Privacy Policy
Introduction:
The COMPANY (hereinafter referred to as the Service Provider, data controller) subjects itself to the following policy:
According to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.
This privacy policy regulates the data management of the following websites: www.alberterika.com
The privacy policy is available at the following URL: www.alberterika.com/pp
Modifications to the policy become effective upon publication at the above URL.
Data Controller and Contact Information:
Name: Erika Albert sole proprietor
Headquarters: 1118, Budapest, Zólyomi út 9
Email: erika@alberterika.com
Data Protection Officer Contact Information:
Name: Erika Albert
Email: erika@alberterika.com
Definitions:
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
“The data subject’s consent”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Data protection incident”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Principles Relating to the Processing of Personal Data
Personal data must be:
a) Processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”);
b) Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall, in accordance with Article 89(1), not be considered incompatible with the initial purposes (“purpose limitation”);
c) Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
The controller shall be responsible for, and be able to demonstrate, compliance with the above principles (“accountability”).
The controller declares that its data processing activities comply with the principles outlined in this section.
Data Processing:
Request for Quote:
The fact of data collection, the scope of data processed, and the purposes of data processing:
- Personal data: Name
- Purpose of data processing: Identification
- Email address: Contact, necessary for sending the quote (response).
- Message: Necessary for developing and customizing the quote.
- Time of request for quote: Technical operation execution.
- IP address of request time: Technical operation execution.
Data subjects: All data subjects requesting a quote on the website. Duration of data processing, deadline for deletion:Until the data subject’s deletion request. The controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject pursuant to Article 19 of the GDPR. If the deletion request covers the email address provided by the data subject, the controller will also delete the email address following the notification. Possible data processors entitled to access the data, recipients of personal data: Authorized employees of the controller may process personal data as outlined in this notice. Description of the data subjects’ rights related to data processing: The data subject may request access to, rectification of, deletion of, or restriction of processing of personal data concerning them from the controller, and the data subject has the right to data portability and the right to withdraw consent at any time. The data subject may initiate access to, deletion, modification, or restriction of processing, and data portability of personal data in the following ways: via email at erika@alberterika.com. Legal basis for data processing: Article 6(1)(b) of the GDPR. We inform you that data processing is necessary for providing a quote. Failure to provide data will result in the inability to offer a customized quote.
Training Application:
The fact of data collection, the scope of data processed, and the purposes of data processing:
- Personal data: Name
- Purpose of data processing: Identification
- Email address: Contact, necessary for sending the response.
- Message: Necessary for developing and customizing the training.
- LinkedIn profile: Necessary for developing and customizing the training.
- Time of training application: Technical operation execution.
- IP address of application time: Technical operation execution.
Data subjects: All data subjects applying for training on the website. Duration of data processing, deadline for deletion: Until the data subject’s deletion request. The controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject pursuant to Article 19 of the GDPR. If the deletion request covers the email address provided by the data subject, the controller will also delete the email address following the notification. Possible data processors entitled to access the data, recipients of personal data: Authorized employees of the controller may process personal data as outlined in this notice. Description of the data subjects’ rights related to data processing: The data subject may request access to, rectification of, deletion of, or restriction of processing of personal data concerning them from the controller, and the data subject has the right to data portability and the right to withdraw consent at any time. The data subject may initiate access to, deletion, modification, or restriction of processing, and data portability of personal data in the following ways: via email at erika@alberterika.com. Legal basis for data processing: Article 6(1)(b) of the GDPR. We inform you that data processing is necessary for the training application. Failure to provide data will result in the inability to admit you to the training.
Newsletter Subscription:
The fact of data collection, the scope of data processed, and the purposes of data processing:
- Purpose of data processing: Contact
- Email address: Contact, necessary for sending the newsletter.
- Time of newsletter subscription: Technical operation execution.
- IP address of subscription time: Technical operation execution.
Data subjects: All data subjects subscribing to the newsletter on the website. Duration of data processing, deadline for deletion: Until the data subject’s deletion request. The controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject pursuant to Article 19 of the GDPR. If the deletion request covers the email address provided by the data subject, the controller will also delete the email address following the notification. Possible data processors entitled to access the data, recipients of personal data: Authorized employees of the controller may process personal data as outlined in this notice. Description of the data subjects’ rights related to data processing: The data subject may request access to, rectification of, deletion of, or restriction of processing of personal data concerning them from the controller, and the data subject has the right to data portability and the right to withdraw consent at any time. The data subject may initiate access to, deletion, modification, or restriction of processing, and data portability of personal data in the following ways: via email at erika@alberterika.com. Legal basis for data processing: Article 6(1)(b) of the GDPR. We inform you that data processing is necessary for sending the newsletter. Failure to provide data will result in the inability to send you the newsletter.
Customer Relations:
The fact of data collection, the scope of data processed, and the purposes of data processing:
- Purpose of data processing: Contact, identification, fulfillment of contracts, business purpose.
- Personal data: Name
- Purpose of data processing: Identification
- Email address, phone: Contact, fulfillment of contracts.
Data subjects: All data subjects contacting the controller by phone/email/in person, or having a contractual relationship with the controller. Duration of data processing, deadline for deletion: Data processing lasts until the termination of the legal relationship between the controller and the data subject, or for 5 years following the contract in case of claims.Possible data processors entitled to access the data, recipients of personal data: Authorized employees of the controller may process personal data, respecting the above principles.
Description of the Data Subjects’ Rights Related to Data Processing:
The data subject may request access to, rectification of, deletion of, or restriction of processing of personal data concerning them from the controller, and the data subject has the right to data portability and the right to withdraw consent at any time.
The data subject may initiate access to, deletion, modification, or restriction of processing, and data portability of personal data in the following ways: via email at erika@alberterika.com.
Legal basis for data processing: Article 6(1)(b) and (c) of the GDPR.
In case of enforcement of claims arising from the contract, according to Section 6:21 of Act V of 2013 on the Civil Code, claims expire after 5 years.
Statute of Limitations:
- Unless otherwise provided by this Act, claims shall expire after five years.
- The limitation period begins when the claim becomes due.
- An agreement to change the limitation period must be put in writing.
- An agreement excluding the limitation period is null and void.
We inform you that data processing is necessary for contract performance and providing a quote. Failure to provide data will result in our inability to process your order/request.
Data Processors:
Hosting Provider:
- Activity Performed: Hosting service
- Name and Contact Information of the Processor:
- TAG21 Kft.
- Address: 1116 Budapest, Sztregova utca 1.
- Contact: admin@tag21.hu
- Scope of Data Processing: All personal data provided by the data subject.
- Data Subjects: All users of the website.
- Purpose of Data Processing: To make the website available and ensure its proper operation.
- Duration of Data Processing: Until the agreement between the data controller and the hosting provider is terminated, or until the data subject requests deletion from the hosting provider.
- Legal Basis for Data Processing: GDPR Article 6(1)(f) and Section 13/A(3) of Act CVIII of 2001 on Electronic Commerce.
- Rights of the Data Subject:
- The right to be informed about the circumstances of data processing.
- The right to receive feedback from the data controller about the processing of their personal data.
- The right to receive their personal data in a structured, widely used, machine-readable format.
- The right to request the correction of inaccurate personal data without undue delay.
- The right to object to the processing of personal data.
Accounting and Invoicing:
- Activity Performed: Accounting tasks and invoicing
- Name and Contact Information of the Processor:
- Albert Erika e.v.
- Address: 1118, Budapest, Zólyomi út 9
- Contact: erika@alberterika.com
- Scope of Data Processing: Name, billing name, billing address, tax number.
- Data Subjects: All individuals placing orders on the website and all individuals using services from the Service Provider.
- Purpose of Data Processing: Issuance of invoices.
- Duration of Data Processing: 8 years, in accordance with Section 169(2) of Act C of 2000 on Accounting.
- Legal Basis for Data Processing: GDPR Article 6(1)(c) and Section 13/A(3) of Act CVIII of 2001 on Electronic Commerce.
- Rights of the Data Subject:
- The right to be informed about the circumstances of data processing.
- The right to receive feedback from the data controller about the processing of their personal data.
- The right to receive their personal data in a structured, widely used, machine-readable format.
- The right to request the correction of inaccurate personal data without undue delay.
Invoicing (Billingo):
- Activity Performed: Invoicing
- Privacy Policy: https://www.billingo.hu/adatkezelesi-tajekoztato
- Purpose of Data Processing: Issuance and storage of invoices.
Cookie Management:
- Types of Cookies: “Security cookies,” “necessary cookies,” “functional cookies,” and “cookies responsible for website statistics” do not require prior consent from data subjects.
- Scope of Data Processing: Unique identifier, dates, times.
- Data Subjects: All visitors of the website.
- Legal Basis for Data Processing: Section 13/A(3) of Act CVIII of 2001 on Electronic Commerce.
- Purpose of Data Processing: To monitor user statistics.
- Cookie Types:
- Session Cookies: Duration: until the end of the visitor’s session.
- Persistent Cookies: Duration: until deleted by the data subject.
- Potential Data Controllers Entitled to Access Data: The data controller does not process personal data through the use of cookies.
- Rights of Data Subjects: Data subjects can delete cookies via the Tools/Settings menu in their browsers, typically under the Privacy settings.
- Legal Basis for Data Processing: No consent is required if the sole purpose of using cookies is to transmit communication over an electronic communication network or to provide an information society service explicitly requested by the subscriber or user.
Google AdWords Conversion Tracking:
- The data controller uses the “Google AdWords” online advertising program and the Google conversion tracking service within it. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
- When a user accesses a website through a Google advertisement, a cookie necessary for conversion tracking is placed on their computer. These cookies have limited validity and do not contain any personal data, so the user cannot be identified through them.
- When the user browses certain pages of the website and the cookie has not expired, Google and the data controller can see that the user clicked on the advertisement.
- Each Google AdWords customer receives a different cookie, so they cannot be tracked across the AdWords customers’ websites.
- The information obtained through the conversion tracking cookies is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are informed about the number of users who clicked on their advertisement and were directed to a page with a conversion tracking tag. However, they do not receive information that could identify any user.
- If you do not wish to participate in tracking, you can opt-out by disabling the installation of cookies in your browser. In this case, you will not be included in the conversion tracking statistics.
- More information and Google’s privacy statement can be found at: www.google.de/policies/privacy/
Google Analytics Usage:
- This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer to help analyze how users use the website.
- The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. By activating IP anonymization on this website, your IP address will be truncated within the European Union or the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage.
- The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing data generated by cookies related to your use of the website (including your IP address) by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=hu.
Newsletter and Direct Marketing:
- According to Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the user may give prior and explicit consent to the Service Provider’s contact through the contact details provided at the time of registration with advertising offers and other messages.
- The user may also consent to the Service Provider processing the personal data necessary for sending advertising offers in accordance with the provisions of this information.
- The Service Provider does not send unsolicited advertising messages, and the user can unsubscribe from the offers without limitation and justification, free of charge. In this case, the Service Provider will delete all personal data required for sending advertising messages from its records and will not contact the user with further advertising offers. Users can unsubscribe from advertisements by sending an email to erika@alberterika.com.
- Data Subjects: All individuals subscribed to the newsletter.
- Purpose of Data Processing: To send electronic messages containing advertisements (emails) to the data subject, to provide information about current news, products, promotions, new features, etc.
- Duration of Data Processing: Until the withdrawal of the consent, i.e., until unsubscription.
- Potential Data Controllers Entitled to Access Data: The personal data can be processed by the sales and marketing staff of the data controller, in compliance with the above principles.
- Rights of Data Subjects: The data subject can request access to, correction, deletion, or restriction of processing of their personal data, and can object to the processing of their personal data. The data subject also has the right to data portability and the right to withdraw consent at any time. Data subjects can initiate access to, deletion, modification, restriction of processing, data portability, or objection via email at erika@alberterika.com. The data subject can unsubscribe from the newsletter at any time, free of charge.
- Legal Basis for Data Processing: The data subject’s consent, Article 6(1)(a) and (f) of the GDPR, and Section 6(5) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities:
- The advertiser, the advertising service provider, and the publisher of the advertisement keep a record of the personal data of individuals who consented to receiving advertisements, as specified in the consent. The personal data recorded in this register about the recipient of the advertisement can only be processed according to the provisions set out in the consent, until it is withdrawn, and can only be disclosed to third parties with the prior consent of the data subject.
- We inform you that data processing is based on your consent and the legitimate interest of the service provider.
Customer Relations and Other Data Processing
If the data subject has any questions or issues while using our services, they can contact the data controller through the methods provided on the website (phone, email, social media, etc.). The data controller deletes received emails, messages, phone calls, etc., along with the name and email address of the inquirer and any other voluntarily provided personal data, within a maximum of 2 years from the date of data submission. We provide information about any data processing activities not listed in this notice at the time of data collection. In the event of exceptional official requests or requests from other authorities authorized by law, the Service Provider is obliged to provide information, disclose data, transfer data, or make documents available. In such cases, the Service Provider will only disclose personal data to the requesting party to the extent that is absolutely necessary to achieve the purpose of the request, provided that the exact purpose and scope of the data have been specified.
Rights of Data Subjects
Right of Access
You have the right to receive feedback from the data controller regarding whether your personal data is being processed and, if such processing is ongoing, to access your personal data and the information listed in the regulation.
Right to Rectification
You have the right to request that the data controller rectify inaccurate personal data about you without undue delay. Considering the purpose of processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to Erasure
You have the right to request that the data controller delete your personal data without undue delay, and the data controller is obliged to delete your personal data without undue delay under certain conditions.
Right to be Forgotten
If the data controller has made your personal data public and is obligated to delete it, the data controller will take reasonable steps—considering available technology and implementation costs—to inform other data controllers processing the data that you have requested the deletion of links to, or copies of, the personal data in question.
Right to Restriction of Processing
You have the right to request that the data controller restrict processing if one of the following conditions applies:
- You contest the accuracy of the personal data, in which case the restriction applies for a period allowing the data controller to verify the accuracy of the personal data;
- The processing is unlawful, and you oppose the deletion of the data and instead request the restriction of its use;
- The data controller no longer needs the personal data for processing, but you require it for the establishment, exercise, or defense of legal claims;
- You have objected to processing; in this case, the restriction applies during the period while it is being verified whether the data controller’s legitimate grounds override your legitimate grounds.
Right to Data Portability
You have the right to receive your personal data, which you have provided to a data controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit these data to another data controller without hindrance from the original data controller.
Right to Object
You have the right to object to the processing of your personal data at any time for reasons related to your particular situation, including profiling based on these provisions.
Objection to Direct Marketing
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes, including profiling related to direct marketing. If you object to the processing of your personal data for direct marketing, your data can no longer be processed for these purposes.
Automated Decision-Making in Individual Cases, Including Profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.
This does not apply if the decision:
- Is necessary for the performance or conclusion of a contract between you and the data controller;
- Is authorized by EU or Member State law applicable to the data controller that provides suitable measures to safeguard your rights and freedoms, and legitimate interests; or
- Is based on your explicit consent.
Response Time for Measures:
The data controller will inform you of the measures taken in response to the above requests without undue delay, but in any case, within one month from the receipt of the request. If necessary, this period can be extended by 2 months. The data controller will inform you of the extension, specifying the reasons for the delay, within one month from the receipt of the request. If the data controller does not take action on your request, they will inform you of the reasons for not taking action without delay, but no later than one month from the receipt of the request, and inform you of your right to lodge a complaint with a supervisory authority and to seek judicial remedy.
Security of Processing:
The data controller and the data processor will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the science and technology, the costs of implementation, as well as the nature, scope, context, and purposes of processing, and the risks to the rights and freedoms of individuals, which vary in likelihood and severity. These measures may include, among others: a) the pseudonymization and encryption of personal data; b) ensuring the ongoing confidentiality, integrity, availability, and resilience of systems and services used for processing personal data; c) the ability to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident; d) a procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of processing.
Information to the Data Subject in the Event of a Data Breach:
If a data breach is likely to result in a high risk to the rights and freedoms of individuals, the data controller will inform the data subject of the data breach without undue delay. The notification to the data subject must clearly and understandably describe the nature of the data breach and include the name and contact details of the data protection officer or other contact point for further information; describe the likely consequences of the data breach; and outline the measures taken or proposed by the data controller to address the data breach, including, where appropriate, measures to mitigate any adverse effects.
Notification is not required if any of the following conditions apply:
- The data controller has implemented appropriate technical and organizational protection measures and these measures were applied to the affected data, especially measures such as encryption that render the data unintelligible to unauthorized persons;
- The data controller has taken subsequent measures ensuring that the high risk to the rights and freedoms of individuals is no longer likely to materialize;
- Providing the notification would involve disproportionate effort. In such cases, data subjects should be informed through publicly available means or by other similar measures that ensure effective communication with the data subjects.
If the data controller has not yet notified the data subject of the data breach, the supervisory authority, after assessing whether the data breach is likely to result in a high risk, may mandate the data subject’s notification.
Notification of a Data Breach to the Supervisory Authority:
The data controller must notify the competent supervisory authority of the data breach without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, unless the data breach is unlikely to result in a risk to the rights and freedoms of individuals. If the notification is not made within 72 hours, it must be accompanied by reasons for the delay.
Complaint Procedure:
You can file a complaint about potential violations by the data controller with the National Authority for Data Protection and Freedom of Information: National Authority for Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing Address: 1530 Budapest, P.O. Box 5. Phone: +36 -1-391-1400 Fax: +36-1-391-1410 E-mail: ugyfelszolgalat@naih.hu
Closing Statement
In preparing this information, we have considered the following legal regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.)
- Act CVIII of 2001 on Certain Issues of Electronic Commerce and Information Society Services (mainly § 13/A)
- Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices Against Consumers
- Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activity (particularly § 6)
- Act XC of 2005 on the Freedom of Electronic Information
- Act C of 2003 on Electronic Communications (specifically § 155)
- Opinion No. 16/2011 on Best Practice for Behavioural Online Advertising EASA/IAB Recommendation
- The recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC