Information on data management – Csaba Sélley-Hock
We are entitled to unilaterally change this data management information sheet and the information related to the use of the website for various updates, without prior notice, with effect following the amendment. In view of this, it is recommended to visit the website regularly in order to monitor the acceptability of changes.
Valid from Sept. 1, 2020
The purpose and task of the data protection information is to regulate the order of operation, to ensure the legal order of data management and related data protection regulations, the enforcement of data security requirements, the protection of data with appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as inaccessibility resulting from changes in the used technology. The data protection information sheet CXII of 2011 on the right to self-determination of information and freedom of information. by law Infotv. were compiled in harmony.
Brief information:
In all cases, the legal basis for processing personal data is the voluntary consent of the person concerned. By providing the given personal data, you declare that you have familiarized yourself with the version of this information sheet in effect at the time the data was provided and that you voluntarily and expressly accept it, given that:
⦁ I treat the provided personal data confidentially in accordance with the relevant laws and do not disclose them to third parties.
⦁ I only send direct marketing letters based on separate consent.
⦁ Based on a written request sent to the e-mail address info@shwebdesign.hu, I will send information about the personal data handled.
⦁ The deletion of personal data can also be requested at the above e-mail address.
Data management principles
Affected website (hereinafter referred to as Website):
www.shwebdesign.hu
The website is operated by: Csaba Sélley-Hock, tax number: 68002459-1-42 (hereafter Data Controller and Service Provider)
Website hosting provider: RACKFOREST ZRT.
Address: 1132 Budapest,
Victor Hugo Street 11.
5th floor, B05001.
Phone: +36 1 211 0044
Email: info@rackforest.com
CXII of 2011 on the right to information self-determination and freedom of information. according to the provisions of § 20 of the Act:
- Before data processing begins, the data subject must be informed that data processing is based on consent or is mandatory.
- Before data processing begins, the data subject must be informed clearly and in detail about all the facts related to the processing of his data, in particular the purpose and legal basis of the data processing, the person entitled to data processing and data processing, the duration of the data processing, if the personal data of the data subject is stored by the Data Controller It is managed on the basis of § 6, paragraph (5), and about who can see the data. The information must also cover the data subject’s rights and legal remedies.
- In the case of mandatory data management, the information may also be provided by making public the reference to the legal provisions containing the information according to paragraph (2).
- If the personal information of the affected parties would be impossible or disproportionately expensive, the information can also be provided by disclosing the following information:
- a) the fact of data collection,
- b) the range of stakeholders,
- c) purpose of data collection,
- d) duration of data management,
- e) the person of possible Data Managers authorized to access the data,
- f) description of the rights and remedies of the data subjects related to data management, as well as
- g) if there is a place for the data management to be registered in the data protection register, the data management registration number
Management of cookies:
Cookies (or „cookies”) are small text files (files) that the Website places on the IT devices of Website users, and in which the Website stores information related to visits.
The typical cookies used on the Website are the so-called „cookie used for a password-protected session” and „security cookies”, the use of which does not require prior consent from the data subjects, but the Website notifies the User of this during the first visit. None of these files are suitable for identifying the data subjects.
The Website visitor data is measured by the Service Provider using the Google Analytics service. When using the service, data is transmitted. The transmitted data are not suitable for identifying the persons concerned. More information on Google’s data protection principles can be found here: http://www.google.hu/policies/privacy/ads/
Cookie management guidelines:
⦁ The fact of data management, the range of managed data: unique identification number, dates, times
⦁ Purpose of data management: collection of information necessary for the service that measures attendance data
⦁ Scope of stakeholders: all stakeholders using the Website (hereinafter referred to as Users)
⦁ Legal basis for data collection: Consent from the data subject is not required if the sole purpose of using cookies is the transmission of information via an electronic communication network or if the service provider absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user.
⦁ Duration of data management: In the case of session cookies, the duration of data management lasts until the end of the website visit.
⦁ Description of the rights of data subjects related to data management: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.
Legal remedy
Objection to the processing of personal data
- The User may object to the processing of his personal data,
- a) if the processing or transmission of personal data is necessary solely for the fulfillment of a legal obligation relating to the Data Controller or for the enforcement of the legitimate interests of the Data Controller, data recipient or a third party, except in the case of mandatory data processing;
- b) if personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research; as well as
- c) in other cases, defined by law.
- The Service Provider examines the objection as soon as possible, but no later than 15 days after the submission of the application, makes a decision on its validity, and informs the applicant of its decision in writing. If the Service Provider determines that the protest of the person concerned is well-founded, it will terminate the data management – including further data collection and data transmission – and lock the data, as well as notify all those to whom the personal data affected by the protest was previously transmitted about the protest and the measures taken based on it. and who are obliged to take measures to enforce the right to protest.
- If the User does not agree with the decision made by the Service Provider, he may appeal to the court within 30 days of its notification. The court acts out of order.
- A complaint against a potential violation of the Data Controller can be lodged with the National Data Protection and Freedom of Information Authority:
National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, PO Box: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Court enforcement
- In the event of a violation of the data subject’s rights, as well as in accordance with Article CXII of 2011 on freedom of information. in the cases specified in § 21 of the Act, the data recipient may apply to the court against the Data Controller. The court acts out of sequence in the case.
- The Data Controller is obliged to prove that the data management complies with the provisions of the law. In the case according to § 21, paragraphs (5) and (6), the data recipient is obliged to prove the legality of the data transfer to him.
- Adjudication of the lawsuit falls within the jurisdiction of the court. At the choice of the data subject, the lawsuit can also be initiated before the court of the data subject’s place of residence or residence.
- A person who otherwise does not have legal capacity can be a party to the lawsuit. The Authority may intervene in the lawsuit in order to win the case for the person concerned.
- If the court approves the request, the Data Controller shall be required to provide information, correct, block, delete the data, annul the decision made through automated data processing, take into account the data subject’s right to object, and release the data requested by the data recipient defined in § 21 obliges.
- If the court rejects the data recipient’s request in the cases specified in § 21, the Data Controller is obliged to delete the data subject’s personal data within 3 days from the notification of the judgment. The Data Controller is obliged to delete the data even if the data recipient does not go to court within the time limit specified in Section 21 (5) and (6).
- The court may order the publication of its verdict – by publishing the identification data of the Data Controller – if it is required by the interests of data protection and the rights of a larger number of stakeholders protected by this law.
The requirement of data security
- The Data Controller is obliged to plan and implement the data management operations in such a way as to ensure the protection of the privacy of the data subjects during the application of this law and other rules on data management.
- In the area of data management or activity, the data processor is obliged to ensure the security of the data, and is also obliged to take the technical and organizational measures and establish the procedural rules that are necessary for the implementation of this law and other data and privacy protection rules.
- The data must be protected by appropriate measures, especially against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.
- In order to protect the data files managed electronically in the various registers, it must be ensured with an appropriate technical solution that the data stored in the registers cannot be directly linked and assigned to the data subject, unless permitted by law.
- During the automated processing of personal data, the Data Controller and the data processor provide additional measures
- a) preventing unauthorized data entry;
- b) preventing the use of automatic data processing systems by unauthorized persons using data transmission equipment;
- c) the verifiability and ascertainability of which bodies the personal data have been or may be transmitted using data transmission equipment;
- d) the verifiability and ascertainability of which personal data was entered into the automatic data processing systems, when and by whom;
- e) the restoreability of the installed systems in the event of a malfunction and
- f) that a report is prepared on errors occurring during automated processing.
- When defining and applying measures for data security, the Data Controller and the data processor must take into account the state of the art at all times. Among several possible data management solutions, the one that ensures a higher level of protection of personal data must be chosen, unless it would represent a disproportionate difficulty for the Data Controller.