PRIVACY POLICY
Szabó Bat Kft., as a data controller, is governed by the General Data Protection Regulation (Regulation 2016/679 of the European Council and Parliament (EU), General Data Protection Regulation) regarding the data management activities concerning the personal data of the users of the website www.szabobat.hu (hereinafter: Website) , i.e. GDPR, hereinafter: Regulation), publishes this data management information sheet in order to inform the data subjects in advance and facilitate the exercise of their rights.
THE DATA CONTROLLER
The data controller operating the www.szabobat website:
Company name: Szabó Bat Kft.
Headquarters: 6800 Hódmezővásárhely Vörösmarty utca 57/A
Company registration number: 06-09-025011
Tax number: 26643702-2-06
Phone number: +36 70 430 6415
Email address: szabobat@gmail.com
Website: www.szabobat.hu
Representative: Managing Director Sándor Szabó
(hereinafter Data Manager)
DATA MANAGEMENT ACTIVITIES
1. Data management activity on the Website
During the operation of the Website, the Data Controller collects, records and stores personal data for the following purposes:
a) Request received from a user
On the Website, you can send a message to the Website operator by entering your email address and name
Legal basis for data management: the consent of the data subject
Personal data processed: name, email address
2. DATA PROCESSORS
The data processors are the contracted partners who cooperate with the Data Controller during the provision of the service. In order to operate the Website, the following data processors manage personal data on behalf of the Data Controller:
a) Technical operation of the Website
The hosting service provider handles the personal data provided on the website to the extent absolutely necessary for the operation of the Website, the legal basis for this is: legitimate interest and ensuring the uninterrupted provision of services available on the Website, fulfilling the relevant contractual obligation.
The hosting provider handles data in accordance with the provisions of the EU-US Privacy Shield Framework. The detailed data management information can be found here: https://wix.com/about/privacy
Data of the hosting provider:
Company name: Wix Online Platforms Limited
Registered Office: 1 Grant's Row, Dublin 2 D02HX96, Ireland
Email: privacy@wix.com
b) Cookies
The website is called uses "cookies", i.e. places a small data package on the computer of the persons concerned and reads it back during the subsequent visit. With the help of "cookies", you get anonymized and aggregated technical information, but the data subject cannot be individually identified based on this.
The Website also uses Google Analytics. Google Analytics uses cookies stored on users' computers to analyze user interactions on the website. Analytical cookies are anonymized and aggregated data, on the basis of which it is difficult to identify the computer, but it cannot be ruled out.
Analytical information collected by Google Analytics cookies is transferred to and stored on Google's servers. Google processes this information on behalf of the Data Controller in order to evaluate users' visiting habits, compile reports on the frequency of use of the Website, and provide additional services related to use to the Website operator. In the context of the Google Analytics application - Google does not connect the IP address transmitted via the browser with other data.
Purpose of data management: Identification of user sessions, storage of data entered during them, prevention of data loss, web analytics measurements, improvement of user experience.
Legal basis for data management: Consent of the data subject. If the website is used without changing the settings, or if the "Accept" button is clicked, the user accepts the use of cookies. Information on changing cookie settings can be found at the following links:
Delete, enable and manage cookies in Chrome
Enable and disable cookies in Mozilla Firefox
Enable and disable cookies in Internet Explorer
Managed personal data: The time of use during the activity and the behavior of the device as personal data.
3. Data transfer
During the use of the Website, the Data Controller handles the data subject's personal data exclusively in accordance with this data management information, and may forward them to the persons named in the data management information. They are not considered data processors, because they are entitled to dispose of the data independently, and as an independent data controller, their own data management information and rules apply to this procedure.
The Website does not transfer personal data to third parties.
4. Duration of data management
The Data Controller processes personal data exclusively for the realization of the above goals and only for the time necessary for this. After that, it deletes them securely.
The duration depends on the purpose and legal basis for which you process the data. In general, the data is processed in order to provide the service, so until this is realized, at the latest until the termination of the contract. The Data Controller may deviate from this if data management is necessary for other purposes.
- In case of fulfillment of a legal obligation, data management within the period prescribed by law is mandatory for the Data Controller:
o Invoicing, accounting - for 8 years after the termination of the contract
o Customer complaint management – 5 years
o Contact – 5 years
- In the case of data management based on legitimate interest, the Data Controller manages the data as long as the legitimate interest exists and, based on this, the data management purpose is achieved. If the data subject successfully objects to the data processing, then until the objection.
- Based on consent: the data subject is entitled to withdraw consent at any time.
- the data collected with cookies is processed until consent is revoked, but for a maximum of 5 years.
INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED, AND POSSIBILITIES OF CLAIMS
1. Access to the current data management information
The Data Controller makes this data protection information continuously available on the Website, and informs registered users of its modification in a pop-up window upon first login after the modification. During the registration/conclusion of certain contracts, it draws the user's attention to the purpose of data management, the possibility and method of withdrawing consent in the case of data managed on the basis of consent, and ensures that the user can familiarize himself with the content of the data management information before giving the relevant consent to the processing of personal data.
2. Information on first contact
If the Data Controller did not receive the data subject's personal data directly from the data subject, it will inform the data subject of the method of personal data management during the first contact.
3. Access
At any time, the data subject can request information on whether his personal data is being processed by contacting the Data Controller, and if so, he can request the following information:
a) the purposes of data management,
b) categories of personal data concerned,
c) recipients to whom your personal data has been disclosed or will be disclosed,
d) the planned period of storage of your personal data,
e) information about your rights to correct, delete or limit the processing of personal data and to object to the processing of such personal data
f) on the right to submit a complaint,
g) about the importance of automated decision-making based on personal data (including profiling) to the applied logic, data management, and the expected consequences for the data subject.
The Data Controller shall provide the information without undue delay, at most within one month of receipt of the request.
4. Correction
If the personal data managed by the Data Controller does not correspond to the reality, and if the personal data corresponding to the reality is not available, and the data subject sends it to the Data Controller, then he is obliged to correct the data.
5. Delete
The processed personal data will be deleted by the Data Controller if
a) its handling is illegal;
b) the data subject withdraws his consent to data processing and there is no other legal basis for data processing;
c) the data subject objects to data processing
d) data management is no longer necessary for the purpose for which it was collected;
e) personal data must be deleted for the sake of legal obligations.
6. Restriction
In the following cases, the data subject may request the restriction of data processing:
a) if you dispute the accuracy of the processed personal data (for the duration of the data verification);
b) if the data management is illegal and you do not request the deletion of personal data;
c) if the processing of the data is not necessary, but the data is required in order to present, enforce or protect its legal claims;
d) if you object to data processing (until it is examined);
In case of restriction of data management, the Data Controller does not process the given personal data (except for storage).
7. Protest
The data subject may object to the processing of his personal data if he considers that the Data Controller uses his data for the purpose of direct business acquisition, public opinion polls or scientific research or forwards it to others for such purposes.
The Data Controller will examine your objection as soon as possible, but no later than 15 days after its delivery, and inform you of the result in writing.
8. Complaint
If he considers the data processing to be harmful to him, the data subject may submit a complaint to the National Data Protection and Information Authority.
9. Compensation, compensation
If the Data Controller causes damage by unlawful handling of the data subject's personal data or unsafe handling of the data, then the data subject or the person suffering the damage has the right to enforce it against the Data Controller. And if the infringement would involve the personal rights of the data subject, the data subject is entitled to assert compensation for damages. The Data Controller is not obligated to pay damages or damages, if the damage was demonstrably caused by an irreparable external cause outside the scope of data management, or if the damage results from intentional or grossly negligent behavior of the data subject.
10. Find us!
If the data subject considers that the Data Controller is not acting lawfully when processing his personal data, he should first, if possible, communicate his comments or requests to the Data Controller via one of the indicated contact details in order to process and manage the comments as quickly and efficiently as possible.
11. National Data Protection and Freedom of Information Authority
In case of illegal data processing, you have the right to initiate a complaint with the NAIH.
NAIH contact details:
website: http://www.naih.hu/
address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
postal address: 1530 Budapest, Pf.: 5.
electronic correspondence address (e-mail): ugyfelszolgalat@naih.hu
12. Appeal to court
The person concerned is also entitled to enforce his claim in court. The competent court has jurisdiction over the lawsuit.
CONCEPTS
1. data subject: any natural person identified or - directly or indirectly - identified on the basis of personal data;
2. personal data: data that can be associated with the data subject - in particular his name, identification mark, and one or more pieces of information characteristic of his physical, physiological, mental, economic, cultural or social identity - as well as the conclusion about the data subject that can be drawn from the data;
3. special data:
1. personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other worldview beliefs, interest-representation organization membership, sexual life,
2. personal data relating to health status, pathological addiction, and criminal personal data;
4. consent: the voluntary and decisive declaration of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations;
5. objection: the statement of the data subject objecting to the handling of his personal data and requesting the termination of the data processing or the deletion of the processed data;
6. data controller: the natural or legal person or organization without legal personality - in this case the Data Controller - who independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the device used) , or with the data processor commissioned by him;
7. data management: regardless of the procedure used, any operation performed on the data or the set of operations, including in particular the collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction , as well as preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person;
8. data transfer: making the data available to a specific third party;
9. data deletion: rendering the data unrecognizable in such a way that their recovery is no longer possible;
10. data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
11. third party: a natural or legal person or an organization without legal personality who is not the same as the data subject or the data controller
12. data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage
Dated: Budapest, November 29, 2022.