Privacy Policy
1.1. Csipai Árpád E.V. (tax number: 69692321-1-43) (hereinafter referred to as the “Data Controller”) processes the data of visitors to the website www.csipaiarpad.com (hereinafter referred to as the “Website”), registered users using the Website and registered users using the services available on the Website (hereinafter collectively referred to as the “Data Subject”). 1.2 In connection with the processing of data, the Data Controller hereby informs the Data Subjects about the personal data processed by the Data Controller on the Website, the principles and practices followed in the processing of personal data, as well as the ways and means of exercising the rights of the Data Subjects.
Definitions
2.1.Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data; 2.2.Personal data: data that can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference that can be drawn from the data concerning the data subject; 2. 3. consent: a voluntary and freely given indication of the data subject’s wishes, based on adequate information, by which he or she signifies his or her unambiguous agreement to the processing of personal data concerning him or her, whether in full or in part; 2.4. objection: a data subject’s objection to the processing of his or her personal data and request that the processing be stopped or that the data processed be erased; e. data controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and executes decisions regarding the processing (including the means used) or has them executed by a processor on its behalf; 2.5. processing: any operation or set of operations which is performed upon the data, whatever the procedure used, in particular collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as the prevention of further use of the data;
2.6. data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data; 2.7. ‘data processor’ means a natural or legal person or an unincorporated body which, under a contract with a controller, including a contract concluded pursuant to a legal provision, processes data; 2.8. 9. disclosure: making data available to any person; 2.10. erasure: rendering data unrecognisable in such a way that their recovery is no longer possible; 2.11. blocking: marking data with an identification mark in order to limit their further processing permanently or for a specified period; 2. 2.13. ‘third party’ means a natural or legal person or unincorporated body other than the data subject, the controller or the processor.
Legal basis for processing
3.1 Data processing by the Data Controller is subject to the voluntary consent of the Data Subject pursuant to Article 5(1)(a) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Info.tv.) and to the provisions of the Act on Electronic Commerce Services and Certain Aspects of Information Society Services of 2001. 3.2 The Data Subject gives consent to the processing of personal data by using the services provided by the Controller, by registering, by using the Controller’s website, by filling in certain questionnaires, by voluntarily providing his/her personal data.
3.3 Consent covers in particular the following data processing operations: collection, recording, recording, organisation, storage, alteration, use, disclosure, transmission, alignment or combination, blocking, erasure and destruction of data.3.4 Consent may be given by the legal representative on behalf of a minor under the age of 14 and of a Data Subject who is otherwise incapacitated. A minor over the age of 14 but under the age of 16 and an otherwise incapacitated Data Subject may give consent to data processing with the consent or subsequent consent of his or her legal representative. 3.5 A Data Subject who is a minor over the age of 16 may give consent on his or her own, and the consent or subsequent consent of his or her legal representative is not required for the validity of his or her declaration. The Data Controller is not in a position to verify the eligibility of the person giving the consent or to know the content of the legal representative’s declaration, so the Data Subject or his/her legal representative guarantees that the consent is in accordance with the law. The Data Controller shall consider the consent of the legal representative to be duly given when using the service.
Purpose of data processing
4.1 The Data Controller stores and manages the data provided by the Data Subject during registration for the sole purpose of providing the services available on the Website, maintaining contact, identifying the user and sending newsletters.
4.2 The Controller will not use the personal data provided for purposes other than those set out above.
5. Duration of processing
5.1 The processing of the Data Subject’s personal data lasts from the time of disclosure of the data until the data is deleted by the Data Controller. 5.2 The processing carried out by the Data Controller for each processing purpose shall, in the absence of an earlier deletion at the request of the Data Subject, be for a specified period of time, which shall be 1 year. 5.3 The Data Subject’s consent to receive the newsletter can be terminated by using the unsubscribe link at the bottom of the newsletter or by contacting the Data Controller’s customer service. 5.4 Deletion from the database may also be made at the request of the Data Subject, so that the processing of data – within the periods specified above – shall continue until the Data Subject explicitly requests the Controller to delete his/her data.
5.6 The above provisions are without prejudice to the fulfilment of legal obligations of retention, such as those arising from accounting requirements. The data of the services used by the Data Controller’s customers will also appear on the invoice and other accounting documents, and these data cannot be deleted due to accounting requirements. 5.7 The processing of the personal data provided when sending the contact form will continue until the Data Subject requests the deletion of the data thus provided. The deletion of the data may take place at any time after the request for deletion has been sent (by post or email). In this case, the deadline for erasure is 5 working days after receipt of the request.
Scope of personal data processed
6.1.To order products on the Website, the Data Subject must provide the following data: name, telephone number, e-mail, company name, account address, delivery address 6.2.To order product samples on the Website, the Data Subject must provide the following data: name, e-mail address, telephone number 6.3.Technical data The Data Controller may collect anonymous demographic or business data from the Data Subjects, which, due to anonymity, are not considered personal data. When using the Controller’s website, technical information sent by the Data Subject’s browser is stored in Server Log files. 6.4. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the data saved during the Data Subject’s current visits to the data saved during previous visits, but only with regard to its own content. The Data Controller uses the following cookie:
– Session cookie: session cookies are automatically deleted after the Data Subject’s visit. These cookies are used to enable the Controller’s Website to function more efficiently and securely, and are therefore essential to enable certain features of the Website or certain applications to function properly. – Persistent cookie: a persistent cookie is also used by the Controller to provide a better user experience (e.g. to provide optimised navigation). These cookies are stored for a longer period of time in the browser’s cookie file. The duration of this cookie depends on the settings of the Data Subject’s internet browser. The “Help” function in the menu bar of most browsers provides information on how the Data Subject can – disable cookies in their browser, – accept new cookies, – instruct their browser to set a new cookie, or – turn off other cookies.
Data of the data controller
7.1 Company name: Csipai Árpád E.V. Info Email: info@csipaiarpad.com Tax number: 69692321-1-43
Who has access to the data
8.1 The Data may be accessed primarily by the Data Controller or its internal staff. 8.2. The Service Provider is not responsible for the data processing practices of such external parties.
8.3 In addition to the above, the transfer of personal data concerning the User may only take place in cases provided for by law or with the User’s consent.
Websupport Hungary Ltd. Company registration number: 01-09-025725
Tax number: 25138205-2-41
Community tax number: HU25138205
Registered office: 1132 Budapest, Victor Hugo utca 18-22.
Bank account: OTP 11742001-29904501-00000000
SWIFT: OTPV-HU-HB
IBAN: HU85117420012990450100000000
Data processing registration number: NAIH-91865/2015.Activity.
Data security
9.1 The Data Controller shall ensure the security of personal data, and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the Infotv. and other data protection and confidentiality rules. 9.2 The Data Controller shall protect personal data in particular against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, as well as against accidental destruction or damage.
9.3 When transmitting data on the Data Controller’s website, the so-called SSL (Secure Socket Layer) security technology is used, which provides encrypted data transmission and a high level of data security.
Request information, rectification, erasure, blocking of data
10.1.The Data Subject may – request information on the processing of his/her personal data – request the rectification of his/her personal data – request the erasure or blocking of his/her personal data – object to the processing of his/her personal data 10.2.The Data Controller may refuse to provide the Data Subject with information only in the cases specified in Article 9 (1) and Article 19 of the Data Protection Act.
10.3 At the request of the Data Subject, the Controller shall provide information about the data processed by the Controller or by the Data Processors it has appointed, the purposes, legal basis and duration of the processing, the names and addresses of the Data Processors and their activities related to the processing, as well as who is receiving or has received the data and for what purposes. 10.4 The Data Controller shall rectify personal data which is not accurate. 10.5. Personal data shall be deleted if – the processing is unlawful – the data subject requests the deletion of the data – the data is incomplete or inaccurate – and this situation cannot be lawfully corrected – provided that deletion is not precluded by law – the purpose of the processing has ceased – the statutory period for storing the data has expired – the deletion has been ordered by a court or the National Authority for Data Protection and Freedom of Information
User rights and how to enforce them
11.1.The Data Subject may object to the processing of his or her personal data on the grounds set out in Article 21 of the Data Protection Act. In this case, the Data Controller shall examine the objection within 15 (fifteen) calendar days from the date of the request and inform the applicant in writing of the outcome of the objection. 11.2 If the Data Subject disagrees with the decision of the Data Controller or if the Data Controller fails to comply with the time limit, the Data Subject may, within 30 (thirty) calendar days from the date of notification of the decision or the last day of the time limit, take the matter to court.
11.3 In the event of a violation of his/her rights, the Data Subject may apply to a court, specifically to the competent court, in the capital city to the Metropolitan Court of Budapest, as provided for in Article 22 of the Information Act. Legal remedies and complaints may also be lodged with the National Authority for Data Protection and Freedom of Information.
Unilateral modifiability
12.1 The Data Controller reserves the right to unilaterally amend this Privacy Notice.
12.2 The Data Controller shall publish the current version of this Privacy Notice on its website. By using the services provided by the Data Controller, the Data Subject accepts the amended Privacy Notice by acting on his/her own initiative.