DATA PROTECTION POLICY AND PRIVACY NOTICE
- INTRODUCTION
The operator of www.newergies.com – hereinafter referred to as the Website – Newergies Kft. (hereinafter referred to as the Controller), as the Data Controller, hereby publishes this Data Protection Policy and Privacy Notice (hereinafter referred to as the Privacy Notice), which describes the principles of data processing, which the Controller acknowledges as binding. The Controller shall take all reasonable measures to ensure the security of the personal data it processes.
Before using our Website, please read this Privacy Notice, which explains in plain language how we handle your personal data. In the Privacy Notice, the Controller shall inform the data subjects clearly and in detail about all relevant facts concerning the processing of the data.
In the course of operating the Website, Controller processes the data of the persons registered on it, in order to provide them with appropriate services. The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.
Name of the service provider, Controller
Name: Newergies Kft.
Registered seat: 1095 Budapest, Máriássy utca 6/A
Tax registration number: 14541115-2-43
Trade registry number: 01-09-294978
Owner, Managing Director: Gábor Babó
Contact details of the Controller
Name: Newergies Kft.
Registered seat: 1095 Budapest, Máriássy utca 6/A
Website name and address: www.newergies.com
E-mail: info@newergies.com
Phone: +36-1-781-2535
- DEFINITIONS
- Personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data;
- Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
- Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may also be determined by Union or Member State law;
- Data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, reception, recording, organization, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of further use, taking of photographs, audio or video recordings, and recording of physical characteristics that can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);
- Data erasure: making data unrecognizable in such a way that it can no longer be recovered;
- Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
- Data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
- Data set: the set of data managed in a single register;
- Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed;
- Recipient: the natural or legal person, public authority, agency or another body, whether or not a third party, to which the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be regarded as recipients; the processing of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- Third party: any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorized to process the personal data;
- Information society services: services provided electronically to remote users, usually for consideration, and to which the recipient of the service has individual access;
- Electronic commerce service: an information society service the purpose of which – in the course of a commercial activity – is the sale, purchase, exchange or other use of movable tangible property, including money and securities, and of natural resources which can be used as property, services, immovable property, rights in rem (hereinafter together referred to as “goods”) which can be acquired;
- GDPR (General Data Protection Regulation): the European Union’s new Data Protection Regulation.
- RANGE OF USERS
A User is a natural person who is registered on the Website, as well as a natural person who is not registered but uses the services of the Website and is identified or identifiable, directly or indirectly, on the basis of any specific personal data.
- THE PRINCIPLES OF DATA PROCESSING
Controller declares that it shall process personal data in accordance with the provisions of the Privacy Notice and shall comply with the applicable laws, and with particular regard to the following:
- The processing of personal data must be lawful, fair and transparent for the data subject;
- Personal data may only be collected for specified, explicit and legitimate purposes;
- The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary for the purpose;
- Personal data must be accurate and up to date. Inaccurate personal data must be erased without delay;
- Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes;
- Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organizational measures;
- The principles of data protection apply to all information relating to an identified or identifiable natural person.
- IMPORTANT INFORMATION ON DATA PROCESSING
- Purpose of processing: to maintain contact, provide information and additional services;
- Legal basis for processing: consent of the data subject;
- The data subjects involved in the processing are: registered users of the website (newsletter subscribers, enquirers via contact form);
- Duration of processing and erasure of data: the duration of data processing always depends on the specific purpose of the user, but data must be erased immediately once the original purpose has been achieved. The data subject may withdraw his or her consent to the processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to erasure, the data shall be erased;
- The data may be accessed by: the controller and its employees;
- The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data, as well as the data subject’s right to data portability;
- The data subject may withdraw his or her consent at any time, but this does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal;
- The data subject may exercise the right to lodge a complaint with the supervisory authority;
- If the data subject wishes to benefit from the registration, i.e. to use the services of the website, then the provision of the requested personal data is necessary.
- The data subject shall not be obligated to provide personal data, and there are no adverse consequences if he or she does not provide such data. However, certain features of the website cannot be used without registration;
- The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the rectification or integration of inaccurate personal data relating to him or her;
- The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the erasure of inaccurate personal data relating to him or her, and the controller shall be obligated to erase personal data relating to him or her without undue delay, unless there is another legal basis for the processing;
- The modification or erasure of personal data may be requested by e-mail, telephone or letter using the contact details provided above.
- FILLING THE CONTACT FORM ON THE WEBSITE
The Controller uses the data collected through the contact form submitted via the Website solely for the purpose of maintaining contact and providing information, and does not store the data in a database.
- THE PERSON AUTHORIZED TO PROCESS DATA
The processor of personal data is Hostinger International Ltd (registered seat: 61 Lordou Vironos st. 6023 Larnaca, the Republic of Cyprus, hereinafter referred to as the “Processor”) as the Processor. The personal data to be processed may be known to the respective legal representative(s), employees/agents/contractors of the Processor. The Processor shall not transfer personal data to third parties, unless the data subject has given explicit consent.
Hosting service provider
Hostinger International Ltd
61 Lordou Vironos st. 6023 Larnaca, the Republic of Cyprus
gdpr@hostinger.com
The data you provide shall be stored on a server operated by the hosting provider. Only our staff or the staff operating the server have access to the data, but they are all liable to ensure the secure controlling of the data;
- Description of activity: hosting, server provisioning;
- The purpose of the processing: to ensure the operation of the website;
- Data processed: personal data provided by the data subject;
- Duration of data processing and time limit for erasure of data: Data processing shall continue until the end of the website’s operation or in accordance with the contractual agreement between the website operator and the hosting provider. If necessary, the data subject may also request the erasure of his or her data by contacting the hosting provider;
- Legal basis for processing: consent of the data subject and processing based on the law.
- THE DURATION OF DATA PROCESSING
The Controller shall process personal data provided on the basis of the User’s consent until the purpose of the processing is fulfilled or the User’s consent is withdrawn. The Controller shall process the personal data provided by the User during registration until the termination of the use of the Website, in particular until the cancellation of the registration.
Unless otherwise provided by law, the Controller may process the personal data collected a) for the purpose of complying with a legal obligation to which it is subject, or b) for the purposes of the legitimate interests pursued by the Controller or a third party, where such interests are proportionate to the restriction of the right to the protection of personal data, without further specific consent and even after the withdrawal of the data subject’s consent. /Section 6(5) of Act CXII of 2011/
The Controller shall retain and process the personal data provided by the User for the purpose of fulfilling the accounting obligations pursuant to Section 169 of Act C of 2000 for a period of 8 years, or within the limitation period set forth in Act XCII of 2003 on the Rules of Taxation.
- DATA TRANSMISSION, DATA LINKING
The Controller shall not sell, rent or make available in any form personal data or information about the User to other companies or individuals.
The Controller shall ensure with due care the adequate security of the data and shall take the technical and organizational measures necessary to ensure the enforcement of data protection rules and principles and to contribute to the security of personal data.
We inform the Users that the Controller shall only transfer personal data to a third person or persons with the consent of the data subject.
- COOKIES
Cookies are placed on the user’s computer by the websites visited and contain information such as the page settings or login status.
Thus, cookies are small files created by the websites visited. They improve user experience by saving browsing data. Cookies help websites remember your website settings and offer you locally relevant content.
A small file (cookie) is sent by the provider’s website to the computer of the website’s visitor in order to establish the fact and time of the visit. The provider informs the visitor of the website of this.
- The data subjects involved in the processing are: visitors of the website;
- Purpose of data processing: additional services, identification, tracking of visitors;
- Legal basis for processing: The user’s consent is not required if the use of cookies is imperatively necessary for the service provider;
- The scope of the data: unique ID number, time, configuration data;
- The user has the option to delete cookies from browsers at any time by going to the Settings menu;
- The controllers eligible of accessing data: by using cookies, no personal data is processed by the data controller;
- Data storage method: electronic.
- SOCIAL MEDIA SITES
A social media site is a media tool where messages are spread through users of the online community. Social media use the internet and online presence to transform users from content consumers to content editors.
Social media is the interface of web applications that contains user-generated content, such as Facebook, Google+, Twitter, etc.
Social media presence can take the form of public speeches, presentations, demonstrations, descriptions of products or services.
The information published on social media can take the form of forums, blog posts, images, video, audio, message boards, email messages, etc.
As mentioned above, the scope of the data processed may also include, in addition to personal data, the public profile picture of the user.
- Data subjects: all registered users;
- The purpose of data collection is to promote the website or a related website;
- The legal basis for processing is the consent of the data subject;
- Duration of data processing: according to the rules available on the relevant social media site;
- Deadline for erasure of data: according to the rules available on the relevant social media site;
- The data may be accessed by: according to the rules available on the relevant social media site;
- Data processing rights: according to the rules available on the relevant social media site;
- Data storage method: electronic.
It is important to note that when users upload or submit personal information, they are giving the social media site operator permission that is valid worldwide to store and use such content. Therefore, it is very important to ascertain that the user has full authority to disclose the information posted.
- GOOGLE ANALYTICS
Our website uses Google Analytics.
When using Google Analytics:
Google Analytics uses first party cookies to compile reports for its customers on the habits of website users.
On behalf of the website operator, Google uses this information to evaluate how users use the website. As an additional service, it generates reports related to website activity for the website operator for it to be able to provide further services.
Data is stored on Google’s servers in encrypted format to encumber and prevent misuse.
Disabling Google Analytics. Cited from the page:
Website users who do not want Google Analytics to generate JavaScript reports about their data can install the Google Analytics opt-out browser add-on. This extension disables Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on can be used in most of the latest browsers. The Google Analytics browser add-on does not prevent data from being sent to the website itself and other web analytics services.
https://support.google.com/analytics/answer/6004245?hl=hu
Google Privacy Policy https://policies.google.com/privacy?hl=hu
More information on the use and protection of data can be found at the above links.
Detailed privacy statement:
- RIGHTS RELATING TO DATA PROCESSING
The right to request information
You may request information from us, via the contact details provided, about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you the information without delay, but within 30 days at the latest, to the e-mail address you have provided.
The right to rectification
You may request the change of any of your data using the contact details provided. Upon your request, we will take action without delay, but within 30 days at the latest, and inform you via the e-mail address you have provided.
The right to erasure
You may request the erasure of your data using the contact details provided. Upon your request, we will perform the task without delay, but within 30 days at the latest, and notify you via the e-mail address you have provided.
The right to blocking
You may request the blocking of your data using the contact details provided. The blocking lasts as long as the reason you have indicated makes it necessary to store the data. Upon your request, we will perform the task without delay, but within 30 days at the latest, and notify you via the e-mail address you have provided.
The right to object
You may object to the processing of your data using the contact details provided. We assess the objection within the shortest possible time from the date of the request, but no later than 15 days, make a decision on whether it is justified and inform you of our decision by e-mail.
- EXERCISING THE RIGHTS RELATING TO DATA PROCESSING
If you experience unlawful processing, please notify our company so that we can restore lawful status within a short period of time. We will do our best to solve the problem you have described.
If in your opinion lawful status cannot be restored, please notify the authorities using the following contact details:
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (at) naih.hu
URL https://naih.hu
Coordinates: N 47°30’56”; E 18°59’57”
- UNDERLYING LEGISLATION OF DATA PROCESSING
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation);
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information;
- Act LXVI of 1995 on public records, public archives and the protection of private archives;
- Gov. decree no. 335/2005 (XII. 29.) on the general requirements for the document management of public bodies;
- Act CVIII of 2001 on certain aspects of electronic commerce and information society services;
- Act C of 2003 on electronic communications.
The effective date of this Privacy Notice: 01. 09. 2019.
The Controller reserves the right to make changes.