation; the users concerned will be separately notified of this fact each time by the service provider.
    6. Please note that if data provider is not providing their own personal data, it is their responsibility to obtain the consent of the person concerned.
    7. However, non-personal information is unlimitedly and automatically collected from the visitors of the webpage. Personal data cannot be obtained from these data, so the Privacy Act. is not implemented.
    Name of data management Website user information
    Purpose of data management The service provider checks upon visiting the site the functionality of the service, personalized service and prevention of abuse, stores the visitor data for the purpose of forwarding it to its service providers. Contacting the website and analyze browsing habits, and sell and promote the “Symblify Business”.
    Legal basis The consent of the data subject and article 3 § 13/A of the E-Commerce Act. The data subject gives consent by the use of the website, registration or the voluntary disclosure of the data in question for each data management.
    Scope of data subjects Persons purchasing the “Symblify Business” application and persons subscribing to the Service Provider newsletter.
    Scope of managed data Name and surname, company name, billing details, e-mail address
    Source of data Website, E-mail
    Name and address of data controller Service provider
    Name and address of data processor Hosting service provider
    Duration of data management After the contact has been made, the activation code is sent and immediately after the delivery. Personal data will be deleted immediately after the contact, the activation code was sent and the delivery. Except in the case of accounting documents, since pursuant to Article 169 (2) of Act C of 2000 on Accounting, this data must be stored for 8 years, the Service Provider maintains the personal data necessary for answering messages and requests sent by the users and communicated to them in the context of the ordered application for a continuous improvement of the “Symblify Business” application and for improving the user’s experience for up to 2 years in order to inform them the user of the developments.
    Effective data management location www.symblify.net
    Effective data management location 4225 Debrecen, Erdőhát utca 75.
    Data processor’s activity related to data management Hosting service provider and cloud hosting service provider
    The nature of the used data management technology IT Systems

    13. The Symblify Business application upon purchasing following personal information is requested by the service provider, which is managed by the data controller:

    Personal data Purpose of data management
    Name and surname, company name, address Necessary to issue a regular invoice.
    Company e-mail address

    Necessary to send the activation code.

    14. The service providers correspondence, newsletter, direct marketing activity

    Personal data Purpose of data management
    Name and surname Identification, contact.
    E-mail address

    Necessary for contact and to promote the application, to send other advertising messages, to send business policy inquiries to affected persons, the person can unsubscribe the newsletters in any time.

    In case of any questions during the use the services of the data controller, or if the data subject has any problems, the data controller can be contacted as specified (phone, e-mail, “Contact us”) on the website.

    Received e-mails, messages, information submitted over phone with the name and e-mail address of the informing person and other voluntary personal data will be deleted by the data controller within two years. To maintain incoming messages and requests, the Provider is required to continuously develop the Symblify application and improve the application’s user experience.

    1. Data management not listed in this information is provided upon recording the data.
    2. the service provider is obliged to provide information, to communicate, to transmit data or to make documents available in case of exceptional authority inquiries or at the request of other official bodies based on the authorization of the law.
    3. In these cases, the service provider shall provide personal data for the requesting person to such an extend – if the exact purpose and the scope of the data were indicated – which is indispensable for the fulfilment of the request.

     10. DATA TRANSMISSION

     

    1. The service provider hereby declares that the provisions on the data management of visitors in previous points are authoritative and valid regarding the use of services provided by the service provider at the website symblify.net, services regarding the purchase of products in connection with the external service providers, since the visitors’ data will be transmitted to the external service providers in the manner and with the way described above in order to fulfil the sales services. The service provider guarantees to the visitors that he has informed the service providing business associations about the rules described in this regulation and has acknowledged these conditions with the external services providers in the agreement, which also covers data management. The service provider excludes the liability for the case, if the service providing business associations shall in any form violate rules set out in data management regulation.
    2. The fact of data management, scope of managed data. The scope of the transmitted data to manage the application: Name/Name of the Company, address, e-mail address.
    3. The scope of the data transmitted for online payment: Online contact initiators and applications purchasers.
    4. The purpose of data management: To conduct online shopping.
    5. Time of data management, deadline for data deletion: The service providers associated with the product or service ordered – bookkeeping, invoicing, newsletter provider in relevant legislation and in the data management rules of related providers within specified deadline.
    6. Potential data controllers entitled to know the information: Personal data are managed by the following, having regard to the above principles. The data controller takes advantage of the services and assistance of the following data processors:

    a) Accountant: ODA-AZ-ADÓ Ltd.

    Address: 4026 Debrecen, Péterfia u. 32/A.

    Scope of transmitted data: Name/company name, address/seat, tax number or group identifier, bank account number, name of the product.

     

    b) Accounting program: Billingo

    Name of the Company: Octonull Ltd.

    Address: 1085 Budapest, József körút 74. I. em. 6.

    E-mail address: hello@billingo.hu

    Scope of transmitted data: Name, the name of company, billing informations, ordered product.

    Purpose of data transmission: Issuing invoice.

    The data subject may ask the service provider data controller to delete his or her personal information as soon as possible.

     

    c) Mail program: MailChimp

    Scope of transmitted data: Name, email address

    Purpose of data transmission: Promoting the products and services of the data controller, other advertising messages, sending business policy inquiries to affected persons.

    The data subject may ask the service provider data controller to delete his or her personal information as soon as possible.

     

    Personal data management in connection with the activities of the data collector is always regulated by law or based on voluntary consent. In some cases, due to lack of consent, data management is based on other legal basis or on article 6 of the Regulation.

    The legal basis for the transmission of data: The users consent to article 1 § 5 of Privacy law and to article 3 § 13 of Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services.

     

     

    7. Data management of external service providers: 

    An html code of the website contains references coming from or arriving to external servers which are independent from the service provider. The server of the external service provider is in direct contact with the user’s computer. We draw the kind attention of our visitors to the fact, that the providers of these references by the reason of direct connection to their servers, and also for the sake of direct communication are capable of collecting user data.

    Independent measurement and auditing of attendance and other web analytical data on www.symblify.net is assisted by the Google Analytics server as an external service provider. The data controller can provide detailed information on the management of the measurement data at www.google.com/analytics.

    11. INFORMATION ON COOKIES

     

    1. The Service Provider informs its audience that third-party service provider may install and read back a small data package, a so-called “cookie” on the user’s computer, in order to ensure a more personalised service. If the browser sends a previously saved cookie back, the managing Service Provider can link the user’s current visit to the previous one, but only for their own content.
    2. The Service Provider may perform anonymous data collecting on the computer of those visitors of the website symblify.net, who’s settings enable, with the IT solution “cookie”. during the loading of the website. These data will be managed by the Data Manager as personal data.
    Data Purpose of data management
    IP-Address Data used to enhance service level.
    The page information you visit on www.symblify.net during browsing Data used to enhance service level.
    Time spent browsing on www.symblify.net Data used to enhance service level.
    Browser type Data used to enhance service level.
    Operating system type Data used to enhance service level.
    Screen resolution Data used to enhance service level.

    1. The Service Provider declares that the scope of service providers will be expanded, in which case the Privacy Policy will be modified.
    2. The Service Provider does not associate the data generated during the analysis of the log files with other information and does not seek to identify the user.
    3. The IP address is a series of numbers that can uniquely identify the computers of the internet users. IP addresses can also geographically locate a visitor’s computer. The addresses of the pages visited, as well as the date and time data, are not suitable for identifying the Data Subjects; however, combined with other data, they are able to draw conclusions about users.
    4. During web “surfing”, websites visited by users try to get as much and as accurate information as possible about visitors, about their habits, interest, using various applications. Among these possibilities – in regard to their occurrence – the so-called cookies and web beacons are the most popular. The use of internet cookies raises a number of legal and ethical issues, as cookies are personal data, whereas they give a more precise identification about the user, than the wider known IP address.

    Cookie

    1. The cookie is a alphanumeric information packet with variable content sent by the web server, and is stored on the user’s computer for a predetermined period of validity. The use of cookies allows to query some of the visitor’s data and track his/her internet usage. Thus the cookies can be used to accurately determine the interests of the Data Subject, his/her internet usage patterns, and the history of the visited websites. Since cookies are a kind of tags that allows a web page to recognize a visitor returning to a page, applying these cookies, the site can contain a valid username and password. If, during a visit to a site, a user’s browser sends the previously saved cookie back to the hard disk, the sending service provider may link the current visit to the previous one; however, since cookies are bound to the domain, they can do so only for their own content. Cookies are not capable of identifying the user individually, they are only suitable for recognizing the computer of the visitor.

      Several types of cookies can be distinguished based on their validity period and origin:

    2. Temporary or session cookie
    3. Session cookies are valid only for the current session of the user, their purpose is to prevent data loss (for example, when filling in a longer form). After the session or by closing the browser, these type of cookies will be automatically deleted from the visitor’s computer.
    4. Permanent or saved cookie
      Permanent cookies are valid for days, weeks, months, or years. For the validity period the saved cookies are stored on the computer’s hard disk of the user; however, the user can delete them before the expiration of the predetermined deadlines.
    5. Internal or external cookies
      If the web server of the visited web site installs the cookie on the user’s computer, the type of cookie is an internal one, while, if the source of the cookie is by an external service provider the code included in the website is an external cookie
    6. Cookie settings
      The user can disable or enable cookies on his/her computer by using the computer’s own Internet browser; however, it is important to know that refusing cookies can help protect our personal information but may limit the usability of some websites. Note however, that it is not necessary to use or enable a cookie for a simple browsing. The user can delete cookies from the computer or disable them in the browser. Enabling or disabling cookies is usually done by the user in the Tools / Preferences menu of Internet browsers under the Privacy settings, where the cookie options can be found.
    7. The visitor may delete the previously installed cookies on his/her computer’s hard drive prior to expiration of their validity period. The deletion is usually done in the Tools / Preferences menu of the Internet browser by selecting the Delete option in the History section. It is important to note that deleting any cookies on the computer’s hard drive may cause some web pages to malfunction.

    Cookie management of the website symblify.net 

    1. The purpose of data management: to identify and distinguish users, identify the current session of users, store the data provided during the process, and prevent data loss.
    2. Legal basis of Data Management: Contribution of the data subject. Article 5 (3) of Directive 2002/58/EC.
    3. Scope of data management: identification number, date, and time.
    4. The Service Provider as the operator of the website symblify.net, may install and read back a small data package, a so-called “cookie” on the user’s computer, in order to ensure a more personalised service. If the browser sends a previously saved cookie back, the managing Service Provider can link the user’s current visit to the previous ones, but only for their own content.
    5. Cookies can be deleted from the user’s computer or disabled in his/her browser. Cookies can usually be managed by the user in the Tools / Preferences menu of Internet browsers under the Privacy settings, where the cookie options can be found.
    6. The fact of data management, scope of managed data: Unique ID number, date and time
    7. Scope of data subjects: All visitors of the website.
    8. Purpose of data management: Identifying users and tracking visitors.
    9. Duration of data management, deadline for deleting data: The duration of the data processing in case of the session cookies lasts until the end of the visit of the website, while persistent cookies last for up to 26 (twenty-six) months.
    10. Data controllers entitled to inspect the data: Personal data can be managed by the data management staff in compliance with the above principles.
    11. Information on the rights of data subjects regarding data management: Data subjects may delete the cookies in the Tools / Preferences menu of Internet browsers under the Privacy settings.
    12. Legal basis of data management: Contribution by the data subject is not required provided that the sole purpose of using cookies is communication via the electronic communications network or the Service Provider absolutely requires it in order to provide the information society service specifically requested by the subscriber or user.
    13. The website also periodically uses Hotjar’s web analytics to analyse the behaviour of users. Hotjar analyses user interactions on the website using cookies stored on your computer. The legal basis for web analytics data management is the voluntary contribution of the website’s user. Analytical cookies are anonymous and aggregated data that make it difficult to identify the computer; however, it cannot be excluded.
    14. Hotjar uses analytical cookies More information about cookies used by Hotjar can be found under the following link: https://www.hotjar.com/legal/policies/cookie-information .
    15. Cookies and web beacons vs data protection
      The importance of cookies and web beacons lies in the fact, that they can be used to track the user’s web activity and a precise profile can be created with the help of them. It is not an exaggeration that the advertiser often knows the visitor better than he/she himself/herself. The deliberate use of cookies and the proper provision of information are the responsibility of the service provider; however, users can minimize the risk of unwanted data collection by taking precautionary measures.

    12. COMPLAINT MANAGEMENT

     

    The fact of data collection, the scope of managed data and the purpose of data management:

    Personal Data Purpose of data management
    Name and surname Identification, contact.
    E-mail address Contact.

    Scope of data subjects: All shopping data subjects having quality objections, filing a complaint.

    Purpose of data management: Managing the objections raised by the Service Provider’s services.

    Legal grounds for the data control: consent of the data subject.

    Scope of managed data: Serial number, name and address of customer, name of service, its consideration, date of recourse, date of filing of the complaint, description of the complaint, the claim that the customer wishes to enforce and the way of settling the complaint.

    Term of data management, deadline for deletion of data: The record of the raised objection, the transcript and the copies of the response must be retained for 5 years according to article 7 § 17/A of Act CLV of 1997 on customer protection.

    13. OTHER DATA MANAGEMENT

     

    1. We provide information on data management not specified in this document at the time of the registration of such data.
    2. Please note that the court, prosecutor, investigating authority, offense authority and administrative authority, National Authority for Data Protection and Freedom of Information, Hungarian National Bank as well as other bodies under the authorization of the legislation may request the data processor to provide information, provide and hand over data or provide documents.
    3. Service Provider shall only disclose personal information to the authorities – if the authority has specified the exact purpose and the scope of data – to the extent necessary for the purposes of the request.

    14. STORAGE METHOD OF PERSONAL DATA, SECURITY OF DATA MANAGEMENT, DATA PROTECTION INCIDENT, DATA PROTECTION BREACH

     

    1. Service Provider`s IT systems and other data retention systems are located at its own seat and at its data processor’s as well as on the storage/server of Web Press Hungary Ltd.
    2. Service provider selects and manages the IT tools used to manage personal data in the provision of the service so that the data:
    • is available for those entitled (availability);
    • authenticity and validation are provided (data authenticity);
    • integrity can be verified (data integrity);
    • is protected against unauthorized access (data confidentiality).
    1. Service Provider will protect the data with appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or loss, as well as accidental destruction, harm, as well as unavailability due to any change to the technology used.
    2. In order to provide security to the data stored electronically in its various registers, Service Provider shall ensure, by using suitable technology, that the stored data could not be directly linked and linked to the data subject, unless permitted by law.
    3. Service Provider will employ such technical, structural and organizational measures to defend the security of data management that provides appropriate level of security to the risks arising in connection with data management.
    4. During data management, the service provider shall maintain:
    • confidentiality: to protect information so that only persons authorized are able to aces it;
    • integrity: to protect accuracy and totality of information and method of processing;
    • availability: to ensure that if eligible user needs it, they can actually access the required information and have the tools available for such.
    1. Service Provider’s IT System and network, as well as its partners`, are protected against computer‑assisted fraud, espionage, sabotage, vandalism, fire, flood, furthermore against computer viruses, cyber intrusions and attacks leading to refusal of Services. Service Provider uses server‑level and application‑level protection features to ensure security.
    2. We would like to inform the data subject that electronic messages, protocols (e-mail, web, FTP, etc.) transmitted over the Internet are vulnerable to network threats that lead to fraudulent activity, controversy or disclosure or modification of information. Service Provider shall take all reasonable precautions to protect from such threats. Service Provider shall monitor the Systems in order to record any security deviation and to provide proof in case of all security related events.

    Data security measures:

    1. In order to adequately secure the personal data processed, the data controller and the data processor will implement technical and organizational measures for the fundamental rights of the data subjects, aligned with the risks posed by data management.
    2. The data controller or, in the course of its activities, the data processor shall ensure the security of the data and shall also take the technical and organizational measures and develop the procedural rules necessary to enforce the Privacy Act and other data and confidentiality rules.
    3. The data needs to be protected with appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or loss, as well as accidental destruction, harm, as well as unavailability due to any change to the technology used.
    4. In order to provide security to the data stored electronically in its various registers, it needs to be ensured, by using suitable technology, that the stored data could not be directly linked and linked to the data subject, unless permitted by law.
    5. In the automated management of personal data, the data controller and data processor provide additional measures
    • to refusal access for unauthorized persons to a data management system;
    • to prevent unauthorized reading, copying, modification or removal of data carriers;
    • to prevent unauthorized data entry;
    • to prevent the use of automatic data management systems by unauthorized persons by means of data transmission devices;
    • verifiability and determination of which bodies personal data has been or may be transmitted to by means of data transmitting equipment;
    • verifiability and determination of when and who entered which personal data into the automatic data management systems;
    • the recoverability of installed systems in case of malfunction and
    • reports are prepared on errors occurring during automated management.
    1. The data controller and data processor shall take into account the prevailing development of technology when determining and applying measures for data security. If there are several possible solutions for data management, the one that ensures the highest possible protection of personal data must be chosen unless this would be disproportionate for the data controller.

     

    Data protection breach:

    Data protection breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    Therefore, as soon as the service provider becomes aware that a data protection breach has occurred, the service provider should notify the data protection breach to the Hungarian National Authority for Data Protection and Freedom of Information unless the data protection breach is unlikely to result in a risk to the rights and freedoms of natural persons.

    The notification shall include following:

    • the nature of the data protection breach, the categories and the approximate number of the concerned and relevant data;
    • the name and contact details of the service provider;
    • the likely consequences of a data protection breach;
    • measures taken or planned to remedy or mitigate the data protection incident
    • If the data protection breach is likely to pose a high risk a risk to the rights and freedoms of natural person, the Service Provider shall immediately inform the data subject of the data protection breach.

    The service provider records the data protection breaches.

     

    Following shall be recorded:

    • the scope of the personal data concerned,
    • the scope and number of persons affected by the data protection breach,
    • the date of the data protection breach,
    • the circumstances and effects of the data protection breach,
    • the measures taken to address the data protection breach.
    • other data specified in the law regarding data management.

    The service provider shall retain personal data in the register, relating to the data protection incidents in case of personal data incident, for 5 years and in case of an incident involving specific data, for 20 years.

     

    Breach of data:

    A requirement to the service provider is to set up an institutional framework to protect personal and sensitive data, and his section determines the consequences of the breach of data.

    A breach of data may be any of the following:

    • Loss or theft of confidential or sensitive data or loss or theft of storage device. (e.g.: loss of laptop. computer, USB storage, iPad/Tablet or printed documents);
    • theft of equipment or malfunction;
    • unauthorized use of data or information systems, data modification or unauthorized access;
    • attempts (both successful or unsuccessful) to establish unauthorized access to information or Information technology systems;
    • unauthorized disclosure of confidential or sensitive data;
    • visual or other damage to the website, hacker attack;
    • unforeseen event, e.g. fire or flood;
    • human error

     

    Any individual accessing the data must notify the person designated by the service provider, who will in case of data breach:

     

    • Determine whether the breach is still in progress and if so, it will take immediate steps to put an end to it;
    • review the consequences and damage;
    • determine who should be notified (including the police);
    • establish the consequences of the breach, including those affected by the breach of data, and all other consequences;
    • establish the reporting obligations arising from the breach of data, and
    • take the necessary steps to prevent future data breaches.

    15. TERMS AND CONDITIONS OF CONVERSION TRACKING, WEBSITE BASED UNIQUE TARGET AUDIENCES AND MOBILE APPLICATION BASED UNIQUE TARGET AUDIENCES

     

    1. Facebook provides features and tools (such as pixels, SDKs, and APIs), which can be placed on its site or in mobile applications to send data about people’s actions on its site or mobile application (hereinafter referred to as “event data”) to Facebook for conversion tracking (hereinafter referred to as “conversion tracking”), creating a unique target audience from people visiting his/her website (hereinafter referred to as “website based unique target audience”) or creating a unique target audience from people visiting his/her mobile application (hereinafter referred to as ” mobile application based unique target audience”), By clicking on the “I agree” button or using these features and tools, you agree to the following terms:
    2. Facebook uses the received event data to provide the Service Provider with analytical data about the effectiveness of their ads and about use of his/her website / application and to create his/her target group (according to the specific functions selected for use) – according to his/her Privacy Policy (https://www.facebook.com/about/privacy/). Event data also allows us to better target ads and to optimize our systems. In connection with this type of targeting and optimization, Facebook: (i) only use event data collected from the Service Provider’s site or mobile application to optimize your ads after it has been aggregated by other advertisers or other data collected on Facebook and (ii) does not allow other advertisers or third parties to target their ads exclusively based on event data collected from the Provider’s site or mobile application.
    3. Event data will not be disclosed to other advertisers or third parties except when a user has given us permission to do so or if we are legally obliged to do that. Facebook preserves the confidentiality and security of event data, with such technical and physical security measures, intended to (a) protect the security and integrity of the data when they are found on the system of Facebook and (b) protection against accidental or unauthorized access, use, modification or disclosure of data on the system of Facebook.
    4. The Service Provider undertakes and confirms that he/she places a definite and appropriate notice to his/her users and asks the user’s consent in advance for the event data collected and used for targeted online ads. Such notifications should include the following minimum requirements:
    5. In case of use of conversion tracking or website based unique target audience, there must be a clear and visible link to such features on each page containing Facebook generated pixels that points to such a privacy policy, which clearly states that (a) third-party cookies, web beacons, and similar technologies can collect or receive data about the website and other websites, and may use these data to provide measurement services or specify target ads and (b) how users can reject data collecting and use for targeting ads, and (c) where users can reach the mechanism implementing this decision (e.g. by placing a link to the website www.aboutads.info/choices).
    6. When using a custom target audience created by the usage of a mobile application, of any privacy policy or any store or website that distributes the application, an unambiguous and discernible link must be present that is easily accessible from the application settings, that also refers to that part of the privacy policy which unambiguously states that (a) a third party may collect or receive data from the application and other applications and may use these data to provide assessment services or target ads; and (b) how and where users can refuse the data collection and usage that was intended to target such ads.
    7. The Service Provider undertakes not to transmit or disclose personal data to Facebook and the data obtained in connection with these terms will not be combined with personal data. The Service Provider also undertakes not to disclose any data to Facebook, which are according to his/her knowledge or are reasonably suspected by the Service Provider from persons below 18 years pf age or are in the categories of health, financial or other sensitive data.
    8. The Service Provider informs users that Facebook may place notices in and around the Service Provider’s ads, which states that the ad is targeted, and the Service Provider informs users that such notices are not modified, excluded, and otherwise does not interfere his/her operation, including any technical components that allow users to access mechanisms of additional information or options.
    9. The Service Provider informs the user that Facebook may at any time modify, suspend, or terminate access to the functions of conversion tracking, the access to the sites-specific audiences and the target audience created using the mobile app, and can terminate the apps availability. The Service Provider may stop using the features at any time. The Service Provider may at any time delete his/her target audience from the system of Facebook using account management tools.
    10. If the Service Provider uses any of these features on behalf of a third party, it also declares and warrants that as such agent of the party has the right to use such data in his/her name and may require such party to comply with these Terms of Use.
    11. The following terms define the use of conversion tracking, target audiences created on the basis of the website and target audiences created on the basis of the mobile application by the Service Provider. These features are part of “Facebook” as part of the Facebook Terms of Services (https://www.facebook.com/legal/terms, “ToS”), and use of these features by the Service Provider shall be deemed to be part of the operations carried out by the Service Provider on “Facebook”. These terms do not replace any terms of services that apply to the purchase of an advertising database by the Service Provider from Facebook, and such terms of use will continue to apply to the Service Provider’s advertising campaigns that use conversion tracking, target audiences created on the basis of the website and target audiences created on the basis of the mobile application. If there is any contradiction between these Terms and the ToS, only these Terms will govern in case of conversion tracking, target audiences created on the basis of the website and target audiences created on the basis of the mobile application and only in the degree of contradiction. The Service Provider informs the user that Facebook reserves the right to monitor and audit the performance of these Terms of Service by the Service Provider, as well as the periodic update of this Terms of Service, and the continued use by the Service after these changes means acceptance by the Service Provider.
    12. The purpose of data management: To share and like certain content elements, products, sales or the website itself on facebook.com.
    13. Information about the duration of the data processing, data controllers entitled to inspect the data, description of the rights of the Data Subjects associated with data management: The involved Data Subject may inform about the source of data, its transmittance and legal basis on the following website: http://www.facebook.com/about/privacy/
    14. The data management is carried out on facebook.com, thus, the duration and mode of the data management as well as deletion and modification of the data are subject to the community rules of the social network site facebook.com: (http://www.facebook.com/legal/terms?ref=pf), (http://www.facebook.com/about/privacy/).
    15. Legal basis of data management: The Data Subject’s consent for managing his / her personal data on facebook.com.
    16. LinkedIN provides features and tools (such as pixels, SDKs, and APIs), which can be placed on its site or in mobile applications to send data about people’s actions on its site or mobile application (hereinafter referred to as “event data”) to LinkedIN for conversion tracking (hereinafter referred to as “conversion tracking”), creating a unique target audience from people visiting his/her website (hereinafter referred to as “website based unique target audience”) or creating a unique target audience from people visiting his/her mobile application (hereinafter referred to as ” mobile application based unique target audience”). Data management is carried out on linkedin.com, the relevant rules can be accessed from the following website: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

    16. DOWNLOAD, PURCHASE OF APPLICATION

                                                                                                   

    1. Symblify applications are available from the App Store for Apple ID users. The App Store’s Privacy Policy is available at the website: https://www.apple.com/legal/privacy/hu/ .
    2. A Symblify applications can be downloaded for private use („Symblify – Life Made Simple” application) and for business purposes („Symblify Business” application). When downloading “Symblify – Life Made Simple”, the user can purchase the product from the App Store.
    3. The „Symblify Business” can be downloaded free of charge by the user from the App Store, after which the user can purchase activation codes via e-mail, which are freely used for the period in accordance with a written agreement between the parties.
    4. Symblify applications use only anonymized data and aggregated data, which are not suitable for identifying the user, and collects aggregated data about the user (e.g. time spent on certain screens, bugs, topics, selected cards). The purpose of the data collection is to continuously improve the user experience.
    5. The same rules apply for the applications „Symblify – Life Made Simple” and „Symblify Business” as for the website.

    17. LEGAL REMEDY OPTIONS

     

    1. The data controller assesses prior to the planned data management what effects the planned data management will have on the fundamental rights of data subjects regarding its circumstances, and in particular its purpose, the scope of data subjects the technology used in data management operations.
    2. If, according to the risk assessment in section 15.1, the planned data management will have substantial effects on the data subject’s exercise of a fundamental rights (hereinafter referred to as high-risk data management), the data controller shall – with the exception of mandatory data management –, prior to data management, prepare a written analysis of the expected impacts of planned data management on the enforcement of the fundamental rights of the data subject (hereinafter referred to as data protection impact assessment).
    3. If the Authority classifies a particular type of data management as high risk data management and publishes this statement, and due this statement the intended data management involves the use of an identical or similar type of operation or series of operations as used in this data management, a high risk of data management shall be presumed.
    4. If the Authority classifies a particular type of data management as non-high-risk data management and publishes this statement, and due this statement the intended data management involves the use of an identical or similar type of operation or series of operations as used in this data management, a non-high risk of data management shall be presumed.
    5. The data protection impact assessment includes at least a general description of the planned data management operations, the description and nature of the risks identified by the data controller, threatening the fundamental rights of the data subject, the measures designed to address these risks and to ensure the enforcement of the right to personal data applied by the data controller.
    6. Judicial remedies, the complaint may be filed to the National Authority for Data Protection and Freedom of Information:
    • Name: National Authority for Data Protection and Freedom of Information
    • Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
    • Postal address: 1530 Budapest, Pf.: 5.
    • Phone: 06 1 391 1400
    • Fax: 06 1 391 1410
    • E-mail: ugyfelszolgalat@naih.hu

    18. JUDICIAL ENFORCEMENT OF RIGHTS

     

    1. Without the violation of available administrative or non-judicial remedies including the right to complain to the supervisory authority, all the data subjects are entitled to an effective judicial remedy, if the data subject considers that his or her rights under this regulation have been infringed as a result of his inadequate handling of his or her personal data.
    2. Legal proceedings against the data controller or data processor shall be initiated before the court of the member state in which the data controller or data processor is established. Such proceedings may also be instituted before the courts of the data subjects the habitual residence, unless the data controller or the data processor is a public authority in the member state.

    19. COMPENSATION

     

    1. Any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation from the controller or processor for the damage suffered.
    2. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
    3. A controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.
    4. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject.
    5. Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the consent person’s residence.

    20. FINAL PROVISIONS

     

    1. This privacy policy is approved by the service provider. The service provider reserves the right to modify this policy.
    2. This regulation will enter into force on August 26, 2018.
    3. During the making of the regulation the service provider paid attention to the following legislation:
    • Act CXII of 2011 on the Right of Informational Self Determination and on Freedom of Information (Privacy Act);
    • Act V of 2013 on the Civil Code (Civil Code);
    • Act XIX. of 1998 on Criminal Proceedings (Criminal Proceedings);
    • Act C of 2000 on Accounting (Accounting Act);
    • Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services (E Commerce Act);
    • Act C of 2003 of electronic communications (Electronic Communications Act);
    • Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators (Security Services Act);
    • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Business Advertising Act);
    • Act II of 2012 on offences, the procedure in relation to offences and the offence record system (the “Act on Offences”)
    • Act CLIX. of 2012 on postal services (Postal Services Act)
    • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);

     

    26 August, 2018

    Symagine Lab Ltd.

    GET OUR FREE TOOL!

    How do you manage in difficult situations?

    Check your personal style!

    5-steps survey + bonus tips on how to make it easy

    Success! We sent you a confirmation e-mail. Check your e-mail to get the questionnaire.

    Pin It on Pinterest