On behalf of WebSegély.hu Bt., Erika Udvarhelyi, Website Design Expert (hereinafter referred to as "Controller") as the www.websegely.hu (hereinafter referred to as the "Website") hereby discloses the rules, data protection and data management principles and information on data management concerning the processing of data of visitors to the Website and users of the services available on the Website (hereinafter collectively referred to as the "Data Subject") within the framework of the Website and the services related to the Website. 

In connection with the processing of data, the Data Controller hereby informs the Data Subjects about the personal data processed by the Data Controller on the Website, the principles and practices followed in the processing of personal data, as well as the ways and means of exercising the rights of the Data Subjects. 

By using the Website, the Data Subject accepts the Privacy Notice and consents to the processing of data as set out below. 

1. Concepts

"data controller": the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law; 

 "personal data": any information relating to an identified or identifiable natural person ("Data Subject" in this document: "Customer"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

"data management": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

 "restriction of processing": the identification of the personal data stored in order to limit their future processing; 

 "profiling": any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person; 

 "data processor": a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; 

 "recipient": the natural or legal person, public authority, agency or any other body with whom or to which the personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities should comply with the applicable data protection rules in accordance with the purposes of the processing; 

 "the data subject's consent": a freely given, specific, informed and unambiguous indication of the data subject's wishes, by which the data subject signifies, by means of a declaration or by an act unambiguously expressing his or her consent, that he or she gives his or her consent to the processing of personal data concerning him or her; 

"privacy incidents": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; 

 

2. Data controller data

Company name: WebSegély.hu Bt.

Represented by Erika Udvarhelyi  - Website Design Expert 

Phone number: +36 70 803 6066

Email address: info[at]websegely.hu 

 

3. Legal basis, purpose and time of processing

Data Subjects can provide information and data about themselves in two ways on the Website: 

 - Personal data explicitly provided or made available when using the services of the Website (see section 3.1). 
- Information provided to the Data Controller in connection with the use of the Website, in connection with the visit to the Website and its use (see section 3.2.). 

In any case, the legal basis for the processing is the voluntary consent of the Data Subject pursuant to Article 6(1)(a) of Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) ("the Regulation"). 
The Data Subject shall have the right to withdraw his or her consent to the processing, in whole or in part, or to request the erasure of his or her data, by written notice to the Controller. 

 

3.1. Personal data processed 

a.) Data management: Order a service, request a quote 

Scope of data processed: Name, company name, e-mail address, telephone number, and other specific data related to the company or business of the Data Subject, such as target audience, scope of activity, or the individual preferences of the Data Subject in relation to the service ordered. 

Data processing, data storage period: The Data Controller will process the data provided in the course of the order or request for quotation until the Data Subject requests the deletion of his/her data (except for those personal data whose retention is required by law, e.g. invoice retention). The Data Controller will never, in any form, pass on the data received in the course of the request for quotation to third parties and will use the information solely for the purpose of making the quotation, which will be sent to the customer (Data Subject) by e-mail to the e-mail address from which the order/request for quotation was placed. 

Purpose of processing: Providing the service, sending a quotation, contacting the Data Subject. 

Legal basis for processing: Contract performance. 

  

b.) Data management: Invoicing 

Scope of data processed: Name, company name, e-mail address, telephone number, billing name, billing address 

Data processing, data storage period: The personal data provided during the ordering process are processed by the Data Controller in connection with its invoicing obligations, which documents, the The Controller shall store it in the manner and for the period required by law. 

Purpose of processing: Preparing and sending to the Data Subject the invoice for the services ordered. 

Legal basis for processing: Fulfilling a legal obligation. 

  

c.) Data management: Newsletter, DM activity 

Scope of data processed: First name, e-mail address 

Data processing, data storage period: The Data Controller will process these data until the Data Subject unsubscribes from the newsletter by clicking on the unsubscribe link in the newsletter or until he/she initiates the deletion of his/her data in any other way. 

Purpose of processing: To promote the services of the Data Controller, to send promotional and other advertising messages and business enquiries to data subjects. 

Legal basis for processing: Voluntary consent of the data subject 

  

d.) Data management: Contact details provided when contacting us 

Scope of data processed: Name, e-mail address, telephone number 

Data processing, data storage period: The Data Controller will process these data until the Data Subject requests the deletion of his/her data. 

Purpose of processing: The Data Controller provides its services primarily to companies, small or individual entrepreneurs. When ordering services, the provision of contact details is necessary for the provision of the service and for administrative purposes. 

Legal basis for processing: Voluntary consent of the data subject. 

  

e.) Data management: Data collected when using this website 

Scope of data processed: Technical data, such as the IP address of the Data Subject, the date and time of the visit, the type of browser, the address of the website visited and the previously visited website, which is automatically logged by the system upon logging in and logging out. 

Data processing, data storage period: 5 years from the date of logging. 

Purpose of processing: Website and services development. These data are not suitable for the identification of the Data Subject. 

Legal basis for processing: Voluntary consent of the data subject. 

The Controller does not use or may not use the personal data provided for purposes other than those set out above. The disclosure of personal data to third parties or public authorities, unless otherwise required by law, is possible with the prior explicit consent of the Data Subject. 

In all cases where the Data Controller intends to use the data provided for purposes other than those for which they were originally collected, the Data Subject shall be informed thereof and shall obtain his or her prior explicit consent or be given the opportunity to prohibit such use. 

The Data Controller processes personal data for the duration of the purpose of the processing, primarily for the duration of the legal relationship with the Data Subject (at the end of which period the data relating to the Data Subject will be deleted), or until the Data Subject requests the deletion of his/her data or withdraws his/her consent.  

3.2. Data collected in connection with the use of the Website 
 

3.2.1. Cookie management 

In order to provide a personalised service, the Service Provider places a small data package, a so-called cookie, on the Data Subject's computer and reads it back during the subsequent visit. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the Data Subject's current visit to previous visits, but only in relation to its own content. Cookies specific to web shops are the so-called "password-protected session" cookies, the security cookies. 

- Session cookie: session cookies are automatically deleted after the Data Subject's visit. These cookies are used to make the Website work more efficiently and securely and are therefore essential to enable certain features of the Website or certain applications to function properly. 

- Persistent cookie: a persistent cookie is also used by the Data Controller to provide a better user experience (e.g. to provide optimised navigation). These cookies are stored for a longer period of time in the browser's cookie file. The duration of this period depends on the setting of the Data Subject's internet browser. 

Scope of data processed: IP address, date and time of visit. The IP address is not known to the data controller. 

Stakeholders: All Data Subjects visiting the website. 

Purpose of the processing: To distinguish Data Subjects from each other, to identify the current session of users, to store the data provided during the session, to prevent data loss. 

Duration of processing: The duration of the data processing is until the end of the visit to the websites in the case of session cookies and up to 540 days in other cases. 

 

3.2.2. Delete / modify cookies 

The Data Subject has the right to delete the cookie from his/her computer or to disable the use of cookies in his/her browser. You can usually manage cookies by going to the Tools/Preferences menu of your browser and selecting Privacy/Preferences/Custom Preferences, under the menu item Cookies, Cookies or Tracking. 

The Website may contain information that comes from third parties, advertising service providers who are not related to the Data Controller. These third parties may also place cookies, web beacons on the Data Subject's computer or collect data using similar technologies in order to send advertising messages to the Data Subject in connection with their services. In such cases, the data processing is governed by the data protection standards set by these third parties and the Data Controller accepts no liability whatsoever in respect of such processing. 

The Website may contain links to external servers (not managed by the data controller or data processors) and the sites accessible through these links may place their own cookies or other files on your computer, collect data or request personal data. The Data Controller excludes all liability for these. 

Spersonal data is not collected and processed, used or identified by the Data Subject. 

Advertisements of the Data Controller may be displayed on websites of external service providers (Google, Facebook). These external service providers (Google, Facebook) use cookies to store that the Data Subject has previously visited the Controller's Website and, based on this information, display advertisements to the Data Subject in a personalised manner (i.e. remarketing). 

 3.2.3. Cookies set by Facebook (cookies) 

For more information about the cookies set by Facebook, see https://hu-hu.facebook.com/policies/cookies/ where you can also find information on how to block cookies. 

 

3.2.4. Cookies set by Google Analytics (cookies) 

Google Analytics is an analytics service provided by Google Inc. ("Google"). Google Analytics uses cookies stored on your computer to analyse your interactions with the website. The legal basis for the processing for web analytics purposes is the voluntary consent of the website user. Cookies for analytical purposes are anonymised and aggregated data which make it difficult to identify the computer, but which cannot be excluded. 

The analytical information collected by Google Analytics cookies is transmitted to and stored by Google on its servers. This information is processed by Google on behalf of the Data Controller in order to evaluate users' browsing habits, compile reports on the frequency of use of the Website and provide other services to the Data Controller relating to the use of the Website. The IP address transmitted via the browser in the context of the Google Analytics application will not be combined with other data by Google. 

 Google Analytics uses cookies for analytical purposes. More information about the cookies used by Google Analytics can be found at the following link: 
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs 

 

3.2.5. Google Ads 

The Website uses the Google Ads remarketing service, for which the data is provided by the Google Analytics data management software. This is so that visitors to the site can be targeted by remarketing ads on websites in the Google Display network. The remarketing code uses cookies to tag visitors. Website users can disable these cookies by visiting the Google advertising settings manager and following the instructions there. They will then no longer receive personalised offers from the Service Provider. 

 More information about the cookies used by Google can be found at the following link: 
https://policies.google.com/technologies/ads?hl=hu 

 Google's privacy statement is available at the following link: 
https://policies.google.com/privacy?hl=hu 

 

4.1 Data processing 

Hosting provider: Tárhely.Eu Szolgáltató Korlátolt Felelősségű Társaság 

Address: 1144 Budapest, Ormánság utca 4. X. floor 241. 

Phone number: +36-1/789-2789

Company registration number: 01-09-909968 

Web: www.tarhely.eu 

Activity: 6311. Data processing, web hosting services 

 

4.2 Information relating to a third country or international organisation 

The service providers listed below are third country data controllers. By accepting this Privacy Notice, you consent to the transfer of your data to the following third country data controllers following your subscription to the Controller's newsletter or when you contact the Controller via Facebook message: 
The Data Controller reserves the right to involve additional data processors in the future, which it will inform the Data Subjects of by amending this Notice. 

 

5. Data transmission

In the absence of an express legal provision, the Data Controller shall only disclose to third parties data that can be used to identify the Data Subject with the express consent of the Data Subject concerned. 

6. Rights of the Data Subject

6.1 Information and access to personal data 

The Data Subject shall have the right to access his or her personal data held by the Data Controller and information relating to their processing, to request at any time, to check what data the Data Controller holds about him or her, and to have access to the personal data. The Data Subject shall submit his/her request for access to the data to the Data Controller in writing and the requested data shall be provided by the Data Controller in writing (by electronic means or by post) and no oral information shall be given in this context. 

In case of exercise of the right of access, the information shall include the following data: 
- define the scope of the data processed: name, billing name, billing address, email address, telephone number, depending on the service used, 
- the purpose, time and legal basis of the processing: the scope of the data processed, 
- data transmission: to whom the data have been or will be transferred, 
- marking. 

The Controller shall provide the Data Subject with a paper or electronic copy of the personal data free of charge for the first time. For additional copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. If the Data Subject requests a copy by electronic means, the information shall be provided by the Controller to the Data Subject by email in a commonly used electronic format. 

Following the information, if the Data Subject does not agree with the processing or the accuracy of the data processed, he or she may request the rectification, integration, erasure or restriction of the processing of personal data concerning him or her, as specified in point 6, or object to the processing of such personal data, or initiate the procedure specified in point 7. 

6.2. Right to rectification and integration of personal data processed 

Upon the Data Subject's request, the Data Controller shall, without undue delay, correct inaccurate personal data provided by the Data Subject in writing or complete the incomplete data with the content indicated by the Data Subject. The Controller shall inform any recipient to whom it has disclosed the personal data of the rectification or completion, unless this proves impossible or involves a disproportionate effort. It shall inform the Data Subject of the data of such recipients if he or she so requests in writing.  

6.3. Right to restriction of processing 

The Data Subject shall have the right to obtain, upon written request, restriction of processing by the Data Controller if: 
- The data subject contests the accuracy of the personal data, in which case the limitation applies for the period of time that allows the Controller to verify the accuracy of the personal data; 
- the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use; 
- The Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims;  
- If the data subject objects to the processing, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject. 
The Data Controller shall inform the Data Subject at whose request the processing has been restricted in advance of the lifting of the restriction of processing. 

6.4 Right to erasure (right to be forgotten) 

At the Data Subject's request, the Data Controller shall delete the personal data concerning the Data Subject without undue delay if one of the grounds specified applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Controller;

b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;

(c) the data subject objects to the processing for reasons relating to his or her particular situation and there are no legitimate grounds for the processing,

(d) The data subject objects to the processing of personal data concerning him or her for direct marketing purposes, including profiling, where it is related to direct marketing,

e) the personal data are unlawfully processed by the Data Controller;

f) the personal data were collected in connection with the provision of information society services directly to children. 

The Data Subject may not exercise his or her right to erasure or blocking if the processing is necessary

a) for the exercise of the right to freedom of expression and information;

b) on the basis of public interest in the field of public health;

(c) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the exercise of the right of erasure would make such processing impossible or seriously impair it; or

(d) for the establishment, exercise or defence of legal claims. 

 6.5 Right to data portability 

Data portability allows the Data Subject to obtain and further use his/her "own" data that he/she has provided to the Data Controller's system, for his/her own purposes and through different service providers. In all cases, the right is limited to the data provided by the Data Subject, and there is no portability of other data (e.g. statistics, transactional data, etc.) 

Personal data relating to the Data Subject that is held by the Data Controller (e.g. when ordering a product or subscribing to a newsletter): 
- in a structured, widely used, machine-readable format, 
- to another controller, 
- may request the direct transfer of the data to another controller - if this is technically feasible within the controller's system. 

The Data Controller will only comply with a request for data portability on the basis of a request sent by email or post. In order to comply with the request, the Data Controller must ensure that the Data Subject who is entitled to exercise the right intends to do so. This requires that the Data Subject provides in his/her request the data that allow him/her to be identified. These data include at least: name, email address, billing name, address, telephone number (depending on the service used). The Data Subject may request the portability of only the data that he or she has directly provided in the course of using certain services as defined in point 3. Exercising this right does not automatically entail the deletion of the data from the Controller's systems, and the Data Subject may therefore continue to use the Controller's services after exercising this right. Data will be deleted only if the Data Subject explicitly requests it. 

 6.6 Objection to the processing of personal data 

The Data Subject may object at any time to the processing of his or her personal data, including profiling, for reasons relating to his or her particular situation, and the Data Subject has the right to object at any time to the processing of personal data concerning him or her for direct marketing purposes, including profiling. If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed by the Controller for such purposes. 

The Data Subject can object in writing (by email or post) or by newsletter, in the case of any notification letter sent to him/her, by clicking on the unsubscribe link in the letter. 

 6.7. Deadline for fulfilling the request 

The Data Controller shall inform the Data Subject of the measures taken without undue delay, but in any event within one month of receipt of any request pursuant to points 6.1 to 6.6. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months, but in that case the Data Controller shall inform the Data Subject within one month of receipt of the request, stating the reasons for the delay. If the Data Subject has submitted the request by electronic means, the Controller shall provide the information by electronic means, unless the Data Subject requests otherwise. 

7. Enforcement options

The Data Subject may exercise his/her rights by sending a request by email. No rights can be exercised by telephone. 
You can exercise your rights by contacting: 

Name: WebSegély.hu Bt.

Represented by Erika Udvarhelyi 

Phone number: +36-70/803-6066

Email address: info[at]websegely.hu 

The Data Subject cannot enforce his or her rights if the Data Controller proves that he or she is not in a position to identify the Data Subject. If the Data Subject's request is manifestly unfounded or excessive (in particular in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to act. The burden of proof shall lie with the Data Controller. If the Controller has doubts about the identity of the natural person who has made the request, it may request further information necessary to confirm the identity of the applicant. 

If the Data Subject does not agree with the decision of the Data Controller on the basis of the Info.tv., the Regulation and the Civil Code (Act V of 2013) 
- the National Authority for Data Protection and Freedom of Information or 
- You can enforce your rights in court. 

National Authority for Data Protection and Freedom of Information 
Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. 
Postal address: 1530 Budapest, P.O. Box 5. 
Phone: +36 1 391 1400 
Fax: +36 1 391 1410 
E-mail: ugyfelszolgalat@naih.hu 
Website: www.naih.hu  

8. Handling data protection incidents

A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Data Controller shall keep a register for the purposes of monitoring the measures taken in relation to the personal data breach, informing the supervisory authority and informing the Data Subject, which shall include the scope of the personal data affected by the breach, the number and type of data subjects, the date of the breach, the circumstances, the effects and the measures taken to remedy the breach. If the Data Controller considers that an incident presents a high risk to the rights and freedoms of data subjects, it shall inform the Data Subject and the supervisory authority of the personal data breach without undue delay and within 72 hours at the latest.  

9. Links

The Data Controller is not responsible for the content, data and information protection practices of external websites accessible from the Website as a stepping stone. If the Data Controller becomes aware that a page or link it has established violates the rights of third parties or the applicable laws, it shall immediately remove the link from the Website.  

10. Data security

The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the Data Subject's consent to comply with the requirement of data security. 

The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by the Data Controller, its employees and its data processor(s), and shall not be disclosed by the Data Controller to third parties not entitled to access the data. 

The Data Controller shall make every reasonable effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall also impose the above commitment on its employees involved in the processing activities. 

The Data Subject acknowledges and accepts that, despite the fact that the Data Controller has state-of-the-art security measures in place to prevent unauthorised access to or disclosure of the data, the protection of personal data on the Internet cannot be fully guaranteed. In the event of unauthorised access or disclosure despite our efforts, the Data Controller shall not be liable for any such acquisition or unauthorised access or for any damage suffered by the Data Subject as a result thereof. In addition, the Data Subject may also provide his or her personal data to third parties who may use it for unlawful purposes or in unlawful ways. 

Under no circumstances will the Data Controller collect special data, i.e. data concerning racial or ethnic origin, membership of national or ethnic minorities, political opinions or party affiliations, religious or philosophical beliefs, membership of representative associations, health, pathological addiction, sex life or criminal records. 
For data security, it is important that you log out of the Website after using it when you use the Internet in public places on shared computers. If you are visiting the Site from your own computer, you will remain logged in for a certain period of time, depending on the application. In this case, you should also be careful to ensure that strangers do not have access to your computer and cannot carry out transactions (subscriptions, applications, orders, etc.) on your behalf. 

 

11. Other provisions

The Data Controller reserves the right to make this Privacy Notice available to Data Subjects at the following www.websegely.hu Unilaterally modify it without prior notice through its website. After the amendment takes effect, the Data Subject shall, unless he/she objects, by continuing to use the Website or the Services, accept the amended Privacy Notice by acting voluntarily. 

 

 

 

 

This Privacy Notice is valid from 01 September 2023.