Privacy policy

PRIVACY STATEMENT

Privacy Notice

This information contains the data processing rules for the visitor in connection with pagonyprojekt.com visit to the internet site operated by Debrecen Kerékpár kft. (hereinafter referred to as the "Service Provider"), which is based on the Law on the Right of Information Self-Determination and Freedom of Information of 2011.

Purpose of the data collection: The Service Provider manages the Personal Data of the Users for the purpose of full use of the website, the creation of a contract for the provision of the service, the definition of its content, its modification, the monitoring of its performance, the invoicing of the resulting fees and the enforcement of claims relating there to it, as well as the provision of newsletters.

Legal basis for processing: user consent and e-commerce services, and Article 13/A(3) of the 2001 CVIII Act on certain aspects of information society services (hereinafter referred to as 'Elker tv.'): The service provider may process the natural identity data and address necessary to identify the user in order to create, define, modify, monitor the performance of the information society service contract, invoicing the fees resulting there from it and enforcing claims relating thereto.

Person entitled to data processing and processing: Personal data may be processed by the data controller's staff, in accordance with the above principles.

Duration of data processing, deadline for deletion of data: Immediately after the deletion of registration/purchase. Except in the case of accounting documents, because these data must be kept for 8 years under § 169(2) of Act C of 2000 on Accounting.

Fact of data collection, scope of data processed: Password, first and last name, e-mail address, telephone number, shipping address, shipping name, billing address, billing name, amount to be paid, registration/purchase time, IP address at time of registration/purchase.

Scope of data subjects: All data subjects registered on the website.

Data master, owner: Debreceni Kerékpár Kft.

4032 Debrecen, Böszörményi út 153.

TAX NO: 24137892209

Company register number: 09 09 023728

 

Hosting provider and data processor: Dudásné Illés Katalin E.v

4034 Debrecen, Nagyszalonta utca 20/A.

Phone: +36 20 7777 598

Email: info@ertekesitek.hu

 

Description of the data subjects' rights in relation to data processing:

 

Personal data may only be processed for a specific purpose, for the exercise of a right and for the purpose of fulfilling an obligation. At all stages of the processing, it must comply with the purpose of the processing, the recording and processing of the data must be fair and legal. Only personal data that is essential for the realization of the purpose of the processing and is capable of achieving the purpose can be processed. Personal data may only be processed to the extent and for the time necessary for the purpose to be achieved. The personal data retains this quality during the processing process as long as its relationship with the data subject can be restored. The data subject can be restored if the data controller has the technical conditions necessary for the recovery. In the processing of data, it is necessary to ensure the accuracy, completeness and up-to-dateness of the data and that the data subject can only be identified for the time necessary for the purpose of the processing.

 

For the purpose of providing the service, the service provider may process the personal data which are technically necessary for the provision of the service. In the case of the identity of other conditions, the service provider shall choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only if this is strictly necessary for the provision of the service and for the other purposes set out in this Law, but only to the extent and for the necessary period of time.

 

The customer should be able to prohibit data processing on an ongoing basis before and during the use of the information society service.

 

The data processed shall be deleted after the contract has not been concluded, after the termination of the contract and after the invoicing.

 

The service provider may process data relating to the use of the service for any other purpose, in particular to increase the efficiency of its service, to deliver electronic advertisements or other content addressed to the user, for the purpose of market research, only under the prior definition of the purpose of the processing and on the basis of the consent of the user.

 

The customer should be able to prohibit data processing on an ongoing basis before and during the use of the information society service.

 

The data processed shall be deleted after the contract has not been concluded, the termination of the contract and the invoicing. The data shall be deleted if the data processing purpose has ceased to exist or the customer so provides. Unless otherwise specified by law, the data should be erased without delay.

 

The service provider shall ensure that the user is able to know at any time, before and during the use of the information society service, which types of data the service provider handles for the purposes of processing, including the processing of data which cannot be directly linked to the user.

 

Cookie management

 

Cookies specific to webshops are so-called "password-protected session cookies", "cookies for shopping carts" and "security cookies", the use of which does not require prior consent from data subjects.

 

  1. Fact of processing, scope of data processed: unique identification number, dates, times

 

  1. Scope of data subjects: Every legal entity who visit the website.

 

  1. Purpose of data management: identification of users, registration of the "shopping cart" and monitoring of visitors.

  2. The duration of the processing, the deadline for the deletion of the data: In the case of session cookies, the duration of the processing lasts until the end of the visit to the websites.

 

  1. The identity of the potential controllers authorised to know the data: Personal data may be processed by the data controller's staff, in accordance with the above principles.

 

  1. Description of data subjects' rights in data processing: The data subject has the option to delete cookies in the Tools/Settings menu of browsers usually under the settings of the Privacy menu.

 

Legal basis for processing: Consent from the data subject is not required where the sole purpose of the use of cookies is to provide communication via the electronic communications network or to provide the information society service expressly requested by the subscriber or user.

 

Data Security

The controller is obliged to design and carry out the processing operations in such a way as to ensure the protection of the privacy of the data subjects.

The controller or processor shall ensure the security of the data and shall take the technical and organisational measures and establish the procedural rules necessary to enforce Info TV and other data and confidentiality rules.

The data shall be protected by appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction and damage, as well as from inaccessibleness resulting from changes in the technique used.

 

In order to protect files which are electronically managed in the various registers, an appropriate technical solution should be provided to ensure

that the data stored in the registers cannot be directly linked and assigned to the data subject, unless legally possible.

 

In the automated processing of personal data, the controller and the processor shall take additional measures to ensure that

 

  1. preventing unauthorised data entry;

 

  1. preventing the use of automatic data-processing systems by unauthorised persons by means of data transmission equipment;

 

  1. the verifiability and determination of the bodies to which personal data have been or may be transmitted using data transmission equipment;

 

  1. the verifiability and determination of which personal data have been introduced into automatic data processing systems, when and by who;

 

  1. the recoverability of installed systems in the event of malfunction and

 

  1. the reporting of errors in automated processing. The controller and the processor shall take into account the state of the art when defining and applying measures to ensure the security of the data. A number of possible data management solutions should be chosen to ensure a higher level of protection of personal data, unless this would be disproportionately difficult for the controller.

 

Rights of data subjects

 

  1. The data subject may request the Service Provider to provide information on the processing of his/her personal data, to request the correction of his/her personal data and to request the deletion or blocking of his/her personal data, except for mandatory data processing.

 

  1. At the request of the data subject, the controller shall provide information on the data of the data subject which he or she manages or processed by the processor entrusted to him, their source, the purpose, legal basis, duration of the processing, the name, address and activities of the processor, as well as, in the case of the transfer of the data subject's personal data, the legal basis and the addressee of the transfer.

 

  1. For the purpose of verifying the lawfulness of the transfer and informing the data subject, the controller shall keep a data transfer register containing the date of transmission of the personal data processed by him, the legal basis and addressee of the transfer, the definition of the scope of the personal data transmitted and other data laid down in the legislation requiring the processing.

 

  1. The controller shall provide the information in writing within the shortest time after the application has been submitted, but not more than 30 days, in a underly ible form, at the request of the data subject to this end. Information is free of charge.

 

  1. At the request of the User, the Service Provider shall provide information on the data processed by him, their source, the purpose, legal basis, duration of the processing, the name, address and activities of the data processor, as well as, in the case of the transfer of the data subject's personal data, the legal basis and recipient of the transfer. The Service Provider shall provide the information in writing in the shortest time from the submission of the application, but not more than 30 days. Information is free of charge.

 

  1. Service Provider, if the personal data is not correct and the correct personal data is available to the controller, the personal data will be corrected.

 

  1. Instead of deleting, the Service Provider locks the personal data if the User requests it, or if, on the basis of the information available to him, it can be assumed that the deletion would violate the User's legitimate interests. Locked personal data may only be processed for as long as there is a data processing purpose that has excluded the deletion of the personal data.

 

  1. The Service Provider deletes the personal data if its processing is unlawful, the User requests, the data processed is incomplete or incorrect - and this condition cannot be lawfully remedied - provided that the deletion is not precluded by law, the purpose of the processing has ceased, or the legal deadline for storing the data has expired, it has been ordered by the court or the National Data Protection and Freedom of Information Authority.

 

  1. The controller shall indicate the personal data he or she handles if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.

 

  1. The data subject shall be notified of the rectification, blocking, marking and deletion and of all those to whom the data have previously been transmitted for the purpose of data processing. The notification may be omission if this does not prejudice the legitimate interest of the data subject in view of the purpose of the processing.

 

  1. If the controller fails to comply with the data subject's request for rectification, blocking or deletion, the controller shall, within 30 days of receipt of the request, provide in writing the factual and legal reasons for rejecting the request for rectification, blocking or deletion. If the request for rectification, deletion or blocking is rejected, the controller shall inform the data subject of the possibility of judicial redress and of the possibility of applying to the Authority.

 

Remedies

 

User may object to the processing of his or her personal data if

a.) the processing or transfer of personal data is necessary only for the fulfilment of the legal obligation of the Service Provider or for the legitimate interest of the Service Provider, data recipient or third party, unless the processing has been ordered by law;

b. the personal data is used or transmitted for direct marketing, public opinion or scientific research;

c. in other cases as defined by law.

 

  1. The Service Provider shall examine the objection as soon as possible after the submission of the application, but not more than 15 days, decide on its merits and inform the applicant in writing of its decision. If the Service Provider establishes the merits of the data subject's objection, the data processing, including further data collection and transmission, will be terminated and the data will be blocked and the data will be notified of the objection and the measures taken on the basis thereof to all those to whom the personal data concerned by the protest have been previously transmitted and who are obliged to take action to enforce the right of protest.2

 

  1. If the User disagrees with the decision of the Service Provider, he or she may go to court within 30 days of its communication. The court is acting out of turn.

 

  1. A complaint against a possible breach of the controller may be lodged with the National Data Protection and Freedom of Information Authority:

 

National Data Protection and Freedom of Information Authority

 

1125 Budapest, Erzsébet Szilágyi fasor 22/C.

Mailing address: 1530 Budapest, Mailbox: 5.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail:ugyfelszolgalat@naih.hu

 

Judicial enforcement:

 

The controller is obliged to prove that the processing complies with the law. The legality of the transfer shall be demonstrated by the data receiver.

 

The tribunal shall have jurisdiction to decide the case. The action may also be before the court of the place of residence or residence of the person concerned, at the choice of the data subject. A party to a lawsuit may also be a person who otherwise has no legal capacity to sue. The Authority may intervene in the action in order to win the action concerned. If the court upses the application, it shall require the controller to provide the information, to correct, block, delete the data, to annul the decision taken by automated processing, to take into account the right of objection of the data subject or to release the data requested by the data recipient.

 

If the court rejects the request of the data recipient, the controller is obliged to delete the personal data of the data subject within 3 days of the notification of the judgment. The data controller is also obliged to delete the data if the data receiver does not go to court within the specified time limit.

 

The court may order the publication of its judgment by publishing the identity of the controller if it is required by the interests of data protection and the protected rights of a larger number of data subject.

 

Compensation and damages: If the data controller causes damage to someone else by unlawfully processing the data subject's data or violating the requirements of data security, he is obliged to reimburse them. If the data controller infringes the data subject's privacy by unlawfully processing the data subject's data or by violating the requirements of data security, the data subject may require the data controller to pay a fee for harm.

 

The controller is liable to the data subject for the damage caused by the processor and the controller is also obliged to pay the data subject the harm ing in the event of a personal infringement caused by the processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the injury fee if he proves that the damage or the infringement of the data subject's privacy was caused by an unreavertable reason outside the scope of the processing.

 

The damage shall not be compensated and the injury charge shall not be claimed in so far as the damage was caused by the intentional or gross negligence of the data subject in breach of the injured party's or personal rights.

 

Final provisions:

 

During the preparation of the prospectus, we took into account the following legislation:

- Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter referred to as 'Infotv.')

- Act XLVII of 2008 - prohibiting unfair commercial practices against consumers,

- 2008 ACT XLVIII - on the basic conditions and certain limitations of economic advertising

- 2005 XC Act on Freedom of Information

- Act C of 2003 on electronic communications

The website and the application was created in frame of the „InnoCult Innovative development of Cultural and Active Tourism along the touristic routes in Hegyköz Area” project (identification number: SKHU/1801/1.1/028) - ICT Solutions activity.

Information about the project:

 

The content of this website does not necessarily represent the official position of the European Union.

 

 

In case of an error or login

Subscribe