Privacy Policy
Contents
- 1. INTRODUCTION
- 1.1 THE CONTROLLER AND ITS CONTACT DETAILS
- 1.2 CONTACT DETAILS OF THE DATA PROTECTION OFFICER
- 2. DEFINITIONS
- 3. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
- 4. SPECIFIC PROCESSING
- 4.1 REGISTRATION TO FORUM (SETTING UP A USER ACCOUNT)
- 4.2 PROCESSING RELATED TO THE OPERATION OF THE WEBSHOP/THE USE OF THE SERVICE
- 4.3 CONTACT - TECHNICAL SUPPORT, LICENCE ADMINISTRATION, GENERAL COMMUNICATION
- 4.4 REPORTING
- 4.5 CUSTOMER SERVICE
- 4.6 NEWSLETTER, DM ACTIVITY
- 4.7 COMPLAINT HANDLING
- 5. RECIPIENTS TO WHOM PERSONAL DATA ARE DISCLOSED
- 5.1 PROCESSORS (PROCESSING DATA ON BEHALF OF THE CONTROLLER)
- 5.2 SPECIFIC PROCESSORS
- 5.2.1 Web hosting provider
- 5.2.2 Online marketing services (newsletters, DM activity)
- 5.3 DATA TRANSFER TO THIRD PARTIES
- 5.3.1 Debt management
- 6. COOKIE CONTROL
- 7. USE OF GOOGLE AND FACEBOOK SERVICES
- 7.1 USE OF GOOGLE ADWORDS CONVERSION TRACKING
- 7.2 USE OF GOOGLE ANALYTICS
- 7.3 FACEBOOK PIXEL
- 7.4 SOCIAL MEDIA SITES
- 8. CUSTOMER RELATIONS AND OTHER PROCESSING
- 9. RIGHTS OF THE DATA SUBJECTS
- 10. TIME LIMIT FOR TAKING ACTION
- 11. SECURITY OF PROCESSING
- 12. COMMUNICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT
- 13. NOTIFICATION OF A PERSONAL DATA BREACH TO THE AUTHORITY
- 14. COMPLAINTS
- 15. CLOSING INFORMATION
1. INTRODUCTION
FinalWire Kft. (hereinafter the Service Provider, controller) hereby accepts to be bound by the following policy:
Pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), you are hereby informed of the following.
This Privacy Policy regulates data processing on the following sites: https://www.aida64.com
The Privacy Policy is available on the following website: https://www.aida64.com/privacy-policy
The amendments of the policy shall enter into force upon publication on the above web page.
1.1 THE CONTROLLER AND ITS CONTACT DETAILS
- Name: FinalWire Kft.
- Registered seat: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- Company registration number: 01-09-942549
- Tax number: 22764672-2-41
- Email: info@finalwire.com
1.2 CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The controller hereby declares that the conditions stipulated in Article 37(1) of the GDPR do not apply, therefore no data protection officer is appointed.
2. DEFINITIONS
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
Personal data shall be:
- lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
The controller shall be responsible for, and be able to demonstrate compliance with, the above (‘accountability’).
The controller hereby declares that processing shall comply with the principles set out in this Clause.
4. SPECIFIC PROCESSING
4.1 REGISTRATION TO FORUM (SETTING UP A USER ACCOUNT)
The fact of data collection, the categories of data processed and the purposes of processing:
Personal data The purpose of processing Family name, given name Identification, to ensure secure login to user account. Sex Identification Email address Communication, sending system messages, login to user account User name Identification, communication Password To ensure secure login to user account. Date of login and session Performance of technical operation. IP address at the time of login and session Performance of technical operation. In case of an email address, it does not need to include personal data.
- Categories of data subjects: all data subjects registered in the forum on the website.
- Duration of processing, time limit for erasure of the data: If any of the conditions stipulated in Article 17(1) of the GDPR applies, until the receipt of the data subject’s erasure request. All personal data will be immediately deleted with the erasure of the registration. The controller shall inform the data subject about the erasure of any personal data indicated by electronic means as stipulated in Article 19 of the GDPR. If the data subject’s erasure request also applies to the email address provided by the data subject, upon the delivery of the information the email address shall also be erased by the controller.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the authorized employees of the controller pursuant to this information document.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Legal ground for processing: Point (a) of Article 6(1).
- You are hereby informed that
- processing is based on your consent.
- you are obliged to provide the personal data for registration.
- as a consequence of your failure to provide data we will be unable to set up the user account and thus you will be unable to use the forum.
4.2 PROCESSING RELATED TO THE OPERATION OF THE WEBSHOP / THE USE OF THE SERVICE
DESCRIPTION OF THE ACTIVITY: ISSUING LICENCES AND TRIAL LICENCES
Licenses are issued by the controller, FinalWire Kft., on behalf and as the data processor of Cleverbridge AG.
Trial licenses and licenses are issued by the controller, FinalWire Kft..
The fact of data collection, the categories of data processed and the purpose of processing:
Personal data (general data) The purpose of processing Family name, given name Required for communication, purchase, issuing a proper invoice, required for granting the license. Country, town, post code Identification, required for granting the license Email address Communication, sending confirmations Billing name and address Required for the conclusion of the contract, defining the content thereof, amendment, monitoring the performance of the contract, billing fees under the contract, and enforcing related claims, and for granting the license. Payment method, type of credit card Data recording Date of purchase Performance of technical operation. IP address at the time of purchase Performance of technical operation. In case of an email address, it does not need to include personal data.
- Source of personal data: Data transferred by Cleverbridge AG
- Purpose of processing: issuing the license and trial license.
- Categories of data subjects: All data subjects shopping on the websites https://www.cleverbridge.com and https://aida64.co.uk/webshop/.
Duration of processing, time limit for erasure of the data: If any of the conditions stipulated in Article 17(1) of the GDPR applies, until the receipt of the data subject’s erasure request. The controller shall inform the data subject about the erasure of any personal data indicated by electronic means as stipulated in Article 19 of the GDPR. If the data subject’s erasure request also applies to the email address provided by the data subject, upon the delivery of the information the email address shall also be erased by the controller. Not including accounting documents, since such data shall be retained for up to 8 years pursuant to Section 169(2) of Act C of 2000 on Accounting. Contracting data of data subjects may be erased subject to the data subject’s erasure request upon the expiry of the limitation period under civil law. Other comment: the license shall be valid for an unlimited period of time, therefore personal data processed in relation to granting the license will be, in general, retained for an unlimited period of time.
The accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for minimum eight years, shall be legible and retrievable by means of the code of reference indicated in the accounting records.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the sales and marketing staff of the controller in compliance with the principles above.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Legal ground for processing:
- 9.1 Points (b) and (c) of Article 6(1) of the GDPR,
9.2 Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter referred to as the E-commerce Act):
The service provider may, for the purpose of providing the service, process personal data indispensable for providing the service for technical reasons. Should other conditions be identical, the service provider shall select and operate the means applied in the course of providing information society service at all times, so that personal data be processed only if it is absolutely indispensable for providing the service or achieving other objectives stipulated in this Act, and only to the required extent and duration.
- 9.3 Point (c) of Article 6(1) for issuing due and proper invoices compliant with the accounting laws.
9.4 Pursuant to Section 6:21 of Act V of 2013 on the Civil Code 5 years for exercising claims arising from the agreement.
Section 6:22 [Statute of limitations]
(1) Unless otherwise provided for in this Act, claims shall lapse after five years.
(2) The period of limitation commences upon the due date of the claim.
(3) An agreement for changing the limitation period shall be executed in writing.
(4) Any agreement excluding prescription shall be null and void.
- You are hereby informed that
- processing is required for the performance of the contract and for delivering a quote.
- you are obliged to provide the personal data to allow performance of the order.
- as a consequence of your failure to provide data we will be unable to process your order.
4.3 CONTACT - TECHNICAL SUPPORT, LICENCE ADMINISTRATION, GENERAL COMMUNICATION
The fact of data collection, the categories of data processed and the purpose of processing:
Personal data (general data) The purpose of processing Name Identification Email address Communication, sending responses Name of organization Communication Name of product Identification Subject of communication (technical support, license administration, other communication) Problem identification Message content Required for response Product key Required to renew license Date of communication Performance of technical operation. IP address at the time of communication Performance of technical operation. In case of an email address, it does not need to include personal data.
- 1.1 In case of technical support the software version number, the product key identifier, the name of the operation system, the description of the system and the problem are requested.
- 1.2 In case of license administration the registered email address, the product key identifier and other information and questions are requested.
Licenses may be renewed directly through the website https://www.aida64.com/support/renewal. - 1.3 In case of general communication the message content has to be specified.
- Categories of data subjects: All data subjects sending messages through the contact form on the website https://www.aida64.com.
- Duration of processing, time limit for erasure of the data: If any of the conditions stipulated in Article 17(1) of the GDPR applies, until the receipt of the data subject’s erasure request.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the authorized employees of the controller.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Legal ground for processing: the data subject’s consent, points (a), (b) and (c) of Article 6(1). When you contact us, you consent to the processing of your personal data provided to us during the communication (name, telephone number, email address) in accordance with this policy.
- You are hereby informed that
- this processing is based on your consent and is required for delivering a quote, or in case of a contractual relationship, it is based on a legal obligation (cooperation).
- you are obliged to provide the personal data so that you can contact us.
- as a consequence of your failure to provide data you will be unable to contact the Service Provider.
4.4 REPORTING
The fact of data collection, the categories of data processed and the purposes of processing:
Personal data The purpose of processing Family name, given name Identification. Email address Communication, delivering system messages, technical assistance Message content Technical assistance Data of message Performance of technical operation. In case of an email address, it does not need to include personal data.
- Categories of data subjects: AIDA64 users
- Duration of processing, time limit for erasure of the data: If any of the conditions stipulated in Article 17(1) of the GDPR applies, until the receipt of the data subject’s erasure request. The controller shall inform the data subject about the erasure of any personal data indicated by electronic means as stipulated in Article 19 of the GDPR. If the data subject’s erasure request also applies to the email address provided by the data subject, upon the delivery of the information the email address shall also be erased by the controller.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the authorized employees of the controller pursuant to this information document.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Legal ground for processing: Point (a) of Article 6(1).
- You are hereby informed that
- processing is based on your consent.
- you are obliged to provide the personal data to allow us to process your message.
- as a consequence of your failure to provide data we will be unable to investigate your request.
4.5 CUSTOMER SERVICE
The fact of data collection, the categories of data processed and the purpose of processing:
Personal data The purpose of processing Name, email address, telephone number. Communication, identification, performance of contracts, business purpose. - Categories of data subjects: All data subjects communicating with the controller by phone/email/in person, or being in a contractual relationship with the controller.
- Duration of processing, time limit for erasure of the data: Letters containing inquiries are processed until the data subject is deleted, but for not more than 2 years.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the authorized staff of the controller in compliance with the principles above.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Legal ground for processing:
- 7.1 Points (b) and (c) of Article 6(1) of the GDPR.
7.2 Pursuant to Section 6:21 of Act V of 2013 on the Civil Code 5 years for exercising claims arising from the agreement.
Section 6:22 [Statute of limitations]
(1) Unless otherwise provided for in this Act, claims shall lapse after five years.
(2) The period of limitation commences upon the due date of the claim.
(3) An agreement for changing the limitation period shall be executed in writing.
(4) Any agreement excluding prescription shall be null and void.
- You are hereby informed that
- processing is required for the performance of the contract and for delivering a quote.
- you are obliged to provide the personal data to allow performance of your order/other request.
- as a consequence of your failure to provide data we will be unable to process your order/other request.
4.6 NEWSLETTER, DM ACTIVITY
- Pursuant to Section 6 of Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity, the User may in advance and expressly consent to the Service Provider contacting the User with its offers and other mails through the contact details provided at the time of registration.
- Furthermore, in consideration of the provisions of this information document the User may consent to the Service Provider processing his or her personal data required for sending marketing offers.
- The Service Provider shall not send any unsolicited marketing messages, and Users may unsubscribe from all offers without limitation and justification, free of charge. In such cases the Service Provider shall erase all personal data of the relevant User required to send marketing messages, from its records, and it shall not contact the User with further marketing offers. Users may unsubscribe from marketing messages by following the link in the message.
The fact of data collection, the categories of data processed and the purpose of processing:
Personal data The purpose of processing Name, email address. Identification, allowing subscription to newsletter. Date of subscription Performance of technical operation. IP address at the time of subscribing Performance of technical operation. - Categories of data subjects: All data subjects subscribing to the newsletter.
- Purpose of processing: delivering electronic messages containing advertising (email, SMS, push messages) to the data subject, providing current information regarding products, sales, new features, etc.
- Duration of processing, time limit for erasure of the data: processing continues until the consent is withdrawn, i.e. until unsubscribing.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the sales and marketing staff of the controller in compliance with the principles above.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- he or she may object to his or her personal data being processed, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability, and objections may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Data subjects may at any time unsubscribe from newsletters free of charge.
Legal ground for processing: the data subject’s consent, points (a) and (f) of Article 6(1), and Section 6(5) of Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity:
Advertisers, advertising service providers and publishers of advertising shall maintain records on the personal data of persons who provided consent to the extent specified in the consent. The data in the aforesaid records and relating to the person to whom the advertisement is addressed may be processed only for the purpose defined in the consent, until withdrawn, and may be disclosed to third persons subject to the express prior consent of the person affected.
- You are hereby informed that
- processing is based on your consent and the legitimate interest of the service provider.
- you are obliged to provide the personal data if you wish to receive newsletters from us.
- as a consequence of your failure to provide data we will be unable to send you newsletters.
- Please note that you may at any time withdraw your consent by clicking on the unsubscribe link.
4.7 COMPLAINT HANDLING
The fact of data collection, the categories of data processed and the purpose of processing:
Personal data The purpose of processing Family name, given name Identification, communication. Email address Communication. Telephone number Communication. Billing name and address Identification, handling quality complaints, issues and problems related to the products ordered. - Categories of data subjects: All data subjects shopping on the website, and submitting a quality or other complaint.
- Duration of processing, time limit for erasure of the data: Copies of the minutes, memorandum recording the complaint and the response thereto shall be retained for 5 years pursuant to Section 17/A(7) of Act CLV of 1997 on Consumer Protection.
- Potential controllers entitled to receive the data, recipients of personal data: Personal data may be processed by the sales and marketing staff of the controller in compliance with the principles above.
- Information on the rights of data subjects related to processing:
- The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and
- the data subject has the right to data portability and to withdraw his or her consent at any time.
- Access to, erasure, rectification of and restriction of processing related to personal data, and also data portability may be initiated by the data subject as follows:
- by mail to the address: H-1048 Budapest, Tófalva utca 6/A III em. 7.a, Hungary
- via email to the email address: info@finalwire.com.
- Legal ground for processing: point (c) of Article 6(1) of the GDPR and Section 17/A(7) of Act CLV of 1997 on Consumer Protection.
- You are hereby informed that
- personal data are to be provided based on a legal obligation.
- the processing of personal data is a condition precedent to the conclusion of the contract.
- you are obliged to provide the personal data so that we can handle your complaint.
- as a consequence of your failure to provide data we will be unable to handle your complaint.
5. RECIPIENTS TO WHOM PERSONAL DATA ARE DISCLOSED
5.1 PROCESSORS (PROCESSING DATA ON BEHALF OF THE CONTROLLER)
The controller may employ processors to facilitate its own processing activity, and to perform its obligations under the contract concluded with the data subject or the laws.
The controller considers it a priority to employ processors that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
The processor and any person acting under the authority of the controller or of the processor, who has access to the personal data stipulated herein, shall not process those data except on instructions from the controller.
The controller shall hold legal liability for the activity of the processor. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of the GDPR specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
Processors have no power to adopt decisions on the merits of processing.
5.2 SPECIFIC PROCESSORS:
5.2.1 Web hosting provider
The controller represents and warrants that data are stored on its own servers.
5.2.2 Online marketing services (newsletters, DM activity)
- Activity performed by the processor: online marketing
Name and contact details of processor:
Name: MailerLite Limited (MailerLite)
Web: https://mailerlite.com
Customer service: https://www.mailerlite.com/contact-us- The fact of processing, categories of data processed: Name, email address
- Categories of data subjects: All data subjects using the website and subscribing to the newsletter.
- The purpose of processing: Advertising, marketing and promoting products available on the website, increasing the number of visitors on the website.
- Duration of processing, time limit for erasure of the data: Until the termination of the agreement between the Service Provider and the processor referred to in this Clause, or until the receipt of an erasure request from the data subject.
- Legal grounds for processing: User’s consent, Section 5(1) of the Privacy Act, point (a) of Article 6(1), and Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
- Rights of the data subject:
- You are entitled to receive information on the circumstances of the processing,
- You shall have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed, and access to the information related to processing.
- You shall have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format.
- You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
5.3 DATA TRANSFER TO THIRD PARTIES
5.3.1 Debt management
- Activity performed by the Recipient: Debt management.
- Name and contact details of recipient: Debt management company employed by the controller.
- The fact of processing, categories of data processed: Family name, given name, address, telephone number, email address.
- Categories of data subjects: All data subjects indebted to the controller.
- The purpose of processing: Enforcing claims.
- Duration of processing, time limit for erasure of the data: Processing ends when claims are collected, debts are settled.
- Legal ground for processing: Points (c) and (f) of Article 6(1) of the GDPR.
- Rights of the data subject:
- You are entitled to receive information on the circumstances of the processing,
- You shall have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed, and access to the information related to processing.
- You shall have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format.
- You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
- You may object to your personal data being processed.
6. COOKIE CONTROL
- Cookies typically used by webshops include “secure login session cookies”, “shopping basket cookies”, “security cookies”, “Essential cookies”, “Functional cookies” and “website analytics cookies” the use of which requires no consent from the data subject.
- The fact of processing, categories of data processed: Individual identification code, dates, times
- Categories of data subjects: All data subjects visiting the website.
- The purpose of processing: Identification of users, administration of “shopping basket” and tracking visitors.
Duration of processing, time limit for erasure of the data:
Cookie type Legal ground for processing Duration of processing Data category processed Session cookies Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter referred to as the E-commerce Act) The period ending upon the relevant visitor session ending connect.sid Persistent or saved cookies Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter referred to as the E-commerce Act) until deletion by the data subject Statistics cookies Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter referred to as the E-commerce Act) 1-2 months - Potential controllers entitled to receive the data: In using the cookies no personal data are processed by the controller.
- Information on the rights of data subjects related to processing: Data subjects may delete cookies in the Tools/Settings menu of the browser, usually under ‘Privacy’.
- Legal ground for processing: No consent from the data subject is required if the exclusive purpose of the cookies is to transmit communication through the electronic communication network or if the service provider needs it to provide information society related services expressly requested by the subscriber or the user.
Most browsers used by our users allow users to set which cookies need to be saved, and they also allow certain cookies to be recurrently deleted. If you restrict the saving of cookies on certain websites or fail to allow third party cookies, under certain circumstances this may lead to the limited use of our website. Please find more information here on how to control the settings of cookies in the generally used browsers:
Google Chrome ( https://support.google.com/chrome/answer/95647?hl=en )
Internet Explorer ( https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies )
Firefox ( https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences )
Safari ( https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac )
7. USE OF GOOGLE AND FACEBOOK SERVICES
7.1 USE OF GOOGLE ADWORDS CONVERSION TRACKING
- The controller uses the “Google AdWords” online marketing tool and within that it also uses the conversion tracking service of Google. Google conversion tracking is the analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
- When the User reaches a website through a Google advertisement, a cookie required to conversion tracking is saved on his or her computer. The validity of such cookies is limited, and they contain no personal data, therefore Users cannot be identified through them.
- When Users browse certain pages of the website, and the cookie has not yet expired, Google and the controller can see that the User clicked on the advert.
- All Google AdWords customers are assigned another cookie, thus they cannot be tracked through the websites of AdWords customers.
- The information obtained with the help of the conversion tracking cookies is used to draw up conversion statistics for AdWords customers opting for conversion tracking. This way customers receive information on the number of users that clicked on their advertisement and were directed to the page marked with a conversion tracking tag. However, they receive no information that would be suitable for identifying any of the users.
- If you do not wish to participate in conversion tracking, you can reject it by disabling the installation of cookies in your browser. After that you will not be recorded in the conversion tracking statistics.
- For further information and for the privacy statement of Google, please visit the following website: https://policies.google.com/privacy?gl=de&hl=en
7.2 USE OF GOOGLE ANALYTICS
- This website uses the Google Analytics application which is the web analyzer service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are saved on the computer to facilitate the analysis of the use of websites visited by the User.
- The information created with the cookies related to the websites used by Users is usually transferred and stored on one of the servers of Google in the USA. When IP anonymization is activated on a website, Google shortens the User’s IP address in advance in the Member States of the EU or in other member states of the European Economic Area.
- The full IP address is transferred to the Google server in the USA and shortened there only in exceptional cases. At the instructions given by the operator of this website, Google uses such information to evaluate how the User used the website and to draw up reports for the website operator in relation to the activity of the website, and also to perform further services related to website and internet use.
- The IP address forwarded by the User’s browser within the framework of Google Analytics is not linked to any other data held by Google. Users may prevent cookies to be stored on their computer by setting their browser accordingly. However, please note that in such cases you may not be able to fully enjoy all functions of the website. You can also prevent Google from using cookies to collect and process User data related to website usage (including the IP address) if you download and install the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
7.3 FACEBOOK PIXEL
- Facebook pixel is a code that is used to draft reports about conversions on the website, to set up target groups and to provide site owners with detailed analytical data about the visitors’ use of the website. With the help of the Facebook remarketing pixel tracking code you can display offers and advertisements on Facebook, tailored to your website visitors. The Facebook remarketing list is not suitable for identification. For further information on Facebook Pixel, please go to: https://www.facebook.com/business/help/651294705016616
7.4 SOCIAL MEDIA SITES
- The fact of data collection, the categories of data processed: Registration name and public profile photo of the user on social media sites like Facebook/Google+/Twitter/Pinterest/YouTube/Instagram, etc.
- Categories of data subjects: All data subjects registered on the social media sites Facebook/Google+/Twitter/Pinterest/YouTube/Instagram, etc., and who “liked” the social page of the Service Provider, or contacted the controller through the social page.
- Purpose of data collection: Sharing and “liking”, following, promoting certain content elements, products, offers of the website or the website itself on social media sites.
- Duration of processing, time limit for erasure of the data, potential controllers entitled to receive the data, and information on the rights of data subjects related to processing: Data subjects may receive information about the sources, the processing of data, the method of data transfer and the legal grounds thereof by visiting the relevant social media site. Processing is performed on the social media sites, therefore the duration and manner of processing, and also the option of data erasure and rectification shall be governed by the policy of the relevant social media site.
- Legal ground for processing: the voluntary consent of the data subject granted to the processing of its personal data on the social media sites.
8. CUSTOMER RELATIONS AND OTHER PROCESSING
- Should data subjects have any questions or concerns during the use of the controller’s services, they can contact the controller in the manner indicated on the website (telephone, email, social media sites, etc.).
- Emails, messages, data received over the phone, on Facebook etc. shall be erased by the controller together with the name and email address of the relevant person and other personal data provided in a voluntary manner, within 2 years from the receipt of such data.
- Information regarding processing not included herein shall be given when data is recorded.
- Upon exceptional request from authorities and other bodies pursuant to authorization granted by the law, the Service Provider shall provide information, disclose, deliver data and make documents available.
- In such cases personal data may only be disclosed by the Service Provider to the requesting entity, subject to the specification of the purpose and data categories required, in a quantity and to the extent as may be indispensable for implementing the purpose of the request.
9. RIGHTS OF THE DATA SUBJECTS
Right of access
You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in the Regulation.
Right to rectification
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay under certain conditions specified.
Right to be forgotten
Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following conditions applies:
- the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
- you have objected to processing pending the verification whether the legitimate grounds of the controller override your legitimate grounds.
Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (...)
Right to object
In case of processing based on legitimate interest or official authority as legal grounds you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (...), including profiling based on those provisions.
Objection in case of direct marketing
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The previous paragraph shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and a data controller;
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
10. TIME LIMIT FOR TAKING ACTION
The controller shall provide you with information on action taken on the requests above without undue delay and in any event within 1 month of receipt of the request.
This period may be extended by 2 further months where necessary. The controller shall inform you of any such extension within 1 month of receipt of the request, together with the reasons for the delay.
If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
11. SECURITY OF PROCESSING
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
- Data processed shall be stored in a manner that prevents unauthorized access. In case of paper based data carriers, setting up rules for physical storage, filing, in case of data processed in an electronic format, using the central authorization management system.
- The method of storing data with IT means shall be selected in a way that ensures that erasure can be performed, subject to different time limits for erasure, if any, upon the expiry of the time limit for data erasure or as it may become necessary for other reasons. Erasure shall be irrecoverable.
- Personal data shall be removed from paper based data carriers with the help of paper shredders or a third party organization specialized in the destruction of documents. In case of electronic media, physical destruction shall be ensured in compliance with the rules applicable to the scrapping of electronic media, or the safe and irrevocable erasure of data shall be ensured in advance, as may be necessary.
- The controller shall take the following specific data security measures:
- Personal data processed in paper format are secured by the Service Provider with the following measures (physical protection):
- Documents shall be stored in a safe, lockable, dry room.
- The Service Provider’s building and premises are installed with proper fire prevention and property protection equipment.
- Personal data may only be disclosed to authorized persons, no third parties may access them.
- The Service Provider’s employee performing processing may only leave the room where processing takes place if the data carrier in its trust and care is closed or the relevant room is locked.
- If paper based personal data are digitalized, the rules applicable to digitally stored documents shall apply.
- IT protection
- Computers and mobile devices (other data carriers) used during processing are the property of the Service Provider.
- Data stored on the computers may only be accessed with a user name and a password.
- The central server may only be accessed by authorized personnel appointed to this effect.
- Back-up and archiving is used by the Service Provider to ensure the security of digitally stored data.
- The computer system used by the Service Provider to store personal data is installed with the appropriate virus protection.
- Personal data processed in paper format are secured by the Service Provider with the following measures (physical protection):
12. COMMUNICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
The notice delivered to the data subject shall define the nature of the personal data breach in clear and plain language, and it shall communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; it shall describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The communication to the data subject shall not be required if any of the following conditions are met:
- the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
- the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
- it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.
13. NOTIFICATION OF A PERSONAL DATA BREACH TO THE AUTHORITY
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
14. COMPLAINTS
Complaints against an infringement, if any, by the controller may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:
Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
H-1055 Budapest, Falk Miksa utca 9-11, Hungary
Mailing address: H-1363 Budapest, Postafiók: 9, Hungary
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu
15. CLOSING INFORMATION
In drafting the information document the following laws were taken into consideration:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter the Privacy Act)
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (in particular Section 13/A)
- Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
- Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity (in particular Section 6)
- Act XC of 2005 on the Freedom of Electronic Information
- Act X of 2003 on Electronic Communications (in particular Section 155)
- Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioral Advertising
- Recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
13 November 2023
FinalWire Kft.