PRIVACY POLICY

I. Contact details of the controller and the data protection officer

The data controller
SzörényiPincészet Kft.
E-mail: szcs[at]szorenyipinceszet.hu
Postal address: 2040 Budaörs, Pf. 244.
Phone: + 36 30 2804854

Data Protection Officer
Name of the data protection officer: Csaba Szörényi, managing director
E-mail: szcs[at]szorenyipinceszet.hu
Postal address: 2040 Budaörs, Pf. 244.
Phone: +36 30 2804854

II. Concept definitions
personal data: any information relating to an identified or identifiable individual (data subject); it identifies an individual who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual that makes the individual identifiable;
data subject: any individual identified or identifiable, directly or indirectly, based on personal data
data subject’s consent: a voluntary, specific and well-informed and unambiguous statement of the data subject’s consent to indicate the individual’s consent to the processing of personal data concerning the individual, through a statement or an unequivocal statement of confirmation;
data controller:an individual, legal entity, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by EU or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
data management: any operation or set of operations on data, regardless of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or aggregation, blocking, erasure and destruction; and prevent further use of the data, take photographs, sound or images, and record physical identifiers (e.g. fingerprints or palm prints, DNA samples, irises)
data erasure: making data unrecognizable in such a way that it is no longer possible to recover it
data processor:an individual, legal entity, public authority, agency or any other body that processes personal data on behalf of the Data Controller;
data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data
data set: the totality of the data managed in one register
data protection incident: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized transmission, storage, disclosure of, or unauthorized access to personal data.
recipient: any individual, legal entity, public authority, agency or any other body to whom personal data are disclosed, whether a third party or otherwise. Public authorities that may have access to personal data in the framework of an investigation in accordance with EU or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules following the purposes of the processing;
third party: an individual, legal entity, public authority, agency or any other body other than the data subject, Data Controller, data processor or individuals who have been authorized to process personal data under the direct control of the Data Controller or data processor.
information society-related service: a service provided electronically to absentees, usually for remuneration, to which the recipient of the service has individual access
e-commerce service: an information society service for the purpose of holding a movable item, including money securities, natural resources, and the sales, exchange, or other use of services, real estate, property rights (henceforth: goods).
GDPR (General Data Protection Regulation): the new Data Protection Regulation of the European Union

III. Users
User is an individual using the services of the website, identified or – directly or indirectly – identifiable based on any specific personal data.

IV. Privacy Policy
The data controller declares that he/she handles personal data following the provisions of the data management information and complies with the provisions of the relevant legislation, in particular concerning the following:

  • The processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the data subject.
  • Personal data may only be collected for specified, explicit, and legitimate purposes.
  • The purpose of the processing of personal data must be appropriate, relevant, and only to a necessary extent.
  • Personal information must be accurate and up to date. Inaccurate personal data must be deleted immediately.
  • Personal data must be stored in such a way that the data subjects can be identified only for the time necessary. Personal data may be stored for a longer period only if the storage is for archiving purposes in the public interest, for scientific and historical research purposes or statistical purposes.
  • The processing of personal data must be carried out in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
  • The principles of data protection apply to all information concerning an identified or identifiable individual.

V. Data Management Information

  • The purpose of data management: to provide means of contact, information, and additional services.
  • Legal basis for data processing: consent of the data subject.
  • Stakeholders in data management: users of the website (website, those interested through the form).
  • Duration of data management and deletion of data:the duration of data management always depends on the specific user purpose, but the data must be deleted immediately if the original set purpose has already been achieved. The consent of the data subject may be withdrawn at any time by the data subject by sending a letter to the contact e-mail address. If there is no legal impediment to the deletion, data of the data subject will be deleted.
  • Stakeholders authorized to access the data: data controller and its employees, as well as the individuals and employees designated for data processing, have the right to access the data.

VI. Rights of the affected person
The data subject may request from the controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her and may object to the processing of such personal data and the data subject’s right to data portability.
The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out prior to the withdrawal.
The person concerned may exercise the right to lodge a complaint with the supervisory authority.
The data subject has the right to request the controller to correct or supplement inaccurate data concerning the data subject, and the controller will do so without undue delay.
The data subject has the right to request the controller to delete inaccurate data concerning the data subject, and the controller will do so without undue delay unless there are other legal grounds for data processing.
Modification or erasure of personal data can be initiated by e-mail, telephone, or letter using the contact options provided above.

VII. Completion of the website contact form
The Data Controller uses the data collected with the website contact form to provide means of contact and information.

VIII. The data processor
The person entitled to operate the website, thus processing personal data – as a hosting provider – is Magyar Hosting Ltd. (Registered office: 1132 Budapest, Victor Hugo u. 18-22.; company registration number: 01-09-968314; tax number: 23495919-2-41 / HU23495919), as a Data Processor (hereinafter: Data Processor). The personal data to be processed may be disclosed to the current legal representative(s) or employees of the Data Processor. The processor shall not transfer personal data to third parties unless the data subject has given their express consent.

The data processor:
Name / company name: Magyar Hosting Ltd.
Headquarters : 1132 Budapest, Victor Hugo u. 18-22.
Phone: +36 1 700 2323
E-mail: info[at]tarhely.com

The data provided by the User is stored on a server operated by the hosting provider. The data can only be accessed by our employees and the employees operating the server, but they are all responsible for the secure handling of the data.

Name of the activity: hosting service, server service.
The purpose of data management: to ensure the operation of the website.
Data processed: personal data provided by the data subject
Duration of the data management and deadline for erasing the data: The data management will be ongoing until the end of the operation of the website or according to the contractual agreement between the website operator and the hosting provider.
Legal basis for data processing: consent of the data subject or the data processing legislation.

IX. Duration of data management
The Data Controller handles the personal data provided on the basis of the User’s consent until the purpose of the data management is achieved or the User’s consent is revoked. The Data Controller manages the personal data provided by the User during the completion of the form until the use of the Website ceases.
Unless otherwise stated by law, the Data Controller will use and process the data a) to fulfil the legal obligation applicable to it, or b) for the enforcement of the legitimate interest of the Data Controller or a third party, if the enforcement of this interest is proportionate to the restriction of personal data protection without further consent, and after the withdrawal of the data subject’s consent. / 2011 Act CXII. Section 6 (5) /
In order to fulfil the accounting obligations, the Data Controller has provided the personal data provided by the User for 8 years pursuant to Section 169 of Act C of 2000, and according to Act XCII of 2003 on the Taxation Procedure. retained and managed within the statutory limitation period.

X. Data transmission
The Data Controller does not sell, loan or make Users’ personal data or information available in any form to other companies or individuals.
The Data Controller will ensure the adequate security of the data in the appropriate manner and will take the technical and organisational measures that guarantee the enforcement of data protection rules and principles and promote the security of personal data.

XI. Cookies
Cookies are small files that are placed on the user’s computer by websites visited and contain information such as page settings or login status. These files improve user experience by saving browsing data. With the help of cookies, the website remembers the settings of the website and offers locally relevant content.
The user has the option to delete cookies from the browsers at any time in the Settings menu.

  • Stakeholders: visitors to the website.
  • The purpose of data management: additional services, identification, tracking of visitors.
  • Legal basis for data management: The consent of the user is not required if the service provider needs the use of cookies.
  • Scope of data: unique identification number, time, setting data.
  • Data controllers entitled to access the data: The data controller does not process personal data using cookies.
  • Data storage method: electronic.

XII. Google Analytics
Our website uses Google Analytics.
When using Google Analytics:
Google Analytics uses internal cookies to generate reports for its customers about the habits of website visitors.
On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it generates reports related to the activity of the website for the website operator in order to perform the additional services.
The data is stored in an encrypted format on Google’s servers to make it prevent data misuse.
Google Analytics can be disabled through the service’s website. Learn more: https://support.google.com/analytics/answer/9050852?hl=en_US
Google’s Privacy Policy: https://policies.google.com/privacy?hl=en_US
Information on the use and protection of the data can be found in detail at the links above.

XIII. Rights related to data management
Right to request information
The User has the right to request information from us through the given contact details on the type of data being collected, the legal basis of data processing, the data management purpose, the source andlength of data usage. Upon your request, we will send the User information to the e-mail address provided by the User without delay but within a maximum of 30 days.
Right to rectification
The User has the right to request us to change any of their data via the provided contact details. We will take action on your request without delay but within a maximum of 30 days, and we will send the User information to the e-mail address provided by the User.
Right of erasure
The User may request the erasure of their data on the contact details provided. We will do this without delay, but within a maximum of 30 days, and we will send information to the e-mail address provided by the User.
Right to block
The User has the right to request their data to be blocked via the provided contact details. The blocking lasts as long as it is necessary based on the reason indicated by the User. The data will be blocked without delay, but within a maximum of 30 days, and information will be sent to the e-mail address provided by the User.
Right to object
The User has the right to object to the data management via the provided contact details. The objection will be examined without delay from the submission of the application, but not later than within 15 days, a decision will be made on its merits, and the User will be informed of the decision by e-mail.

XIV. Enforcement concerning data management
In case of a complaint, you can notify the competent authority at the following contact details:

  • Name: National Authority for Data Protection and Freedom of Information
  • Postal address: 1530 Budapest, Pf .: 5.
  • Address: 1125 Budapest, SzilágyiErzsébet Avenue 22 / c
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • E-mail: ugyfelszolgalat[at]naih.hu
  • Website: www.naih.hu

XV. Legislation underlying data management

  • GDPR – REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals concerning the processing of personal data and the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation).
  • Act CXII. of 2011 on the Right to Information Self-Determination and Freedom of Information.
  • Act V. of 2013 on the Civil Code.
  • Act CVIII. of 2001on certain issues of Electronic Commerce Services and Information Society Services.

The effective date of this Privacy Statement is April 30, 2020.
The data controller reserves the right to make changes.

In case of disputes, the authoritative version of the specification is the original, Hungarian document.