Ferenc Gabor Nagy hereby publishes the website linked to the domains it operates under www.nfgbadboys.hu, www.ehezokviadala.hu, www.nfgehezokviadala.hu, www.nfgstarvingchallenge.com (hereinafter: the Website). Data Management Information on Data Management (hereinafter: Data Management Information).
Ferenc Gabor Nagy (hereinafter: Data Controller or Ferenc Gabor Nagy.) Complies with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter: GDPR) in this Data Protection Prospectus.
Prior information obligation relating to the processing of personal data.
The purpose of the Data Management Information is that upon reading it, accepting it as a visit to the Website, and/or registering or subscribing to the newsletter, the user creates a profile for the community organized by Ferenc Gabor Nagy, home competitions, training, events (hereinafter: Events) (hereinafter: User or from a data management point of view: Stakeholder) with the appropriate information, gives voluntary, definite and unambiguous, specific, well-informed consent collect, process and use the personal data of the individual User for the purposes specified here in accordance with the provisions contained in this Data Management Information.
When using the Website, certain content is available without registration – and thus without the provision of data – and additional content and up-to-date information are available after registration or subscription to the newsletter.
By registering on the Website and subscribing to the newsletter or registering for each Event, the User marks all the conditions contained in this Privacy Policy by placing an X in the relevant box, therefore please read the website carefully before using the Website [http://nfgstarvingchallenge.com/adatkezelesi-tajekoztato] can be found in this Privacy Policy, which details the principles and procedures of data management!
Definitions
GDPR (General Data Protection Regulation) European Parliament and Council (EU) 2016/679. s. Regulation on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation)
„data management” means any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematization, segmentation, storage, transformation or alteration, retrieval, consultation, use, communication, transmission, distribution, or otherwise; by making available, harmonizing or linking, restricting, deleting or destroying;
data processor: any natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller;
personal data: any information relating to an identified or identifiable natural person (data subject). A natural person may be identified who, directly or indirectly, in particular, based on an identifier such as a name, number, location, online identifier, or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
„controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;
data subject’s consent: a voluntary, specific and well-informed, and clear statement of the data subject’s intention to indicate his or her consent to the processing of personal data concerning him or her through a statement or an unequivocal statement of confirmation;
data protection incident: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise handled.
recipient: any natural or legal person, public authority, agency, or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
third party: a natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, or persons who have been authorized to process personal data under the direct control of the controller or processor.
Data Controller and Data Processor Information
Data controller: Ferenc Gabor Nagy
Tax registration number: 67798012-1-38
Headquarters: 9700 Szombathely, Szófia utca 39-41 A ép. 1/6
Independently represented by: Ferenc Gabor Nagy
Email address: nfgbadboys2014@gmail.com
Contact person: Ferenc Gábor Nagy
Phone number: +36 70 639 0709
Data processors:
IT data processor / Website operator:
Be Different Digital Deposit Company
Company registration number: Cg.01-06-796156
Head office: Lehel utca 74-76, 1135 Budapest. 2. em. 3
Independently represented by: Nóra Fekete, managing director
E-mail address: hello@bedifferent.hu
Phone number: +36 30 323 7211
Accounting agent:
ERINA Service Deposit Company
Company registration number: Cg. 01-06-777869
Headquarters: 1064 Budapest, Podmaniczky utca 57. 2nd floor. 16.
Independently represented by: Erika Sallai, managing director
Email address: erinabt@gmail.com
Phone number: +36 70 409 0529
Guidelines and conditions of data management
The Data Controller declares that he/she handles the personal data in accordance with the provisions of this data management information and complies with the provisions of the relevant legal regulations, paying special attention to the following:
The processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the data subject. Personal data may only be collected for specified, explicit, and legitimate purposes. The purpose of the processing of personal data must be appropriate and relevant and only to the extent necessary. Personal information must be accurate and up to date. Inaccurate personal data must be deleted immediately. Personal data must be stored in such a way as to enable the identification of data subjects only for as long as is necessary. Personal data may be stored for a longer period only if the storage is for the purpose of archiving in the public interest, for scientific and historical research purposes, or statistical purposes. The processing of personal data shall be carried out in such a way as to ensure the adequate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, utilizing appropriate technical or organizational measures. The principles of data protection shall apply to all information concerning an identified or identifiable natural person.
The data subject may request the controller to access (inform), delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data, as well as the data subject’s right to data portability. The data subject may withdraw his or her consent to the processing at any time, but this shall not affect the lawfulness of the processing carried out prior to the withdrawal. If there is no legal impediment to the deletion, in this case, your data will be deleted. The person concerned may exercise the right to complain to the supervisory authority. The data subject shall have the right, at the request of the controller, to correct or supplement inaccurate personal data concerning him or her without undue delay.
The data subject shall have the right, at the request of the controller, to delete inaccurate personal data concerning him or her without undue delay, and the controller shall delete the personal data concerning him or her without undue delay unless there are other legal grounds for processing. Modification or deletion of personal data can be initiated by e-mail or letter using the contact options provided above. A request sent by e-mail shall be considered authentic by the data controller only if it is sent from the e-mail address provided to and registered with the data controller; otherwise, if the data subject confirms it in writing by answering a confirmation e-mail question as a verification question at the requester’s confirmation e-mail. In the case of an e-mail, the date of receipt shall be the first working day following dispatch.
The scope of the processed data, the purposes of the data processing, the legal basis, the duration of the data processing
4.1. User registration
After registration, the system creates a User Profile of the User, which contains the following information:
the data provided by the User during Registration, as defined below,
[*]
When using the User Profile, the User has the opportunity to register for training, events, home competitions, sports events, training, modify the provided data, delete the data, subscribe to the newsletter, or unsubscribe, except for the optional data.
The purpose of data management: to register the members, athletes, and competitors of the Data Controller on the Website electronically and on paper, to identify the members, to provide differentiated discounts to the users of the provided services, and to create the possibility of contact.
Legal basis for data processing: based on the consent of the data subject [Article 6 (1) (a) GDPR].
The persons involved in data management: the members and users of the Data Controller registered on the Website or paper.
Form of data management: electronically, on a separate data management list in the data controller’s IT system or on paper.
Duration of data management and deletion of data: The Data will be deleted by the Data Controller 5 (five) years after the data recording unless a longer term for the retention of data is set by law for the Data Controller (see Section 4.3). The data will be deleted when the consent to the data processing is revoked. Data management can also be terminated by deleting the registration by the user or by deleting the user’s registration by the data controller. The user can cancel his registration at any time or request its deletion from the data controller.
The following persons are entitled to access the data: the members and employees of the Data Controller, as well as the persons on their behalf.
Other information on data management: The data subject accepts the contents of the Data Management Information with both electronic and paper-based registration and consents to the data processing specified in this section.
Scope of data managed:
The provision of certain personal data is necessary due to membership and identification in the databases and contact. The provision of other personal data is necessary for the person concerned to benefit from the registration, ie to use the services of BEAC and its website. The data subject is not obliged to provide this personal data and will not have any adverse consequences for the non-provision of data. However, it is not possible to use certain functions of the website without registration.
Scope of managed data (TABLE)
The specific purpose of the data management data
Name
Identification, contact, invoicing.
His mother’s name
Identification
Affected gender
Identification, proof of entitlement to the types of services provided
Home address
Identification, contact, invoicing.
Identification, contact.
Date of registration
Technical information operation.
IP address
Technical information operation.
4.2 Sending a newsletter
On the Website, the User has the opportunity to subscribe to the Data Controller’s newsletter on a separate system.
The consent or subsequent approval of the legal representative (parent) of a minor who has reached the age of 16 with the consent of the Data Subject of a minor who has reached the age of 16 is not required for the validity of the information society-related online services.
A data subject may not provide personal data about a minor under the age of 16 unless he or she has received a consent form from his or her legal representative (parent).
The purpose of data management: sending professional brochures, electronic messages containing advertisements, information, newsletters, information about sports services, sports events, novelties, promotions; which the data subject may unsubscribe at any time without consequences.
Legal basis of data management: the consent of the data subject and the provisions of Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Section 6 (1) of the Act and Section 6 (1) (a) of the GDPR.
The persons involved in data management: the members and users of the Data Controller registered on the Website or paper.
Form of data management: data transmitted electronically, on a separate data management list or paper on the data controller’s IT system, or on paper based on sending a newsletter, also by concluding paper-based contracts/declarations.
Duration of data management: The data shall be deleted by the Data Controller 5 (five) years after the data recording unless a longer term for the retention of the data is established by law for the Data Controller. The data will be deleted when the consent to the data processing is revoked. Data management can also be terminated by deleting the registration by the user or by deleting the user’s registration by the data controller. The user can cancel his registration at any time or request its deletion from the data controller.
Deletion of data: occurs when the consent to data management is revoked. In addition to the methods described in the general information, the consent can also be revoked using a link in the sent newsletters (unsubscribe). In case of unsubscribing, Ferenc Gabor Nagy. Will not contact the person concerned with further newsletters or offers. The data subject can unsubscribe from the newsletter at any time free of charge and withdraw his or her consent.
The following persons are entitled to access the data: the members and employees of the Data Controller, as well as the persons on their behalf.
Other information on data management: By accepting this Data Management Information, the user’s consent to the data controller contacting them on their behalf with advertising offers and newsletters at the given contact details. The voluntary consent is given by the user during the electronic registration by accepting this data management information and submitting the registration, or during the written membership registration by signing the consent statement or by filling in and signing a separate paper-based statement. By doing so, the User declares that he/she consents to the processing of his / her data as specified in the data management information and the contract/declaration and to the sending of newsletters.
We would like to inform you that if you want to receive a newsletter from us, you must provide the necessary information. If we do not provide the information, we will not be able to send you a newsletter. If the user does not use the newsletter service, it does not disadvantage him in terms of the use of the website and the use of other services, Ferenc Gabor Nagy. Does not make the use of the newsletter service a condition for using any of its other services. The user can unsubscribe from the newsletter at any time by clicking on the “unsubscribe from newsletter” link or by sending a written request to nfgbadboys2014@gmail.com.
Please note that neither your username nor your email address is required to include personally identifiable information. For example, your username or email address does not need to include your name. You are completely free to choose a user name or email address that contains information about your identity. The e-mail address used for contact is necessary for the newsletter or professional information sent to you to reach its destination.
As the operator of the website, we declare that we fully comply with the relevant legal provisions during the information and descriptions published by us. We also state that when you subscribe to a newsletter, we are unable to verify the authenticity of your contact information.
Scope of data managed TABLE
Scope of managed data
The specific purpose of the data management data
Name
Identification, contact.
Identification, contact.
Date of subscription
Technical information operation.
IP address
Technical information operation.
4.3. Invoicing
The purpose of data management is to issue and send an (electronic) invoice as an e-mail attachment or on paper.
Legal basis for data processing: consent of the data subject and under Article 6 (1) (a) of the GDPR and fulfillment of the legal obligation to the Data Controller under Article 6 (1) (c) of the GDPR.
Stakeholders in the data management: the customer’s service partners.
Data storage method: electronic or paper-based.
Duration of the data processing: The data processing takes place until the expiry of the obligation to issue and keep the document according to the legal regulation and the Accounting Act, or until the withdrawal of the consent.
Deletion and modification of data: The data can be deleted per Section 169 of Act C of 2000 on Accounting and Pmt. 57. (1), according to which the Data Controller is obliged to keep the personal data for 8 (eight) years from the termination of the relationship (or order) with the Data Subject, and the Data Controller is obliged to keep the concluded contracts for 8 (eight) years from the conclusion. The data will be deleted when the consent to the data processing is revoked. Data management can also be terminated by deleting the registration by the user or by deleting the user’s registration by the data controller. The user can cancel his registration at any time or request its deletion from the data controller.
Modification or deletion of account information can be initiated by e-mail or letter using the contact options provided above.
The following persons are entitled to get acquainted with the data: the data controller and its employees, the trustee providing accounting services to the data controller, and the legal representative acting in the event of claim enforcement.
Scope of managed data: see. 4.1 points.
The data controller stores the data separately for each data management purpose in the form of the following electronic lists, databases, and IT systems, as well as the data processed for the purpose of sending the newsletter by concluding paper-based contracts/statements.
Sports competition organization lists a list of home competitions organized by Ferenc Gabor Nagy., The entry data of the participating teams and competitors and their consent to receive newsletters and messages. The data is handled by the data controller until the user’s consent is revoked (unsubscribed) or the data is deleted at the user’s request.
Data transfer register: to check the lawfulness of the data transfer and to inform the data subject, the data controller shall keep a data transfer register containing the date of transfer of personal data processed by him, the legal basis and recipient of the transfer, the definition of the transferred personal data and other data.
Data protection incident record: a record of the unlawful handling or processing of personal data and the measures taken to prevent them. It includes the scope of personal data affected by the incident, the scope and number of persons affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, and – in the case of statutory data processing
Cookies
An anonymous user identifier (cookie) is a unique set of signals, which is suitable for the identification and storage of profile information, which is placed by the service providers and the websites visited on the user’s browsing device (computer, telephone, tablet, hereinafter uniformly: computer). It is important to know that such a token alone cannot in any way uniquely identify the user, so the use of cookies does not handle specific natural personal data by the data controller, but only identifies the user’s computer and contains information such as page settings or login status.
Cookies are therefore small files created by the websites you visit. Saving browsing data improves the user experience. With the help of cookies, the website remembers the settings of the website and offers locally relevant content.
Depending on the types of cookies, they can be temporary, deleted when you finish browsing, or permanent; or placed by yourself or a third party.
Place your cookies
The website of the service provider sends a small file (cookie) to the computer of the visitors of the website to determine the fact and time of the visit. The service provider informs the visitor of the website about this.
Placing third party cookies
Third-party cookies do not come from the data controller or the server hosting your website, but from external parties. These cookies are also saved by the user’s computer, phone, a tablet when visiting the site (eg Google Analytics, social media, etc.).
Tracking IDs
The data controller may also use tracking IDs in its newsletter or other services sent to users to develop and track user habits for the following services: Google AdWords, Facebook (likebox, share, remarketing), Apple Inc. (meta tag), Optimonk.hu.
Logfile entries
The IT background of your site uses log entries. Log entries can store the IP address, the type of browser used by the visitor, the ISP, the date/time stamp, the address of the link and exit pages, and the number of clicks during the visit. This is so that in the event of a malfunction, we can retrieve the circumstances of the error, making browsing safer in the future. It makes it easier for us to manage and administer the site. The data is stored anonymously. If you do not consent to data management with such a tool, please do not use our website.
Data management for own cookies:
The purpose of data management is additional services, identification, tracking of visitors, enabling user-friendly and secure browsing of the site, measuring the number of visits to the site, frequency of viewing, browsing time, territorial mapping of data management services, checking access to the site, collecting anonymous data about your use of the Site, memorizing credentials while browsing based on your IP address so that you do not have to re-identify yourself.
Legal basis for data management. User’s consent. The User gives his / her voluntary consent to the data management by accepting the information and statement that pops up when starting to browse the website, and by continuing to browse. A pop-up window on your device (computer, phone, or tablet) used to visit the website, when you start browsing and loading the main page, warns you to place cookies in the manner and for the purposes described in these policies, to which you consent by further browsing. Even after this, the User has the option to delete cookies from the browsers at any time in the Settings menu. However, please note that without the use of cookies, you will not be able to access many features that make your browsing experience easier, and some of our services may not work properly.
Stakeholders: visitors to the website, whether or not they use the service.
Method of data storage: electronic. The data required to ensure the User-Friendly operation of the Website (IP addresses and the order of pages visited on the website while browsing) is not stored. The cookies that provide the data are stored locally on the User’s device. The log files used by the web hosting provider are stored on the hosting provider’s server.
The data controllers are entitled to: the data controller and the IT data processor indicated in Chapter 2.
Scope of data: the range of data required for the operation of the „cookies” used to operate the website and the use of log files used by the web hosting provider; such as unique identification number, time, configuration data, web pages visited during the site visit and the order in which they were opened, the frequency of viewing of each web page of the web site from which the user came to this web site (only for web sites with links to this web site) ), the time you started browsing the site, the time you left the site (stopped browsing), the duration of the site browsing.
Duration of data management:
The data controller manages some of the data processed for the operation of the information technology service until the time of browsing, and they are deleted when it is completed. The processing of such data is performed by the data controller’s IT system with its means and is not accessible to third parties, except in the case of IT data processing (see Chapter 2):
Cookies used: woocommerce_recently_viewed.
Expiration dates:
woocommerce_recently_viewed: session.
The Data Controller undertakes to ensure the security of the data, to take the technical and organizational measures, and to establish the procedural rules that ensure that the recorded, stored and processed data are protected, and to prevent their destruction and unauthorized use. and unauthorized alteration. It also undertakes to call on all third parties to whom the data is transmitted or transferred with the consent of the User to comply with the data security requirement.
The data controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified, or deleted by unauthorized persons. The processed data may only be disclosed to the Data Controller and its employees, as well as to the Data Processor used by it, and the Data Controller shall not transfer them to a third party who is not entitled to disclose the data.
The data controller will do everything in its power to ensure that the data is not accidentally damaged or destroyed. The above commitment is imposed by the Data Controller on the employees participating in the data management activity.
Under no circumstances shall the controller collect specific data, ie data containing personal data indicating racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the unique identification of natural persons and sexual personal information about your life or sexual orientation.
The security of the data is ensured by the Data Controller in the most up-to-date way possible. The Data Controller undertakes to immediately suspend the service and publish a statement in the event of data protection incidents that occur despite the above measures, and to keep a record of the data protection incidents and the actions taken. If the incident involved a risk to the rights and freedoms of the Users, it shall act following Section 6 of the Data Management Information.
User acknowledges and agrees that the provision of personal data on the Website – despite the fact that the Data Controller has state-of-the-art security measures to prevent unauthorized access or retrieval of the data – the full protection of the data on the Internet cannot be guaranteed. In the event of unauthorized access or disclosure of data despite our efforts, the Data Controller shall not be liable for such acquisition or unauthorized access of data or any damage caused to the User due to these reasons. In addition, the User may provide personal information to third parties who may use it for illegal purposes or in any other way.
A data protection incident is any event that involves the unlawful handling or processing of personal data, in particular unauthorized or accidental access, alteration, communication, deletion, loss or destruction, and accidental destruction of personal data managed, transmitted, stored, or processed by the Data Controller. resulting in injury.
The Data Controller shall, without undue delay, but no later than 72 hours after becoming aware of the data protection incident, report the data protection incident to the National Data Protection and Freedom of Information Authority, unless the Data Controller can demonstrate that the data protection incident is unlikely to present a risk. the rights and freedoms of individuals. If the notification cannot be made within 72 hours, it shall state the reason for the delay and the required information may be provided in detail without further undue delay. The notification to the National Data Protection and Freedom of Information Authority shall contain at least the following information:
the nature of the data protection incident, the number, and category of data subjects and personal data;
The Data Controller keeps a record of data protection incidents to monitor the measures related to the data protection incident and to inform the data subjects. The register shall contain the following information:
The User, as a Data Subject, is entitled to enforce the rights provided in this chapter against any data controller.
8.1 Right to information and access:
The Data Subject may at any time from the provision of his / her data to the deletion of the personal data request information from the Data Controller about the scope of the processed data, their source, purpose, legal basis, duration, circumstances, effects, and measures are taken to eliminate the data protection incident.
The Data Controller shall provide the information to the Data Subject in a concise, transparent, comprehensible, and easily accessible form, clearly and comprehensibly worded. The right to information can be exercised in writing through the contact details of the Data Controller (see Chapter 2 of this Data Management Information). Upon confirmation of his / her identity, oral information may be provided to the Data Subject upon request.
The Data Controller shall provide the Data Subject with a copy of the personal data subject to data processing. For additional copies requested by the Data Subject, the controller may charge a reasonable fee based on administrative costs.
The Data Controller may refuse to provide the information only in the cases specified in the GDPR, in which case the Data Controller is obliged to indicate the exact legal basis on which the refusal is based, at the same time informing the Data Subject about the possibility to apply to the Authority or the competent Court.
9.2 Right of rectification: The Data Subject may request that inaccurate personal data processed by the Data Controller concerning him/her be corrected and that incomplete data be supplemented. The Data Subject is entitled to notify the Data Controller of the change in his / her personal data (by e-mail or postal mail as above). The Data Controller shall execute the data change within 8 (eight) days from the receipt of the request. If the Data Subject does not report the change in his / her personal data without delay, the Data Subject shall bear the consequences thereof. If the personal data provided does not correspond to reality and the personal data corresponding to reality is available to the Data Controller, the Personal Data will be corrected automatically by the Data Controller. The Data Controller shall notify the Data Subject of the rectification, as well as all those to whom the data has previously been transmitted for data management purposes. The notification may be omitted if it does not infringe the data subject’s legitimate interests in view of the purpose of the data processing.
9.3 Right to delete (“right to forget”): The Data Subject may at any time request the deletion of his personal data from the Data Controller. The Data Controller may refuse the deletion only if the data management is based on law or the data management is necessary for the submission, enforcement, and protection of legal claims. The Data Controller is obliged to delete the personal data concerning the Data Subject without undue delay if one of the following reasons exists:
– personal data are no longer required for the purpose for which they were collected or otherwise processed;
– the Data Subject withdraws the consent on which the data processing is based and there is no other legal basis for the data processing;
– the Data Subject objects to the data processing and there is no overriding legitimate reason for the data processing;
– personal data have been processed unlawfully;
– personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller.
Where the Data Controller has disclosed personal data and is required to delete it according to the foregoing, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the data controllers or processors that the Data Subject requested that the links to the personal data in question or a copy or duplicate of that personal data be deleted.
Deletion of data may not be initiated if the processing is necessary for reasons under Article 17 (3) of the GDPR, or the right to delete does not belong to the Data Subject if the Data Processing is necessary for the performance of the Contract.
9.4 Right of withdrawal: The Data Subject may at any time withdraw his or her consent to the processing of his or her personal data. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal. The right to withdraw consent does not affect Data Processing on other legal bases.
9.5 Right to restrict data processing: The Data Subject is entitled to restrict data processing at the request of the Data Controller if one of the following conditions is met:
- the Data Subject disputes the accuracy of his / her personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the deletion of personal data and instead requests that their use be restricted;
- the Data Controller no longer needs the personal data for the purpose of data processing, but the Data Subject requests them in order to submit, enforce or protect legal claims; obsession
- the Data Subject has objected to the data processing, in which case the restriction shall apply for the period until it is established whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the Data Subject.
Where data processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the European Union or a Member State. . The Data Controller shall inform the Data Subject, at whose request the data processing has been restricted, in advance of the lifting of the data processing restriction.
No further data management operations may be performed during the period of the Data Management Restriction, and during the period of the Data Management Restriction, the Data Controller shall ensure that the locked data cannot be changed.
9.6 Right to data portability: With regard to the personal data processed with the consent of the Data Subject or for the performance of the Contract, the Data Subject is entitled to receive personal data provided to him/her by the Data Controller in a structured, widely used machine-readable format and to transfer this data to another data controller without interfering with the activities of the Data Controller. The data subject’s right under this section applies only to digitally processed personal data.
9.7 Right to protest: If the data processing is necessary to enforce the legitimate interests of the Data Controller or a third party, the Data Subject has the right to object to the processing of his / her personal data at any time for reasons related to his / her situation. In this case, the Data Controller may not further process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights, and freedoms of the Data Subject or which are necessary to are related.
If the processing of personal data is for the direct acquisition of business, the Data Subject has the right to object at any time to the processing of personal data concerning him or her for this purpose. If the Data Subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.
The Data Subject may object to the processing of his / her personal data if the data processing is necessary for the fulfillment of a legal obligation or legitimate interest of the Data Controller, or the data processing (use or transfer of data) is for direct business, public opinion or scientific research, or in other cases specified by law. , unless the data processing is made mandatory by law for the Data Controller. A statement of the Data Subject objecting to the processing of his / her personal data and requesting the termination of the data processing or the deletion of the processed data is considered a protest.
The Data Controller shall examine the data subject’s protest against the data processing as soon as possible, but no later than within 15 (fifteen) days from the signal of the protest, and shall notify the Data Subject of its decision (the substantiation of the protest) in writing.
If the Data Subject’s protest is substantiated, the Data Controller shall terminate the processing of the Data Subject’s personal data and block the data, as well as notify the protester and the action taken on it to all those to whom he or she has previously transferred the personal data affected by the protest. in order to validate.
If the Data Subject’s protest is unfounded according to the Data Controller and the Data Subject does not agree with it, the Data Subject may apply to a court within 30 (thirty) days from the notification of the Data Controller’s decision. If the Data Controller fails to respond within 15 (fifteen) days, the Data Subject may apply to a court within 30 (thirty) days from the 15th (fifteenth) day.
The Data Subject’s right to protest may not be exercised if the legal basis of the Data Management is the performance of the Contract.
9.8 Prohibition of automated decision-making: The Data Subject has the right not to be covered by a decision based solely on automated data processing, including profiling, which would have a legal effect on him or her or be significantly affected.
Automated decision-making, including profiling, does not take place during the Data Controller’s data management of the Data Subject.
9.9 Procedural rules related to the enforcement of data protection rights: The Data Controller shall inform the Data Subject of the measures taken following the request concerning his / her rights without undue delay, but in any case within 1 (one) month from the receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by an additional 2 (two) months. The Data Controller shall inform the Data Subject of the extension of the term, indicating the reasons for the delay, within 1 (one) month from the receipt of the request.
If the Data Subject has submitted the request by electronic means, the information shall, as far as possible, be provided by electronic means, unless the Data Subject requests otherwise. If the Data Controller does not take action at the request of the Data Subject, without delay, but no later than within 1 (one) month from the receipt of the request, inform the Data Subject of the reasons for non-action and that the Data Subject may file a complaint with the Authority and seek legal redress. with the right.
The information requested and the information and action shall be provided free of charge. If the Data Subject’s request is manifestly unfounded or, in particular, due to its repetitive nature, excessive, the Data Controller may charge a reasonable fee or refuse to act on the request, taking into account the administrative costs of providing the requested information or action or taking the requested action. The burden of proving that the request is manifestly unfounded or excessive is on the Data Controller.
The Data Controller shall inform all recipients to whom he or she has communicated personal data of any rectification, erasure, or restriction on the processing of personal data unless this proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the Data Subject of these recipients.
The Data Controller shall provide the Data Subject with a copy of the personal data subject to data processing. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the Data Subject. The Data Controller may take reasonable steps to identify the data subject.
8.10 Complaint notification: The Data Subject has the opportunity to enforce his / her rights by means of a complaint or notification at the contact details of the Data Controller indicated above.
The data controller makes every effort to ensure that the personal data is processed in accordance with the law, however, if the data subject feels that this has not been complied with, he/she has the opportunity to write to the e-mail address nfgbadboys2014@gmail.com or 9700 Szombathely Szófia street 39-41 A/1/6 postal address.
If the data subject feels that his or her right to the protection of personal data has been infringed, he or she may seek redress from the competent authorities in accordance with the applicable law.
by filing a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11; website: http://naih.hu; e-mail address: ugyfelszolgalat@naih.hu; phone number: +36 1 391 1400) if it considers that the processing of personal data concerning it infringes the GDPR or that there has been or is an imminent threat of an infringement of the processing of your personal data, or
by means of a court claim, which, as a general rule, is subject to the jurisdiction of the court of the Data Controller’s registered office, but may also be instituted before the court of the Data Subject’s place of residence or stay. The tribunal is acting out of turn in the case.
In connection with advertisements sent by electronic means (Newsletter), the National Media and Communications Authority acts in accordance with the detailed regulation of Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information. (hereinafter: Infotv.), as well as Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. can be read in the law.
This Privacy Notice is effective February 1, 2021. The Data Controller shall publish the current version of this Data Management Information on the Website and shall be available in printed form at the Data Controller’s registered office. The Data Controller is entitled to modify the content of the Data Protection Information, about which the User or the Data Subject will be informed by e-mail.
This Data Management Information or any of its content elements are subject to copyright protection, the rights of which are controlled by the Data Controller, its content may only be used with the prior written permission of the Data Controller.
Hungarian law, in particular the Infotv. and Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).
Budapest, February 1st, 2021
Ferenc Gabor Nagy
