CITYBUDDHA ÉS ELEMENTSFLOW
Privacy Policy
Introduction
The service provider / data controller manages the data of the persons registered on the website / email / application form during the operation of the website and program application in order to provide them with a suitable service.
The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Notice is based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals’ personal data and the free movement of data, taking into account of the content of Annex CXII. of 2011 on the right to information self-determination and freedom of information.
Name of service provider, data controller:
Company name: Citybuddha Bt.
Headquarters: 6331 Foktő Duna utca 16.
Tax number: 21880766-1-13.
Contact details of the data controller:
Company name: Citybuddha Bt.
Headquarters: 6331 Foktő Duna str. 16.
Mailing address: 6331 Foktő Duna str. 16.
E-mail: info@citybuddha.hu
Tel: + 36 30 346 3245
Definitions
- GDPR (General Data Protection Regulation): regulation in EU law on data protection
- handling data: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- data processor: a natural or legal person, public authority, agency or any other institution that processes personal data on behalf of the controller;
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- data contoller: the natural or legal person, public authority, agency or any other institution which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;
- the consent of the data subject: a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
- a personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- recipient: a natural or legal person, public authority, agency or any other institution to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- third party: a natural or legal person, public authority, agency or any other institution other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Principles of data management
The data controller declares that it will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable laws, in particular with the following:
The processing of personal data shall be lawful, fair and transparent for the data subject.
The collection of personal data must be carried out for specified, explicit and legitimate purposes.
The purposes for which personal data are processed must be adequate, relevant and limited to what is essential.
Personal data must be accurate and kept up to date. Inaccurate personal data must be removed without delay.
Personal data must be stored in a form which permits identification of data subjects for no longer than it is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by appropriate technical or organisational measures.
The principles of data protection shall be applied to any information relating to an identified or identifiable natural person.
Important information regarding data management
The purpose of data processing is to enable the service provider / data controller to provide additional services to the persons registered on the website.
The legal basis for the processing is the consent of the data subject.
The data subjects affected by the processing are the registered users of the website.
Duration of processing and removal of data
The duration of the processing will always depend on the specific purpose of the user, but the data must be deleted immediately once the original purpose has been achieved. The data subject may withdraw his or her consent to the processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to the deletion, the data of the user will be deleted.
The data controller and its employees are entitled to access the data.
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data and the data subject’s right to data portability.
The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
The data subject may exercise the right to lodge a complaint with the supervisory authority.
Should the data subject wishes to benefit from the advantages of registration, i.e. to use the services of the website in this respect, he or she must provide the requested personal data. The data subject is not obliged to provide personal data and will not suffer any disadvantage if he/she does not provide such data. However, it is not possible to use certain functions of the website without registration.
The data subject shall have the right to obtain, upon request and without undue delay, the rectification or integration by the controller of inaccurate personal data relating to the data subject.
The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the erasure of inaccurate personal data relating to him or her and the controller shall be obliged to erase personal data relating to the data subject without undue delay, unless there is another legal basis for the processing.
The data subject may request the modification or deletion of the personal data by e-mail, telephone or letter using the contact details provided above.
Cookies (cookies)
Cookies are placed on the user’s computer by the websites visited and contain information such as site settings or login status.
Cookies are therefore small files created by the websites visited. They improve the user experience by saving browsing data. Cookies help the website remember the site settings and offer locally relevant content.
A small file (cookie) is sent by the provider’s website to the computer of the website visitor in order to establish the fact and time of the visit. The provider informs the website visitor of this.
The data subjects concerned are the visitors of the website and the events.
The purpose of data processing is to provide additional services, identification and tracking of visitors.
Legal basis for data processing. The consent of the user is not required if the use of cookies is strictly necessary for the provider.
Scope of data: unique identifier, time, preferences.
The user has the possibility to delete cookies from the browsers at any time in the Settings menu.
The data can be accessed by the data controller. By using cookies, no personal data is processed by the data controller.
The data are stored electronically.
Social media
A social media site is a media tool where the message is spread through users. Social media uses the Internet and online publishing to transform users from content contributors to content editors.
Social media is the interface of web applications that hosts user-generated content, such as Facebook, Instagram
Social media may be the platform of public speeches, presentations, demonstrations, description products or services.
Social media information can take the form of forums, blog posts, content of images, video, audio, timeline, email messages, etc.
As mentioned above, the scope of the data processed may include, in addition to personal data, the public profile picture of the user.
Data subjects: all registered users.
The purpose of data collection is to promote the website or a related website.
The legal basis for data processing is the voluntary consent of the data subject.
Duration of data processing: in accordance with the regulations of the site that are available to read.
Deadline for deletion of data: in accordance with the regulations of the site that are available to read.
Persons entitled to access the data: in accordance with the reluations available to read on the relevant site.
Rights in relation to data processing: in accordance with the reluations available to read on the relevant site.
Method of storage of data: electronic.
It is important to note that when a user uploads or submits personal data, he or she grants the operator of the social networking site worldwide a valid authorisation to store and use such content. Therefore, it is very important to make sure that the user has full authority to disclose the information posted.
Google Analytics
Our website □ uses Google Analytics □ does not use Google Analytics
Should you use Google Analytics:
Google Analytics uses internal cookies to compile reports for its customers on the habits of website users.
Google uses this information on behalf of the website operator to evaluate how users use the website. As an additional service, Google will compile reports on website activity for the website operator so that it can provide additional services.
The data is stored by Google’s servers in encrypted form to make it more difficult and to prevent misuse.
You can disable Google Analytics by following these steps. Quote from the page:
To provide website visitors the ability to prevent their data from being used by Google Analytics, we have developed the Google Analytics opt-out browser add-on for websites using the supported version of Google Analytics JavaScript (analytics.js, gtag.js).
If you want to opt-out, download and install the add-on for your web browser. The Google Analytics opt-out add-on is designed to be compatible with Chrome, Safari, Firefox and Microsoft Edge. In order to function, the opt-out add-on must be able to load and execute properly on your browser. Using the Google Analytics opt-out browser add-on will not prevent site owners from using other tools to measure site analytics. It does not prevent data from being sent to the website itself or in other ways to web analytics services.
Google’s Privacy Policy: https://policies.google.com/privacy?hl=en-US
More detailed information on the use and protection of data can be found at the links above.
Data processors
Hosting provider:
Company name: Deninet Ltd.
Denenetet Ltd.
Phone: +36 1 296-0075
E-mail: info@deninet.hu
The data you provide is stored on the server operated by the hosting provider. The data can only be accessed by our staff or the staff operating the server, but all of them are responsible for the secure handling of the data.
The name of the activity: hosting service, server service.
Purpose of processing: to ensure the functioning of the website.
Data processed: personal data provided by the data subject
Duration of processing and time limit for deletion of data. Data processing until the end of the operation of the website or in accordance with the contractual agreement between the website operator and the hosting service provider. If necessary, the data subject may request the deletion of his or her data by contacting the hosting provider.
The legal basis for processing is the consent of the data subject or processing based on law.
Rights in relation to data processing
Right to request information
You may request information from us, via the contact details provided about the data processed by our company, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.
Right to rectification
You may ask us to correct any of your data using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.
Right to erasure
You may request us to delete your data by contacting us using the contact details provided. At your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.
Right to blocking
You may ask us to block your data using the contact details provided. The blocking shall last as long as the reason you have provided us makes it necessary to store the data. Upon your request, we will do so without delay, but within a maximum of 30 days, by sending you an email to the email address you have provided.
Right to object
You may object to the processing of your personal data using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.
Enforcement possibilities in relation to data processing
Should you experience unlawful processing, please notify us so that we have the ability to reverse the issue within a short period of time. We will do our utmost to resolve the problem in your interest.
If, in your opinion, the lawfulness cannot be restored, you should notify the authority using the contact details below:
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, PO Box 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
URL https://naih.hu
coordinates: N 47°30’56”; E 18°59’57”
Legal basis for data processing
– REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive (EC) No 95/46/EC (General Data Protection Regulation).
– Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
– Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archives
– Government Decree No 335/2005 (XII. 29.) on the common provisions of the document management in public administrative bodies
– Act No CVIII of 2001 on electronic commerce services and information society services.
– Act C of 2003 on electronic communications.