PRIVACY STATEMENT AND PRIVACY POLICY
PRIVACY STATEMENT AND PRIVACY POLICY
FOR VISITORS AND USERS OF THE www.balaton-parti.hu WEBSITE
- INTRODUCTION
The operator of www.balaton-parti.hu- (hereinafter referred to as the Website), Balaton-parti Kft. (hereinafter referred to as the Data Controller), as the Data Controller, hereby publishes this Privacy Statement and Privacy Policy (hereinafter referred to as the Privacy Statement), which describes the principles of data processing that the Data Controller acknowledges as binding. The Controller shall take all measures reasonably necessary to ensure the security of the personal data it processes.
Before using our Website, please read this Privacy Statement, which sets out in clear and plain language how we handle your personal data. In the Privacy Statement, the Data Controller informs the data subjects clearly and in detail about all relevant facts concerning the processing of their data.
The Data Controller processes the data of the persons registered on the website in the course of its operation, in order to provide them with an appropriate service. The Service Provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Statement has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.
NAME OF THE SERVICE PROVIDER, DATA CONTROLLER
Name: Balaton-parti Kft.
Registered office: 8600 Siófok, Petőfi sétány 3.
Website name and address: www.balaton-parti.hu
CONTACT DETAILS OF THE DATA CONTROLLER
Company name: Balaton-parti Kft.
Registered office: 8600 Siófok, Petőfi sétány 3.
Website: https://balaton-parti.hu/
Contact: Ágota Kósz, Managing Director
Phone: +36 84 310 327
E-mail: titkarsag@balaton-parti.hu
- DEFINITIONS OF TERMS
- Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data
- data subject’s consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
- controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law.
- ‘processing’ means any operation or set of operations which is performed upon data, whatever the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of further use, taking of photographs, sound recordings or images and recording of physical characteristics which can be used to identify a person (e.g. fingerprints, palm prints, DNA, iris scans)
- data erasure: rendering data unrecognisable in such a way that it is no longer possible to recover it
- data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- ‘processing’ means the performance of technical tasks related to processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data
- ‘data set’ means the set of data processed in a register
- ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- ’recipient’: a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- ’third party’: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- ’information society service’: a service provided by electronic means to remote users, normally for remuneration, to which the recipient of the service has individual access
- ‘electronic commerce service’ means an information society service for the purpose of the commercial sale, purchase, exchange or other use of movable tangible property, including money and securities, and of natural resources which can be used as property, services, immovable property, rights of pecuniary value (hereinafter together referred to as ‘goods’) which are capable of being acquired.
- ’GDPR’ (General Data Protection Regulation): the European Union’s new Data Protection Regulation;
- RANGE OF USERS
User means both a natural person registered on the Site and a natural person who is not registered but uses the services of the Site and who is identified or can be identified, directly or indirectly, on the basis of any specific personal data.
- DATA PROCESSING POLICY
The data controller declares that it processes personal data in accordance with the provisions of the Privacy Policy and complies with the applicable legislation, in particular with regard to the following:
- The processing of personal data shall be lawful, fair and transparent to the data subject.
- The collection of personal data must be carried out for specified, explicit and legitimate purposes.
- The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.
- Personal data must be accurate and kept up to date. Inaccurate personal data must be deleted without delay.
- Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
- Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by appropriate technical or organisational measures.
- The principles of data protection shall apply to any information relating to an identified or identifiable natural person.
- IMPORTANT DATA PROCESSING INFORMATION
- Purpose of processing: to maintain contact, provide information and additional services.
- Legal basis for processing: consent of the data subject.
- The data subjects concerned by the processing: website registration users (newsletter subscribers, enquiries via forms).
- Duration of data processing and deletion of data: the duration of data processing always depends on the specific purpose of the user, but the data must be deleted immediately once the original purpose has been achieved. The data subject may withdraw his or her consent to the processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to the deletion, your data will be deleted.
- The data may be accessed by: the controller and its employees.
- The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data and the data subject’s right to data portability.
- The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
- The data subject may exercise the right to lodge a complaint with the supervisory authority.
- If the data subject wishes to benefit from the advantages of registration, i.e. to use the services of the website in this respect, he or she must provide the requested personal data. The data subject is not obliged to provide personal data and will not suffer any disadvantage if he or she does not provide such data. However, it is not possible to use certain functions of the website without registration.
- The data subject shall have the right to obtain, upon request and without undue delay, the rectification or integration by the controller of inaccurate personal data relating to him or her.
- The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the erasure of inaccurate personal data relating to him or her and the controller shall be obliged to erase personal data relating to him or her without undue delay, unless there is another legal basis for the processing.
- The amendment or deletion of personal data may be initiated by e-mail, telephone or letter using the contact details provided above.
- FILL IN THE CONTACT FORM ON THE WEBSITE
The Data Controller will use the data collected through the contact form submitted via the website solely for the purpose of contacting you and providing you with information, and will not store the data in a database.
- SENDING NEWSLETTERS
As the operator of this website, we declare that the information and descriptions published by us fully comply with the applicable legal provisions. We also declare that when subscribing to a newsletter, we are not in a position to verify the authenticity of the contact details or to establish whether the details provided relate to an individual or a company. Companies that contact us will be treated as a customer partner.
The purpose of the processing is to send you professional brochures, promotional e-mails, information and newsletters, which you can unsubscribe from at any time without any consequences. You may also unsubscribe without any consequences if your business has ceased to exist, you have left the business or someone has provided us with your contact details.
The legal basis for processing is your consent. Please note that the user may give his/her prior and explicit consent to be contacted by the service provider with promotional offers, information and other mailings to the e-mail address provided at the time of registration. As a consequence, the user may consent to the processing of the necessary personal data by the service provider for this purpose.
Please be informed that if you wish to receive newsletters from us, you are obliged to provide the necessary data. We will not be able to send you a newsletter if you do not provide this information.
The data will be processed until consent is withdrawn. You can withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.
The data will be deleted when you withdraw your consent to the processing. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.
You can also withdraw your consent by following the link in the newsletters sent to you.
The data may be accessed by: the controller and its employees.
Method of storage of data: electronic.
Modification or deletion of data may be requested by e-mail, telephone or letter using the contact details given above.
Data processor used: Örkényi Gábor EV
Scope of data processed | Specific purpose of data processing |
Name | Identification, contact |
Identification, contact | |
Date of subscription | Technical information operation |
IP address | Technical information operation |
Please note that the email address does not need to contain any personal data. For example, it is not necessary that the e-mail address contains your name. You are completely free to choose whether or not to provide an e-mail address that contains information that identifies you. The e-mail address, which is used to contact you, is absolutely necessary to ensure that any newsletter or professional information sent to you is received.
- THE PERSON AUTHORISED TO PROCESS THE DATA
Gábor Örkényi EV 1024 Budapest József Attila utca 25. hereinafter referred to as the Data Processor, as Data Controller. The personal data to be processed may be disclosed to the respective legal representative(s), employees/agents/contractors of the Data Processor. The Processor shall not disclose personal data to third parties, except with the express consent of the data subject.
Hosting service
Magyar Hosting Kft.
1132 Budapest, Victor Hugo utca 18-22.
Tax number: 23495919-2-41
The data you provide is stored on the server operated by the hosting provider. Only our employees and the employees of the server operator have access to the data, but they are all responsible for the secure handling of the data.
The name of the activity: hosting service, server service.
Purpose of processing: to ensure the functioning of the website.
Data processed: personal data provided by the data subject
Duration of processing and time limit for deletion of data: processing until the end of the operation of the website or in accordance with the contractual agreement between the website operator and the hosting provider. If necessary, the data subject may request the deletion of his/her data by contacting the hosting provider.
Legal basis for processing: consent of the data subject or processing based on law.
- DURATION OF DATA PROCESSING
Personal data provided on the basis of the User’s consent shall be processed by the Data Controller until the purpose of the processing is fulfilled or the User’s consent is withdrawn. The Data Controller shall process the personal data provided by the User during registration until the termination of the use of the Website, in particular until the cancellation of the registration.
Unless otherwise provided by law, the Data Controller may process the personal data collected a) for the purpose of fulfilling a legal obligation to which it is subject, or b) for the purpose of asserting a legitimate interest of the Data Controller or a third party, if the assertion of such interest is proportionate to the restriction of the right to the protection of personal data, without further separate consent, and also after the withdrawal of the consent of the data subject.
The Data Controller shall retain and process the personal data provided by the User for the purpose of fulfilling the accounting obligations pursuant to Section 169 of Act C of 2000 for a period of 8 years or within the limitation period set forth in Act XCII of 2003 on the Rules of Taxation.
- TRANSFER OF DATA, LINKING OF DATA
The Data Controller shall not sell, rent or in any way make available personal data or information concerning the User to other companies or individuals.
The Data Controller shall ensure adequate security of the data to the extent that it can be expected to do so, and shall take technical and organisational measures to ensure the enforcement of data protection rules and principles and to promote the security of personal data.
We inform the Honoured Users that the Data Controller will only transfer personal data to a third person or persons with the consent of the data subject.
- COOKIES
Cookies are placed on the user’s computer by the websites visited and contain information such as page settings or login status.
Cookies are therefore small files created by the websites visited. They improve the user experience by saving browsing data. Cookies help the website remember your site settings and offer you locally relevant content.
A small file (cookie) is sent by the provider’s website to the computer of the website visitor in order to establish the fact and time of the visit. The provider informs the website visitor of this.
The data subjects concerned are the visitors of the website.
Purpose of the processing: additional services, identification, tracking of visitors.
Legal basis for processing: the user’s consent is not required if the use of cookies is strictly necessary for the provider.
Data scope: unique identifier, time, preferences.
The user has the possibility to delete cookies from the browsers at any time in the Settings menu.
Data controllers: no personal data are processed by the data controller through the use of cookies.
The cookies are not used to store data.
- SOCIAL MEDIA
A social networking site is a media tool where messages are spread through social networking users. Social media use the Internet and online publishing to transform users from content contributors to content editors.
Social media is the interface of web applications that host user-generated content, such as Facebook, Google+, Twitter, etc.
Social media can take the form of public speeches, presentations, demonstrations, product or service launches.
Social media information can take the form of forums, blog posts, images, video, audio, message boards, email messages, etc.
As mentioned above, the scope of the data processed may include, in addition to personal data, the public profile picture of the user.
Data subjects: all registered users.
The purpose of data collection is to promote the website or a related website.
The legal basis for data processing is the voluntary consent of the data subject.
Duration of data processing: according to the rules that can be consulted on the relevant community site.
Time limit for deletion of data: according to the rules available on the relevant community site.
Persons entitled to access the data: in accordance with the rules available on the relevant Community site.
Rights in relation to data processing: as set out in the rules available on the relevant Community site.
Method of storage of data: electronic.
It is important to note that when a user uploads or submits personal data, he or she grants the operator of the social networking site worldwide a valid authorisation to store and use such content. Therefore, it is very important to make sure that the user has full authority to disclose the information posted.
- GOOGLE ANALYTICS
Our website uses Google Analytics.
During use of Google Analytics:
Google Analytics uses internal cookies to compile reports for its customers on the habits of website users.
Google uses this information on behalf of the website operator to evaluate how users use the website. As an additional service, Google will compile reports on website activity for the website operator so that it can provide additional services.
The data is stored by Google’s servers in encrypted form to make it more difficult and to prevent misuse.
You can disable Google Analytics by following these steps. Quote from the page:
Site users who do not want Google Analytics to generate JavaScript reports about their data can install the Google Analytics opt-out browser extension. The extension will prevent Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics browser add-on does not prevent data from being sent to the website itself and other web analytics services.
https://support.google.com/analytics/answer/6004245?hl=hu
Google Privacy Policy: https://policies.google.com/privacy?hl=hu
More detailed information on the use and protection of data can be found at the links above.
- OTP SIMPLE PAY
The company name of the bank card payment service provider is OTP Mobil Kft.
OTP Mobile Payment Services. 17-19.
E-mail: ugyfelszolgalat@simple.hu
Privacy policy: https://simple.hu/adatkezelesi-tajekoztato/
The payment card service provider stores your data on the server operated by it for the purpose of operating the payment platform. Only our employees or the employees operating the server have access to the data, but they are all responsible for the secure handling of the data.
- The name of the activity is: credit card payment service.
- Purpose of processing: to process credit card payments
- Data processed: name, email address, credit card details
- Duration of data processing and time limit for deletion of data: data processing lasts until the credit card payment platform is used by the Data Controller, in accordance with the contractual agreement between the website operator and the credit card payment service provider.
By placing an order on the Website by credit card payment, you acknowledge that the following personal data stored in the user database of the Website will be transferred to OTP Mobil Kft. as the data processor. The data transmitted (data necessary for payment by credit card) are the following: name, email address, credit card details, address. The nature and purpose of the data processing activities can be found in the SimplePay Data Processing Information, at the following link: https://simplepay.hu/vasarlo-aff
- DETAILS OF DATA PROTECTION
- RIGHTS IN RELATION TO DATA PROCESSING
Right to request information
You may request information from us, via the contact details provided, about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.
Right to rectification
You may ask us to correct any of your data using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you a notice to the e-mail address you have provided.
Right to erasure
You may request us to delete your data by using the contact details provided. At your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.
Right to blocking
You can ask us to block your data using the contact details provided. The blocking will last as long as the reason you have given us makes it necessary to store the data. Upon your request, we will do so without delay, but within a maximum of 30 days, by sending you an email to the email address you have provided.
Right to object
You may object to the processing of your personal data using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.
- ENFORCEMENT IN RELATION TO DATA PROCESSING
If you experience unlawful processing, please notify us so that we can restore the lawful status within a short period of time. We will do our utmost to resolve the problem in your interest.
If, in your opinion, the lawfulness cannot be restored, you should notify the authority using the contact details below:
National Authority for Data Protection and Freedom of Information
Postal address: 1363 Budapest, PO Box 9.
Address: Data Protection Authority, Budapest, 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat (at) naih.hu
URL https://naih.hu
- LEGAL BASIS FOR DATA PROCESSING
– REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).
– Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
– Act LXVI of 1995 on public records, public archives and the protection of private archival material.
– Government Decree No 335/2005 (XII. 29.) on the general requirements for the management of records by public bodies.
– Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
– Act C of 2003 on Electronic Communications.
THIS PRIVACY STATEMENT SHALL ENTER INTO FORCE ON 27 MAY 2023.