PRIVACY POLICY

Annex nr. 6.

PRIVACY POLICY

on processing of personal data by the Controller at an Internet website 

CONTROLLER

Company name:

BL NONPROFIT KORLÁTOLT FELELŐSSÉGŰ TÁRSASÁG

Registered seat:

1067 BUDAPEST, EÖTVÖS U. 24. I. EM. 16.

Company registration nr.:

01-09-947934

Taxation ID:

22990600-2-42

Represented by:

ARANY BENCE, MANAGING DIRECTOR

Telephone number:

+36 1 332-5305

E-mail:

[email protected]

 

  1. Legal regulation regarding the processing of personal data

 

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as: Regulation, or GDPR)[1], and
  • Act CXII. of 2011 on the Freedom of Information (hereinafter referred to as: )[2]
  1. The purpose of this Policy
  • This Policy refers to the processing of personal data provided by or collected from the natural persons (hereinafter referred to as: users) when using the website www.hungarianreview.com (hereinafter referred to as: website); please read through thoroughly.
  • This Policy is applicable together with the General Privacy Policy that is attached to this Policy as an annex and aims to fulfil the respective privacy-related legal regulation and to keep the users of the website as fully informed as possible.
  • Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  1. Acknowledgement of this Policy and the General Privacy Policy
  • By using the website – either with or without registration – the users acknowledge and grant their consent to the content of this Policy and the General Privacy Policy. The users’ privacy-related rights are included in detail in the General Privacy Policy.
  • Users are entitled to withdraw their consent anytime. Withdrawal of consent shall not affect the legality of the consent-based data processing prior to the withdrawal. Users may withdraw their consent either by sending a relative statement to the abovementioned email address of the Controller or by ticking the respective checkbox or by deleting their registration. Data regarding and proving the withdrawal of consent shall be recorded and stored in order to fulfil the lawful interests and legal obligations of the Controller for the necessary term.
  • In case the personal data is obtained upon the consent of the data subject then, unless regulated otherwise by the competent law, the Controller is entitled to process this data in order to fulfil the legal obligations of the controller even without further consent of the data subject or after such consent is withdrawn.
  1. Granting consent by the user
  • We hereby draw the attention of the users that the following acts / activities shall qualify as granting their consent to the data processing by the user with regard to the data processing according to article 6 of this Policy:
  1. if the user uses the website without registration: the use of the website
  2. if the user uses the website with registration: registration to the website
  3. if the user subscribes to the newsletter: ticking the respective checkbox at the website
  4. in all other cases: giving explicit consent – in writing, by ticking a checkbox or by other method which is verifiable afterwards.
  • We hereby draw the attention of the users that processing the personal data of minor users under 16 years is only legal if the consent to the data processing is granted or confirmed by the legal representative of the minor. The confirming statement of the legal representative of minors must be sent to the abovementioned email address of the controller.
  1. Legal basis for the data processing
  • The processing of the personal data is legal only if at least one of the following conditions apply:
  1. Regulation Article 6. a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Regulation Article 6. b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Regulation Article 6. c): processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Regulation Article 6. d): processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. Regulation Article 6. e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. Regulation Article 6. f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  1. User activities giving reason for processing personal data

(A) Using the website (with or without registration)

Data subject

user

processed data

IP address, time of visiting the website

purpose of the data processing

online content services, securing the using of the website, securing the unviolated operation of the website, making the services of the website available, statistics   

legal basis of the data processing

Regulation art 6. a) – user’s consent

Regulation Art  6. f) – Controller’s lawful interest

recipient (who the data is provided to)

Controller, Processor, ININET Kft., Google Inc. Google Analytics

term of storing the data

data suitable for unique identification are not stored.

(B) Registration at the website

Data subject

registered user

Processed data

name, email address, password

Purpose of data processing

identifying the user, checking the entitlement of the user to access the website, online content services, securing the use of the website, making available the full scope of services of the website

Legal basis of data processing

Regulation art 6. a) – user’s consent

Recipient (who the data is provided to)

Controller, Processor: ININET Kft.

Term of storing the data

term of the registration / service or until the withdrawal of consent by the data subject

(C) Subscription to the newsletter  (condition precedent: registration and granting consent)

Data subject

users who subscribe to the newsletter

Processed data

name, email address, password

Purpose of data processing

informing the user about the products and services of the controller, sending ad materials, sending direct marketing proposals in case of a separate consent by the user

Legal basis of data processing

Regulation art 6. a) – user’s consent

Recipient (who the data is provided to)

Controller, Processor: ININET Kft.

Term of storing the data

until the newsletter service exists, or until the user unsubscribes or until the withdrawal of consent by the data subject

(D) Subscription through the website (condition precedent: registration)

Data subject

subscribing user

Processed data

name, email address, telephone number, password, address for services, subscribed product (consignment), invoicing address, data required for the payment system of Stripe

Purpose of data processing

entering into the contract for the service chosen by the user regarding the product which may be ordered at the website, and the fulfilment of the related sub-tasks (e.g. delivery); fulfilment of the legal obligations related to selling the product (e.g. invoicing)

Legal basis of data processing

Regulation Art 6. a) – user’s consent

Regulation Art 6. b) –  entering into and fulfilling contracts

Regulation Art  6. c) – fulfilment of legal obligation

Recipient (who the data is provided to)

Controller, Processor: Stripe Inc., WEBSHIPPY Magyarország Kft., Szamlazz.hu

Term of storing the data

8 years from the termination of the subscription; accounting records must be stored for 8 years

(E) Registration for prize competition, drawing lots (condition precedent: registration)

Data subject

user who registers for prize competition, or drawing lot

Processed data

name, email address, password, address for services, telephone number, name of prize competition / drawing lot

Purpose of data processing

identification of the user who registered for the prize competition/drawing lot, ensuring the participation of the registered user at the prize competition / drawing lot, delivery of the possible prize, coordination of delivery, compliance with the respective accounting regulation.

Legal basis of data processing

Regulation Art 6. a) – user’s consent

Regulation Art 6. b) –  entering into and fulfilling contracts

Regulation Art  6. c) – fulfilment of legal obligation

Recipient (who the data is provided to)

Controller, Processor: WEBSHIPPY Magyarország Kft.

Term of storing the data

the Controller stores the data of the data subjects for 30 days after the prize competition / drawing lot is finished, the data of the winners must be stored for 8 years in accordance with the accounting regulation

(F) Communication

Data subject

user or any other third person

Processed data

name, email address (contact address in case of remarks filed in in writing via postal service), other essential data required for answering the remark

Purpose of data processing

communication in order to answer any questions or remarks sent to the controller which do not qualify as complaint

Legal basis of data processing

Regulation Art 6. a) – user’s consent

Recipient (who the data is provided to)

Controller

Term of storing the data

30 days from answering the remark or question and closing the case (unless longer storing is necessary with regard to the controller’s lawful interests – e.g. management of complaints)

(G) Management of complaints

Data subject

complainant user or third person

Processed data

name, email address, (contact address in case of complaints filed in in writing via postal service)

Purpose of data processing

management of complaints, identification of the data subject user or third person, communication, lawful management of the complaint, verification of  compliance with the respective legal regulation

Legal basis of data processing

Regulation art 6. a) – user’s consent

Regulation Art  6. f) – Controller’s lawful interest

Recipient (who the data is provided to)

Controller

Term of storing the data

30 days from answering the complaint and closing the case (unless longer storing is necessary with regard to the controller’s lawful interests – e.g. review procedures)

We hereby draw the attention of our users that some of our activities may result in data procession for more than one purposes which is in compliance with the Regulation because the separate consent of the users regarding the multi-purpose data processing is secured. [3].

  1. Data processors

Detailed data of the data processors mentioned in article 6 (a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller)are the following:

  • Hosting service provider: ININET Kft. (1063 Budapest, Szinyei Merse utca 10.; company reg.nr.: 01-09-970252; taxation ID: 23537646-2-42.; https://www.ininet.hu/; [email protected]; scope of transferred data:
    • IP address of the user;
    • time of visiting the website;
    • all data filled in at the website and forms is archived on a central data storage (name, password, email address, postal address, telephone number)
  • making visit-based statistics: Google Inc. Google Analytics (18 Lower Leeson Street, Dublin 2, DO2 HE97, Rep. of Ireland) (http://analytics.google.com):
  • IP address of the user;
  • time of visiting the website
  • Simplepay payment system: OTP Mobil Kft. (1143 Budapest, Hungária krt. 17-19.; company reg.nr: 01-09-174466; 24386106-242; [email protected]; http://simplepay.hu/vasarlo-aff) scope of transferred data:
    • gross cumulated fee of the services;
    • user’s name
    • user’s address (postal code, city, street name, street number);
    • user’s email address;
    • user’s telephone number (in case the user provided this data during or prior to the purchase);
  • delivery: WEBSHIPPY Magyarország Kft. (1044 Budapest, Ezred utca 2. B2 ép. 13.; company reg.nr: 01-09-282775; taxation ID: 25569421-2-41; https://webshippy.com; ) scope of transferred data:
    • user’s name;
    • user’s address (postal code, city, street name, street number);
  • accounting software KBOSS.hu Kft., (1031 Budapest, Záhony utca 7/C.; company reg.nr.: 01-09-303201; taxation ID: 13421739-2-41., https://www.szamlazz.hu/) Scope of transferred data:
    • user’s name;
    • user’s address (postal code, city, street name, street number);
    • e-mail address.

Annex: General Privacy Policy

[1] https://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32016R0679#d1e1858-1-1

[2] https://net.jogtar.hu/jogszabaly?docid=a1100112.tv

[3] Például nem lehetséges a honlapon történő regisztráció a honlap használata nélkül, így a regisztrációhoz feltétlenül szükséges a 6. (A) pont szerinti adatkezeléshez történő hozzájárulás. Másik példa az az eset, ha a felhasználó a honlapon keresztül kíván előfizetni egy termékre, melyhez a honlap használata és regisztráció szükséges, így az előfizetéshez a 6. (A), (B) és (C) pont szerinti adatkezeléshez való hozzájárulás szükséges