.svg)
DATA MANAGEMENT INFORMATION
1. Purpose of the information
We adopt this Notice in order to provide all relevant information and data to natural persons and representatives of legal entities using our services (hereinafter referred to as "Users") in a concise, transparent, understandable and easily accessible form, in a clear and plain language, and to assist Users in exercising their rights under section 4. Article 12 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 25 May 2016 (hereinafter referred to as " GDPR"), Article 16 of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information(hereinafter referred to as " Infotv.") and Article 4 of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Elkertv.).The Information is subject to the GDPR, the Infotv, and other legislation relevant for certain data processing. The list of the legal provisions is contained in Annex 1 of the Information, the most important terms are listed in Annex 2, and a detailed description of the individual data subject rights is contained in Annex 3.In the development and application of this Information, the findings of the National Authority for Data Protection and Freedom of Information's Recommendation on the data protection requirements of prior information and the provisions of Section 5. We also follow the practices of the European Union with regard to the protection of personal data; accordingly, we also incorporate the content of the European Commission's Working Party 29's Guidelines on Transparency into our data management practices.
2. Data controller's data
Name: Ganz Dolphin Benedetto
Website: www.dolphinganz.com
Registered office: 2890, Tata, Egység utca 13. 9. emelet 1.
Tax number: 66279660-2-31
E-mail: info@dolphinganz.com
3. Certain data management processes
In this section, we detail the relevant circumstances for each processing operation that the GDPR and other sectoral legislation expect from all data controllers.
3.1. Data processing related to the sending of newsletters
In order to provide our Website visitors with up-to-date information, it is possible to subscribe to our newsletter. The following information applies to the processing of data in this context:
3.1.1. Personal data processed and the purposes ofthe processing Personal data processing Purpose of the processing By entering the name of the User in our newsletter, we can address the User by entering the e-mail address of the User, we know the User's electronic contact details to which we can send our newsletter
3.1.2. Legal basis for processing
The User's consent (Article 6 (1) a) GDPR and Article 6 (1) paragraph 1 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter referred to as " Act XLVIII").
3.1.3. Duration of data processing
The personal data provided will be processed until consent is withdrawn. The User may withdraw his/her consent at any time by clicking on the "Unsubscribe" button in the letter sent. The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to the withdrawal.
3.1.4.
In electronic form.
3.2. Processing in connection with contacting
You may contact us through our website for any purpose. The details of the related processing are set out below.
3.2.1.
- Name: identification of the User
- e-mail address: to contact the User
- telephone number: to contact the User
3.2.2. Article 5(1)(b) of the Info Act and Article 13/A(1) and (3) of the Elkertv.
3.2.3. Duration of data processing
The personal data provided will be processed until consent is withdrawn. The User may withdraw his/her consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal.
3.2.4.
In electronic form.
3.4. Processing in connection with invoicing
After the orders have been fulfilled, an accounting document is issued, subject to Act C of 2000 on Accounting (hereinafter referred to as " Act on Accounting"). Details of the data processing in this context are set out below.
3.4.1. Personal data processed and purpose of processing: purpose of personal data processing
Name to support the accounting of the order (economic event) to support the accounting of the order (economic event) to support the accounting of the order (economic event) to support the accounting of the order (economic event) to support the tax number of the sole trader.
3.4.2. Legal basis for processing
Data processing based onlaw(Article 6 (1) c) GDPR in the light of the Info tv. Article 5 (1) (b) and Article 166 (1) to (3) of the State Law).
3.4.3. Duration of data processing
For 8 years after the issue of the accounting document (subject to Section 166 (6) paragraph (1) of Section 169 of the State Act).
3.4.4.
In electronic form.A voucher issued in electronic form is stored in such a way that the method used ensures that all the data on the voucher are produced without delay, can be read continuously and cannot be subsequently modified, taking into account the provisions of the legislation on digital archiving.
3.4.5. Provision of personal data
Given that we cannot issue an accounting voucher without knowing the personal data contained in this section, the provision of personal data is based on law.
3.5. Customer service related processing
We maintain a customer support service on our Website to answer Users' questions and investigate any complaints.
3.5.1.
3.5.2. Legal basis for processing
Processing based on legislation; subject to Article 6 (1) c) and (2) oftheGDPR, the Info tv. Article 5 (1) (b) and Act CLV of 1997 on Consumer Protection (Fgytv.)
3.5.3.
Subject to Section 17/A (7) of the Data Protection Act, for a period of 5 years from the receipt of the complaint.
3.5.4.
In electronic form.
4. What rights do Users have?
It is important to us that our data processing complies with the requirements of fairness, lawfulness and transparency. In light of this, we briefly describe in this section the individual data subjects' rights, which are further explained in Annex 3 to this notice.Our Users may request free of charge information on the details of the processing of their personal data, and may request the rectification, erasure, blocking or restriction of the processing of their personal data in cases provided for by law, and may object to the processing of such personal data. You can send your requests for information and the requests referred to in this point to our contact details in point 2.
4.1 Right of accessOur User may receive feedback from us on the processing of his/her personal data and have access to such personal data and the details of their processing.
4.2 Right to rectificationAt our User's request, we will correct inaccurate personal data relating to him or her without undue delay and he or she has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
4.3 Right to erasureAt the request of our User, we will erase personal data concerning him/her if we no longer need to process them, or if he/she withdraws his/her consent or objects to the processing or if the processing is unlawful.
4.4 Right to be forgottenWe will endeavour to notify any data controller who has or may have become aware of any of our User's personal data that may have been disclosed, of our User's request for erasure, if he or she so requests.
4.5.Right to restriction of processingWe will restrict processing at the request of our User if the accuracy of the personal data is contested or the processing is unlawful, or if our User objects to the processing, or if we no longer need the personal data provided.
4.6 Right to data portabilityOur User may receive the personal data relating to him or her that he or she has provided in a structured, commonly used, machine-readable format, or may transfer it to another controller.
4.7 Right to objectOur User has the right to object to the processing of his/her personal data based on legitimate interests at any time on grounds relating to his/her particular situation. In such a case, we may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims. In the event of an objection, the personal data may, as a general rule, no longer be processed for these purposes.
4.8 Reaction to requestsWe will examine the request within the shortest possible time from the date of its submission, but not later than 30 days, or 15 days in the event of an objection, and will decide on its merits, of which the applicant will be informed in writing. If we do not comply with our User's request, we will state in our decision the factual and legal grounds for refusing the request.
4.9. RemediesWe are committed to protecting your personal data and respecting your right to informational self-determination, and we will endeavour to respond to all requests in a fair and timely manner. In this regard, we ask you to contact us - with a view to filing a complaint or raising a query - before making use of any possible recourse to the authorities or courts, in order to resolve any objections as soon as possible. V of 2013, the User may enforce his/her rights before a court (the action may be brought before the competent court of law of the place of residence or stay of the User; the list of courts and their contact details can be found at the following link: http://birosag.hu/torvenyszekek), and may also invoke the provisions of the Infotv. (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu; website: https://www.naih.hu/panaszuegyintezes-rendje.html; online case start: https://www.naih.hu/online-uegyinditas.html; hereinafter referred to as "NAIH").
5. Our procedure for requesting the exercise of rights
5.1. Notification of addressees
We will always notify the recipients to whom or with whom we have disclosed the User's personal data of rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon the User's request, we will provide information about these recipients.
5.2.
We will provide you with information in electronic form on the measures taken in response to requests relating to point 4 within a maximum of one month of receipt of the request, unless you request otherwise. This time limit may be extended by a further two months if necessary, taking into account the complexity of the request or the number of requests. The User will be informed of the extension, stating the reasons for it, within one month of receipt of the request.At the User's request, oral information may also be provided, provided that the User provides proof of his identity by other means.If no action is taken on the request, the User will be informed of the reasons for the failure to act within one month of receipt of the request at the latest, and of the right to lodge a complaint with the NAIH and to exercise his right to judicial redress (point 4.9).
5.3 VerificationIn exceptional cases, where we have reasonable doubts about the identity of the natural person submitting the request, we will ask for additional information necessary to confirm the identity. This measure is necessary to facilitate the confidentiality of processing, as defined in Article 5(1)(f) of the GDPR, i.e. to prevent unauthorised access to personal data.
5.4 Costs of information and action
If the User's request is manifestly unfounded or excessive, in particular because of its repetitive nature, we will charge a reasonable fee, taking into account the administrative costs of providing the requested information or taking the requested action, or refuse to act on the request.
6. Potential recipients of personal data, data processors
6.1 In the context of the operation of the WebsiteThe personal data provided during the use of the Website may be accessed by the hosting provider as data processor.
Name: Webflow, Inc. - 398 11th Street, 2nd Floor - San Francisco, CA 94103
Contact: privacy@webflow.com
6.6 In connection with social media platformsOur website has several social media platforms (e.g. Facebook, Linkedin Twitter, Google+, Instagram, You Tube); so, for example, if a User "likes" our site on Facebook or "follows" us on Twitter, we will know any personal data that is part of his/her profile and publicly available. Relevant information on the processing of data on these sites can be found in the respective service provider's own privacy policy.
6.7 In the context of invoicingIn the context of invoicing, the tax authority is entitled to know the personal data provided by Users for this purpose in the course of its activities. Tax authority details:Name: National Tax and Customs AdministrationWebsite, contact details: https://www.nav.gov.hu/nav/kapcsolat
7.
We and the employees of the data processors are entitled to access the User's personal data to the extent necessary for the performance of their duties.Website.address.website.at.uk We take all security, technical and organisational measures to ensure the security of the data.
7.1 Organisational measures
Access to our IT systems is granted on the basis of individual rights. Access is granted on the basis of the "need-to-know principle", i.e. each employee may use our IT systems and services only to the extent necessary for the performance of his or her duties, with the corresponding rights and for the necessary duration. Access to IT systems and services is restricted only to persons who are not restricted for security or other reasons (e.g. conflict of interest) and who have the professional, business and information security skills necessary to use them safely. We and our data processors have a written commitment to strict confidentiality rules and are bound by these confidentiality rules in the course of our activities.
7.2 Technical measures
We store data on our own equipment in a data centre, except for data stored by our data processors. The IT tools storing the data are segregated and stored in a separate, locked server room, protected by a multi-level access control system with authorisation control. We have a multi-level firewall protection of our internal network. All access points to the public networks used are always equipped with hardware firewalls (border protection devices). Data is stored redundantly, i.e. in multiple locations, to protect it from destruction, loss, damage or unlawful destruction due to IT equipment failure. We protect our internal networks from external attacks with multi-layered, active, complex malicious code protection (e.g. virus protection). We provide the necessary external access to the IT systems and databases we operate via encrypted data connections (VPN). We do our utmost to ensure that our IT tools and software are always in line with the technological solutions generally accepted in the market. We are developing systems that use logging to control and monitor operations and detect incidents such as unauthorised access. Our server is located on a separate dedicated server of the hosting provider, secured and locked.Taking into account the recommendation on data protection requirements for data processing on NAIH party websites, we use https protocol on the website, which provides a higher level of data security compared to http protocol.
8.
In order to ensure the proper functioning of our website, we sometimes place small data files on the User's computer device, as most modern websites do.
8.1 What is a cookie?
A cookie is a small text file that the Website places on the User's computer device (including mobile phones). This allows the website to "remember" the User's preferences (e.g. language used, font size, display, etc.) so that it does not have to be reset each time the User visits our website.A list of the cookies used on the Website can be found in the Cookie Management Information section above.These cookies can be deleted or blocked, but in this case the Website may not function properly.Cookies are not used to identify the User personally. These cookies are only used for the purposes described above.
8.2 Google Analytics
. The Website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses so-called "cookies", text files that are saved on your computer to help analyse the use of the website visited by the User.
2. The information generated by the cookie about the website you use is usually transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the User's IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.
3. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity for us and to provide other services relating to website and internet usage.
The IP address transmitted by the User's browser within the framework of Google Analytics will not be merged with other data held by Google. The storage of cookies may be prevented by the User by means of the appropriate browser settings, but please note that in this case not all functions of this website may be fully functional. You may also prevent Google from collecting and processing information about your use of the website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=h
8.4 How can cookies be managed?
Cookie files can be deleted (see www.AllAboutCookies.org for details) or blocked from being placed by most of today's browsers. In this case, however, you will have to re-enter certain settings each time you use our website and some services may not work.
Detailed information on how to delete or block cookies can be found at www.AllAboutCookies.org (English) and for the browser used by the User, at the links below:
Firefox, Google Chrome, Microsoft Internet Explorer 11, Microsoft Internet Explorer 10, Microsoft Internet Explorer 9, Microsoft Internet Explorer 8, Safari 9, Safari 8, Safari 6/7, Opera.
9. Other provisions
9.1 Activity data collection
We may collect data about the activity of Users, which cannot be linked to other data provided by the User at the time of registration, nor to data generated by the use of other websites or services.
9.2. Processing of data for other purposes
If we intend to use the data provided for a purpose other than that for which it was originally collected, we will inform the Users and obtain their prior explicit consent or provide them with the opportunity to object to such use.
9.3. Obligation to keep records
We keep a record of the processing activities carried out under our responsibility (register of processing activities) in accordance with Article 30 of the GDPR.
9.4. Data protection incident
A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data processed. In the event of a data breach, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We will keep a record of the data breach, indicating the facts relating to the data breach, its effects and the measures taken to remedy it.
9.5.
We may unilaterally amend this Notice at any time.
Effective.
Ganz Dolphin Benedetto ev.
Data Controller
