1. Introduction
I, Andrea Mészáros, as the owner of the website, hereby inform you about my practices regarding the use of the tort.hu website (hereinafter: Website) and the processing of personal data related to the services provided on the website, the organizational and technical measures taken to protect the data, as well as your rights regarding data processing and the possibilities of exercising your rights.
This notice and the processing of your personal data will be carried out in accordance with the applicable laws, in particular:
- EU Regulation 2016/679 (General Data Protection Regulation, hereinafter: the Regulation)
- Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Act on the Freedom of Information)
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services
- Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities.
2. Basic concepts and provisions relating to personal data
personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
data management: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
data controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law;
data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
privacy incidents: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3. The controller
The Data Controller is Andrea Mészáros (hereinafter referred to as the "Data Controller"; address: 6300 Kalocsa, Kis u. 48., e-mail: info@tort.hu, tax number: 69996515-1-23, registration number: 53986919).
The Data Controller shall process credit card payments in accordance with the Paylike system. Address: P. O. Pedersensvej 14, Aarhus, Denmark. Contact: hello@paylike.hu or +36 1 500 9480. Paylike acts as a data controller for payment information. Further information on data management in their privacy policy can be found at. Banking partner - Paylike - Banking services are provided by Clearhaus A/S (FT-no. 22006), which is certified by the Danish Financial Supervisory Authority and is a Principal Member of Mastercard and Visa.
For credit card payments, the additional data controller is Stripe Inc. Address: 185 Berry Street Suite 550 San Francisco, CA 94107. Email: support@stripe.com. For more information, please contact data processing policyin uk.
4. Principles of data management
The processing of personal data must be lawful, fair and transparent for the data subject.
Personal data may only be collected for a specific, explicit and legitimate purpose. The data processed must be adequate, relevant and limited to what is necessary for the purpose for which it is processed.
The data processed must be accurate and, where necessary, up to date. All reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay.
Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.
Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.
5. Who is affected
The data subjects are the persons visiting the Website operated by the Data Controller, subscribers to the newsletter, course subscribers on the Website, persons interested in the services of the Data Controller via the Website, persons liking and subscribing to the Website on Facebook, persons subscribing to the Messenger chatbot, visitors and followers on Pinterest
6. The data processed
- In case of subscribing to the newsletter on the Website, the Data Controller processes the following data of the subscriber concerned: name, e-mail address, IP address.
- When ordering a course on the Website, the Data Controller processes the following data of the data subject: name, address, e-mail address, phone number, billing name, address, tax number, course ordered.
In case of interest in services on the Website, the Data Controller processes the following data of the data subject: name, e-mail address, telephone number.
- Data processed about visitors to the Website: different types of cookies may be placed on the visitor's device when using the Website (see section 11 for details on cookies). Each cookie may store the following information about the visitor your IP address or part of it, browser type, data about your use of the website (time of visit, pages visited, session duration, number of clicks).
- If a visitor to the Website uses the Facebook plugin on the Website to "like" the Website or subscribes to the Website's Facebook page, the Data Controller will process the data subject's Facebook profile information (name, profile picture).
- If a visitor to the Website subscribes or contacts the Data Controller via Messenger chatbot, if he/she subscribes to the Website's Messenger chatbot, the Data Controller will process the data subject's the details listed in the previous point.
- If a visitor to the Website shares an image on the Website using the Pinterest plugin, follows the Pinterest page, the Data Controller will process the data subject's personal data. Pinterest profile information (name, profile picture).
7. Purpose of data processing
- In case of newsletter subscription, the purpose of data processing is to provide the newsletter sending service, including information about discounts, products and services of the Data Controller.
- In the case of ordering a course, the purpose of data processing is to record and confirm the order and to fulfil the order.
If you provide a telephone number, the purpose of the processing of the telephone number is to coordinate and contact you in connection with the ordering and delivery of the course.
Billing name, address, tax number are processed by the Data Controller for the purpose of issuing the invoice. - In the case of enquiries sent via the Website, the purpose of the processing is to inform the data subject about the service of interest.
- For information on the purpose of the cookies used by the Website, please see section 11.
- When using the Facebook plugin on the Website, the purpose of the data processing is to enable the data subject to bookmark the page and subscribe.
- In the case of subscribing to the Messenger chatbot, the purpose of the processing is to provide the messaging service, including information about discounts, products and services of the Data Controller.
- When using the Pinterest plugin on the Website, the purpose of the data processing is to enable the data subject to share the images on the Pinterest site.
8. Legal basis for processing
- In the case of newsletter services, the legal basis for data processing is the voluntary consent of the data subject (Article 6 (1) (a) of the Regulation). The Data Controller is also entitled to process the e-mail address and IP address pursuant to Section 13/A of the Act on the Protection of Personal Data, as these are technically necessary data for the provision of the service.
- In the case of ordering a course, the legal basis for data processing with regard to the name, e-mail address, billing name, address and the course ordered is Article 6 (1) (b) of the Regulation and Article 13/A of the Ektv. These data are necessary for the conclusion and performance of the contract for the provision of the course. Without these data, the contract cannot be concluded and fulfilled (the customer cannot place his order, the Data Controller cannot invoice and fulfill the course).The processing of the telephone number, the tax number and the data concerning the website of the data subject is based on the voluntary consent of the data subject (Article 6(1)(a) of the Regulation).
- In the case of data provided in the case of enquiries sent via the Website, the legal basis for processing is the voluntary consent of the data subject (Article 6(1)(a) of the Regulation).
- In the case of cookies installed on the computer of the visitor concerned via the Website, the legal basis for data management:In the case of cookies that are technically necessary for the operation of the Website, for the use of the services and functions provided on the Website: § 13/A of the Act, Article 6 (1) (b) of the Regulation.
For cookies that serve convenience or marketing functions, or to analyse the use of the website or improve its performance: the data subject's voluntary consent (Article 6(1)(a) of the Regulation). - The legal basis for the processing of data in connection with the use of the Facebook and Pinterest plugins is Article 13/A of the Act and Article 6 (1) (a) of the Regulation.
- The legal basis for the processing of data in connection with the use of the Messenger chatbot is Article 13/A of the Act and Article 6 (1) (a) of the Regulation.
- The Controller may also process the data subject's data if it is necessary for the purposes of the legitimate interests pursued by the data subject, unless those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (Article 6(1)(f) of the Regulation).
9.Duration of data processing
- The Data Controller shall process the data processed during the newsletter and Messenger chatbot service until the data subject unsubscribes from the newsletter service or otherwise requests the deletion of his/her data.
- In the case of ordering a course on the Website, the Data Controller shall process the data for as long as it is necessary to fulfil the order, contract or consultancy. The Data Controller shall automatically delete the data no later than 1 year after the completion of the course, except in the cases set out in the following section or if there is another legal basis for the processing (e.g. the data subject has subscribed to a newsletter).
- If the personal data of the data subject are included in the invoice, the Data Controller is obliged to keep these documents for 8 years pursuant to Article 169 of Act C of 2000 on Accounting. Data contained in tax-related documents (e.g. orders, contracts, etc.) must be kept until the limitation period of the right to tax assessment pursuant to Article 78 of Act CL of 2017 on the Rules of Taxation, or, in the case of deferred tax, for 5 years from the last day of the calendar year in which the deferred tax becomes due.
- In the case of enquiries sent via the Website, the Data Controller shall process the data processed until the data subject has provided the requested information. The Data Controller shall automatically delete the data after 1 year at the latest, unless the data subject has contacted the Data Controller again. In the event of a subsequent request, the Controller shall process the personal data for a maximum of 1 year from the date of the provision of the information.
- For information on the lifetime of cookies, see section 11. In the case of marking the Website as a "favourite" on Facebook or subscribing to or following the Pinterest page, the processing lasts until the data subject requests the deletion of the data (unsubscribe, unmarking).
10. Who has access to the data (recipients)
The personal data may be accessed by the Data Controller and his associate (Attila Göbölyös, address: 6300 Kalocsa, Kis u. 48.).
We only transfer personal data to third parties for processing purposes. The processor may process the personal data that comes to his/her knowledge only in accordance with the provisions of the Data Controller, may not process the personal data for his/her own purposes, and shall store and retain the personal data in accordance with the provisions of the Data Controller.
10.1. A newsletter service is provided by the Data Controller through newsletter management software. The operator of the newsletter management software processes the personal data (name, e-mail, IP address) of the data subjects as a data processor in the course of providing the service. The Data Controller uses the following data processors for the newsletter service:
- MailerLite Limited, Ground Floor 71 Lower Baggot Street, Dublin, Ireland
- The Rocket Science Group, LLC (Mailchimp), located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, telephone (404) 806-5843, e-mail: legal@mailchimp.com
The Privacy Shield Framework Agreement between the European Union and the United States of America ensures the protection of personal data when transferring data to the United States. Rocket Science Group, LLC is on the compliance list maintained under the Framework Agreement.
- ActiveCampaign, Inc, with registered office at 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA, telephone: +1 773 904-0945, e-mail: jason@activecampaign.com
ActiveCampaign, Inc is on the compliance list maintained under the Framework Convention.
10.2 The Data Controller uses Google Analytics, a service provided by Google, Inc. to analyse the use of the website, which collects information and generates a statistical report on the use of the website without identifying visitors individually. This service uses cookies which are installed on the computer of the data subject. The data collected by the cookie about your use of the website will be stored on a server of Google LLC, a data processor (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA., phone: 650-253-0000, e-mail: data-protection-office@google.com)
Google LLC is included in the compliance list maintained under the Privacy Shield Framework Agreement.
For data processing related to the use of the Facebook plugin, the data processor is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, phone: +1 650-543-4800, e-mail: privacyshield@support.facebook.com
Facebook Inc. is on the compliance list under the Privacy Shield Framework Convention.
10.4. The accountant of the Data Controller is József Krizsik József, self-employed, 2340 Kiskunlacháza, Munkácsy Mihály u. 27., tax number: 59145440-1-33.
11. Cookies used on the Website
A cookie is a string of information, consisting of text, that the Website transfers to a small file on the hard drive of the user's computer or mobile device. A cookie typically contains the name of the computer domain from which the cookie was received, the expiry date of the cookie and a randomly generated number (value).
The cookies used by the Website serve several purposes. Some cookies are technically necessary for the functioning of the Site, without which the Site and its essential functions would not function. Some cookies facilitate the use of the Website by remembering for a limited period of time the visitor's actions and personal preferences (e.g. language, font size and other unique settings related to the presentation of the website), so that the visitor does not have to re-enter them on each subsequent visit or when navigating from one page to another. There are cookies that are used to improve the performance of the Website by collecting information and reporting statistics about the use of the Website. Some cookies are used for advertising purposes, by helping to display the advertisements that are of most interest to visitors.
Cookies can be classified into the following categories:
- Session cookies: temporary cookies that remain in the cookie file of the Internet browser of the visitor concerned until he or she leaves the Website and are automatically deleted at the end of the session or when the browser is closed. They are necessary for browsing the website, for using its functions, including the possibility of remembering the actions carried out by the visitor on the page, function or service.
- Usage cookies: are used to help the Website remember what settings and how the user uses the Website. This is to ensure that you do not have to re-enter them on your next visit. Without the information contained in the cookies that store preferences, our website can function less smoothly.
- Performance, statistical cookies: cookies that are used to help the Data Controller collect information about how visitors use the Website, such as which page they viewed, what session they started, how long they viewed the page, and how long the session lasted. The Data Controller uses Google Analytics, which uses cookies to collect information and compile statistical reports on the use of the website, without identifying visitors individually. The purpose of using these cookies is to enable the Data Controller to gain an insight into the use of the Website and to improve and provide a user-friendly experience for visitors.
- Advertising and marketing cookies: these cookies are used to display ads of interest to the visitor concerned on the Website and to improve the effectiveness of our own marketing. Cookies included in this function may, for example, remember a visitor's recent searches, previous interactions with advertisements from individual advertisers or search results, and visits to advertisers' websites, and analyse this data to help display appropriate advertisements.
When a visitor to the Website posts on the Website, he or she can stay logged in by storing his or her name, email address and web address in a cookie. This storage is for the visitor's convenience so that he/she does not have to fill in these fields the next time he/she posts. These cookies have an expiry date of 1 year.
If the visitor has a user account and is logged in to this website, temporary cookies are set in order to determine whether the browser accepts cookies. These cookies contain no personal information and are deleted as soon as the browser is closed.
When you log in to the website, a number of cookies are created to store your login information and the display options for the editor interface. The login cookies are valid for two days and the cookie storing the display options of the editor interface is valid for one year. If the "Remember me" option is checked, the login will continue for two weeks. When logging out, the login cookies are removed.
When you edit a post or page, another cookie is stored by the browser. This cookie does not contain any personal data, it simply stores the ID number of the post that was edited. It expires after one day.
If the visitor concerned has consented to the use of cookies on the Website, he or she will still have the opportunity to change the cookie settings or delete cookies from his or her device. Web browsers allow you to change cookie settings or delete cookies.
You can find more detailed information on how to change your cookie settings and delete cookies in different types of browsers by following the links below:
12. Security of personal data
The Data Controller shall ensure the security of the processed and stored data, its protection from access by unauthorized persons and from unauthorized modification and alteration, by taking measures appropriate to the level of technology (e.g. firewall).
The Data Controller shall provide the expected level of protection when processing the data.
Data subjects' rights in relation to data processing, legal remedies
You, as the data subject, may request the Controller to access, rectify, erase or restrict the processing of personal data concerning you and to object to the processing of such personal data.
You have the right to receive feedback from the Controller on whether your personal data is being processed. If such processing is ongoing, you have the right to be informed of the purposes of the processing, the categories of personal data concerned, the categories of recipients of the data, the envisaged duration of the storage of the personal data (if this is not possible, the criteria for determining this duration).
The Controller will provide you with a copy of the personal data processed. For additional copies, the Controller may charge a reasonable fee based on administrative costs. If you have submitted your request electronically, the information shall be provided in a commonly used electronic format unless you request otherwise.
Personal data must be deleted if:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing on the basis of Article 21(2) of the Regulation;
- the personal data have been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
- personal data are collected in connection with the provision of information society services directly to children.
You may request that the Controller restricts processing if one of the following conditions is met:
- you contest the accuracy of the personal data, in which case the restriction applies for a period of time that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the deletion of the data and instead request the restriction of their use;
- the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
- you have objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.
You have the right to receive the personal data concerning you that the Data Controller has provided to you in a structured, commonly used, machine-readable format and the right to transmit such data to another data controller.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where the processing is based on:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.
In this case, the Controller may no longer process the personal data, unless the Controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.
If the personal data breach is likely to result in a high risk to your rights and freedoms, the Data Controller will inform you of the personal data breach without delay.
In the above cases, you may submit your request to the Data Controller (Andrea Mészáros, 6300 Kalocsa, Kis u. 48., phone: +36-20-939-4242, e-mail: info@tort.hu). The Data Controller will inform you of the action taken on your request without undue delay, but within 1 month of receipt of the request.
If necessary, and taking into account the complexity of the application and the number of requests, this deadline may be extended by a further 2 months. The Data Controller shall inform you of the extension of the time limit within 1 month of receipt of the request, stating the reasons for the delay. If you have submitted the request by electronic means, the information shall be provided by electronic means where possible, unless you request otherwise.
If the Data Controller does not take action on your request, it will inform you of the reasons for its failure to do so without delay and at the latest within 1 month of receipt of the request. In the event of non-action, or in relation to the action taken, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information and exercise your right to judicial remedy.
You have the right to initiate proceedings before the National Authority for Data Protection and Freedom of Information if there is a breach of rights or an imminent threat of such a breach in connection with the processing of your personal data. The contact details of the Authority are.
You may take the Data Controller to court if your rights are infringed. The court of law has jurisdiction to hear the case. You can also choose to bring the case before the court of your place of residence or domicile.
A person who does not otherwise have legal capacity to sue can also be a party to the lawsuit. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
If you have any complaints or concerns about the processing of your personal data, please contact the Data Controller before initiating any of the above procedures.
Other information
Embedded content from other websites
Entries on the website may use embedded content (e.g. videos, images, articles, etc.) from external sources. Embedded content from external sources behaves exactly as if you had visited another website.
These sites may collect data about visitors, use cookies or third-party tracking code, monitor user behaviour in relation to embedded content if we have an account and are logged in to the site.
Comments
When submitting a comment, in addition to the information provided in the comment form, the commenter's IP address and browser ID string are collected to filter out unsolicited content.
An impersonalized string (usually called a hash) generated from your email address is sent to the Gravatar service when it is used on the site. The terms and conditions of the Gravatar service can be found at https://automattic.com/privacy/. Once a post is accepted, the content of our post and our profile picture will be publicly displayed.
Media
If an image is uploaded to the website by a registered user, EXIFs that include GPS position data should be avoided. Visitors to the website can download these and extract the location data from the images on the website.
How long we keep your personal data
When you post a comment, the comment and its metadata remain in the system for an indefinite period of time. This is to ensure that all subsequent posts are known and approved by us, i.e. they are not added to the list of posts to be moderated.
Personal data of users registered on the website (if any) will also be stored in their user profile. All users can view, edit or delete their personal information at any time (except that they cannot change their own username). Website administrators can also view and edit this information.
What rights do users have in relation to their own data?
When registering an account or posting a comment on the website, you may be asked to send us your personal data in an export file containing any data that you have previously provided to us. You may also request that any personal data previously provided by you be deleted. This does not apply to data that we are obliged to keep for administrative, legal or security reasons.
Where we transfer the data to
Comments submitted by visitors can be checked by an automatic spam filtering service.