Data Handling and Privacy Policy
In accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC 1 (General Data Protection Regulation), 2 Tamás Nádudvari sole proprietor (hereinafter: Data Controller) declares that it submits to the provisions of the aforementioned Regulation and, in compliance therewith, provides the following information:
DATA CONTROLLER AND CONTACT DETAILS:
Data Controller Name: Tamás Nádudvari sole proprietor
Tax Number: 41956221-1-36
Registered Address: 5000 Szolnok, Jubileumi tér 5. 14/3
Email: hello@webcliff.hu
Phone number: +36304462280
What we can promise:
1. We implement appropriate data protection measures and expect all other organizations we work with to provide us with a similar level of service.
2. We only request personal data when it is lawful from a data protection perspective.
3. We only request as much personal data as is necessary to provide our services at an appropriate level and to meet our contractual and legal obligations.
4. We only use personal data for the purpose for which it was originally collected.
5. If someone wants to know what personal data we have about them, or wants to modify or delete it, they can request this at any time in writing addressed to the data controller. We will fulfill the request, provided it does not conflict with our legal or contractual obligations.
This data privacy notice governs the data processing of the www.webcliff.eu website!
1. Consultation Application
Data controller: Data Controller
Legal basis for data processing: consent of the data subject – GDPR Article 6(1)(a).
Possible consequences of failure to provide data: the user will not be able to use the website's functions and services.
Purpose of data processing: by filling out the form, the data subject has the opportunity to easily send a message to the Data Controller. Subsequently, responding to the message and the necessary communication.
Scope of data processed: name, email address, phone number, message
Data processing time: The Data Controller processes the data collected during the message submission until the data subject's message is answered or the related case is closed.
Location of data processing: IT equipment located at the Data Controller's premises.
2. Request for Quotation
Data controller: Data Controller
Legal basis for data processing: consent of the data subject – GDPR Article 6(1)(a).
Possible consequences of failure to provide data: the user will not be able to use this service of the website.
Purpose of data processing: responding to the quotation request sent by the data subject and the necessary communication.
Scope of data processed: displayed name, email address, phone number, message
Data deletion deadline: The Data Controller processes the data collected during the quotation request until the data subject's request is answered or the related case is closed.
Location of data processing: IT equipment located at the Data Controller's premises.
3. Contact Us
Data controller: Data Controller
Legal basis for data processing: consent of the data subject – GDPR Article 6(1)(a).
Possible consequences of failure to provide data: the user will not be able to use the website's convenience functions and services.
Purpose of data processing: By filling out the form, the data subject has the opportunity to easily send a message to the Data Controller. Subsequently, responding to the message and the necessary communication.
Scope of data processed: name, email address, phone number, message
Data processing time: The Data Controller processes the data collected during the message submission until the data subject's message is answered or the related case is closed.
Location of data processing: IT equipment located at the Data Controller's premises.
4. Contact via Email
Data controller: Data Controller
Legal basis for data processing: consent of the data subject – GDPR Article 6(1)(a).
Possible consequences of failure to provide data: the data subject will not be able to contact the Data Controller in writing.
Purpose of data processing: The data subject has the opportunity to easily send a message to the Data Controller.
Subsequently, responding to the message and the necessary communication.
Scope of data processed: name, email address, message subject, message
Data processing time: The Data Controller processes the data collected during the message submission until the data subject's message is answered or the related case is closed.
Location of data processing: IT equipment located at the Data Controller's premises.
5. Invoicing
The Data Controller issues invoices and, in some cases, pro forma invoices for orders, subscriptions, and subscription renewals in accordance with legal regulations.
Purpose of data processing: invoicing, sending invoices by post, communication, fulfillment of data provision obligations prescribed by accounting and tax laws.
Legal basis for data processing:
• performance of a contract (GDPR Article 44),
• Section 169(2) of Act C of 2000 on Accounting.
Scope of processed data: tax number, billing name, billing address, invoice recipient's name and address, postal name and address, name and quantity of the ordered product, subscription start and end dates, payment method,
payment deadline, payment status, payment date
In addition to the mandatory data content of the accounting document (billing name, address, tax number, product name, quantity, unit price, net amount of the invoice, VAT, gross amount of the invoice), the invoice also includes the invoice delivery name and address, and the postal name and address, which are inseparable parts of the document during its generation (invoice image).
Location of data storage: The data of accounting documents are stored in the service provider's invoicing, customer service, and business databases.
Data processing time: The service provider is obliged to retain accounting documents (and thus the personal data contained therein) for eight years in accordance with Section 169(2) of the Act on Accounting.
6. Cookies
According to the Information (pop-up window) found on the website.
7. Creating Visitor Statistics
Purpose of data processing: Any external visitor can access the Data Controller's website and the information published by the Data Controller. During the website visit, the website's hosting service provider records visitor data to monitor the service's operation, prevent abuse, and ensure smooth operation. The purpose of the recording is to collect information on website usage, create visitor and internet usage statistics and analyses. External service providers place so-called cookies on the data subject's computer, allowing them to link the data subject's current visit to previous ones. The data subject can reject the request for cookies in the pop-up window on the website at any time.
Scope of processed data: Date, time, IP address of the data subject's computer, IP address of the visited page, IP address of the previously visited page, data related to the data subject's operating system.
Data processing duration: 2 years from the website visit.
8. Data Technically Recorded During System Operation
Technically recorded data includes data from the Data Subject's login computer, which are generated during service usage and logged by the data controller's system as an automatic result of technical processes (e.g., IP address, session ID). Due to the nature of the internet, automatically recorded data is logged by the system automatically without the Data Subject's separate declaration or action – through internet usage. The internet cannot function without these automatic server-client communications. These data cannot be linked to other personal data of the data subject, except in cases mandated by law. Only the Data Controller has access to these data. Automatically and technically recorded log files during system operation are stored in the system for the period necessary to ensure system operation.
9. Presence on Social Media
The Data Controller is accessible on the LinkedIn social media platform.
Data controller: Data Controller
Legal basis for data processing: the use of the social media site and communication with the Data Controller through it, contact maintenance, and other operations allowed by the social media site are based on the data subject's consent – GDPR Article 6(1)(a).
Possible consequences of failure to provide data: the user will not be able to use communication and expression of opinions through the social media site.
Purpose of data processing: sharing, publishing, and marketing the Data Controller's services and the content on the website on social media.
Scope of data subjects: All natural persons who visit and follow the Data Controller's social media pages, and interact with the content posted (like/dislike), and share it among their own contacts, partially or fully.
Scope of data processed: The data processed includes the data subject's public name, public photo, public email address, communication through the social media site, basis for responding, sent messages, evaluations, or other operations by the data subject.
Data processing time: until deletion at the data subject's request (unsubscription).
Further information on data processing: The data subject voluntarily consents to following and liking the Data Controller's content based on the terms of the social media site.
Location of data processing: IT equipment located at the Data Controller's premises.
Other Data Processing
The Data Controller provides information about data processing not listed in this notice at the time of data collection. Individual authorities, public service bodies, and courts may contact the Data Controller for the purpose of disclosing personal data. The Data Controller only discloses personal data to these bodies – if the requesting body has specified the precise purpose and scope of the data – to the extent that is absolutely necessary to achieve the purpose of the request, and if the fulfillment of the request is prescribed by law.
In connection with the above, we inform you that your personal data – during the payment process – may be transferred to recipients located or operating outside the European Union.
DATA PROCESSOR (regarding the data processing specified above)
Accountant: Miklósné Orbán
Registered Address: 5000 Szolnok, Rákóczi út 41.
Email: -
Hosting Provider Details: CWeb Hosting Kft.
Address: 1173 Budapest, Borsó utca 12-32.
Phone: +36702827206
Email: info@cweb.hu
Payment service providers who may receive billing information:
Payment Service Provider 1: BARION
Barion Payment Zrt.
Registered Address: H-1117, Budapest, Irinyi József utca 4-20. 2nd floor
Helpdesk: +36 1 464 70 99
Company Registration Number: 01-10-048552
Payment Service Provider 2: OTP Simple Pay
OTP Mobil Szolgáltató Kft.
Registered Address: 1143 Budapest, Hungária krt. 17-19.
Customer Service: ugyfelszolgalat@simple.hu +36 1/20/30/70 3-666-611
Company Registration Number: 01-09-174466
Számlázz.hu:
KBOSS.hu Kft., 1031 Budapest, Záhony utca 7/D.,
Tax Number 13421739241,
web: https://www.szamlazz.hu
WHAT ARE YOUR RIGHTS REGARDING PERSONAL DATA?
You have the following rights, and you can exercise them by contacting the Data Controller:
-
Data Controller
what personal data;
on what legal basis;
for what data processing purpose;
how long it is processed; and that - to whom, when, under what legal basis, which personal data were accessed or to whom the personal data were transferred by the Data Controller;
- what source the personal data originates from (if the data subject did not provide it to the Data Controller);
- whether the Data Controller uses automated decision-making, its logic, including profiling.
Upon the data subject's request, the Data Controller shall provide a copy of the personal data undergoing processing free of charge for the first time, and may charge a reasonable fee based on administrative costs for subsequent copies.
In order to fulfill data security requirements and protect the rights of the data subject, the Data Controller is obliged to verify the identity match between the data subject and the person requesting access, and therefore, the provision of information, access to data, and the issuance of copies thereof are subject to the identification of the data subject.
- they contest the accuracy of their personal data (in which case the Data Controller restricts the data processing for the period during which it verifies the accuracy of the personal data);
- the data processing is unlawful, and the data subject opposes the erasure of the data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise, or defense of legal claims; or
- the data subject has objected to the data processing (in which case the restriction applies for the period during which it is verified whether the legitimate grounds of the Data Controller override those of the data subject).
We inform you that the Data Controller does not perform automated decision-making or profiling.
ACTION FOLLOWING YOUR ABOVE REQUEST
We will inform you of the actions taken following your above requests without undue delay, but no later than one month from receipt of the request.
If necessary, this can be extended by two months. We will inform you of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.
If we do not take action following your request, we will inform you without delay, but no later than one month from receipt of the request, of the reasons for not taking action, and that you can lodge a complaint with a supervisory authority and exercise your right to judicial remedy.
DATA PROCESSING SECURITY
During data processing, the Data Controller maintains
a) confidentiality: protects information so that only those who are authorized can access it;
b) integrity: protects the accuracy and completeness of the information and the processing method;
c) availability: ensures that when the authorized user needs it, they can actually access the desired information, and the related tools are available.
The Data Controller stores personal data in paper form, in locked cabinets, and also protects them by restricting access to the area.
DATA PROTECTION INCIDENT
The Data Controller takes all necessary technical and organizational measures to prevent a potential data protection incident (e.g., damage or loss of documents containing personal data, unauthorized access). In the event of an incident, the Data Controller keeps a record to monitor the necessary measures and inform the data subject, which includes the scope of the personal data concerned, the scope and number of data subjects affected by the data protection incident, the date, circumstances, and effects of the data protection incident, and the measures taken to remedy it, as well as other data specified in the law prescribing data processing.
If the data protection incident is likely to result in a high risk to the rights and freedoms of natural persons, the data subject will be informed of the data protection incident without undue delay.
REPORTING A DATA PROTECTION INCIDENT TO THE AUTHORITY
The Data Controller reports the data protection incident to the competent supervisory authority without undue delay, and if feasible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons.
COMPENSATION AND DAMAGES
Any person who has suffered material or non-material damage as a result of an infringement of the data protection regulation is entitled to receive compensation from the Data Controller or the data processor for the damage suffered. The data processor is only liable for the damage caused by the data processing if it has not complied with the obligations specifically imposed on data processors by law, or if it has disregarded or acted contrary to the lawful instructions of the Data Controller. If several Data Controllers or several data processors or both the Data Controller and the data processor are involved in the same data processing and are liable for the damage caused by the data processing, each Data Controller or data processor is jointly and severally liable for the entire damage.
The Data Controller or the data processor is exempt from liability if it proves that it is in no way responsible for the event causing the damage.
In case of a complaint, you can primarily complain through the contact details provided above, but you also have the right to file a complaint with the data protection authority regarding our processing of your personal data:
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11. 3.
Postal Address: 1363 Budapest, Pf.: 9.
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Web: http://www.naih.hu/
Or you can turn to the competent court. The court will proceed with the case as a matter of priority. The Data Controller undertakes to cooperate fully with the court or the NAIH in these proceedings and to provide the data related to data processing to the NAIH or the competent court.
MISCELLANEOUS PROVISIONS
The Data Controller undertakes that all data processing related to its activities complies with the requirements specified in this notice, the Data Controller's internal policy with equivalent requirements to this notice, and the applicable laws.
The Data Controller reserves the right to change this notice, provided that it informs the data subjects of any changes through a notice published in its office after the changes have been implemented.
If you would like to receive further information about your data protection rights, please contact the Data Controller.
During the preparation of this notice, the Data Controller took into account the following laws:
Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information.
Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.)
GDPR or
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
Act V of 2013 on the Civil Code (Ptk.)
Szolnok, July 20, 2023
Tamás Nádudvari sole proprietor.
Cookie Information
This website uses the following cookies:
| Name | Description | Type |
|---|---|---|
| webcliffhu | Technical data necessary for the operation of the website. Expiration time: 1 year. | necessary |
| _GRECAPTCHA | This cookie is installed by Google recaptcha. It is a technical cookie to filter out harmful non-human activity. Expiration time: 6 months. | necessary |
