HU EN
← Back to homepage

Privacy Policy

Introduction

Our Company follows the following basic principles during its data processing:

  1. we process personal data lawfully and fairly, as well as transparently for you.
  2. we collect personal data only for specified, clear, and legitimate purposes and do not process them in a manner incompatible with those purposes.
  3. the personal data collected and processed by us are adequate and relevant for the purposes of data processing and are limited to what is necessary.
  4. our Company takes every reasonable measure to ensure that the data we process are accurate and, if necessary, up to date; inaccurate personal data are deleted or rectified without delay.
  5. we store personal data in a form that allows you to be identified only for the time necessary to achieve the goals of processing the personal data.
  6. by applying appropriate technical and organizational measures, we ensure the adequate security of personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Name of the Service Provider and Data Controller:

Name / Company name Kolosai Tibor Ev.
Registered Office: 3780 Edelény, Újvilág út 14.
Tax Number: 49470291-1-25
Website name and address www.tiptopjogsi.hu
Availability of the Privacy Policy www.tiptopjogsi.hu

Contact details of the Data Controller:

Name / Company name Kolosai Tibor Ev.
Registered Office: 3780 Edelény, Újvilág út 14.
Mailing address 3780 Edelény, Újvilág út 14.
E-mail: [email protected]
Phone: +36-20-335-5129

Contact details of Data Processors:

Hosting Provider:

Name / Company name Tárhely.Eu Szolgáltató Kft.
Registered Office: 1538 Budapest, Pf.: 510.
Web address: https://tarhely.eu

Website creation, maintenance, supervision:

Name / Company name Megjelenésmentor Kft.
Web address: https://businessbloom.consulting

We only request personal data from our website visitors if they wish to inquire on the site.

Regarding your questions about data processing, you may request further information via the [email protected] e-mail or postal address; we will send our response without delay, within 20 days (but no later than 1 month) to the contact details provided by you.

Data received at [email protected] will not be disclosed to unauthorized persons.

Processed data: driver’s license, address card, identity card, passport, student ID, medical papers, phone number, and email address.

Our Company processes your personal data:

  1. based on your prior informed and voluntary consent, and only to the extent necessary and in all cases for a specific purpose, i.e., we collect, record, organize, store, and use it.
  2. in certain cases, the processing of your data is based on legal regulations and is mandatory; in such cases, we specifically draw your attention to this fact.
  3. and in certain cases, our Company or a third party has a legitimate interest in processing your personal data, for example, the operation, development, and security of our website.

Definitions

  • GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;
  • data processing (processing): any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • data processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
  • personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • data controller (controller): the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • consent of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
  • recipient: a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • third party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Principles of Data Processing

The controller declares that it performs the processing of personal data in accordance with the provisions of the privacy policy and complies with the requirements of relevant legislation, with special regard to the following:

The processing of personal data must be carried out lawfully and fairly, and in a transparent manner for the data subject.

Personal data may only be collected for specified, clear, and legitimate purposes.

The purpose of personal data processing must be adequate and relevant, and only to the extent necessary.

Personal data must be accurate and up to date. Inaccurate personal data must be deleted without delay.

The storage of personal data must occur in a form that allows identification of data subjects only for the necessary period. Personal data may be stored for a longer period only if the storage is for archiving purposes in the public interest, scientific and historical research purposes, or statistical purposes.

The processing of personal data must be carried out in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

The principles of data protection must be applied to all information concerning an identified or identifiable natural person.

Social Media Sites

A social media site is a media tool where the message is spread through social users. Social media uses the internet and online presence opportunities to turn users from content consumers into content editors. Social media is an interface of internet applications containing user-generated content, such as Facebook, Twitter, Instagram, TikTok, Youtube, etc.

The forms of appearance in social media can be public speeches, lectures, presentations, or descriptions of products or services. The forms of information appearing in social media can be forums, blog posts, images, video, and audio materials, message boards, email messages, etc. In accordance with the above, the scope of processed data may include the user’s public profile picture in addition to personal data.

Scope of data subjects: visitors to the website. The purpose of data collection is to promote the website or the linked webpage. The legal basis for data processing is the voluntary consent of the data subject. Duration of data processing: according to the regulations viewable on the given social media site. Deadline for data deletion: according to the regulations viewable on the given social media site. Persons entitled to access the data: according to the regulations viewable on the given social media site. Rights related to data processing: according to the regulations viewable on the given social media site. Method of data storage: electronic.

It is important to consider that when a user uploads or submits any personal data, they grant a worldwide license to the social media site operator to store and use such content. Therefore, it is very important to ensure that the user has full authority to disclose the published information.

Google Analytics

Our website does not use the Google Analytics application. In the event of using Google Analytics, if the above-named site were to use it:

Google Analytics compiles reports for its clients based on internal cookies about the habits of website users.

On behalf of the website operator, Google uses the information to evaluate how users use the website. As an additional service, it prepares reports related to website activity for the website operator so that it can perform further services.

The data is stored in encrypted format on Google’s servers to hinder and prevent misuse of data. Disabling Google Analytics can be done as follows. Quote from the site: Website users who do not want Google Analytics JavaScript to report their data can install the Google Analytics opt-out browser add-on. The add-on prohibits Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on can be used in most newer browsers.

The Google Analytics opt-out browser add-on does not prevent the sending of data to the website itself and other web analysis services.

https://support.google.com/analytics/answer/6004245?hl=hu

Google’s privacy policy: https://policies.google.com/privacy?hl=hu Detailed information regarding the use and protection of data is available at the links above.

Privacy in detail: https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf

Important Data Processing Information

The primary purpose of data processing is to protect the visitors of the service provider’s website.

The legal basis for data processing is the consent of the data subject. Duration of data processing and deletion of data. The duration of data processing is always a function of the specific user goal, but data must be deleted without delay if the originally set goal has already been achieved. The data subject may withdraw their consent to data processing at any time in a letter sent to the contact e-mail address. If there is no legal obstacle to deletion, in this case, your data will be deleted. The data controller and its employees are entitled to access the data.

The data subject may request access to, rectification, erasure, or restriction of processing of personal data concerning him or her from the controller, and may object to the processing of such personal data, as well as the data subject’s right to data portability.

The data subject may withdraw their consent to data processing at any time, but this does not affect the lawfulness of processing based on consent before its withdrawal. The data subject has the right to lodge a complaint with a supervisory authority. The data subject is entitled to have the controller rectify or supplement inaccurate personal data concerning him or her without undue delay upon request. The data subject is entitled to have the controller erase inaccurate personal data concerning him or her without undue delay upon request, and the controller is obliged to erase personal data concerning the data subject without undue delay if there is no other legal basis for the processing. Modification or deletion of personal data can be initiated via e-mail, phone, or letter at the contact details provided above.

Invoicing

The purpose of data processing is the issuance and sending of an invoice, electronic or paper-based, as an e-mail attachment. The legal basis for data processing is mandatory data processing based on legislation. The scope of data subjects in data processing is the service provider’s customer partners.

Duration of data processing: Data processing takes place according to legal requirements or until consent is withdrawn. You may withdraw your consent to data processing at any time in a letter sent to the contact e-mail address. Deletion of data occurs upon withdrawal of consent to data processing. You may withdraw your consent to data processing at any time in a letter sent to the contact e-mail address. Deletion of billing data may occur according to legal requirements. The data controller and its employees are entitled to access the data. Method of data storage: electronic. Modification or deletion of invoice data can be initiated via e-mail, phone, or letter at the contact details provided above.

Scope of Processed Data

Specific purpose of data processing data

  • Name: Identification, contact, invoicing.
  • Company name: Identification, contact, invoicing.
  • Address: Identification, contact, invoicing.
  • E-mail: Identification, contact.
  • Phone: Identification, contact.
  • Tax number / Tax ID: Identification of the buyer.
  • Invoice data: Identification of the invoice.
  • Date of invoice issuance: Technical information operation.

The data subject may object to the processing of his or her personal data, and in this regard is entitled to the procedure according to the data processing information detailed above and this policy, as well as the laws described in the policy.

Cookies

Cookies are small data files (hereinafter: cookies) that are placed on your computer through the use of the website via the website, so that they are downloaded and stored by your internet browser. Most of the most commonly used internet browsers (Chrome, Firefox, etc.) accept and enable the download and use of cookies as a default setting, but it depends on you whether you reject or disable them by modifying the browser settings, and you can also delete cookies already stored on the computer.

There are cookies that do not require your prior consent. Our website provides brief information about these at the start of your first visit, such as authentication, multimedia player, load balancing, session cookies assisting the customization of the user interface, and user-centric security cookies.

Cookie Type: Google Analytics program is used by the above-named website.

Function: This cookie used by Google, inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) records how users use the website. Based on the information recorded this way, reports can be made that help further develop the website.

The cookie records, among other things, the following information anonymously:

  1. the number of visitors to the website,
  2. from which website the visitors arrived at the website, and
  3. which pages of the website the visitors visited.

Validity (date or deadline for deletion): 2 years

Data Processors

Hosting Provider:

Name / Company name DotRoll Kft.
Registered Office: 1148 Budapest, Fogarasi út 3-5
Mailing address: 1148 Budapest, Fogarasi út 3-5
E-mail: [email protected]

The data you provide is stored on a server operated by the hosting provider. Only our employees and the employees operating the server may access the data, but all are responsible for the secure handling of the data. Name of the activity: hosting service, server service. Purpose of data processing: ensuring the operation of the website. Processed data: personal data provided by the data subject. Duration of data processing and deadline for deletion of data.

Data processing lasts until the end of the website’s operation, or according to the contractual agreement between the website operator and the hosting provider. The data subject may also request the deletion of their data by contacting the hosting provider if necessary. The legal basis for data processing is the consent of the data subject, or data processing based on legislation.

We may only transfer your data within frameworks defined by law, and in the case of our data processors, we ensure through contractual terms that they cannot use your personal data for purposes contrary to your consent.

Our Company does not transfer data abroad.

Courts, prosecution, and other authorities (e.g., police, tax office, National Authority for Data Protection and Freedom of Information) may contact our Company for the provision of information, data disclosure, or making documents available. In these cases, we must fulfill our data provision obligation, but only to the extent strictly necessary to achieve the purpose of the request.

Contributors and employees involved in the data processing and/or data handling of our Company are entitled to know your personal data to a predetermined extent – under the burden of confidentiality.

We protect your personal data with appropriate technical and other measures, ensure the security and availability of the data, and protect them from unauthorized access, alteration, damage, disclosure, and any other unauthorized use.

As part of organizational measures, we control physical access in our buildings, continuously train our employees, and keep paper-based documents locked with appropriate protection. As part of technical measures, we use encryption, password protection, and antivirus software. However, we draw your attention to the fact that data transmission via the internet cannot be considered fully secure data transmission. Our Company does everything possible to make the processes as secure as possible; however, we cannot take full responsibility for data transmission via our website, but regarding data received by our Company, we follow strict regulations to ensure the security of your data and prevent unlawful access.

Processed Data

Duration of data processing

The storage duration of the given cookie, further information available here:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analytics information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

What are your rights and legal remedies?

Regarding data processing, you may:

  • request information,
  • request the rectification, modification, or supplementation of your personal data processed by us,
  • object to the data processing and request the deletion or blocking of your data (with the exception of mandatory data processing),
  • seek legal remedy before a court,
  • lodge a complaint with the supervisory authority or initiate a procedure (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Authority for Data Protection and Freedom of Information

  • Registered Office: 1055 Budapest, Falk Miksa utca 9-11.
  • Mailing address: 1530 Budapest, Pf.: 9.
  • Phone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1410
  • E-mail: [email protected]
  • Website: https://naih.hu/

BUDAPEST CONCILIATION BOARD

  • Address: 1016 Budapest, Krisztina krt. 99. I. floor 111.
  • Mailing address: 1253 Budapest, Pf.:10.
  • Phone number: +36-1-488-21-31
  • Fax number: +36-1-488-21-86
  • President: Dr. Inzelt Éva Veronika
  • E-mail address: [email protected]

Upon your request, we provide information regarding your data processed by us or by our commissioned data processor:

  • about your data,
  • its source,
  • the purpose and legal basis of data processing,
  • its duration, and if this is not possible, the criteria for determining this duration,
  • the name and address of our data processors and their activity related to data processing,
  • the circumstances, effects of personal data breaches, and our measures taken to avert and prevent them, and
  • in case of transfer of your personal data, the legal basis and recipient of the data transfer.

We provide our information in the shortest time from the submission of the request, within 10 days (but no later than within 1 month). The information is free of charge unless you have already submitted an information request to us for the same data set in the current year. We will refund any reimbursement already paid by you if the data were processed unlawfully or the request for information led to rectification. We may only refuse information in cases specified by law, by indicating the legal basis and providing information about the possibility of judicial remedy or turning to the Authority.

Our Company notifies you, and all those to whom the data was previously transferred for the purpose of data processing, of the rectification, blocking, marking, and deletion of personal data, unless the failure to notify does not violate your legitimate interest.

If we do not fulfill your request for rectification, blocking, or deletion, we will communicate the reasons for our refusal in writing or – with your consent – electronically within 10 days of receiving the request (but no later than within 1 month) and inform you about the possibility of judicial remedy and turning to the Authority.

If you object to the processing of your personal data, we will examine the objection within the shortest time from the submission of the request, within 10 days (but no later than within 1 month), and inform you of our decision in writing. If we have decided that your objection is well-founded, in that case, we will terminate the data processing – including further data collection and data transfer – and block the data, and notify all those about the objection and the measures taken based on it.

Legislation serving as the basis for data processing

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation).
  • Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information.
  • Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
  • Act C of 2003 on Electronic Communications.
  • Act CXXVII of 2007 (hereinafter: VAT Act) and particularly based on its Section 169 (due to the obligation to issue a receipt and the data content of the invoice).