Information on data management

Regarding the use of cookies

1. Name of the data controller

1. Legislation on which the data management is based

The following legislation applies to the data management during the login, registration of a guest:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,
• Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter: Info Act),
• Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity.

• Information on the managed data

Scope of the data managed by the data controller: the online identifier of the data subject.

Legal basis for the data management: the consent of the data subject

Duration of the data management: until the consent is withdrawn

1. About the cookies in general

• The Cookies are short data files placed on the user's computer by the visited website. The purpose of the cookie is to make the given information-communication and Internet service easier and more convenient. There are many types of cookies, but they can generally be classified into two large groups. One is the temporary cookie, which the website places on the user's device only during a specific work session (e.g. during internet banking for security identification), the other type is the permanent cookie (e.g. the language setting of a website), which remains on the computer until the user deletes it. Based on the guidelines of the European Commission, cookies [unless they are absolutely necessary for the use of the given service] can only be placed on the user's device with the user's consent.
• In the case of cookies that do not require the user's consent, the information must be provided during the first visit to the website. It is not necessary for the full text of the information about the cookies to appear on the website, it is sufficient if the website’s operators briefly summarize the information, and attach a link that directs to the complete information.
• In the case of cookies that require consent, the information may be linked to the first visit to the website in the event that the data management, that requires the use of cookies, already begins with the visit to the website. If the cookie is applied in connection with the use of a function specifically requested by the user, the information may appear in connection with the use of this function. In this case, it is not necessary for the full text of the information about the cookies to appear on the website, a short summary of the information and a link that directs to the complete information are sufficient.
• The visitor must be informed about the use of the cookies on the website. With this information, the Data Controller guarantees that the visitor can learn, before using the information society-related services of the website and at any time during the use, which types of data the Data Controller manages, and the purposes of the data management, including the management of data that cannot be directly linked to the user.

1. The used cookies

The Data Controller informs its users that he uses the Google Analytics, the Google Remarketing, the AdWords Conversion Tracking, and the Facebook Remarketing programs to measure the number of visitors to his Website and its subpages, and to monitor the behaviour of its visitors, to produce statistics and to measure the effectiveness of his advertisements. The above-referred programs place so-called cookies on the user's computer that collect user data. The website’s visitors (Data Subjects) allow the Data Controller to use the Google Analytics, the Google Remarketing, the AdWords Conversion Tracking and the Facebook Remarketing programs. At the same time, they consent to the monitoring and the tracking of their user behaviour and the use of all services provided by the programs for the Data Controller. In addition to all this, the user has the option to disable the data recording and the data storage of the cookies in the future at any time, as described below.

We inform our users that the settings and the use of the Google Analytics, the Google Remarketing, the AdWords Conversion Tracking, and the Facebook Remarketing programs fully comply with the requirements of the data protection authority.

According to the Google, the Google Analytics mainly reports visitor interactions on the website using cookies originating from the first party. These cookies only record information that is not suitable for personal identification. The browsers do not share their own cookies between the domains. For more information about the cookie(s), please read the Google Advertising and Privacy FAQ.

V.1 Google Analytics:

The Data Controller uses the Google Analytics program primarily to produce his statistics, and to measure the effectiveness of his campaigns, among other things. Using the program, the Data Controller mainly obtains information about the number of visitors who have visited his Website and how much time the visitors spent on the Website. The program recognizes the visitor's IP address, so it can track whether the visitor is a returning or a new visitor; the route of the visitor on the Website, and the places they entered can also be tracked.

V.2 Google Remarketing:

Using the Google Remarketing program, the Data Controller collects data from the DoubleClick cookie in addition to the usual data from the Google Analytics. The remarketing service can be used through the DoubleClick cookie, which primarily ensures that the visitors to the Website will later see the Data Controller's advertisement on free Google advertising platforms. The Data Controller uses the Google Remarketing program for his online advertisements. The Data Controller's advertisements are also displayed on Internet websites by external service providers, such as the Google. The Data Controller and third-party service providers, such as the Google, use their own cookies (e.g. Google Analytics cookies) and third-party cookies (e.g. the DoubleClick cookie) for the purpose of collecting information about previous visits by the users to the Website, and to optimize and display advertisements.

V.3 Google AdWords Conversion Tracking:

The purpose of the Google AdWords conversion tracking is to enable the Data Controller to measure the effectiveness of the AdWords advertisements. He does this with the help of the cookies placed on the user's computer, which exist for 30 days, and do not collect personal data.

V.4 Facebook Remarketing

The Data Controller uses the Facebook remarketing pixel to increase the effectiveness of the Facebook advertisements, to build a so-called remarketing list. Thus, after visiting the Website, an external service provider - such as Facebook - may display advertisements on Internet websites. The remarketing lists are not suitable for personal identification. They do not contain the visitor's personal data; they only identify the browser software.

V.5 Disabling cookies

If you want to manage the cookie settings or disable the function, you can do so on your own user's computer in your browser. Depending on your browser's toolbar, this option can be found in the placement of cookies/ tracking functions menu, but in general, you can set in the Tools > Settings > Privacy settings which tracking functions you wish to enable/disable on your computer.

The users who do not want the Google Analytics to report their visit, can install the Google Analytics blocking browser plugin.

If you wish to disable the web activity of the Analytics, visit the Google Analytics disabling site and install the plugin for your browser. For more information on installing and uninstalling the plugin, please read the Help of your browser.

1. Access to data and data security measures

VI.1 Access to data and data transfer

The employees of the Data Controller can access the personal data provided by you in order to perform their tasks.

The data manager forwards the processed personal data to his subcontractors as specified in the Annex to these regulations.

The Data Controller only discloses your personal data to other Data Controllers and public bodies, not listed in the Annex, in exceptional cases.

For example, if

• court proceedings are initiated in a case affecting you, and it is necessary to give the documents containing your personal data to the acting court;
• the police contact the Data Controller and request the forwarding of the documents containing your personal data for an investigation.

VI.2 Data security measures

The Data Controller stores the personal data provided by you on the Data Controller's servers or in his paper-based archives, as applicable. The Data Controller does not use the services of other companies to store the personal data.

The Data Controller takes appropriate measures to protect the personal data, among other things, against unauthorized access or unauthorized alteration. For example, access to the personal data stored on the server is logged by the Data Controller, which means that it can always be checked who and when had access to personal data, and what personal data was accessed.

• The data subject's rights connected to data management

1. Your access rights

As an entitled person, you can access your personal data.

If you request that the Data Controller provide feedback on whether he processes your personal data, the Data Controller is obliged to provide information about the following facts:

(a) what personal data,

(b) on what legal basis,

(c) for what purpose of data management,

(d) from what source,

(e) how long are managed.

Your right to receive feedback on whether the Data Controller manages your personal data (or not),

(a) covers the personal data about you;

(b) does not cover any anonymous data;

(c) does not cover any personal data that does not relate to you; and

(d) includes pseudonymized data that can be clearly linked to you.

At your request, the Data Controller provides access to your personal data and a copy of them. If you request an additional/repeated copy of your personal data, the Data Controller may charge a reasonable fee for the administrative costs incurred in connection with the granting of the request, and you shall pay such fee.

2. Your Right to Correction

You are entitled to correct your personal data.

This right

(a) does not cover any anonymous data;

(b) covers the personal data about you;

(c) does not cover any personal data that does not relate to you; and

(d) includes pseudonymized data that can be clearly linked to you.

At your request, the Data Controller will properly correct or supplement your personal data. The Data Controller will inform the recipients of your personal data (if any) about the correction of your personal data. However, the Data Controller will not inform the recipients of the correction of personal data if informing the recipients proves to be impossible or would require a disproportionately large effort.

3. Right to deletion

Under certain conditions, you have the right to delete your personal data.

The Data Controller is obliged to delete your personal data without undue delay, if

(a) the Data Controller is managing these personal data, and

(b) you request the deletion of your personal data, and

(c) the personal data are not necessary for the purposes for which the Data Controller manages the personal data.

The Data Controller is obliged to delete your personal data without undue delay, if

(a) the Data Controller is managing these personal data, and

(b) you request the deletion of your personal data, and

(c) you withdraw your consent on which the management of your data is based, and

(d) there is no other legal basis for the further management of your data.

The Data Controller is obliged to delete your personal data without undue delay, if

(a) the data processing is necessary to assert the legitimate interests of the Data Controller or a third party, and

(b) you object to the fact that the Data Controller manages your personal data, and

(c) the legitimate reason for the management of such personal data does not take precedence over your objection.

The Data Controller is obliged to delete your personal data without undue delay, if

(a) you request the deletion of your personal data, and

(b) the management of such data by the Data Controller is not illegal, or

(c) the deletion is mandatory under the applicable legislation, or

(d) your data are collected in connection with services related to the information society.

The Data Controller will inform the recipients of the personal data (if any) about the deletion of your personal data. However, the Data Controller will not inform the recipients of the deletion of personal data if informing the recipients proves to be impossible or would require a disproportionately large effort.

4. Your right to restrict data management

You may request the restriction of the management of your personal data.

Your right to request the restriction of the management of your personal data

(a) does not cover any anonymous data;

(b) covers the personal data about you;

(c) does not cover any personal data that does not relate to you; and

(d) includes pseudonymized data that can be clearly linked to you.

The Data Controller restricts the management of your personal data to the period during which he checks the accuracy of such data, if you request the restriction of the management of your personal data and you dispute the accuracy of such data.

The Data Controller restricts the management of your personal data if you request the restriction of the management of data whose management is unlawful, and you oppose the deletion of such data.

The Data Controller restricts the management of your personal data if

(a) you request the restriction of the management of your personal data, and

(b) the Data Controller no longer needs this data for the purposes of his data management, and

(c) you request your data to submit, enforce or defend a legal claim.

The Data Controller restricts the management of your personal data if

(a) you object to the management of your personal data which is necessary for the legitimate interests of the Data Controller, and

(b) you are waiting for confirmation that there is a legitimate ground for the management of your personal data by the Data Controller, which does not take precedence over your objection.

The Data Controller will inform the recipients of such personal data (if any) about the restriction of your personal data. However, the Data Controller will not inform the recipients about such restriction if informing the recipients proves to be impossible or would require a disproportionately large effort.

If the Data Controller restricts the management of your personal data, then

(c) he may store such personal data;

(d) he may manage such personal data with your consent,

(e) he may manage the personal data for the presentation, enforcement or defence of a legal claim or to protect the rights of a person.

(f)

5. Your right to data portability

You are entitled to receive your personal data that you have made available to a data controller in a segmented, widely used, machine-readable format, moreover, you are also entitled to have this data transferred to another data controller without hindering (where technically possible) the data controller for whom you have provided the personal data, if the data management is based on consent, or is necessary for the performance of a contract and the data is managed in an automated manner.

Your right to data portability

(a) does not cover any anonymous data;

(b) covers the personal data about you;

(c) does not cover the personal data that does not relate to you; and

(d) does not cover the clearly pseudonymized data.

6. The administrative deadline for your request as a data subject

The Data Controller shall respond to the questions about the rights you are entitled to, according to the above, without undue delay, but within one month at the latest.

7. Right to submit a complaint

If you think that your rights have been violated, the Data Controller recommends that you initiate a negotiation with the Data Controller by contacting the Data Controller directly. If such a negotiation does not lead to results, or if you do not wish to participate in such actions, you may contact the court or the NAIH (National Authority for Data Protection and Freedom of Information). In the event of the initiation of court proceedings, you may decide to initiate the proceedings before the competent court at your home address or place of residence.

The NAIH's contact details are as follows: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.; phone: +36 1 391 1400; fax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu

8. Amendments to this information

The Data Controller reserves the right to amend this information at any time. The Data Controller will inform the customers of such amendment by letter or e-mail, as appropriate, and in accordance with the relevant legislation in any case.