Information on data management
to the website www.ezermesteronline.hu
1. CONTENTS OF THE INFORMATION
The operator of ezermesteronline.hu (hereinafter referred to as the Website), Józsa Péter Egyéni Vállalkozo (hereinafter referred to as: Data Controller), hereby informs the visitors and Users of the website (hereinafter referred to as: Data Subjects) about the data processing carried out through the Website and related to the services provided by the Data Controller. Regulation (EU) 2016/679 of the European Parliament and Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Directive 95/46/EC (general data protection Regulation) (hereinafter: GDPR, Regulation) in accordance with the Regulation.
The Data Controller considers it of utmost importance to respect the Data Subjects’ right to self-determination of information.
From the Website, Data Subjects can obtain information about the content published by the Data Controller (hereinafter collectively: Service).
Data processing not listed in this information sheet will be provided separately when the data is collected.
2. CONCEPTS
The most important concepts and their interpretation in the information sheet:
Subject: natural person identified or identifiable on the basis of any information;
Personal data: any information relating to an identified or identifiable natural person (the Data Subject); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
Data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, systematization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or making accessible in any other way by item, coordination or connection, restriction, deletion or destruction;
Data transfer: making the data available to a specific third party;
Disclosure: making the data available to anyone;
Data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible;
Data destruction: complete physical destruction of the data carrier containing the data;
Data file: the totality of the data managed in a register;
Third party: a natural or legal person, or an organization without legal personality, who is or is not the same as the Data Subject, the data manager, the data processor or the persons who perform operations aimed at processing personal data under the direct control of the data manager or data processor;
Limitation of data management: marking stored personal data for the purpose of limiting their future management;
Data processing: Performing technical tasks related to data management operations performed by the data controller, regardless of the method and tool used to perform the operations, as well as the location of application, provided that the technical task is performed on the data;
Data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
The Affected
consent: the voluntary, specific and well-informed and clear declaration of the Data Subject’s will, with which the Data Subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her;
Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.
The terms used in this information are consistent
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and such.
It will be deleted after the expiry of the general limitation period (5 years).
4.7 Newsletter
The data controller provides the opportunity for interested persons to receive news, advice, and articles via their e-mail address.
Stakeholders Type of personal data handled Purpose of data management Legal basis for data management Duration of data storage, date of deletion
Users who specifically subscribe to the newsletter.
· name,
· e-mail address.
Sending news, advice, articles and offers related to handyman services, repair, installation, maintenance and construction work to the interested parties.
The Data Subject’s consent pursuant to Article 6 (1) of the GDPR. based on point a). Until the user account is deleted or consent is revoked.
In the case of an inactive account, the data will be deleted by the Data Controller after 5 years from the last login.
The Data Subject has the right to withdraw his consent to data management at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
The Data Controller is not responsible for the correctness and adequacy of the data provided by the Users.
4.8 Contact
If the Data Subjects have comments, questions, problems, or complaints regarding the Service available through the Website, they can contact the Data Controller via the interface created on the website, by e-mail, or by telephone.
Stakeholders Type of personal data processed Purpose of data management Legal basis for data management Duration of data storage, date of deletion
Persons communicating a question or problem via the interface. · name,
· e-mail address,
· topic,
· other data provided voluntarily.
Answering the question, solving the problem, retrievability. Improving customer experience. The Data Subject’s consent pursuant to Article 6 (1) of the GDPR. based on point a). After a maximum of 1 year from the date of data disclosure, or until the consent of the data subject is revoked
Persons reporting a question or problem by email. · name of person sending e-mail,
· your email address,
· other data voluntarily provided by e-mail.
Answering the question, solving the problem, retrievability. Improving customer experience. The Data Subject’s consent pursuant to Article 6 (1) of the GDPR. based on point a). After a maximum of 1 year from the date of data disclosure, or until the consent of the data subject is revoked.
Persons reporting a question or problem by e-mail by telephone. · person’s name,
· your phone number,
· other voluntarily provided data.
Answering the question, solving the problem, retrievability. Improving customer experience. The Data Subject’s consent pursuant to Article 6 (1) of the GDPR. based on point a). After a maximum of 1 year from the date of data disclosure, or until the consent of the data subject is revoked
The Data Subject has the right to withdraw his consent to data management at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
4.9 Personal data generated when visiting the Website (cookies):
Stakeholders Type of personal data handled Purpose of data management Legal basis for data management Duration of data storage, date of deletion
All Data Subjects visiting the website.
· Date,
· date,
· IP address of the user’s computer,
· the address of the visited page,
· data related to the user’s operating system and browser.
During a visit to the website, the Data Controller records visitor data in order to check the operation of the service and prevent abuse.
User identification and visitor tracking.
The Data Subject’s consent pursuant to Article 6 (1) of the GDPR. based on point a). unless the sole purpose of using cookies is the transmission of information via an electronic communication network or the Data Controller absolutely needs it to provide a service related to the information society specifically requested by the subscriber or user. In the case of session cookies, the duration of data management lasts until the end of the website visit, while in other cases it lasts a maximum of 365 days.
The Data Subject has the right to withdraw his consent to data management at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
The Data Subject has the option to delete cookies under the settings of the Data Protection menu item in the Tools/Settings menu of their browser.
5. CLAIMS OF DATA PROCESSORS
In order to manage and store data, the Data Controller cooperates with the following Data Processors.
Invoicing
Name:
Title:
Availability:
Data processing activity
Storage space
Name: Microware Hungary Kft.
Address: 1148 Budapest, Fogarasi út 3-5.
Contact: domreg@microware.hu
Data processing activity
Newsletter subscription and database and newsletter service related to free quotation requests:
Name: MailChimp
https://mailchimp.com/about/security/
Analysis of site visitation data and tracking of visitors.
Google Analytics
https://policies.google.com/technologies/cookies?hl=en-US
6. DATA TRANSMISSION
During data management, the Data Controller transmits data to the Data Processors listed in Chapter V. Data is not transferred to third countries during data processing.
7. RIGHTS OF THE DATA PARTICIPANT
The Data Subjects have the opportunity to exercise all rights related to the legal basis of the data management case. Requests submitted by the Data Subject in connection with the exercise of individual rights can be made in writing:
by post to: 1055 Bp, Balassi Bálint utca 7, or
electronically to the e-mail address ezermester@ezermesteronline.hu.
The Data Controller shall inform the Data Subject without undue delay, but at the latest within one month of the receipt of the request, of the measures taken following the request sent to the Data Controller for the purpose of exercising the given rights. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months.
The Data Controller shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the Data Subject submitted the request electronically, the information will be provided electronically, unless the Data Subject requests otherwise.
7.1 Right to information is right to access
The data subject has the right to get to know his personal data stored by the Data Controller and the information related to their management, to request it at any time, to check what data the Data Controller keeps on him, and he is also entitled to receive access to the personal data.
7.2 Right of correction and addition
The Data Subject may request the correction of inaccurate personal data concerning him or her and the completion of incomplete data.
7.3 Right to erasure
If one of the following reasons exists, the Data Subject is entitled to have the Data Controller delete the personal data relating to him without undue delay at his request:
the personal data are no longer needed for the purpose for which they were collected or otherwise processed by the Data Controller;
the Data Subject withdraws his consent, which is the basis of the data management, and there is no other legal basis for the data management;
the Data Subject objects to the data processing for reasons related to his own situation, and there is no legitimate reason for the data processing;
the Data Subject objects to the processing of his/her personal data for the purpose of direct business acquisition, including profiling, if it is related to direct business acquisition;
personal data is handled illegally by the Data Controller;
the collection of personal data took place in connection with the offering of information society-related services offered directly to children.
7.4 Right to restriction of data processing
At the Data Subject’s request, the Data Controller restricts data processing if one of the following conditions is met:
the Data Subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the verification of the accuracy of the personal data;
the data processing is illegal and the Data Subject opposes the deletion of the data and instead requests the limitation of its use;
the data controller no longer needs the personal data for the purpose of data management, but the Data Subject requires them to present, enforce or defend legal claims; or
the Data Subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the data controller’s legitimate reasons take precedence over the data subject’s legitimate reasons.
If data management is subject to restrictions, personal data may only be processed with the consent of the Data Subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state. The Data Controller informs the Data Subject in advance of the lifting of restrictions on data management.
7.5 Right to data portability
The Data Subject has the right to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller, if the data processing is based on consent or a contract and the data processing is automated is happening.
7.6 Automated decision-making in individual cases, including profiling
The Data Subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent.
The person concerned is listed in this chapter
t cannot assert its rights if the Data Controller proves that it is not in a position to identify the data subject. If the data subject’s request is clearly unfounded or excessive (especially considering the repetitive nature), the Data Controller may charge a reasonable fee for fulfilling the request or refuse to take action. The Data Controller is responsible for proving this. If the Data Controller has doubts about the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the requester.
8. OPTIONS FOR ENFORCEMENT
The rights of the data subject can be exercised in a request sent by e-mail or by post, according to III. through the contact details given in the chapter. If the Data Controller does not take measures following the Data Subject’s request, it shall inform the Data Subject without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action, and that the data subject may submit a complaint to:
You can submit a complaint to the National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf.: 9.; ugyfelszolgalat@naih.hu;naih.hu) or you can assert your rights in court the Infotv., the GDPR, and the Civil Code. based on
9. MANAGEMENT OF DATA PROTECTION INCIDENTS
The Data Controller keeps a register for the purpose of checking the measures related to the data protection incident, informing the supervisory authority, and informing the Data Subject, which includes the range of personal data Affected by the incident, the range and number of Data Subjects, the date, circumstances, effects of the incident, and the measures taken to prevent it. If the Data Controller considers that a specific incident is likely to pose a risk to the rights and freedoms of the Data Subjects, it shall inform the supervisory authority of the data protection incident without undue delay, but within 72 hours at most. If the Data Controller considers that the given incident is likely to pose a high risk to the rights and freedoms of the Data Subjects, it shall inform the Data Subjects of the data protection incident without undue delay.
10. DATA SECURITY
The Data Controller undertakes to ensure the security of the data, and to take the technical measures to ensure that the recorded, stored and managed data are protected, and to do everything possible to prevent their destruction, unauthorized use and unauthorized alteration. You also undertake to call on all third parties to whom you may forward or transfer the data to fulfill their obligations in this regard.
11. OTHER PROVISIONS
The Data Controller reserves the right to unilaterally amend this Data Management Information Sheet with prior notification to the Data Subjects via the website. After the amendment enters into force, the Data Subject accepts the contents of the amended Data Management Notice by referring to it. In any case, please read the amendments to the data management information carefully, because they contain important information about the management of your personal data.
This Data Management Notice is valid from November 7, 2023.