Privacy Policy

We hereby inform you that

[Company name] (hereinafter referred to as the “Data Controller” or “Company”)

Registered office: [Company address]
Tax number:
Company registration number:
Email address:
Phone number:

as the operator of the website available at weboldaltmost.hu (hereinafter referred to as the “Website”), sets forth the rules regarding the processing of data of visitors to the Website and users of the services available on the Website (hereinafter collectively referred to as the “Data Subject”).

This Privacy Policy describes the principles and practices of personal data processing carried out in connection with the Website and its related services, as well as the rights of Data Subjects and the means of exercising them.

By using the Website, the Data Subject accepts the terms of this Privacy Policy and consents to the processing of their personal data as described below.

Definitions

“Data Controller” means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Personal data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients; the processing of those data by such public authorities shall comply with the applicable data protection rules according to the purposes of the processing.

“Consent of the Data Subject” means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Controller Details

Name: [Company name]
Registered office: [Company address]
Company registration number:
Tax number:
Email address:

Legal Basis, Purpose and Duration of Data Processing

Data Subjects may provide information or personal data on the Website in two ways:

By explicitly providing personal data while using the Website’s services (see Section 3.1).

By automatically providing information in connection with the use of the Website (see Section 3.2).

The legal basis for processing is the voluntary consent of the Data Subject, pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The Data Subject has the right to withdraw their consent, either partially or entirely, at any time by sending a written request to the Data Controller, or to request the deletion of their personal data.

3.1 Processed Personal Data

The Data Controller does not use the provided personal data for purposes other than those specified above. Disclosure of personal data to third parties or authorities is only possible if required by law or based on the Data Subject’s prior, explicit consent.

In all cases where the Data Controller intends to use the provided data for purposes other than those for which they were originally collected, the Data Controller shall inform the Data Subject in advance and obtain their explicit consent or provide an opportunity to prohibit such use.

The Data Controller processes personal data for the duration of the purpose of the processing, primarily for the duration of the legal relationship with the Data Subject. After the termination of this period, or upon the Data Subject’s withdrawal of consent or request for deletion, the personal data shall be deleted.

3.2. Data Collected in Connection with the Use of the Website

3.2.1. Use of Cookies

In order to provide a customized user experience, the Service Provider places small data files, so-called cookies, on the Data Subject’s computer and reads them during later visits.

If the browser returns a previously saved cookie, the service provider handling the cookie is able to link the Data Subject’s current visit to previous ones, but only in relation to its own content.

Typical cookies used by online shops include “password-protected session” cookies and security cookies.

Session cookies: Session cookies are automatically deleted after the Data Subject leaves the Website. These cookies ensure that the Website operates more efficiently and securely, and are therefore essential for the proper functioning of certain features or applications.

Persistent cookies: The Data Controller also uses persistent cookies to improve the user experience (e.g., to provide optimized navigation). These cookies remain stored in the browser’s cookie file for a longer period, the duration of which depends on the settings of the Data Subject’s browser.

Scope of processed data: IP address, date, and time of visit.

Scope of Data Subjects: All visitors of the Website.

Purpose of processing: To distinguish between users, identify the current session, store data provided during the session, and prevent data loss.

Duration of processing: For session cookies, processing lasts until the end of the website visit; for other cookies, up to a maximum of 30 days.

3.2.2. Deletion or Modification of Cookies

The Data Subject has the right to delete cookies from their own computer or to disable the use of cookies in their browser.

Cookie management settings are generally found in the Tools/Settings menu of browsers, under Privacy/History/Custom Settings, labeled as cookies, tracking, or similar options.

The Website may contain links to external servers (not operated by the Data Controller or its data processors). These external websites may place their own cookies or other files on the Data Subject’s computer, collect data, or request personal information. The Data Controller excludes all responsibility for such practices.

No personal data collection, processing, or identification of the Data Subject is carried out in this context.

Advertisements of the Website may appear on other websites through external service providers (Google, Facebook). These providers use cookies to record that the Data Subject has previously visited the Data Controller’s Website and to display personalized advertisements (remarketing activities) accordingly.

Consent previously given on the Website can be modified via this link: Modify Cookie Settings

3.2.3. Cookies Placed by Facebook

Further information on cookies placed by Facebook can be found at:

https://www.facebook.com/policies/cookies/

where details about disabling cookies are also available.

3.2.4. Cookies Placed by Google Analytics

Google Analytics is a web analytics service provided by Google Inc. (“Google”).

Google Analytics uses cookies stored on the Data Subject’s computer to analyze user interactions with the Website.

The legal basis for this data processing is the voluntary consent of the Website user.

Analytics cookies are anonymized and aggregated; therefore, identifying an individual computer is difficult but not entirely impossible.

The information collected by Google Analytics cookies is transmitted to and stored on Google’s servers. Google processes this information on behalf of the Data Controller to evaluate website usage, prepare reports on user activity, and provide additional services related to website and internet usage. The IP address transmitted by the browser within Google Analytics is not associated with other Google data.

Further information about the cookies used by Google Analytics can be found here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs

3.2.5. Google Ads (AdWords)

The Website uses Google Ads remarketing tracking codes.

This enables the Website to display remarketing advertisements to visitors later on websites within the Google Display Network.

The remarketing code uses cookies to tag visitors. Users of the Website may disable these cookies by visiting the Google Ads Settings Manager and following the provided instructions. After doing so, personalized ads from the Service Provider will no longer appear.

Further information about cookies used by Google is available here:

https://policies.google.com/technologies/ads

Google’s Privacy Policy can be found here:

https://policies.google.com/privacy

Data Processors

HighLevel Inc.

Address: North Saint Paul St., Suite 920, Dallas, Texas 75201

Website: https://www.gohighlevel.com/

Activity: Hosting and marketing software provider

Rádiocoop Bt.

Address: 1157 Budapest, Zsókavár u. 33.

Company registration number: 01 06 72 3251

Activity: Accounting and invoicing

KBOSS.hu Kereskedelmi és Szolgáltató Kft. (KBOSS.hu Ltd.)

Address: 1031 Budapest, Záhony utca 7.

Company registration number: 01-09-303201

Website: www.szamlazz.hu

Activity: Electronic invoicing system for issuing invoices related to the services used by the Data Subject.

The Data Controller reserves the right to involve additional data processors in the future. Any such changes will be communicated to Data Subjects by updating this Privacy Policy.

Data Transfer

In the absence of an express legal provision, the Data Controller shall only transfer personal data that can identify the Data Subject to third parties with the explicit consent of the Data Subject.

Rights of the Data Subject

6.1. Right to Information and Access to Personal Data

The Data Subject has the right to be informed about and to access the personal data stored by the Data Controller, as well as any information related to their processing. The Data Subject may request and verify at any time what data the Controller holds about them and is entitled to receive access to such data.

Requests for access must be submitted to the Data Controller in writing, and the requested data shall be provided in writing (electronically or by post). The Data Controller does not provide verbal information in this regard.

When exercising the right of access, the information shall include:

specification of the categories of data processed: name, billing name, billing address, email address, telephone number, depending on the service used;

the purpose, duration, and legal basis of the data processing with regard to the data concerned;

information on data transfer: to whom the data have been or will be transferred;

the source of the data.

The Data Controller shall provide a paper-based or electronic copy of the personal data free of charge on the first occasion. For any additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs.

If the Data Subject requests the copy in electronic form, the information will be provided via email in a widely used electronic format.

After receiving the information, if the Data Subject disagrees with the data processing or with the accuracy of the processed data, they may, in accordance with Section 6, request rectification, supplementation, deletion, or restriction of processing of their personal data, object to such processing, or initiate the procedure set out in Section 7.

6.2. Right to Rectification and Supplementation of Personal Data

Upon the Data Subject’s written request, the Data Controller shall, without undue delay, rectify inaccurate personal data indicated by the Data Subject or complete incomplete data with the content specified by the Data Subject.

The Data Controller shall notify all recipients to whom the personal data have been disclosed about the rectification or supplementation, except where this proves impossible or requires disproportionate effort. The Data Subject shall be informed about these recipients upon written request.

6.3. Right to Restriction of Processing

The Data Subject has the right to request in writing that the Data Controller restrict processing where:

the Data Subject contests the accuracy of the personal data, in which case restriction applies for the period during which the Data Controller verifies the accuracy of the data;

the processing is unlawful, and the Data Subject opposes deletion of the data and instead requests restriction of use;

the Data Controller no longer needs the personal data for processing purposes, but the Data Subject requires them for the establishment, exercise, or defence of legal claims;

the Data Subject has objected to the processing, pending verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.

The Data Controller shall inform the Data Subject who requested restriction before lifting the restriction.

6.4. Right to Erasure (“Right to be Forgotten”)

Upon request, the Data Controller shall, without undue delay, erase the personal data of the Data Subject where one of the following grounds applies:

i) the personal data are no longer necessary for the purpose for which they were collected or otherwise processed;

ii) the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for processing;

iii) the Data Subject objects to processing on grounds relating to their particular situation, and there are no overriding legitimate grounds for processing;

iv) the Data Subject objects to the processing of personal data for direct marketing purposes, including profiling related to such direct marketing;

v) the personal data have been unlawfully processed;

vi) the personal data were collected in connection with the offering of information society services directly to a child.

The Data Subject may not exercise the right to erasure where processing is necessary:

i) for exercising the right of freedom of expression and information;

ii) for reasons of public interest in the area of public health;

iii) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where erasure would render the processing impossible or seriously impair it; or

iv) for the establishment, exercise, or defence of legal claims.

6.5. Right to Data Portability

The right to data portability allows the Data Subject to obtain and reuse their personal data provided to the Data Controller for their own purposes across different services. This right applies only to the data provided directly by the Data Subject; other data (e.g., statistical or transactional data) are excluded.

The Data Subject may request that the personal data relating to them and processed by the Data Controller (e.g., during course registration, online package orders, or newsletter subscriptions):

be provided in a structured, commonly used, machine-readable format;

be transmitted to another data controller;

or be directly transferred to another data controller, if technically feasible.

The Data Controller fulfils data portability requests only if submitted in writing, via email or post. To ensure that the request is made by the legitimate Data Subject, sufficient identifying information must be provided, including at least: name, email address, billing name, address, and telephone number (depending on the service used).

This right applies only to data the Data Subject has directly provided when using the services specified in Section 3. Exercising this right does not automatically entail deletion of the data from the Data Controller’s systems; therefore, the Data Subject may continue to use the services after exercising their right to portability. Data will only be deleted upon explicit request.

6.6. Right to Object to the Processing of Personal Data

The Data Subject has the right, at any time and on grounds relating to their particular situation, to object to the processing of their personal data, including profiling.

The Data Subject also has the right to object at any time to the processing of their personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

Where the Data Subject objects to the processing of personal data for direct marketing purposes, the Data Controller shall no longer process the personal data for such purposes.

The Data Subject may exercise their right to object in writing (by email or by post) or by clicking the unsubscribe link included in any newsletter or other notification sent to them.

6.7. Time Limit for Fulfilling Requests

The Data Controller shall, without undue delay and in any event within one month of receipt of any request submitted under Sections 6.1–6.6, inform the Data Subject of the actions taken.

Where necessary, taking into account the complexity and number of requests, this period may be extended by a further two months. In such cases, the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If the Data Subject submits the request electronically, the information shall be provided electronically, unless the Data Subject requests otherwise.

Remedies and Enforcement of Rights

The Data Subject may exercise their rights by submitting a request in writing, by email or by post.

It is not possible to exercise any rights by telephone.

The Data Subject may exercise their rights using the contact details provided above.

The Data Subject cannot exercise their rights if the Data Controller demonstrates that it is not in a position to identify the Data Subject.

Where the Data Subject’s request is manifestly unfounded or excessive (in particular due to its repetitive nature), the Data Controller may charge a reasonable fee based on administrative costs or refuse to act on the request. The burden of demonstrating this rests with the Data Controller.

If the Data Controller has reasonable doubts concerning the identity of the individual making the request, it may request additional information necessary to confirm the identity of the Data Subject.

If the Data Subject does not agree with the decision of the Data Controller, they may, pursuant to the provisions of the Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act), the GDPR, and the Civil Code (Act V of 2013):

lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH)

(address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., Hungary; website: www.naih.hu

), or

seek judicial remedy before a court.

Management of Data Protection Incidents

A data protection incident is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

The Data Controller shall maintain a record of data protection incidents for the purpose of monitoring the measures taken in connection with the incident, informing the supervisory authority, and notifying the Data Subject.

This record shall include the categories of personal data affected, the categories and number of Data Subjects concerned, the date, circumstances, and effects of the incident, as well as the measures taken to remedy it.

If the Data Controller determines that a personal data breach is likely to result in a high risk to the rights and freedoms of Data Subjects, it shall inform the Data Subjects and the supervisory authority of the personal data breach without undue delay and, where feasible, no later than 72 hours after becoming aware of it.

Links

The Company shall not be held liable for the content, data, or information protection practices of external websites that can be accessed as hyperlinks from the Website.

If the Company becomes aware that any linked website or link violates the rights of third parties or applicable laws, it will immediately remove the link from the Website.

Data Security

The Data Controller undertakes to ensure the security of personal data and to implement all necessary technical and organizational measures, as well as to establish the procedural rules required to guarantee that the collected, stored, and processed data remain protected.

The Data Controller also undertakes to prevent the destruction, unauthorized use, or unauthorized alteration of such data. Furthermore, the Data Controller undertakes to ensure that any third party to whom data are transferred or disclosed based on the Data Subject’s consent is required to comply with data security requirements.

The Data Controller shall ensure that unauthorized persons cannot access, disclose, transfer, modify, or delete the processed data.

Access to the processed data shall be restricted to the Data Controller and its designated data processors. The Data Controller shall not disclose personal data to any third party who is not authorized to access them.

The Data Controller shall take all reasonable measures to ensure that the data are not accidentally damaged or destroyed.

The Data Subject acknowledges and accepts that by providing personal data on the Website – despite the Data Controller’s use of up-to-date security technologies to prevent unauthorized access or intrusion – complete protection of data transmitted via the internet cannot be fully guaranteed.

In the event of unauthorized access or data acquisition despite such efforts, the Data Controller shall not be liable for such unauthorized access or acquisition, nor for any damage suffered by the Data Subject as a result.

Furthermore, the Data Subject acknowledges that they may provide their personal data to third parties who could use such data unlawfully or for unauthorized purposes.

The Data Controller does not collect special categories of personal data under any circumstances, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, genetic or biometric data, sexual orientation, or criminal records.

The Data Controller reminds the Data Subject that, for security reasons, it is important to log out of the Website after using a shared or public computer.

If the Data Subject accesses the Website from their own computer, certain applications may keep them logged in for a specific period. Even in such cases, the Data Subject should take care to prevent unauthorized access to their computer to avoid actions being taken in their name (such as subscriptions, applications, or orders).

Other Provisions

The Data Controller reserves the right to unilaterally amend this Privacy Policy with prior notice to the Data Subjects via the website www.weboldaltmost.hu

.

Following the effective date of such amendments, continued use of the Website or its services by the Data Subject shall be deemed acceptance of the revised Privacy Policy, except where the Data Subject objects to the changes.

This Privacy Policy forms an inseparable part of the General Terms and Conditions (GTC).

This Privacy Policy has been effective since 1 November 2020.