HENRIETT HELLEBRAND

paintress

 

 

Privacy Policy

General section

 

We only collect and process personal information in accordance with the law. Data management is based on consent. We store your data as securely as possible. We only pass on personal data to third parties with your consent. We will inform anyone about the data stored about them, and you can also request the deletion of the data at any time at our contact details.

Paintress Henriett Hellebrand A (tax number: 78996070-1-33) ("Data Controller") submits to the following information. Act CXII of 2011 on the right to information self-determination and freedom of information. Section 20 (1) of the Act stipulates that the data subject (in this case the website user, hereinafter: the user) must be informed before the start of the data processing that the data processing is based on consent or is obligatory.

The data subject shall be clearly and in detail informed of all facts relating to the processing of his or her data, in particular the purpose and legal basis of the processing, the data subject and the duration of the processing.

The data subject must be informed about Info tv. § 6 (1) that personal data may be processed even if obtaining the data subject's consent would be impossible or disproportionate and the processing of personal data

- necessary to fulfill a legal obligation on the controller, or

- is necessary for the protection of the legitimate interests of the controller or of a third party and is proportionate to the restriction of the right to the protection of personal data.

The information should also cover the data subject's rights and remedies.

If it would be impossible or disproportionate to provide personal information to data subjects, the information may also be provided by disclosing the following information:

a) the fact of data collection,

b) the range of stakeholders,

c) the purpose of the data collection,

d) the duration of the data processing,

e) the identity of the potential controllers entitled to access the data,

(f) a description of the data subjects' rights and remedies in relation to data processing; and

(g) where the data processing is subject to a data protection record, the record number of the data processing. This data management information regulates the data management of the following website: www.henigaleria.hu. The information is available on the following page: www.henigaleria.hu/adat

Amendments to this prospectus will take effect upon publication at the above address. We also display the legal reference behind each chapter in the prospectus.

Legal basis for data processing: the voluntary consent of the data subject, Infotv. Section 5 (1) of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities. Section 6 (5) of the Act:

The advertiser, the advertising provider, or the publisher of the ad

- within the scope specified in the consent

- keeps a record of the personal details of those who make a statement. Recorded in this record

- Relates to the recipient of the ad

- data may only be processed in accordance with the statement of consent until it has been withdrawn and may only be transferred to a third party with the prior consent of the person concerned.

Social Pages

Act CXII of 2011 on the right to information self-determination and freedom of information. Pursuant to Section 20 (1) of the Act, the following shall be specified in the scope of data management of social networking sites:

a) the fact of data collection,

b) the range of stakeholders,

c) the purpose of the data collection,

d) the duration of the data processing,

e) the identity of the potential controllers entitled to access the data,

(f) a description of the data subjects' rights with regard to data processing.

The fact of data collection, the range of data processed: Facebook / Google + / Twitter / Pinterest / Youtube / Instagram, etc. registered name on social networking sites and the user's public profile picture.

Stakeholders: All stakeholders who have registered on Facebook / Google + / Twitter / Pinterest / Youtube / Instagram, etc. social networking sites and “liked” the website.

The purpose of data collection is to share or "like" certain social elements, products, promotions or the website itself on social media.

Duration of data processing, deadline for deletion of data, identity of potential data controllers entitled to access the data and rights of data subjects in relation to data processing: The source of the data, its processing, the person concerned may be informed. Data management is carried out on social networking sites, so the duration and method of data management, as well as the possibilities of deleting and modifying data are regulated by the given social networking site.

Legal basis for data processing: the voluntary consent of the data subject to the processing of personal data on social networking sites.

Scope of data managed:

Name, address, email address, phone number, account number.

Duration of data processing:

The issued invoices are issued by Sztv. Pursuant to Section 169 (2), it must be retained for 8 years from the date of issue of the invoice. We would like to inform you that if you withdraw your consent to the issuance of the invoice, the Data Controller will inform Infotv. Pursuant to Section 6 (5) (a), he is entitled to keep the personal data obtained during the issuance of the invoice for 8 years.

Data Transfer

Act CXII of 2011 on the right to information self-determination and freedom of information. Pursuant to Section 20 (1) of the Act, the following must be specified within the data transmission activities of the website:

- the fact of data collection,

- Stakeholders,

- the purpose of the data collection,

- duration of data processing,

- the identity of the potential data controllers entitled to access the data,

- a description of the data subjects' rights in relation to data processing.

Data is protected by the data controller in particular

- unauthorized access,

- the change,

- forwarding,

- disclosure,

- delete or destroy,

- accidental destruction and damage,

- against becoming inaccessible due to changes in the technology used.

The data controller shall ensure, by appropriate technical means, that the data stored in the records cannot be directly linked and assigned to the data subject.

In order to prevent unauthorized access to, alteration and unauthorized disclosure or use of personal data, the controller shall ensure that:

- on the design and operation of the appropriate IT and technical environment,

- the controlled selection and supervision of the staff involved in the provision of services,

- issuing detailed operational, risk management and service procedures.

Based on the above, your carrier will ensure that the data it manages

- be available to the right holder,

- authenticity and authentication are guaranteed,

- its invariability can be justified, let it be.

Protected by the IT system of the data controller and its hosting provider, among others

- computer fraud,

- espionage,

- computer viruses,

- spam,

- the hacks

- s other attacks.

Data hosting provider

Name of the data processor: Tárhely.EU Kft.

Contact details for the data processor:

Address: 1144.Budapest Ormánság utca 4.

Email: gdpr@tarhely.eu

The Data Processor stores personal data on the basis of a written contract concluded with the Data Controller. You are not authorized to access personal information.

Rights of data subjects (§§ 14-19)

The data subject may request the Service Provider to provide information on the handling of his / her personal data, request the correction of his / her personal data, and request the deletion or blocking of his / her personal data, with the exception of mandatory data processing.

At the request of the data subject, the controller shall provide information on the data processed by the data subject or processed by the data controller, their source, purpose, legal basis, duration, name, address and activities related to data processing, and, in the case of transfers of personal data of the data subject, the legal basis and the recipient of the transfer.

In order to verify the lawfulness of the transfer and to inform the data subject, the controller shall keep a record of the transfer, including the date of the transfer of the inaccurate data, the legal basis and recipient of the transfer, the scope of the personal data transferred and the data processing. other information required by law.

The controller shall provide the information in writing at the request of the data subject in a comprehensible form as soon as possible after the submission of the request, but no later than within 25 days. The information is free.

At the request of the User, the Service Provider shall provide information on the data processed by it, their source, purpose, legal basis, duration, name, address and activities related to any data processor, and - in case of transfer of personal data of the data subject - data transmission legal basis and addressee. The Service Provider shall provide the information in writing, in a comprehensible form, as soon as possible after the submission of the application, but not later than within 25 days. The information is free.

Service Provider, if the personal data does not correspond to reality and the personal data corresponding to reality is available to the data controller, it shall correct the personal data.

Instead of deleting, the Service Provider will block the personal data if the User so requests or if the information available to him presupposes that the deletion would harm the legitimate interests of the User. Blocked personal data may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists.

Service Provider deletes personal data if its processing is illegal, the User requests, the processed data is incomplete or incorrect - and this condition cannot be legally remedied - provided that the deletion is not precluded by law, the purpose of data processing terminated or the statutory time limit for the storage of data has expired, it has been ordered by a court or the National Data Protection and Freedom of Information Authority.

The controller shall flag the personal data he or she processes if the data subject disputes their correctness or accuracy, but the inaccuracy or inaccuracy of the disputed personal data cannot be clearly established.

The rectification, blocking, flagging and deletion shall be notified to the data subject and to all persons to whom the data have previously been transmitted for data processing purposes. Notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the processing.

If the controller does not comply with the request for rectification, blocking or erasure concerned, he shall state in writing the reasons in fact and in law for rejecting the request for rectification, blocking or erasure within 25 days of receipt of the request. If the request for rectification, erasure or blocking is rejected, the controller shall inform the data subject of the possibility of legal redress and recourse to the Authority.

Remedies

A user may object to the processing of their personal information if

- the processing or transfer of personal data is necessary only for the fulfillment of a legal obligation to the Service Provider or for the enforcement of the legitimate interest of the Service Provider, data recipient or third party, unless the data processing is required by law;

- the use or transfer of personal data for direct business, public opinion or scientific research purposes;

- in other cases specified by law.

The Service Provider shall examine the protest as soon as possible, but not later than within 15 days from the submission of the request, make a decision on the merits of the request and inform the applicant in writing of its decision. If the Service Provider establishes the validity of the data subject's protest, it terminates the data processing, including further data collection and data transfer, and blocks the data, and notifies all those to whom the personal data affected by the protest was previously transmitted and who are obliged to take action to enforce the right to protest.

If the User does not agree with the Service Provider's decision, he / she may file a lawsuit against it within 30 days of its notification. The court is out of line.

Complaints against a possible breach by a data controller can be made to the National Data Protection and Freedom of Information Authority:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22 / C.

Mailing address: 1530 Budapest, Mailbox: 5.

Phone: +36 -1-391-1400

Fax: + 36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

 

© 2013.Henriett Hellebrand