PRIVACY POLICY
1. Name of controller
Name of data controller: Balázs Tóth sole proprietor
Controller Registration Number: 50041655
Office of the Data Controller: 1025 Budapest, Búzavirág u. 9th
Data management representative: Balázs Tóth
2. Data management rules
This Privacy Policy is effective from December 15, 2017 until revocation.
The conceptual system of these regulations is the same as in Infotv. § 3. Therefore:
data subject: any natural person identified or identified, directly or indirectly, on the basis of personal data;
personal data: data which can be related to the data subject, in particular the data subject's name, an identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusions that can be drawn from the data;
consent: a voluntary and determined expression of the will of the data subject, based on appropriate information and giving his / her unambiguous consent to the processing of personal data concerning him / her, either fully or individually;
Data Controller: any natural or legal person, or any entity without legal personality, who alone or jointly with others determines the purpose of the processing of data, makes and implements the data management (including the device used), or executes with the data processor;
data management: any operation or combination of operations, in particular the collection, recording, recording, filing, filing, storing, altering, using, querying, transmitting, publishing, coordinating or linking, blocking, deleting and destruction of data, irrespective of the procedure used, and preventing further use of the data, taking photographs, sound or images and recording physical characteristics (eg fingerprints, palmprints, DNA samples, iris images) of the person;
data transfer: making data available to a specific third party;
data processing: performing technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
data processor: any natural or legal person, or any entity without legal personality, who carries out the processing of data under a contract, including a contract under a legal provision.
privacy incident: the unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction or damage.
Personal data may only be processed for the purpose of exercising a right or fulfilling an obligation. The use of personal data managed by the Data Controller for private purposes is prohibited. Data management must always comply with the purpose limitation principle.
The legal basis for data processing is, in principle, the consent of the data subject and, in the case of certain data processing (such as personal data on an account), a legal provision.
The Data Controller informs the Data Subject at the time of data collection that the Data Management Policy governs the processing of its data. The Data Controller shall make the Code continuously available on its website.
Acceptance of the Privacy Policy (ticked in the appropriate checkbox) proves that you are aware of the Privacy Policy and that it constitutes a data management consent.
The Data Controller shall process personal data only for the specified purpose, for the exercise of the right and for the fulfillment of the obligation, with the prior consent of the data subject, or to the minimum and for the time necessary to achieve the purpose. Data processing must be fit for purpose at all stages of the process - and if the purpose of data processing has ceased to exist or the processing of the data is otherwise unlawful, the data will be deleted.
In all cases the Data Controller shall inform the data subject of the purpose of the data management and the legal basis of the data management before recording the data.
Employees of data processing at the Data Controller and employees of any organization involved in the processing of data on behalf of the Data Controller are obliged to keep the personal data they have become aware of as business secrets.
If a person subject to the Policy becomes aware that personal data processed by the Data Controller are incorrect, incomplete or out of date, they shall correct or initiate such rectification with the person responsible for recording the data.
The data protection obligations of natural or legal persons or entities without legal personality who carry out data processing activities on behalf of the Data Controller are contained in the agency contract with the data processor.
In the course of their work, the employees of the Data Controller shall ensure that unauthorized persons cannot access personal data, and that the storage and placement of personal data shall be designed in such a way that they cannot be accessed, known, altered or destroyed by unauthorized persons.
3. Enforcing stakeholder rights
The data subject may request information about the processing of his or her personal data, as well as the rectification or deletion of his or her personal data, except for data processing required by law, at info@tb-photo.hu.
3.1. Right to information
At the request of the data subject, the Data Controller shall provide information on the data processed by the data controller or processed by the data controller, its source, purpose, legal basis, duration, name, address and data processing activity of the data controller. , its effects and the measures taken to rectify it, as well as the legal basis and the recipient of the communication.
The Data Controller shall respond in writing to the request of the data subject regarding the handling of the personal data of the data subject in writing, in a clear and comprehensible manner, within 15 days from the submission of the request.
The information covers the Infotv. 15 (1), if the information of the data subject cannot be refused by law.
The information is, as a rule, free of charge; 15 (5).
The Data Manager's request shall be made only by the Infotv. (1) or § 19 of the Infotv. Article 16 (2) shall be in writing.
Inaccurate data will be corrected by the data controller, if the necessary data and authentic instruments proving them are available, Infotv. In the case of the reasons specified in Section 17 para.
3.2. Right to protest
The data subject may object to the processing of their personal data,
unless the processing or transfer of personal data is necessary for the sole purpose of fulfilling a legal obligation to which the controller is subject or for the fulfillment of a legitimate interest of the controller, the recipient or a third party, except in the case of mandatory processing;
when personal data is used or transmitted for direct marketing, opinion polling or scientific research; as well as
in other cases specified by law.
The Data Controller shall investigate the objection as soon as possible after filing the application, but not more than 25 days, and shall make a decision on the merits of the objection and inform the applicant in writing of its decision.
If the objection is well founded, the Data Controller shall terminate the data processing and lock the data, and shall inform all persons to whom the personal data related to the objection have previously been transmitted and who shall take steps to enforce the right of objection.
If the data subject does not agree with the decision on the objection, or the Data Manager fails to comply with the deadline, the data subject shall, within 30 days of the communication of the decision or the last day of the deadline, inform Infotv. He may apply to the courts as set out in Article 22.
If the protest is justified, the data controller shall inform Infotv. Section 21 para.
3.3. lock
The Data Controller shall block personal data if the data subject so requests or if the information available to him / her indicates that deletion would harm the data subject's legitimate interests. Locked-in personal data may only be processed for as long as there is a purpose for which the personal data have been excluded.
3.4. Deletion
The Data Controller deletes personal data if its processing is unlawful, the data subject requests it, the data being processed is incomplete or erroneous - and this condition cannot be legally remedied - unless the deletion is prohibited by law, the purpose of data processing is terminated or has expired and has been ordered by a court or National Data Protection and Freedom of Information Authority.
The Data Controller has 25 days to delete, block or rectify the personal data. The Data Controller shall inform the data subject of the measures taken and anyone to whom the data have previously been transmitted for data management purposes.
The Data Controller shall also indemnify for damages caused to others due to unlawful processing of data of the data subject or breach of data security requirements, or damages for personal injury caused by him or her or its data processor. The controller shall be exempt from liability for damages and payment of damages if he proves that the damage or the violation of the privacy of the data subject was caused by an unavoidable cause outside the scope of the data management. Likewise, it does not compensate for damage if it was the result of intentional or grossly negligent behavior on the part of the injured party.
The data subject may lodge a complaint with the Data Controller with the NAIH regarding:
Name: National Privacy and Freedom of Information Authority
seat: 1024 Budapest, Szilágyi Erzsébet fasor 22 / C.
Website: www.naih.hu
The data subject may, if he or she so chooses, pursue his or her claim through the courts. The court has jurisdiction to hear and determine the lawsuit. At the choice of the data subject, the case may also be brought before the court in the place where the data subject is domiciled or habitually resident.
4. Data management during the use of the Data Controller's Website
Place of data management:
1085 Budapest, József krt. 65th
tb-photo.hu
4.1. Data management of the website
The Data Controller website runs software for analyzing website traffic data. However, the software is an Infotv. does not process any personal information in accordance with its terms and conditions, but records visits. Information on the visitors of the Data Controller's website is automatically generated: the Internet Protocol (IP) address of the visitor, the time of the visit, the data of the pages visited, the name of the browser used.
Because the National Data Protection and Freedom of Information Authority and its internationally accepted practice, an IP address may even become relative personal information, the Data Controller protects any data that comes to its knowledge when managing this website, subject to the protection of personal data under this policy.
The Data Controller therefore informs its visitors about the collection of data by publishing these rules on its website.
The legal basis for this data processing is the consent of the data subject [Infotv. Sections 5 (1) (a) and 6 (6)], according to which "at the request of the data subject, the consent of the data subject shall be presumed in respect of any personal data supplied by him".
Purpose of data management: investigation of website visitation habits
scope of data handled: visitor's Internet Protocol (IP) address, time of visit, page views, browser name used
legal basis for data management: Infotv. 5 (1) a) of the data subject's consent.
data storage deadline: one year after data collection
data storage method: electronic
4.2. relationship
The Data Controller website has the possibility for the visitor to contact. By filling out the form, the visitor will enter relevant information to contact. However, the data subject will only be able to submit the data if he / she accepts the Data Controller Privacy Policy by checking a box, otherwise he / she will not be able to complete the registration.
Purpose of data management: contact, messaging
scope of data managed: name, e-mail address, telephone number of the data subject
legal basis for data management: Infotv. Stakeholder contribution pursuant to Section 5 (1) a)
deadline for data storage: until termination of the Data Controller or deletion at the request of the data subject
data storage method: electronic
4. 3. Newsletter-related data management
The Data Controller sends a newsletter upon the request of the data subject, so only those who have registered for this service on the Data Controller's website or personally consented to sending the newsletter receive the newsletter. If the subscriber can sign up for the newsletter on the website, you must agree to the privacy policy at the place of subscription. You can do this with a check box.
The Data Manager analyzes the data and user habits of the interested parties
in order to personalize your and your business partner's ads
users at the contact details they provide
The Data Controller provides you with the option to unsubscribe at the bottom of each newsletter.
data management registration number:
Purpose of data management: to inform stakeholders about the most important news of the Data Controller
scope of data managed: name, email address of data subject
legal basis for data management: Infotv. 5 (1) (a), the Eker. TV. 13 / A. And
GRT. Section 6 (5)
data storage deadline: until the end of the newsletter service, but if the data subject requests to delete his / her data (unsubscribe from the newsletter), immediately after his / her request for deletion
data storage method: electronic
5. Data management during Data Controller operation
Place of data management:
1085 Budapest, József krt. 65th
5.1. Customer records and customer data management
Customers 'and partners' data is recorded in the Data Controller's unique system. Clients' data that is essential for the conclusion of the contract is recorded. Considering that the Data Controller's activity is portrait photography, the Data Controller also stores and manages the photographs of the clients as stakeholders as personal data. Photographs shall be deleted at the request of the data subject.
Purpose of data management: keeping in touch with customers and partners to fulfill their ordering needs.
scope of data managed: customer's name, e-mail address, phone number, home address, image
legal basis for data management: Infotv. Article 5 (1) (a), and Article 169 (2) of Act C of 2000 on Accounting (Accounting Act)
data storage deadline: until deleted at the request of the data subject; TV. Article 169 (2), eight years
data storage method: electronic
The data processors that may be involved in data management are included in these Rules.
6. Data Processor
The Data Controller shall use the following data processor for the purely technical purposes of processing personal data:
data processor name: Wix.com Luxembourg S.a.r.l
Address: 5, rue Guillaume Kroll, L-1882 Luxembourg
purpose of data processing: hosting provider
The Data Processor shall carry out the data management according to the instructions of the Data Controller, shall not make any substantive decision concerning the data management, may process the personal data of which it becomes aware only in accordance with the Data Controller's regulations;
Changing the Declaration
The Data Controller reserves the right to modify this statement. If the change concerns the use of the personal data provided by the data subject, he or she shall inform the user by e-mail of the changes. If the details of the data processing change as a result of the modification of the statement, the Data Controller shall specifically request the data subject's consent.
Issues not specified in these Rules
In matters not specified in these Rules, Infotv. its rules shall prevail.