Privacy, Data Protection and Cookie Policy

 

Purpose and scope of the Prospectus

 

The purpose of this Notice is to set out the data protection and privacy principles applied by www.vinoapartman.com and the company's data protection and privacy policy, which the company, as data controller, acknowledges as binding.

This Notice sets out the principles for the processing of Personal Data provided by Users on the Website.

In drafting the provisions of the Prospectus, the Company has taken particular account of the requirements of Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), the provisions of the 2011 Regulation on the right to information self-determination and freedom of information. The provisions of Act CXII of 2011 on Information Privacy and Freedom of Information ("Infotv."), Act V of 2013 on the Civil Code ("Civil Code") and Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities ("Act XLVIII").

Unless otherwise stated, the scope of this Policy does not cover services and data processing related to promotions, sweepstakes, services, other campaigns, content published by third parties other than the Data Controller, advertising on certain Websites referred to in this Policy or otherwise appearing on such Websites. Likewise, unless otherwise indicated, the services and data processing of websites, service providers to which there is a link on the website covered by this Policy shall not be subject to this Policy. Such services shall be governed by the provisions of the third party service provider's privacy policy and the Data Controllers shall not be liable for any such processing.

 

 

Definitions of terms

 

Processing: any operation or set of operations which is performed on Personal Data, regardless of the procedure used, in particular the collection, recording, organisation, structuring, storage, adaptation, alteration, use, consultation, consultation, disclosure, communication, transmission, dissemination or otherwise making available, disclosure, alignment or combination, restriction, erasure and destruction of Personal Data.

Data Controller: the person who, alone or jointly with others, determines the purposes and means of the Processing.

For the Services referred to in this Notice, the following are considered Data Controllers.

 

 

Zoltán Rab, Zseb köz 1., Heves, 3300, Eger; Data Controller,

Krisztina Rab, Zseb köz 1., Heves, 3300, Eger; Data Controller,

Gácsi Krisztián, Liliom u. 24., BZ, 3434, Mályi; Data Controller.

 

 

Notwithstanding the terms of the agreement referred to herein, the User may exercise its rights under the GDPR in relation to and against each of the Data Controllers.

 

 

Personal data or information: any data or information that allows a natural person User to be identified, directly or indirectly.

Data Processor: a service provider who processes personal data on behalf of the Data Controller. For the services referred to in this Notice, Data Processors may be:

Website(s): the lelkemtitka.hu website operated by the Data Controller, and the subpages of this website and its community services.

Service(s): the services operated by the Data Controller and provided by the Data Controller which are available on the Website.

User: a natural person who registers for the Services and, in doing so, provides the data listed in Section III below.

External Service Providers: third party service partners used by the Data Controller, either directly or indirectly, in connection with the operation of certain Sites or the provision of services available through the Sites, to whom Personal Data are or may be transferred in order to provide their services, or who may transfer Personal Data to the Data Controller. Third party service providers are also those service providers that are not in cooperation with the Data Controller, but which, by accessing the websites of the Services, collect data about Users, which may be used to identify the User, either individually or in combination with other data.

Notice: this Privacy Notice of the Data Controller.

 

 

 

 

Scope of Personal Data processed

 

When the User visits the interface of a Website, the IP address of the User is automatically recorded by the Controller's system.

Based on the User's choice, the Data Controller may process the following data in connection with the use of the services available through the Website: nickname, telephone number, e-mail address, IP address of last access, date of last access.

If the User sends an e-mail (e.g. message, reader mail) to a Service, the Data Controller records the User's e-mail address and processes it to the extent and for the duration necessary for the provision of the Service.

In the course of its content editing activities, the Data Controller processes the data of all natural persons who have contributed to the production of the content, either as a source or by being linked to the edited content. In this case, the Personal Data most commonly processed by the Data Controller may include: the name, position, job title, age, place of residence of the data subject, or other data indicating how the data subject relates to the subject matter of the edited content.

If the User chooses to link his/her Facebook account to his/her www.ITgold.hu account, the Data Controllers may process the following Personal Data of the User in addition to those referred to above: facebook profile name, facebook profile URL, facebook profile ID, facebook profile picture, facebook profile picture, facebook email address, facebook address, facebook gender, birthday, profile profile and website url.

Notwithstanding the foregoing, a service provider technically related to the operation of the Services may carry out data processing activities on one of the Sites without informing the Data Controller. Such activity shall not constitute processing by the Controller. The Controllers shall use their best endeavours to prevent and detect such processing.

 

 

 

 

Additional data processed by the Data Controller

 

The Data Controllers place a small data package (a so-called "cookie") on the User's computer in order to provide a personalised service. The purpose of the cookie is to ensure the highest possible quality of the operation of the site, to provide personalised services and to enhance the user experience. The User can delete the cookie from his/her computer or set his/her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without cookies the functionality of the site is not fully functional. The Site also places Google and Facebook cookies on the User's computer for the purpose of compiling statistics.

 

 

4.2 Data technically recorded in the course of the operation of the systems: the data of the User's computer logging in, which are generated during the use of the Service and which are recorded by the Data Controllers' system as an automatic result of technical processes. The automatically recorded data are automatically logged by the system at the time of logging in or logging out, without any specific declaration or action by the User.

 

 

 

 

 

Purpose, legal basis for processing

 

The purposes of the processing carried out by the Data Controllers:

 

1. online content delivery;
2. aIdentifying the User, contacting the User;
3. aIdentification of the User's rights (the services that the User can use);
4. to facilitate the customisation of the services and advertisements used by the user and the use of convenience features;
5. handling and managing requests from individual users;
6. statistics, analyses;
7. direct mail (e.g. newsletter, eDM, etc.)
8. Providing a platform (hosting) for publishing user-generated content (e.g. comments, chat, etc.);
9. in the case of social services (comments linked to columns, certain blogs), to ensure that Users can identify each other and communicate with each other;
10. in individual cases, organising and running prize draws, contacting the winners and providing them with prizes;
11. technical development of the IT system;
12. protect the rights of Users;
13. the legitimate interests of the Data Controller.

 

The Data Controller may process Personal Data for any of the processing purposes described above.

 

The Controller will not use the Personal Data provided for purposes other than those described in these points.

 

 

The processing is based on the voluntary, prior and duly informed consent of the Users, which includes their express consent to the use of their Personal Data provided by them when using the Site and the Personal Data generated about them. In the case of processing based on consent, the User has the right to withdraw his/her consent at any time, without prejudice to the lawfulness of the processing prior to the withdrawal.

The Data Controller records the User's IP address when the User accesses each Website in connection with the provision of the Service, in the legitimate interest of the Data Controller and for the lawful provision of the Service (e.g. to filter unlawful use or unlawful content), without the User's consent.

 

In addition to the User's voluntary consent, the legal basis for the processing of data within the framework of the content service or in connection with it may be the following.

 

 

 

legitimate interest and the fundamental rights to information and expression, within the limits set by law.

 

In cases where the legal basis for processing is the substantial legitimate interest of the Controller, the Controller has and may in the future, in accordance with the relevant provisions of the GDPR, carry out an interest balancing test to demonstrate that the legitimate interest of the Controller in relation to the processing is overriding the rights and freedoms of the data subject in relation to the processing. The Controller shall, upon request, provide the data subject with information in relation to this paragraph as set out in this Notice.

 

 

Transfers of Data to Processors as set out in this Policy may be made without the User's specific consent. Unless otherwise provided by law, the disclosure of personal data to third parties or public authorities is only possible on the basis of a decision by a public authority or with the prior express consent of the User.

 

The User warrants that the consent of the natural person concerned has been obtained lawfully for the processing of personal data provided or made available by him/her in the course of using the Services (e.g. when publishing content generated by the User, etc.). All responsibility for User Content uploaded and shared by the User on the Services rests with the User.

By providing any User's e-mail address and the data provided during registration (e.g. username, ID, password, etc.), the User also assumes responsibility for the fact that he/she will use the service exclusively from the e-mail address provided and using the data provided. In view of this assumption of responsibility, any liability for accessing the service from an e-mail address and/or using the data provided shall be borne solely by the User who registered the e-mail address and provided the data.

 

 

 

 

Principles and methods of data processing

 

The Data Controller shall process Personal Data in accordance with the principles of good faith and fairness and transparency, as well as in accordance with the applicable laws and the provisions of this Notice.

The Data Controller uses the Personal Data necessary for the use of the Services on the basis of the consent of the User concerned and only for the purposes for which they are collected.

The Controller processes Personal Data only for the purposes set out in this Notice and in the applicable laws. The scope of the Personal Data processed shall be proportionate to the purpose of the processing and shall not go beyond that purpose.

In all cases where the Data Controller intends to use the Personal Data for a purpose other than that for which it was originally collected, the Data Controller shall inform the User and obtain his or her prior explicit consent or provide the User with the opportunity to object to such use.

 

 

The Data Controller does not verify the Personal Data provided. The person providing the Personal Data is solely responsible for the correctness of the Personal Data provided.

The Personal Data of a person under the age of 16 may be processed only with the consent of the person who has parental authority over him or her. The Data Controller is not in a position to verify the eligibility of the person giving consent or the content of his or her declaration, so the User or the person having parental authority over him or her guarantees that the consent is in accordance with the law. In the absence of a declaration of consent, the Data Controller shall, when using the Service, store Personal Data relating to a data subject under the age of 16

 

 

except for the IP address used, which is automatically recorded due to the nature of Internet services.

 

 

The Data Controller will not transfer the Personal Data processed to third parties other than the specified Data Processors and, in certain cases referred to in this Notice, to External Service Providers.

An exception to the provisions of this point is the use of data in aggregate statistical form, which may not contain any other data that can identify the User concerned, and therefore does not constitute Data Processing or data transfer.

 

The Data Controller may, in certain cases - formal judicial or police requests, legal proceedings for infringement or reasonable suspicion of infringement of copyright, property rights or other rights, damage to the interests of the Data Controllers, endangerment of the provision of the Services, etc.

 

- make available to third parties the Personal Data of the User concerned.

 

 

The Data Controller's system may collect data on the activity of Users, which cannot be linked to other data provided by Users at the time of registration, nor to data generated by the use of other websites or services.

The Data Controller shall notify the User concerned and all those to whom the Personal Data was previously transmitted for the purpose of processing of the rectification, restriction or deletion of the Personal Data processed. The notification may be omitted if this does not harm the legitimate interests of the data subject with regard to the purposes of the processing.

The Data Controller shall ensure the security of Personal Data, take technical and organisational measures and establish procedural rules to ensure that the data collected, stored and processed are protected and to prevent their accidental loss, unlawful destruction, unauthorised access, unauthorised use and unauthorised alteration, unauthorised disclosure. The Data Controller shall invite all third parties to whom it transfers Personal Data to comply with this obligation.

In view of the relevant provisions of the GDPR, the Data Controller is not obliged to appoint a Data Protection Officer.

 

 

 

 

Duration of Data Processing

 

7.1 Automatically recorded IP addresses are stored by the Data Controllers for a maximum of 7 days after their recording.

 

 

In the case of e-mails sent by the User, if the User is not otherwise registered, the requested Data Controller shall delete the e-mail address 90 days after the closure of the case referred to in the request, unless in a specific case the legitimate interest of the Data Controller justifies the continued processing of the Personal Data, until the Data Controller's legitimate interest has been established.

The processing of the Personal Data provided by the User will continue until the User unsubscribes from the Service with the given username or otherwise requests the deletion of the Personal Data. In this case, the Personal Data will be deleted from the Controller's systems.

 

The Personal Data provided by the User - even if the User does not unsubscribe from the Service or has only terminated the access by cancelling his/her registration, and the comments and uploaded content stored therein remain - may be processed by the Data Controller until the User explicitly requests in writing that the processing of such data be terminated. The User may, without unsubscribing from the Service, request the termination of the Processing

 

 

 

your right to use the Service is not affected by your request, but you may not be able to use certain Services if you do not provide Personal Data.

 

 

In the event of unlawful or fraudulent use of Personal Data or in the event of a criminal offence or system attack committed by the User, the Data Controller is entitled to delete the Personal Data immediately upon termination of the User's registration, but is also entitled to retain the Personal Data for the duration of the proceedings in the event of suspected criminal offences or civil liability.

Data which are automatically, technically recorded during the operation of the system are stored in the system for a period of time from the moment they are generated which is reasonable to ensure the operation of the system. The Data Controller shall ensure that these automatically recorded data cannot be linked to other Personal Data, except in cases required by law. If theUser has withdrawn his/her consent to the processing of his/her Personal Data or has unsubscribed from the Service, his/her identity will no longer be identifiable from the technical data, except for investigative authorities or their experts.

If a court or public authority has issued a final order for the erasure of the Personal Data, the erasure shall be carried out by the Data Controller. Instead of deletion, the Controller shall, after informing the User, restrict the use of the Personal Data if the User so requests or if, on the basis of the information available to it, it is likely that deletion would harm the legitimate interests of the User. The Personal Data shall not be deleted by the Controller as long as the processing purpose which precluded the deletion of the Personal Data is still valid.

 

 

 

 

Rights of the User, how to enforce them

 

The User may request that any Data Controller inform him/her whether it processes his/her Personal Data and, if so, provide him/her with access to the Personal Data processed by it.

The Personal Data provided by the User in connection with a particular Service can be viewed in the access control settings of the Services or on the profile pages for each Service.

 

Notwithstanding the foregoing, the User may request information about the processing of Personal Data at any time in writing, by registered or certified mail sent to any of the Data Controllers' addresses or by e-mail to adatkezeles@itgold.hu . A request for information sent by mail shall be considered authentic by the Data Controller if the User can be clearly identified from the request sent. A request for information sent by e-mail shall be considered authentic by the Data Controller only if it is sent from the registered e-mail address of the User, but this does not preclude the Data Controller from identifying the User in another way before providing the information.

 

The request for information may cover the data of the User processed by the Data Controller, their source, the purpose, legal basis and duration of the processing, the name and address of any Data Processor, the activities related to the processing and, in case of transfer of Personal Data, who has received or is receiving the User's data and for what purpose.

 

 

The User may request the correction or modification of his/her Personal Data processed by the Data Controller. Taking into account the purpose of the Processing, the User may request the completion of incomplete Personal Data.

The Personal Data provided by the User in connection with a particular Service may be modified in the access control settings of the Services or on the profile pages for each Service. Personal Data

 

 

 

once the request to modify the data has been fulfilled, the previous (deleted) data can no longer be restored.

 

 

The User may request the erasure of his/her Personal Data processed by the Data Controller.

Deletion may be refused (i) for the exercise of the right to freedom of expression and information, or (ii) where the processing of Personal Data is authorised by law; and (iii) for the establishment, exercise or defence of legal claims.

 

The Data Controller shall inform the User of the refusal of the request for erasure in each case, indicating the reasons for the refusal. Once the request for erasure of personal data has been complied with, the previous (erased) data can no longer be restored.

 

 

The User may request the Controller to restrict the processing of his/her Personal Data if the User contests the accuracy of the Personal Data processed. In such case, the restriction shall apply for the period of time that allows the Controller to verify the accuracy of the Personal Data. The Controller shall mark the Personal Data it processes if the User contests its accuracy or correctness but the incorrectness or inaccuracy of the contested Personal Data cannot be clearly established.

The User may request that the Controller restrict the processing of his/her Personal Data even if the processing is unlawful, but the User opposes the erasure of the processed Personal Data and instead requests the restriction of their use.

 

The User may also request that the Controller restrict the processing of his or her Personal Data if the purpose of the processing has been achieved, but the User requires the Controller to process the Personal Data in order to advance, assert or defend legal claims.

 

 

The User may request that the Data Controller transfers the Personal Data provided by the User and processed by the User in an automated way to the Data Controller in a structured, commonly used, machine-readable format and/or to another data controller.

The User may object to the processing of his or her Personal Data (i) if the processing of the Personal Data is necessary for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller or a third party; (ii) if the processing is for direct marketing, public opinion polling or scientific research purposes; or (iii) if the processing is necessary for the performance of a task carried out in the public interest. The Data Controller shall examine the lawfulness of the User's objection and, if the objection is justified, shall terminate the processing and block the Personal Data processed and notify the objection and the action taken in response thereto to the persons to whom the Personal Data concerned by the objection have been disclosed.

 

 

 

 

Data processing

 

The Data Controller uses Data Processors to carry out its activities.

Processors do not take independent decisions, they are only entitled to act in accordance with the contract concluded with the Data Controllers and the instructions received. Processors shall, from 25 November 2019, process Personal Data transferred to them by Data Controllers and processed or handled by them in accordance with the provisions of the GDPR

 

 

are recorded, processed or handled in accordance with the Data Protection Law and a declaration is made to the Data Controller.

 

 

The Data Controller shall monitor the work of the Data Processors.

The Processor shall be entitled to use an additional processor only with the consent of the Controller.

 

 

 

 

External service providers

 

The Data Controller uses External Service Providers in connection with the provision of the Services in a number of cases, with which the Data Controller cooperates.

Personal Data processed in the systems of Third Party Service Providers is governed by the Third Party Service Providers' own privacy notices. The Data Controller shall use its best efforts to ensure that the External Service Provider processes the Personal Data transferred to it in accordance with the law and uses it only for the purposes specified by the User or set out in this Policy. The External Service Providers may use the information

 

the Personal Data transmitted to them by the Data Controller and processed or processed by them are recorded, processed or processed in accordance with the provisions of the GDPR and a statement to that effect is provided to the Data Controllers.

The Data Controller shall inform the Users about the data transfers to External Service Providers in the framework of this Notice.

 

 

External service providers facilitating registration or login

 

In connection with the provision of the Services, the Data Controllers cooperate with Third Party Service Providers that provide registration and login facilitating applications for Users. In the context of this cooperation, certain Personal Data (e.g. IP address, e-mail, registration name) may be transferred by these External Service Providers to the Data Controller and/or the Data Processor. These External Service Providers collect, process and transfer Personal Data in accordance with their own privacy policies.

 

External Service Providers that cooperate with the Data Controller to facilitate registration or login: Facebook Inc, Google LLC.

 

 

Web analytics and ad serving External service providers

 

In connection with the Services pages, the Data Controllers cooperate with third-party web analytics and ad serving service providers.

 

These Third Party Service Providers may have access to the User's IP address, and in many cases they may also use cookies, sometimes web beacons (web markers used on websites, sometimes in emails or mobile applications to record the IP address, the website visited), clicktags (a metric identifying the click on a particular advertisement) or other click metrics to personalise or analyse the Services and to provide statistics.

 

Cookies set by these Third Party Service Providers can be deleted from the User's device at any time, and the use of cookies can usually be refused by selecting the appropriate settings on the browser(s). A cookie placed by an External Service Provider can be identified by the domain associated with that cookie. It is not possible to refuse web beacons, clicktags and other click metrics.

 

These Third Party Service Providers process the Personal Data transferred to them in accordance with their own privacy policies.

 

 

 

Web analytics and ad serving third party service providers working with the Data Controllers Google LLC.,

 

 

Customized messaging External service providers

 

The Data Controller cooperates with an External Service Provider that allows the User to use certain services he/she has used in the context of the Services through other channels used by the same User (e.g. Facebook, Messenger, Viber, etc.). The External Service Provider may collect additional data about the User through the use of cookies, questionnaires or the User's registration on the External Service Provider's website or interfaces, which may be used to identify the User, either individually or in combination with other data.

 

These Third Party Service Providers process the Personal Data transferred to them in accordance with their own privacy policies.

 

 

If space (hosting) is provided

 

For the purpose of providing the Services, the Data Controller considers as External Service Providers those Users who use the platforms provided by the Data Controller for the purpose of publishing their own content, as hosting. The User may choose to upload Personal Data or use services to collect, record and process Personal Data on the hosting platform.

 

In all cases where the Data Controller as a service provider provides the User with an interface, it does not perform any processing activities in relation to the Personal Data processed on this interface. All responsibility for the lawful processing of the data handled here lies with the users of the hosting service.

 

 

Other External service providers

 

There are some External Service Providers with which none of the Data Controllers has a contractual relationship or intentionally does not cooperate with regard to the given processing, but regardless of this, the Website / Services - even with the User's cooperation (e.g. access to the Site or the Services, whether or not through the interaction of the User (e.g. by connecting his/her individual account to the Service), and thereby collect data about Users or about User activities on the Services' websites, which may sometimes be used to identify the User, either individually or in combination with other data collected by this External Service Provider. Such External Service Providers may include, but are not limited to, Facebook Ireland LTD., Google LLC, YouTube LLC

 

 

 

These Third Party Service Providers process Personal Data transferred to them in accordance with their own privacy policies.

 

 

 

 

 

Possibility of data transfer

 

The Data Controller is entitled and obliged to transmit to the competent authorities any Personal Data at its disposal and stored by it in accordance with the law, which Personal Data must be transmitted by law or by a final and binding obligation of a public authority. The Controller shall not be held liable for such transfers or for the consequences thereof.

Where the Data Controller is responsible for the operation or use of all or part of the content service or the hosting service on the Services' pages

 

 

to a third party, it may transfer all or part of the Personal Data processed by it to such third party without obtaining the User's consent, but with due prior notice to the User, provided that such transfer does not place the User in a less favourable position than the data processing rules set out in the current version of this Policy. In the event of a transfer of data pursuant to this point, the Controller shall provide Users with the opportunity to object to the transfer prior to the transfer. In the event of an objection, the transfer of the User's data pursuant to this point shall not be possible.

 

 

The Data Controller shall keep records of data transfers for the purposes of monitoring the lawfulness of data transfers and providing information to the User.

 

 

Amendments to the Privacy Notice

The Controller reserves the right to amend this Notice at any time by unilateral decision.

The User accepts the current provisions of this Policy by entering the Site, without the need to seek the consent of individual Users.

 

 

 

 

Enforcement options

If you have any questions or comments about data management, you can also contact the Data Protection Officer at adatkezeles@itgold.hu.

 

The User may directly contact the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) with any complaint regarding the Data Processing.

In case of violation of the User's rights, he/she may take legal action. The court shall have jurisdiction to hear the case. The action may also be brought before the courts of the place of residence or domicile of the person concerned, at the latter's option. Upon request, the Data Controllers shall inform the User of the possibilities and means of legal redress.

 

 

 

 

Eger, 16 November 2020.