Privacy Policy
Introduction
During the operation of the website https://vbteniszpecs.hu, the data controller processes the data of the users of the site in order to provide them with an appropriate service.
The data controller intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Policy has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.
The legal basis for processing is your consent (Article 6(1)(a) of the General Data Protection Regulation).
Name of the data controller
Name: | Gábor Viczencz E.V. |
Registered office: | 7634 Pécs, Ürögi fasor 2/B |
Tax number: | 90022810-1-22 |
Website name and URL: | vbteniszpecs.hu |
Contact details of the data controller
E-mail: | info@vbteniszpecs.hu |
Phone: | +36 70 307 8333 |
Address: | 7634 Pécs, Ürögi fasor 2/B |
Information on data processing for the services of this website is available at any time at https://vbteniszpecs.hu.
The data controller is entitled to unilaterally modify the Privacy Policy, which will be published on the website https://vbteniszpecs.hu.
Definitions
- GDPR (General Data Protection Regulation): the European Union’s new Data Protection Regulation;
- data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or making available by any other means, alignment or combination, restriction, deletion or destruction;
- data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller;
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- data controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by EU or Member State law, the data controller or the specific criteria for the designation of the data controller may also be determined by EU or Member State law;
- consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation;
- data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
- user: any natural or legal person visiting the website https://vbteniszpecs.hu
- service provider: operator of the website https://vbteniszpecs.hu
- recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with EU or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- third party: a natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the data processor or the persons who, under the direct authority of the data controller or the data processor, are authorised to process personal data.
Principles of data processing
The data controller declares that it will process personal data in accordance with the provisions of the Privacy Policy and will comply with the applicable legislation, in particular with regard to the following:
The processing of personal data must be lawful, fair and transparent for the data subject.
Personal data shall be collected only for specified, explicit and legitimate purposes.
The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.
The personal data must be accurate and up to date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
Personal data must be processed in such a way as to ensure the adequate security of personal data, including the protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.
The principles of data protection apply to any information relating to an identified or identifiable natural person.
Important data processing information
The purpose of data processing is to maintain contact, send a confirmation e-mail after the purchase, fulfil the contractual conditions related to the purchase, invoicing, handling complaints, outstanding debts or consumer disputes, if necessary, and to provide users with appropriate additional services.
The data subjects concerned by the data processing are the users of the website https://vbteniszpecs.hu and the customer partners of the service provider.
The processed data consist of contact and invoice data: the user’s surname, first name, address, e-mail address, phone number, and in case of a company, the name, address and VAT number of the company.
Legal basis for data processing: by making a purchase, users consent to the processing of their personal data by the data controller as described in this Policy. The processing of personal data is based on the User’s voluntary consent given in the light of the information provided herein (Article 6(1)(a) of the General Data Protection Regulation).
The users may only provide their own personal data on the website. If they do not provide their own personal data, it is the responsibility of the data provider to obtain the consent of the data subject.
Duration of data processing and data deletion: the personal data of users (e-mail address and phone number) will be deleted after a maximum of 2 years from the date of data disclosure.
The Service Provider stores the data required for invoicing (surname, first name, address, and in the case of a company, the name, address and VAT number of the company) for 8 years as defined in the Accounting Act (Article 169 (2) of Act C of 2000).
The data subject may withdraw his or her consent to data processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to the deletion, the User’s data will be deleted within 30 days.
Method of data storage: electronic.
No profiling is carried out during data processing.
The data are accessible to the data controller and the data protection officer.
Data protection officer:
Name: dr. Beáta Brachmann
Tel.: +36 70 307 8333
The data subject may request the data controller to access, rectify, delete or restrict the processing of personal data relating to him or her by providing proof of his or her identity and may object to the processing of such personal data. The data subject shall have the right to obtain from the data controller, upon his or her request and without undue delay, the rectification or completion of inaccurate personal data relating to him or her.
The data subject may withdraw his or her consent at any time, but this does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal. The data subject shall have the right to have the data controller delete inaccurate personal data relating to him or her without undue delay upon his or her request and the data controller shall be obliged to delete personal data relating to the data subject without undue delay unless there is another legal basis for the processing.
The data controller shall take appropriate measures to protect the data against unauthorised access, alteration, transmission, disclosure, deletion or destruction and against accidental destruction.
The data subject may exercise the right to lodge a complaint with the supervisory authority.
The data subject is not obliged to provide his/her personal data, but the court reservation is not possible without the provision of the data, and the contact and invoice data are strictly necessary for the provision of the service.
Changes or deletion of personal data may be initiated by e-mail or by phone using the contact details provided above.
Scope of the data processed | Specific purpose of the data processing |
Name | Identification, contact, invoicing. |
Company name | Identification, contact, invoicing. |
Address | Identification, contact, invoicing. |
Email address | Identification, contact. |
Phone number | Identification, contact. |
Date of purchase | Technical information operation. |
IP address | Technical information operation. |
VAT number | Customer identification |
Invoice details | Invoice identification |
In the case of bank card backup (token storage), during the so-called token storage of the saved bank card data, OTP Mobil Kft. stores these saved bank card data as a data processor acting for and on behalf of the Service Provider.
The User can give his/her consent to the processing of his/her personal data by deliberately ticking the corresponding blank checkbox on the website.
The data subject may object to the processing of his or her personal data, in which respect he or she has the right to the procedure set out in the data processing information detailed above and in this Policy and the legislation described herein.
Invoicing
The purpose of data processing is to issue and send an electronic invoice as an e-mail attachment. Pursuant to the legal requirements, the Service Provider fulfils the obligation to issue an (electronic) invoice (accounting document) related to the payment transaction (using the electronic invoicing service Számlázz.hu).
The legal basis for data processing is mandatory processing based on legislation (Article 6(1)(c) of the General Data Protection Regulation).
The data subjects concerned are the Service Provider’s customer partners.
The scope of the data: name (surname, first name), address, invoice number, date of issue, in the case of a company the name, address and VAT number of the company, and the content of the accounting document.
Duration of data processing: the Service Provider stores the invoice data for 8 years as defined in the Accounting Act.
The deletion of invoice data may only be carried out in compliance with the legal requirements.
Changes to invoice data can be initiated by e-mail or by phone using the contact details provided above.
Cookies
The cookies are placed on the User’s computer by the websites visited and contain information such as the page settings or login status.
Cookies are therefore small files created by the visited websites. They improve the user experience by saving browsing data. Cookies help the website to remember your website settings and offer you locally relevant content.
Cookies remember the visitors’ individual preferences, which may be used, for example, when making online transactions, so that they do not have to be re-entered; they make the website easier to use; they provide a quality user experience.
The data subjects are the visitors of the website.
The purpose of data processing is providing additional services, identification and tracking of visitors.
The legal basis for data processing is the consent of the website visitors (Article 6(1)(a) of the General Data Protection Regulation).
The scope of the data: unique identification number, time, configuration data.
The User has the option to delete cookies from the browsers at any time in the Settings menu.
Google Analytics
Our website uses Google Analytics.
Google Analytics compiles reports for its customers on the habits of website users based on internal cookies.
On behalf of the operator of the website, Google will use this information to evaluate how users use the website. As an additional service, it generates reports on website activity for the operator of the website so that it can provide additional services.
Data is stored on Google’s servers in encrypted format to make it more difficult and prevent the misuse of data.
Google Analytics can be disabled as follows. Quote from the website:
Website users who do not want Google Analytics to generate a JavaScript report on their data can install the Google Analytics opt-out browser add-on. The extension will prevent Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on can be used in most recent browsers. The Google Analytics browser add-on does not prevent data from being sent to the website itself and other web analytics services.
Google Privacy Policy: https://policies.google.com/privacy?hl=hu
More detailed information on the use and protection of data is available at the links above.
Data transfers, data processing, recipients of data
By using the service, the User consents to the Service Provider’s right to transfer the data to the following contractual partners. A contract has been concluded between the Service Provider and the Partner with regard to the transfer of data.
Hosting service provider:
Name / company name: | Tárhely.Eu Szolgáltató Kft. |
Registered office: | 1144 Budapest, Ormánság utca 4. |
Phone: | +36 1 789 2 789 |
Email: | support@tarhely.eu |
The data you provide is stored on a server operated by the hosting service provider. The data can be accessed by the staff operating the server, but they are all responsible for the security of the data.
Activity description: hosting services, server services.
The data is processed until the end of the website’s operation or in accordance with the contractual agreement between the operator of the website and the hosting service provider. If necessary, the data subject may request the deletion of his/her data by contacting the hosting service provider.
Invoicing:
KBOSS.hu Kereskedelmi és Szolgáltató Kft. (KBOSS.hu Kft., company registration number: 01-09-303201, registered office: 1031 Budapest, Záhony utca 7.), as the operator of Számlázz.hu, provides the technical conditions for invoicing and forwards the data specified in Article 169 of Act CXXVII of 2007 on Value Added Tax. KBOSS.hu Kft. is a Data Controller within the meaning of Article 24 of the GDPR in the context of providing invoicing and related services.
The data processing information of the Számlázz.hu system is available at https://www.szamlazz.hu/adatvedelem/.
Payment:
The data required for the payment process by the participating financial institution are provided by the Service Provider to SimplePay Zrt. (company registration number: 01-10-143303, registered office: 1138 Budapest, Váci út 135-139. 5. floor) as the operator of the SimplePay system. The personal data submitted on the financial institution’s own data request pages will not be disclosed to the Service Provider.
The privacy policy of the SimplePay system is available at https://simplepay.hu/adatkezelesi-tajekoztatok/.
Official bodies:
The User acknowledges that in order to comply with its legal obligations, the Service Provider forwards data to the requesting official bodies (State Audit Office, competent authorities, courts, prosecutor’s office, National Tax and Customs Office, etc.). In the case of an official request, if the official body has indicated the exact purpose of the data request and the scope of the data, as well as the legal basis for the data transfer, we will transfer the personal data stored by us and indicated by the official body pursuant to Article 6 (1) (c) GDPR. Even in such cases, we will disclose personal data only to the extent strictly necessary to fulfil the purpose of the request.
The Data Controller is entitled and obliged to transmit to the competent official body any personal data at its disposal and stored by it in accordance with the regulations, which it is obliged to transmit by law or by a final official order. The Data Controller shall not be held liable for such transfers and the consequences thereof.
Rights in relation to data processing
Right of access
You may request information from us, via the contact details provided, about what data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.
Right to rectification
You can ask us to correct any of your data using the contact details provided. Upon your request, we will promptly, but within 30 days at the latest, take action to inform you of this by sending an e-mail to the e-mail address you have provided.
Right to erasure
You may request us to delete your data by using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.
Right to restriction of processing
You can ask us to block your data by using the contact details provided. The blocking will last as long as the reason you have given us makes it necessary to block your data. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.
Right to object
You may object to the processing of your data by using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.
Enforceability of your rights in relation to data processing
If you experience unlawful data processing, please notify us using one of the contact details above so that we can restore the lawful status within a short period of time. We will do our utmost to resolve the problem for you.
If you believe that the lawful status cannot be restored, you can lodge a complaint using the following contact details:
National Authority for Data Protection and Freedom of Information
Postal address: 1363 Budapest, Pf.: 9.
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat (kukac) naih.hu
URL: https://naih.hu
Right to judicial remedy:
Please be informed that you have the right to seek judicial remedy for the protection of your personal data, which will decide on the matter out of turn. In such a case, you are free to choose whether to bring your action before the competent court for the place where you reside (permanent address) or where you are staying (temporary address) or before the competent court for the place where the Company is established.
You can find the competent court for your place of residence or domicile at https://birosag.hu/birosagkereso.
Legislation on which the data processing is based
- REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).
Act CXII of 2011 on the right to informational self-determination and freedom of information.
- Act LXVI of 1995 on public records, public archives and the protection of private archival material.
- Government Decree No 335/2005 (XII. 29.) on the general requirements for document management by public bodies.
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
- Act C of 2003 on Electronic Communications.