Privacy Policy

The operator of www.csesznekivar.hu hereby informs the visitors of the website about the practices followed in the management of personal data, about the organizational and technical measures taken to protect the data, as well as about the rights of the visitors in this regard and the possibilities of their enforcement.

1. The data manager

Data controller with regard to these Regulations:

Data controller: Vár-Hegyi Hagyományőrző és Idegenforgalmi Egyesület

Headquarters: 8419 Csesznek, Farkashegyi út 8.

Postal address: 8419 Csesznek, Farkashegyi út 8.

Electronic (e-mail) address: csesznek.varkapitany@gmail.com

Tax number: 18939372-2-19

The purpose of the data protection information is to define the scope of personal data managed by the Data Controller, the method of data management, as well as to ensure the enforcement of the constitutional principles of data protection and the requirements of data security, and to prevent unauthorized access to data, changes and unauthorized disclosure or use of data, in order to ensure that the privacy of natural persons of the user is respected.

For the purposes set out in paragraph (2), the data controller treats the user’s personal data confidentially in accordance with the applicable legal regulations. It takes care of their security, takes the technical and organizational measures, and develops the procedural rules that are necessary to implement the relevant legal provisions and other recommendations.

2. Legal background

The Data Controller is obliged to comply with the legal regulations related to the management of personal data in all phases of data management. The data management carried out by the data controller is primarily governed by the provisions laid down in the following legislation:

• Act V of 2013 on the Civil Code § 2:43 (e)
• CXII of 2011 on the right to information self-determination and freedom of information. TV. (“Privacy TV.”);
• CVIII of 2001 on certain issues of electronic commercial services and information society-related services. TV. (“Eker. tv.”);
• XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. TV. (“Grt. TV.”)
• VI of 1998 on the promulgation of the Convention on the Protection of Individuals during the Machine Processing of Personal Data dated January 28, 1981 in Strasbourg. law;
• CXIX of 1995 on the management of name and address data for the purpose of research and direct business acquisition. Act (“Katv.”)

3. Concepts

(1) data subject: any natural person identified or – directly or indirectly – identified on the basis of personal data;

(2) personal data: data that can be associated with the data subject – especially the data subject’s name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject – as well as the conclusion about the data subject that can be drawn from the data;

(3) consent: the voluntary and firm declaration of the data subject’s wishes, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations;

(4) protest: the statement of the data subject objecting to the processing of his personal data and requesting the termination of data processing or the deletion of the processed data

(5) data management: regardless of the procedure used, any operation or set of operations performed on personal data, such as collection, recording, recording, organization, storage, change, use, transmission, disclosure, coordination or connection, blocking, deletion and destruction , as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprints, palm prints, DNA samples, iris images)

(6) data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

(7) data transfer: making the data available to a specific third party.

(8) disclosure: making data available to anyone.

(9) data controller: the natural or legal person or organization without legal personality who, or which, independently or together with others, determines the purpose of personal data management, makes and implements decisions regarding data management (including the device used), or performed by a data processor commissioned by him.

(10) data processor: a natural or legal person, or an organization without legal personality, who, or on the basis of which contract – including contracts concluded on the basis of legal provisions – processes data.

(11) data erasure: rendering the data unrecognizable in such a way that their recovery is no longer possible.

(12) data file: the totality of the data managed in one register.

(13) third party: a natural or legal person, or an organization without legal personality, who or which is not the same as the data subject, data controller or data processor;

4. Legal basis for data management

The Data Controller processes the Data Subjects’ data in accordance with the applicable data protection legislation, based on their consent, respectively

• CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. TV. § 13/A,
• XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. TV. It is managed on the basis of paragraph 6.

5. The scope of the managed data, the purpose and duration of the data management

(1) This Privacy Policy covers only the processing of data of natural persons, given that personal data can only be interpreted in relation to natural persons.

Anonymous information collected by the data controller without personal identification and that cannot be linked to a natural person is not considered personal data, nor is demographic data collected without linking it to the personal data of identifiable persons, thereby not a relationship with a natural person can be established.

(2) Request a quote, send an online message:

On the website, it is possible to request a price quote or other information regarding the services provided by the Service Provider, during which the following personal data must be provided:

• e-mail address
• name
• telephone number
• message text

The purpose of data management is to provide personalized service to the Data Subjects and to send a price offer at the request of the Data Subjects.

Anonymous user ID (cookie)

On the website, we use a session cookie (small data package), which is valid until the end of the given session, i.e. it is created for the duration of the visit, after which it is automatically deleted from the user’s computer. The so-called cookie is necessary for the security of the website, for user-friendly solutions, for a better user experience.

No personal data is stored by using cookies. The visitor can delete cookies from his computer/browsing device at any time, or set his browser to prohibit the use of cookies, without which the website will continue to function, but the user acknowledges the fact that after that browsing may not necessarily be will be full value.

The session cookie is not able to identify the Data Subject in any way, it is only suitable for recognizing the Data Subject’s computer, it is not necessary to enter a name, e-mail address or any other personal information, since when applying the solution, the User does not transfer personal data to the Data Controller, the data exchange is only and only happens between machines.

The Data Subject has the option to prohibit the placement of a unique identification mark (cookie) on his computer by setting his browser. The Data Subject acknowledges that some services will not function properly if cookies are disabled.

Use of social plugins (Facebook, Instagram, Twitter, Linked-in, Google+).

Extensions are disabled by default on the Portal. Extensions will only be enabled if the Data Subject clicks on the corresponding button. By enabling the extension, the Data Subject establishes a connection with the social site and consents to the transfer of their data to Facebook/Instagram/Twitter/Linked-in/Google+.

If the Data Subject is logged in to Facebook/Instagram/Twitter/Linked-in/Google+, the given social network may associate your visit with the Data Subject’s social account.

If the Data Subject clicks on the appropriate button, his browser transmits the relevant information directly to the given social network and stores it there.

Information on the scope and purpose of data collection, the further processing and use of your data by Facebook/Instagram/Twitter/Linked-in/Google+, your rights and settings for the protection of your personal data can be found in the privacy statement of Facebook/Instagram/Twitter/Linked-in/Google+.

Remarketing codes

The Service Provider uses Google Ads and facebook remarketing codes on the Portal. The remarketing code uses cookies to tag visitors to the Portal.

The installed cookie helps to ensure that advertisements related to the Service Provider’s products and services are displayed on other websites belonging to the Google Display network, as well as on Facebook, that are subsequently visited by the Portal visitor.

The user can disable cookies at any time and customize the ads on the Google ad settings interface.

Log files

In order to use the services, the system automatically logs the following data:

• dynamic IP address of the user’s computer
• depending on the settings of the user’s computer, the type of browser and operating system used by the user
• the user’s website-related activity

The use of this data is, on the one hand, for technical purposes – such as the analysis and subsequent control of the secure operation of the servers; on the other hand, the Data Controller uses this data to prepare page usage statistics and to analyze user needs in order to improve the level of services.

The above data are not suitable for identifying the user and the Data Controller does not connect them with other personal data.

(3) The Data Controller may process personal data related to the Data Subject for any purpose other than those specified above – especially for the purpose of increasing the efficiency of its service or for market research – only with the prior determination of the purpose of data management and on the basis of the Data Subject’s consent.

These data cannot be linked to the Data Subject’s identification data and cannot be transferred to third parties without their consent.

The Data Controller is obliged to delete this data if the purpose of data management has ceased, or if the Data Subject so requests.

(4) The Data Controller ensures that the user can learn, before using the service and at any time during the use, which types of data the Data Controller manages for which data management purposes, including the management of data that cannot be directly linked to the user.

(5) The legal basis for the data management carried out by the Data Controller is the Data Subject’s consent in all cases.

(6) Duration of data management:

Data managed on the basis of the Data Subject’s consent can be processed until the consent is modified or revoked. At the end of the data management period, the Data Controller must delete the Data Subject’s personal data.

Data related to orders – including audio recordings made during telephone administration – are stored by the Data Controller until the general limitation period, i.e. 5 (five) years, in order to provide evidence in the event of legal disputes.

In order to fulfill accounting obligations, the Data Controller stores data related to invoicing for 8 (eight) years in accordance with § 169 of Act C of 2000, and Act XCII of 2003 on the taxation system. It is processed until the statutory limitation period.

Session IDs are automatically deleted when you leave the website.

www.csesznekivar.hu does not assume responsibility for its previous pages that have already been deleted but were still archived with the help of Internet search programs. The operator of the search page must ensure that they are removed.

(7) For the full implementation of the services, it may happen that the Data Subject transfers certain personal data to a third party of the Data Controller – on a temporary basis – if the necessary consent is given – for the purpose of data processing or data management, so in particular:

• if an online payment is made via the website, the Data Controller forwards the credit card/bank card number required for payment to the financial institution service provider, without keeping it.
• if, in the case of products ordered on the website, the Data Controller hands over the product to be delivered and the data necessary to complete the delivery (the delivery name and address) to the partner company contracted for delivery. The delivery partner is considered a data processor with regard to the delivered delivery data, who may not use this data for purposes other than the fulfillment of the delivery.

(8) In order to extract independent visitor and other web analytics data for the website, the service provider uses the Google Analytics software, therefore Google Inc. acts as a data processor in relation to this data. The Privacy Policy of Google Inc. is available at http://www.google.com/intl/hu ALL/privacypolicy.html.

The user of the website’s services acknowledges that he has given his consent to the processing of his data by Google by using the website

(9) In the case of services in which the User must send personal data – such as a bank card number in the case of online payment – online in order to use the service, the Data Controller provides a channel that provides adequate protection for such messages – an SSL-based connection .

(10) If the Service Provider operates certain services and pages of the website with a company with a business relationship with it, the Service Provider’s operating partner – acting on behalf and on behalf of the Service Provider – collects personal data, the provisions of this Privacy Policy also apply to data management.

(11) If the website maintains a joint service with a content partner, the right to use personal data is shared, however, the provisions of these Data Management Regulations – in accordance with the rules regarding data management of the same content prescribed during the contractual relationship with the partner – are also governing.

(12) In the case of the data management referred to in paragraphs (7)-(11), the identity of the data controller or the data processor shall be clearly indicated during data provision and data processing.

By entering the website and using the website, the User accepts the provisions of this Data Management Policy as binding.

www.csesznekivar.hu treats all data and facts concerning users as confidential, and uses them exclusively for the development of its services, the sale of advertising surfaces and the preparation of its own research and statistics. The reports made on these are only published in a form that is not suitable for the unique identification of individual users.

5. The scope of those who have access to the data, data processors

Employees of the data controller can access personal data provided by users. The data manager does not transfer personal data to third parties other than those indicated. This does not apply to possible mandatory data transmissions prescribed by law, which can only take place in exceptional cases. Before fulfilling each official data request, the data controller checks for each individual data whether the legal basis for data transmission really exists.

6. Users’ rights related to the management of their personal data

(1) The Data Subject may apply to the Data Controller

a) information about the handling of your personal data,

b) correcting your personal data, as well as

c) deletion or blocking of your personal data – with the exception of mandatory data management.

(2) At the request of the Data Subject, within 30 days at the latest from the submission of the request for this purpose, the Data Controller shall provide written information about the data of the Data Subject managed by it or processed by the data processor commissioned by it or at its disposal, its source, the purpose, legal basis, duration of the data management, the the name, address and activities related to data processing of the data processor, and – in the case of transmission of the data subject’s personal data – the legal basis and recipient of the data transmission.

Information is provided free of charge if the information requester has not yet submitted an information request for the same area to the Data Controller in the current year. In other cases, the Data Controller will determine reimbursement, with the provision that the already paid reimbursement must be refunded if the data was handled unlawfully or the request for information led to a correction. The information can be requested at the postal address of the data controller (headquarters: 8419 Csesznek, Farkashegyi út 8.) or at the e-mail address csesznek.varkapitany@gmail.com.

(3) The Data Controller keeps a data transfer register for the purpose of checking the legality of the data transfer and informing the data subject, which contains the date of transfer of the personal data managed by it, the legal basis and recipient of the data transfer, the definition of the scope of the personal data transferred, and other data specified in the law requiring data management .

(4) If the personal data does not correspond to the reality, and the personal data corresponding to the reality is available to the Data Controller, the personal data will be corrected by the Data Controller.

(5) Personal data must be deleted if

a) its handling is illegal;

b) requested by the Data Subject (with the exception of mandatory data processing);

c) is incomplete or incorrect – and this condition cannot be legally remedied – provided that deletion is not precluded by law;

d) the purpose of data management has ceased, or the statutory period for data storage has expired;

e) it was ordered by the court or the Authority.

(6) Instead of deletion, the Data Controller locks the personal data if the Data Subject requests this, or if, based on the available information, it can be assumed that the deletion would harm the Data Subject’s legitimate interests. The personal data locked in this way can only be processed as long as the data management purpose that precluded the deletion of the personal data exists.

(7) The Data Controller shall mark the personal data it manages if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.

(8) The Data Subject, as well as all those to whom the data was previously forwarded for the purpose of data management, must be notified of the correction, blocking, marking and deletion. The notification can be omitted if this does not harm the legitimate interests of the data subject in view of the purpose of the data management.

(9) If the Data Controller does not comply with the data subject’s request for correction, blocking or deletion, within 30 days of receiving the request, the Data Controller shall communicate in writing the factual and legal reasons for rejecting the request for correction, blocking or deletion. In case of rejection of the request for correction, deletion or blocking, the Data Controller informs the Data Subject of the possibility of legal remedies in court, as well as the possibility of turning to the Authority.

(10) The Data Subject may object to the processing of his personal data if

a) if the processing or transmission of personal data is necessary solely for the fulfillment of the legal obligation of the data controller or for the enforcement of the legitimate interests of the data controller, data receiver or third party, except in the case of mandatory data processing;

b) if personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research; as well as

c) in other cases defined by law.

The Data Controller – with the simultaneous suspension of data management – is obliged to examine the protest as soon as possible, but no later than 15 days after the submission of the request, and to inform the applicant in writing of the result. If the protest is justified, the Data Controller is obliged to terminate the data management – including further data collection and transmission – and block the data, as well as to notify all those to whom the personal data affected by the protest was previously transmitted, and those who are obliged to take measures to enforce the right to protest.

If the Data Subject does not agree with the Data Controller’s decision, or if the Data Controller misses the 15-day deadline, the Data Subject may appeal to the court against the decision – within 30 days of its communication or the last day of the deadline.

(11) The rights of the data subject defined in this point 5 may be limited by law for the sake of the external and internal security of the state, such as national defense, national security, the prevention or prosecution of crimes, the security of the execution of sentences, and for the economic or financial interest of the state or local government, the In the significant economic or financial interest of the European Union, as well as for the purpose of preventing and uncovering disciplinary and ethical offenses related to the exercise of occupations, violations of labor law and occupational health and safety obligations – including in all cases control and supervision – and also for the protection of the rights of the Data Subject or others.

7. Remedies

(1) In the event of a violation of law, the Data Subject may apply for redress:

a.) to the Office of the Data Protection Commissioner (1051 Budapest, Nádor u. 22.),

b.) to the National Data Protection and Freedom of Information Authority

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Postal address: 1530 Budapest, Pf. 5.

Telephone: 06-1- 391-1400

Fax: 06-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

c.) the place of residence of the Data Subject, or At the competent Court according to your place of residence.

The court acts out of sequence in the case. The Data Controller must prove the legality of data management, and the data recipient must prove the lawfulness of data transfer.

If the court approves the request, the Data Controller is required to provide the information, correct, block, delete the data, annul the decision made by automated data processing, take into account the right of objection of the data subject, and Info tv. Obliges to release data requested by the data receiver defined in § 21.

If the court is Info tv. In the cases specified in § 21, the request of the data recipient is rejected, the data controller is obliged to delete the personal data of the data subject within 3 days from the notification of the judgment.

The data controller is obliged to delete the data even if the data receiver is Info tv. He does not go to court within the time limit specified in paragraphs (5) and (6) of § 21.

The court may order the publication of its judgment – by publishing the identification data of the Data Controller – if it is required by the interests of data protection and the rights of a larger number of stakeholders protected by this law.

(2) The Data Controller is obliged to compensate the damage caused to others by the unlawful handling of the Data Subject’s data or by violating the requirements of data security. The Data Controller is also liable to the Data Subject for the damage caused by the data processor. The Data Controller is released from liability if it proves that the damage was caused by an unavoidable cause outside the scope of data management.

There is no need to compensate the damage if it resulted from the intentional or grossly negligent behavior of the injured party.

Users can request information about the management of their personal data. Upon request, the data controller provides the data subject with information about the data it manages, the purpose, legal basis, duration of data processing, the name and address of the data processor (headquarters: 8419 Csesznek, Farkashegyi út 8.) and the activities related to data processing, as well as who and for what purpose receive or have received the data. The information can be requested at the postal address of the data controller (headquarters: 8419 Csesznek, Farkashegyi út 8.) or at the e-mail address csesznek.varkapitany@gmail.com.

You can initiate the correction and deletion of the user’s personal data on the same contacts.

In the case of inappropriate use of the website’s services, as well as at the user’s own request, the associated data will be deleted. Deletion takes place within 24 hours of the next working day from the start of the deletion request.

8. Data security measures

The storage technology required for the operation of the website www.csesznekivar.hu is provided by CM HOST, Creative Management Kft. (8200 Veszprém, Ádám Iván u. 2., Tax number: 13881676-2-19).

9. Information about threats to the private sector

The use of the Internet is accompanied by various threats to privacy.

We would like to draw your attention to the fact that the opinion described on the website is personal data, from which it is possible to infer your special data, even your origin and political opinion. This data becomes available to everyone.

We recommend that you use PET technology (Privacy Enhancement Technology) to protect your personal data. You can find relevant information on many websites.