Privacy Statement
1. Name of the data controller
Name of data controller: Dániel Ripka is a sole proprietor
Data controller registration number: 50933053
Headquarters of the data controller: 1074 Budapest, Alsóerdősor 26.
Data controller representative: Daniel Ripka
2. Data management rules
This Privacy Policy is effective as of December 31, 2020 until revoked.
The conceptual system of these regulations is the same as in Infotv. To the interpretative explanations defined in § 3. Based on these:
data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
personal data: data which can be contacted with the data subject, in particular his or her name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the inference that can be drawn from the data;
consent: the voluntary and unambiguous expression of the will of the data subject, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in full or in part;
"controller" means the natural or legal person, or any entity without legal personality, who alone or jointly with others determines the purposes for which the data are processed, and makes or implements decisions relating to the processing (including the means used);
data management: any operation or set of operations on data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, interrogation, disclosure, coordination or aggregation, blocking, erasure and destruction of data, and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics (eg fingerprints or palm prints, DNA samples, irises) that can be used to identify the person;
data transfer: making the data available to a specific third party;
data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
data processor: a natural or legal person or an organization without legal personality who carries out the processing of data under a contract, including a contract concluded in accordance with the provisions of law.
data protection incident: unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.
Personal data may only be processed for the purpose of exercising a right or fulfilling an obligation. The use of personal data processed by the Data Controller for private purposes is prohibited. Data management must always comply with the purpose limitation principle.
The legal basis for data processing is, as a general rule, the consent of the data subject and, in the case of certain data processing (for example: personal data on an invoice), the provision of law.
When collecting data, the Data Controller informs the Data Subject that the handling of his / her data is governed by the Data Management Regulations. The Data Controller shall make the Regulations available on its website at all times.
Acceptance of the Privacy Policy (a check mark in the appropriate checkbox) confirms that you have read the Privacy Policy and constitutes a consent to data processing.
The Data Controller processes personal data only for a specific purpose, in order to exercise a right and fulfill an obligation, with the prior consent of the data subject or by law or legal authorization, to the minimum extent and for the time necessary to achieve the purpose. The purpose of the data processing must be fit for purpose at all stages - and if the purpose of the data processing has ceased or the processing of the data is otherwise unlawful, the data will be deleted.
Before recording the data, the Data Controller shall in all cases inform the data subject of the purpose of the data processing and the legal basis of the data processing.
The employees who process data at the Data Controller and the employees of the organizations participating in the data management and performing any of its operations on behalf of the Data Controller are obliged to keep the personal data known as a business secret.
If a person subject to the regulations becomes aware that the personal data processed by the Data Controller is incorrect, incomplete or out of date, he / she is obliged to correct it or initiate the correction with the employee responsible for recording the data.
The data protection obligations of natural or legal persons or organizations without legal personality performing data processing activities on behalf of the Data Controller are contained in the assignment agreement concluded with the data processor.
In the course of their work, the employees of the Data Controller ensure that unauthorized persons do not have access to personal data, and that the storage and placement of personal data is designed in such a way that it cannot be accessed, accessed, altered or destroyed by unauthorized persons.
3. Enforcing the rights of data subjects
The data subject may request information on the processing of his or her personal data, as well as request the correction or deletion of his or her personal data, except for the data processing required by law, at dani.ripka@gmail.com email address.
3.1. Right to information
At the request of the data subject, the Data Controller shall provide information on the data processed by the data controller managed by the data subject or entrusted by him or her, the purpose, legal basis, duration, name, address and activities related to data processing and the circumstances of the data protection incident. , its effects and the measures taken to remedy it, as well as the legal basis and the recipient of the transfer.
The Data Controller shall respond to the request related to the processing of the personal data of the data subject in writing, in a comprehensible form, no later than within 25 days from the submission of the right to protest.
The information covers the Infotv. To the information specified in Section 15 (1), if the information of the data subject cannot be refused on the basis of law.
As a general rule, the information is free of charge; It is charged in the case specified in Section 15 (5).
The Data Controller request can only be sent to Infotv. Rejects it for the reasons specified in Section 9 (1) or Section 19, only with justification, in accordance with Infotv. With the information specified in Section 16 (2), in writing.
Inaccurate data will be corrected by the data controller, if the necessary data and the public documents proving them are available, Infotv. In case of the existence of the reasons specified in Section 17 (2), it shall take measures to delete the processed personal data.
3.2. Right to protest
The data subject may object to the processing of his or her personal data,
if the processing or transfer of personal data is necessary solely for the performance of a legal obligation to the controller or to safeguard the legitimate interests of the controller, the recipient or a third party, except in the case of mandatory processing;
if the use or transfer of personal data is for the purpose of direct business acquisition, public opinion polling or scientific research; and
in other cases specified by law.
The Data Controller shall examine the protest within the shortest time from the submission of the application, but not later than within 25 days, make a decision on the merits of the application and inform the applicant in writing of its decision.
If the protest is justified, the Data Controller shall terminate the data processing and block the data, and shall notify all persons to whom the personal data affected by the protest have previously been transmitted and who are obliged to take action to enforce the right to protest.
If the data subject does not agree with the decision made on the subject of the protest, or the Data Controller fails to meet the deadline, the data subject shall, within 30 days from the notification of the decision or the last day of the deadline, inform Infotv. He may apply to a court as defined in § 22.
If the protest is justified, the data controller shall inform Infotv. Act in accordance with the provisions of Section 21 (3).
3.3. Locking
The Data Controller shall block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it is presumed that the deletion would harm the data subject's legitimate interests. Blocked personal data may only be processed for as long as the purpose of the processing, which precluded the deletion of personal data, exists.
3.4. Deletion
The Data Controller deletes the personal data if its processing is illegal, the data subject requests it, the processed data is incomplete or incorrect - and this condition cannot be legally remedied - provided that the deletion is not excluded by law, the purpose of data processing is terminated or the data storage has expired, it has been ordered by a court or the National Data Protection and Freedom of Information Authority.
The Data Controller has 25 days to delete, block and correct personal data. The Data Controller shall notify the data subject of the measures taken, as well as all those to whom the data have previously been transmitted for the purpose of data processing.
The Data Controller shall also reimburse the damage caused to others by the illegal processing of the data subject's data or the violation of the data security requirements, as well as the personal injury damage caused by the data processor used by him or her or by the data processor used by him or her. The controller shall be released from liability for the damage caused and the obligation to pay damages if it proves that the damage or the violation of the data subject's personal rights was caused by an unavoidable cause outside the scope of data processing. In the same way, it does not compensate for damage if it was caused by the injured party's intentional or grossly negligent conduct.
The data subject may submit a complaint regarding the data processing procedure of the Data Controller to the NAIH:
name: National Data Protection and Freedom of Information Authority
headquarters: 1024 Budapest, Szilágyi Erzsébet avenue 22 / C.
website: www.naih.hu
The data subject may, at his or her option, pursue his or her claim in court. The court has jurisdiction to hear the case. The action may, at the option of the person concerned, be brought before the court for the place where the person concerned is domiciled or resident.
4. Data management during the use of the Data Controller's website
Location of data management:
1074 Budapest, Alsóerdősor 26,
rd-photo.hu
4.1. Website data management
On the website of the Data Controller, software analyzing the traffic data of the website is running. However, the software is compatible with Infotv. does not process personal data in accordance with its provisions, but records data on visits. You will receive automatically generated information about the visitors of the Data Controller's website: the visitor's Internet Protocol address (IP address), the time of the visit, the data of the pages viewed, the name of the browser used.
As the IP address may even become relative personal data according to the National Data Protection and Freedom of Information Authority and its internationally accepted practice, the Data Controller protects all data obtained during the data management of the website with the protection of personal data in accordance with these regulations.
The Data Controller therefore informs the visitors about the data collection by publishing these regulations on its website.
The legal basis of the present data processing is the consent of the data subject [Infotv. § 5 (1) (a) and § 6 (6)], according to which “in another matter initiated at the request of the data subject, the consent of the data subject shall be presumed in respect of the personal data provided by him or her”.
purpose of data management: to examine the habits of visiting the website
scope of data handled: visitor's Internet Protocol address (IP address), date of visit, details of pages viewed, name of browser used
legal basis of data management: Infotv. Stakeholder's consent pursuant to Section 5 (1) a).
data retention period: one year from the data collection
data storage method: electronic
4.2. Contact
On the website of the Data Controller, the visitor has the opportunity to contact us. By filling out the form, the visitor will provide the relevant contact information. However, the data subject can only send the data if he or she accepts the Privacy Policy of the Data Controller, he or she can do so by ticking a box, otherwise he or she will not be able to finalize the registration.
purpose of data management: contacting, sending messages
scope of data processed: name, e-mail address, telephone number of the data subject
legal basis of data management: Infotv. Stakeholder consent pursuant to Section 5 (1) a)
data storage deadline: until the termination of the Data Controller or at the request of the data subject
data storage method: electronic
4. 3. Newsletter data management
The Data Controller sends a newsletter at the request of the data subject, so only those who have registered for this service on the Data Controller's website or have personally consented to sending the newsletter will receive a newsletter. If you are able to subscribe to the newsletter on the website, you must accept the privacy policy at the place where you subscribe. You can do this with a check box.
The Data Controller analyzes the data and user habits of the interested parties
in order to personalize your ads and those of your business partners
users at the contact details they provide
The Data Controller provides the option to unsubscribe at the bottom of each newsletter.
data management registration number:
the purpose of data management: to inform the data subjects about the most important news of the Data Controller
scope of data processed: name of the data subject, e-mail address
legal basis of data management: Infotv. Stakeholder consent pursuant to § 5 (1) a), Eker. TV. 13 / A. § and
Grt. Section 6 (5)
data retention period: until the end of the operation of the newsletter service, but if the data subject requests the deletion of his / her data (unsubscribes from the newsletter), immediately after the request for deletion
data storage method: electronic
5. Data management during the operation of the Data Controller
Location of data management:
1085 Budapest, József krt. 65.
5.1. Customer records and customer data management
The data of customers and partners are recorded in the unique system of the Data Controller. The details of the customers, which are essential for concluding the contract, are recorded. Given that the activity of the Data Controller is portrait photography, the Data Controller also stores and manages photographs of customers as data subjects. Photographs will be deleted at the request of the data subject.
the purpose of data management: the contact necessary to meet the ordering needs of customers and partners.
scope of data managed: customer's name, e-mail address, telephone number, home address, image
legal basis of data management: Infotv. Stakeholder contribution pursuant to Section 5 (1) a) and Section 169 (2) of Act C of 2000 on Accounting (Act on Accounting)
Deadline for data storage: until deleted at the request of the data subject, in respect of the data contained in the invoice. TV. In accordance with Section 169 (2), eight years
data storage method: electronic
The data processors that may be related to data management are included in these Regulations.
6. Data processor
During the processing of personal data, the Data Controller uses the following data processor exclusively for the performance of technical tasks:
data processor name: Wix.com Luxembourg Sarl
it's title: 5, rue Guillaume Kroll, L-1882 Luxembourg
purpose of data processing: hosting provider
The Data Processor shall process the data in accordance with the instructions of the Data Controller, may not make a substantive decision concerning the data processing, may process personal data only in accordance with the Data Controller's instructions, may not process data for its own purposes.
Changing the statement
The Data Controller reserves the right to amend the statement. If the change affects the use of personal data provided by the data subject, the user will be notified of the changes in the form of an e-mail notification letter. If the details of the data management also change due to the amendment of the statement, the Data Controller will separately request the consent of the data subject.
Issues not specified in these regulations
In matters not specified in these regulations, the Infotv. its rules apply.