Privacy Policy

Privacy Policy

1. Introduction

1.1. Purpose of the Privacy Policy

This Privacy Policy (hereinafter referred to as the "Policy") aims to transparently and in detail present how we process personal data during the activities of János Rácz (hereinafter referred to as the "Data Controller"), and to provide information on data subjects' rights and how they can exercise them.

1.2. Legal Compliance (GDPR, Act CXII of 2011)

  • The General Data Protection Regulation (GDPR) of the European Parliament and Council (EU) 2016/679 establishes uniform EU rules for the protection of personal data.
  • The Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.) forms the basis of Hungarian data protection regulations.

This Policy aims to comply with the requirements set forth in the above laws.

2. Data Controller Information

2.1. Name and Contact Details of the Data Controller

  • Name: János Rácz
  • Registered address: 7478 Bárdudvarnok Lipótfa Ltp.9.
  • Company registration number: NTAK: MA23076733
  • Representative: Jánosné Rácz
  • Email: zselic.gyongye.vendeghaz@gmail.com
  • Phone number: +36 70 361 2863

2.2. Availability of the Privacy Policy

This Policy is available electronically at https://www.zselicgyongyevendeghaz.hu.

3. Definitions

3.1. Key GDPR Terms

  • Personal data: Any information related to an identified or identifiable natural person ("data subject").
  • Data Controller: A natural or legal person who determines the purposes and means of processing personal data.
  • Data Processor: A natural or legal person processing personal data on behalf of the Data Controller.
  • Consent: The data subject's voluntary, explicit expression of will to allow processing of their personal data.
  • Data subject: Any identified or identifiable natural person whose personal data is being processed.

3.2. Definition of a Data Breach

A data breach is any incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

4. Principles of Data Processing

4.1. Legal Basis and Fundamental Principles

  • Lawfulness, Fairness, and Transparency: Data is processed only for specified and lawful purposes.
  • Purpose Limitation: Data is processed solely for predetermined purposes and only to the extent necessary.
  • Data Minimization: Only the essential personal data required to achieve the purpose is collected and processed.
  • Accuracy: The data must be accurate and kept up-to-date where necessary.
  • Storage Limitation: Personal data is retained only for the period necessary for its intended purpose.
  • Integrity and Confidentiality: Appropriate technical and organizational measures are implemented to protect personal data.

4.2. Data Accuracy and Security

  • The Data Controller and the data subject are responsible for ensuring the accuracy of stored data. The data subject must notify the Data Controller of any changes.
  • The Data Controller ensures that personal data is securely maintained and protected against unauthorized access.

5. Purposes and Legal Bases of Data Processing

5.1. Website Registration

  • Purpose: Creating a user account and providing related services.
  • Legal Basis:
    Consent (GDPR Article 6(1)(a)) if registration is voluntary.
    Contractual necessity (GDPR Article 6(1)(b)) if registration is required for service provision.
  • Processed Data: Name, email address, encrypted password, registration date, IP address.

5.2. Order Processing

  • Purpose: Processing orders, fulfilling contracts, invoicing, and delivery.
  • Legal Basis: Contractual necessity (GDPR Article 6(1)(b)).
  • Processed Data: Name, shipping and billing address, contact details (phone, email), order details.

5.3. Invoice Issuance

  • Purpose: Compliance with accounting regulations (e.g., Act C of 2000).
  • Legal Basis: Legal obligation (GDPR Article 6(1)(c)).
  • Processed Data: Name/company name, address, tax number (for companies), invoicing details.

5.4. Newsletter Subscription

  • Purpose: Marketing communications, updates on new products, promotions.
  • Legal Basis: Consent (GDPR Article 6(1)(a)).
  • Processed Data: Name, email address.
  • Note: Users can unsubscribe at any time using the link in the newsletter or by contacting the Data Controller directly.

5.5. Cookies

  • Purpose: Ensuring website functionality, improving user experience, analyzing website traffic, marketing purposes.
  • Legal Basis:
    Consent (GDPR Article 6(1)(a)) for non-essential cookies.
    Legitimate interest or contractual necessity (GDPR Article 6(1)(f) or (b)) for essential cookies.

6. Data Retention

  • Electronic Storage: Secure servers, password protection, and security measures.
  • Paper Storage (if applicable): Stored in a locked location.
  • Retention Period: As required by law or until the purpose of data processing is fulfilled. Data is then deleted or anonymized.

7. Data Subject Rights

  • Right to Information: Data subjects have the right to request information about how their data is processed.
  • Right to Rectification: If data is incorrect or incomplete, data subjects may request correction.
  • Right to Erasure: Data subjects can request deletion of their personal data.
  • Right to Data Portability: Data subjects can request a copy of their data in a structured format.
  • Right to Object: Data subjects may object to processing based on legitimate interest.

8. Data Security Measures

  • Multi-level access control.
  • Regular security updates and backups.
  • Firewalls and antivirus protection.

9. Data Breach Management

  • Notification to authorities within 72 hours (if required).
  • Notification to affected data subjects if high risk is involved.

10. Data Processors and Third Parties

10.1. Hosting Provider

  • Name: ITACWT Limited
  • Address: 3 Cruise Park Rise, Tyrrelstown, Dublin 15, Ireland
  • Email: aurelien@systeme.io
  • Website: https://systeme.io/
  • Phone: +353 87 202 4901
  • Role: Website hosting and maintenance.

11. Contact Information for Complaints

  • Supervisory Authority: National Authority for Data Protection and Freedom of Information (NAIH)
  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Phone: +36 (1) 391-1400
  • Email: ugyfelszolgalat@naih.hu

12. Legal Basis for Data Processing

  • GDPR (EU Regulation 2016/679)
  • Hungarian Data Protection Laws

For further details, please contact the Data Controller.