Data Management Statement

2025.06.12

INTRODUCTION

Pihenőkert, i.e. Szabados László E.V.
Tax number: 55985196-1-33, Address: 2143 Kistarcsa, Aulich Lajos u. 4., Registration number: 54734423) (hereinafter referred to as: Service Provider, data controller) submits itself to the following information.

In accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation), we hereby provide the following information.

THE DATA CONTROLLER AND ITS CONTACT DETAILS:

Name: László Szabados
Address: 2143 Kistarcsa, Aulich Lajos u. 4
E-mail:
Phone: +36 70 238 2834

CONCEPT DEFINITIONS

1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. ‘processing’ means any operation or set of operations which is performed on personal data or on data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. ‘controller’ means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

4. ‘processor’ means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

5. ‘recipient’ means the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not it is a third party. Public authorities which have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of those data by such public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;

6. ‘consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

7. ‘data breach’ means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

Personal data:

(a) processing must be carried out lawfully and fairly and in a manner that is transparent to the data subject (“lawfulness, fairness and transparency”);

(b) collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes (‘purpose limitation’) shall not be considered incompatible with the initial purpose in accordance with Article 89(1);

(c) they must be adequate and relevant in relation to the purposes of the processing and limited to what is necessary (“data economy”);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes of the processing, are erased or rectified without delay (“accuracy”);

(e) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only where the personal data are processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of data subjects as provided for in this Regulation (‘storage limitation’);

f) processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage to the data, by applying appropriate technical or organisational measures (“integrity and confidentiality”).

The data controller is responsible for compliance with the above and must be able to demonstrate this compliance (“accountability”).

DATA PROCESSING

REQUEST FOR A QUOTE, CONTACT US

1. The fact of data collection, the scope of data processed and the purpose of data processing:

Personal data	Purpose of data processing
Name, email address, phone number, place of residence.	Contact, identification.
Message sending time	Performing a technical operation.
IP address at the time of message sending	Performing a technical operation.

Scope of data subjects: All data subjects who send a message/inquire/request an offer on the website.3. Duration of data processing, deadline for data deletion: Data processing lasts until the case is resolved and a response is provided.4. Person of potential data controllers authorized to view the data: Personal data may be processed by the data controller, in compliance with the above principles.5.   Description of the rights of data subjects related to data processing: – The data subject may request from the data controller access to personal data concerning him/her, their correction, deletion or restriction of processing, and
– may object to the processing of such personal data, and
– the data subject has the right to data portability, as well as the right to withdraw consent at any time.6. The data subject can initiate the deletion or modification of personal data in the following ways:
– by post at 2143 Kistarcsa, Aulich Lajos u. 4,
– by e-mail at
– by phone at +36 70 238 2834.

7. Legal basis for data processing: consent of the data subject, Article 6(1)(a), Section 5(1) of the Information Act

8. We inform you that

–    data processing is based on your consent .
–   you are required to provide personal data so that we can respond to your message.
– failure to provide data will result in our inability to fulfill your request.

DATA PROCESSORS REQUIRED

Hosting provider

1. Activity provided by the data processor: Hosting and server services

2. Name and contact details of the data processor:

Magyar Hosting Ltd.
Headquarters: 1132 Budapest, Victor Hugo Street 18-22.
Central contact:
Tel.: +36 1 700 2323

3. The fact of data processing, the scope of data processed: All personal data provided by the data subject.

4. Scope of data subjects: All data subjects using the website.

5. Purpose of data processing: Making the website available and operating it properly.

6. Duration of data management, deadline for data deletion: Data management lasts until the termination of the agreement between the data controller and the hosting service provider, or until the data subject submits a deletion request to the hosting service provider.

7. Legal basis for data processing: the User’s consent, Section 5 (1), Article 6 (1) a) of the Information Act, and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.

COOKIE MANAGEMENT

1. The fact of data processing, the scope of data processed: Unique identification number, dates, times

2. Scope of data subjects: All data subjects who visit the website.

3. Purpose of data processing: Identifying users and tracking visitors.

4. Duration of data processing, deadline for data deletion:

Cookie type

Legal basis for data processing

Data management

duration

Managed data set

Session cookies

Section 13/A. Subsection (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.)

The relevant

period until the visitor session ends

pll_language

Potential data controllers authorized to view the data: The data controller does not process personal data using cookies. 6. Description of the rights of the data subjects in relation to data processing: The data subject has the option to delete cookies in the Tools/Settings menu of the browser, usually under the settings of the Data Protection menu item. 7. Legal basis for data processing: Consent from the data subject is not required if the sole purpose of using cookies is to transmit information via an electronic communications network or if the service provider absolutely needs it to provide an information society service explicitly requested by the subscriber or user.

USING GOOGLE ADWORDS CONVERSION TRACKING

1. The data controller uses the online advertising program called “Google AdWords” and, within its framework, uses Google’s conversion tracking service. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

2. When a User reaches a website through a Google ad, a cookie required for conversion tracking is placed on their computer. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.

3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User clicked on the advertisement.

4. Each Google AdWords customer receives a different cookie, so they cannot be tracked across AdWords customers’ websites.

5. The information obtained using conversion tracking cookies is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are informed about the number of users who clicked on their ads and were redirected to a page with a conversion tracking tag. However, they do not receive any information that could identify any individual user.

6. If you do not wish to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. You will then not be included in the conversion tracking statistics.

7. Further information and Google’s privacy policy can be found at: www.google.de/policies/privacy/

USING GOOGLE ANALYTICS

1. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer, to help the website operator analyze how users use the website.

2. The information generated by the cookie about the website used by the User is usually transferred to and stored on a Google server in the USA. By activating IP anonymization on the website, Google will shorten the User’s IP address beforehand within the member states of the European Union or in other states party to the Agreement on the European Economic Area.

3. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the user uses the website, to compile reports on website activity for the website operator and to provide other services relating to website and internet usage.

4. Within the framework of Google Analytics, the IP address transmitted by the User’s browser will not be merged with other data held by Google. The User can prevent the storage of cookies by setting their browser accordingly; however, please note that in this case not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the data generated by cookies and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

DATA TRANSFER TO PARTNERS

1. The fact of data processing, the scope of data processed: personal data specified in point 2 of the Request for quotation, contact chapter (except IP address, time).

2. Scope of data subjects: Prospective clients whose personal data is transferred by the data controller to the data controllers specified in point 5 of this chapter.

3. Purpose of data processing: Making an offer and contacting interested parties.

4. Duration of data management, deadline for data deletion: Data management lasts until the data subject requests deletion.

5. Potential data controllers authorized to access the data: Personal data may be processed by the following, in compliance with the above principles:

Szabados László E.V.
Tax number: 55985196-1-33,
Address: 2143 Kistarcsa, Aulich Lajos u. 4.,
Registration number: 54734423
Email:
Telephone: +36 70 238 2834

6. Description of the rights of the data subjects regarding data processing: The data subject may request the partner data controller to delete their personal data as soon as possible.

7. Description of the rights of data subjects regarding data processing:

• The data subject may request from the partner data controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• may object to the processing of such personal data, and
• the data subject has the right to data portability and the right to withdraw consent at any time.

8. Legal basis for data processing: consent of the data subject, Article 6(1)(a), Section 5(1) of the Privacy Act.

9. We inform you that

• the data transfer is based on your consent and is intended to enable the right person to contact you with their offer.

COMMUNITY SITES

1. The fact of data collection, the scope of data processed: the user’s registered name on social media sites such as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram, etc., and their public profile picture.

2. Scope of data subjects: All data subjects who have registered on social media sites such as Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. and have “liked” the website.

3. Purpose of data collection: Sharing, “liking” and promoting certain content elements, products, promotions or the website itself on social media.

4. Duration of data management, deadline for data deletion, possible data controllers authorized to view the data and description of the data subjects’ rights related to data management: The data subject can find out about the source of the data, its management, the method of transfer and its legal basis on the given social media site. Data management is carried out on social media sites, so the duration, method of data management and the possibilities for deleting and modifying data are subject to the regulations of the given social media site.

5. Legal basis for data processing: the data subject’s voluntary consent to the processing of their personal data on social media sites.

CUSTOMER RELATIONS AND OTHER DATA PROCESSING

1. If the data subject has any questions or problems while using our data controller services, he/she may contact the data controller via the methods provided on the website (telephone, e-mail, social media, etc.).

2. The data controller deletes received e-mails, messages, data provided by telephone, Facebook, etc., together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, no later than 2 years after the data was disclosed.

3. We will provide information about data processing not listed in this information when the data is collected.

4. In the event of an exceptional official request or a request from other bodies based on legal authorization, the Service Provider is obliged to provide information, communicate or transfer data, or make documents available.

5. In these cases, the Service Provider will only provide the requester with personal data to the extent and insofar as it is absolutely necessary to achieve the purpose of the request, provided that the requester has indicated the precise purpose and scope of the data.

RIGHTS OF THE DATA SUBJECTS

1. Right of access

You have the right to receive feedback from the controller as to whether your personal data is being processed and, if such processing is taking place, you have the right to access the personal data and the information listed in the regulation.

2. Right to rectification

You have the right to request that the controller rectify inaccurate personal data concerning you without undue delay. Taking into account the purpose of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.

3. Right to erasure

You have the right to request that the data controller erase personal data concerning you without undue delay, and the data controller is obliged to erase personal data concerning you without undue delay under certain conditions.

4. The right to be forgotten

Where the controller has made the personal data public and is obliged to erase them, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers processing the data that you have requested the erasure of links to the personal data in question or of copies or replications of those personal data.

5. Right to restriction of data processing

You have the right to request that the controller restrict the processing of your personal data if one of the following conditions is met:
• You contest the accuracy of the personal data, in which case the restriction shall apply for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
• The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
• You have objected to the processing; in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the controller override your legitimate grounds.

Right to data portability You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (…)7. Right to object You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data by (…), including profiling based on those provisions.8. Objection in the event of direct marketingIf your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling, where it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes.9. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The previous paragraph shall not apply where the decision:
• is necessary for entering into, or the performance of, a contract between you and the controller;
• is permitted by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• is based on your explicit consent.

ACTION DEADLINE

The data controller will inform you of the measures taken in response to the above requests without undue delay, but in any case within 1 month of receipt of the request .

If necessary, this can be extended by 2 months . The data controller will inform you about the extension of the deadline within 1 month of receipt of the request, indicating the reasons for the delay.

If the controller does not take action on your request, it shall inform you without delay, but no later than one month from the date of receipt of the request , of the reasons for the failure to take action and of the possibility of lodging a complaint with a supervisory authority and of exercising your right to a judicial remedy.

SECURITY OF DATA PROCESSING

The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of data security appropriate to the risk, taking into account the state of the art and the costs of implementation, the nature, scope, circumstances and purposes of the processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons, including, where appropriate:

a) pseudonymisation and encryption of personal data;

b) ensuring the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;

(c) the ability to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident;

d) a procedure for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures taken to guarantee the security of data processing.

INFORMING THE DATA SUBJECT ABOUT THE DATA PROTECTION INCIDENT

If the data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data breach without undue delay.

The information provided to the data subject must clearly and intelligibly describe the nature of the data protection incident and provide the name and contact details of the data protection officer or other contact person who can provide further information; describe the likely consequences of the data protection incident; describe the measures taken or planned by the data controller to remedy the data protection incident, including, where applicable, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:
• the controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures such as the use of encryption that render the data unintelligible to persons not authorised to access the personal data ;
• the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialise;
• providing information would involve a disproportionate effort. In such cases, the data subjects must be informed by means of publicly available information or a similar measure must be taken to ensure that the data subjects are informed in an equally effective manner.

If the data controller has not yet notified the data subject of the data breach, the supervisory authority may, after considering whether the data breach is likely to involve a high risk, order the data subject to be informed.

REPORTING A DATA PROTECTION INCIDENT TO THE AUTHORITY

The controller shall notify the personal data breach to the supervisory authority competent pursuant to Article 55 without undue delay and, where feasible, not later than 72 hours after having become aware of the personal data breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.

COMPLAINT POSSIBILITY

A complaint against a possible violation of the data controller can be filed with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box: 5.
Telephone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail:

CONCLUSION

When preparing this information, we took into account the following legislation:

– On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27 April 2016)
– Act CXII of 2011 – on the right to informational self-determination and freedom of information (hereinafter: Infotv.)
– Act CVIII of 2001 – on certain issues of electronic commerce services and services related to the information society (in particular Section 13/A)
– Act XLVII of 2008 – on the prohibition of unfair commercial practices towards consumers;
– Act XLVIII of 2008 Act – on the basic conditions and certain limitations of economic advertising activity (in particular Section 6)
– Act XC of 2005 on electronic freedom of information
– Act C of 2003 on electronic communications (specifically Section 155)
– Opinion No. 16/2011 on the EASA/IAB Recommendation on best practice in online behavioural advertising
– Recommendation of the National Data Protection and Freedom of Information Authority on data protection requirements for prior information
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC.