Privacy Policy (Adatkezelési tájékoztató)
Aranyi Attila e.v. (7052 Kölesd, Rákóczi utca 8., Tax number: 58199697-2-37, registration number: 56845794) (hereinafter: Service Provider, data controller) submits to the following information.
INTRODUCTION
In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.
This privacy policy regulates the data processing of the following pages: www.goldipuppy.com
The privacy policy is available at: https://goldipuppy.com/privacy-policy
Modifications to the policy take effect upon publication at the above address.
DATA CONTROLLER AND CONTACT INFORMATION
Name: Aranyi Attila e.v.
Registered office: 7052 Kölesd, Rákóczi utca 8.
E-mail: goldipuppy01@gmail.com
Phone: +36 30 543 3199
DEFINITIONS
1. "personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. "processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. "controller": the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4. "processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5. "recipient": a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
6. "consent of the data subject": any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
7. "personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
Personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes ("purpose limitation");
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation");
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy");
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ("storage limitation");
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ("integrity and confidentiality").
The controller shall be responsible for and be able to demonstrate compliance with the above ("accountability").
DATA PROCESSING
WEBSITE OPERATION RELATED DATA PROCESSING
1. Data collection fact, scope of processed data and purpose of data processing:
| Personal data | Purpose of data processing |
|---|---|
| First and last name | Necessary for contact, purchase and proper invoice issuance |
| E-mail address | Maintaining contact |
| Date of inquiry | Technical operation execution |
| IP address at time of inquiry | Technical operation execution |
In case of e-mail address, it is not necessary that it contains personal data.
2. Scope of data subjects: All data subjects making inquiries on the website.
3. Duration of data processing, deadline for data deletion: Immediately upon registration deletion. Exception: accounting documents, as according to Section 169 (2) of Act C of 2000 on Accounting, these must be kept for 8 years.
Accounting documents supporting bookkeeping directly and indirectly (including general ledger accounts, analytical and detailed records) must be kept in readable form for at least 8 years, retrievable based on bookkeeping records.
4. Possible data controllers entitled to know the data, recipients of personal data: The data controller's sales and marketing staff may process personal data, respecting the above principles.
5. Information on data subjects' rights related to data processing:
- The data subject may request from the controller access to personal data concerning them, rectification, erasure or restriction of processing, and
- object to processing of such personal data, and
- the data subject has the right to data portability and withdrawal of consent at any time.
6. Ways to initiate access to personal data, erasure, modification, or restriction of processing, data portability, objection to data processing:
- by post to 7052 Kölesd, Rákóczi utca 8.,
- by e-mail to goldipuppy01@gmail.com,
- by phone at +36 30 543 3199.
7. Legal basis for data processing:
7.1 Data subject's consent, Article 6(1)(a), Section 5(1) of Infotv.
7.2 Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: Elker tv.):
The service provider may process personal data that are technically indispensable for the provision of the service for the purpose of providing the service. The service provider must choose and operate the tools used in the provision of information society services in such a way that personal data processing only occurs if it is absolutely necessary for the provision of the service and the fulfillment of other purposes defined in this law, but even then only to the necessary extent and for the necessary time.
7.3 Article 6(1)(c) when issuing invoices in accordance with accounting regulations.
8. We inform you that
- data processing is based on your consent
- failure to provide data will result in inability to process your inquiry
HOSTING SERVICE
1. Activity provided by data processor: Hosting service
2. Name and contact of data processor:
Name: vercel.com
Phone: (951) 383-6898
E-mail: security@vercel.com
3. Data processing fact, scope of processed data: All personal data provided by the data subject.
4. Scope of data subjects: All data subjects using the website.
5. Purpose of data processing: Making the website available and ensuring proper operation.
6. Duration of data processing, deadline for data deletion: Data processing lasts until the agreement between the data controller and hosting service provider ends, or until the data subject's deletion request to the hosting service provider.
7. Legal basis for data processing: User consent, Section 5(1) of Infotv., Article 6(1)(a), and Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services.
COOKIE MANAGEMENT
You can read more about cookies used on our website in the Cookie Policy, which is closely related to our privacy policy.
GOOGLE ADWORDS CONVERSION TRACKING
1. The data controller uses the "Google AdWords" online advertising program and uses Google's conversion tracking service within its framework. Google conversion tracking is an analytical service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
2. When a User reaches a webpage through a Google ad, a cookie necessary for conversion tracking is placed on their computer. These cookies have limited validity and do not contain any personal data, so the User cannot be identified through them.
3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User clicked on the ad.
4. Each Google AdWords client receives a different cookie, so they cannot be tracked through other AdWords clients' websites.
5. The information obtained through conversion tracking cookies serves to create conversion statistics for AdWords clients who have chosen conversion tracking. Clients thus learn about the number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not have access to information that could identify any user.
6. If you do not want to participate in conversion tracking, you can reject it by disabling cookie installation in your browser. After that, you will not appear in conversion tracking statistics.
7. Further information and Google's privacy policy are available at: www.google.de/policies/privacy/
GOOGLE ANALYTICS APPLICATION
1. This website uses Google Analytics, which is a web analytics service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer and help analyze how you use the website.
2. Information about your use of the website created by cookies is usually transmitted to and stored on one of Google's servers in the USA. By activating IP anonymization on this website, Google will shorten your IP address within European Union member states or other parties to the Agreement on the European Economic Area.
3. Only in exceptional cases will the full IP address be transmitted to Google's server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage.
4. The IP address transmitted by your browser within Google Analytics will not be merged with other Google data. You can prevent cookies from being stored by setting your browser accordingly; however, we point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting and processing data generated by cookies about your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu
COMPLAINT HANDLING
1. Data collection fact, scope of processed data and purpose of data processing:
| Personal data | Purpose of data processing |
|---|---|
| First and last name | Identification, maintaining contact |
| E-mail address | Maintaining contact |
2. Scope of data subjects: All data subjects making inquiries and quality complaints on the website.
3. Duration of data processing, deadline for data deletion: According to Section 17/A(7) of Act CLV of 1997 on consumer protection, minutes, transcripts and copies of responses to recorded complaints must be kept for 5 years.
4. Possible data controllers entitled to know the data, recipients of personal data: The data controller's sales and marketing staff may process personal data, respecting the above principles.
5. Information on data subjects' rights related to data processing:
- The data subject may request from the controller access to personal data concerning them, rectification, erasure or restriction of processing, and
- object to processing of such personal data, and
- the data subject has the right to data portability and withdrawal of consent at any time.
6. Ways to initiate access to personal data, erasure, modification, or restriction of processing, data portability, objection to data processing:
- by post to 7052 Kölesd, Rákóczi utca 8.,
- by e-mail to goldipuppy01@gmail.com,
- by phone at +36 30 543 3199.
7. Legal basis for data processing: Data subject's consent, Article 6(1)(c), Section 5(1) of Infotv., and Section 17/A(7) of Act CLV of 1997 on consumer protection.
8. We inform you that
- personal data provision is based on contractual obligation
- personal data processing is a prerequisite for contract conclusion
- you are obliged to provide personal data so we can handle your complaint
- failure to provide data will result in inability to handle your complaint
SOCIAL MEDIA PAGES
1. Data collection fact, scope of processed data: Name registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social media pages, and the user's public profile picture.
2. Scope of data subjects: All data subjects registered on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social media pages who "liked" the website.
3. Purpose of data collection: Sharing or "liking" certain content elements, products, actions of the website or the website itself on social media pages.
4. Duration of data processing, deadline for data deletion, possible data controllers entitled to know the data and information on data subjects' rights related to data processing: Data subjects can learn about the source of data, their processing, transfer methods and legal basis on the respective social media page. Data processing takes place on social media pages, so the respective social media page's regulations apply to data processing duration, methods, and data deletion and modification possibilities.
5. Legal basis for data processing: Data subject's voluntary consent to personal data processing on social media pages.
CUSTOMER RELATIONS AND OTHER DATA PROCESSING
1. If questions arise during the use of our services or if the data subject has problems, they can contact the data controller through the methods provided on the website (phone, e-mail, social media, etc.).
2. The data controller deletes e-mails, messages, data provided by phone, Facebook, etc. received, along with the inquirer's name and e-mail address, and other voluntarily provided personal data, within 2 years of data communication.
3. We provide information about data processing not listed in this policy at the time of data collection.
4. In case of exceptional authority requests or requests from other organizations based on legal authorization, the Service Provider is obliged to provide information, disclose, transfer data, or make documents available.
5. In these cases, the Service Provider provides the requesting party with personal data only to the extent and in such a manner that is absolutely necessary for achieving the request's purpose, provided that the request specifies the exact purpose and scope of data.
DATA SUBJECTS' RIGHTS
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in the Regulation.
2. Right to rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the specified grounds applies.
4. Right to be forgotten
If the controller has made the personal data public and is obliged to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
5. Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
- you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
- you have objected to processing; in this case, the restriction applies for a period enabling verification of whether the controller's legitimate grounds override your legitimate grounds.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (...)
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (...), including profiling based on those provisions.
8. Objection in case of direct marketing
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The previous paragraph shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
DEADLINE FOR TAKING ACTION
The controller shall provide information on the action taken on your request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
DATA SECURITY
The controller and processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
NOTIFICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain the name and contact details of the data protection officer or other contact point where more information can be obtained; describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The data subject need not be informed if any of the following conditions are met:
- the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
- the controller has taken subsequent measures which ensure that the high risk to the data subject's rights and freedoms is no longer likely to materialise;
- it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to above are met.
NOTIFICATION OF A PERSONAL DATA BREACH TO THE SUPERVISORY AUTHORITY
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent pursuant to Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
RIGHT TO LODGE A COMPLAINT
You may lodge a complaint with the National Authority for Data Protection and Freedom of Information regarding possible violations by the data controller:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
CLOSING
This policy is based on the following legal regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.)
- Act CVIII of 2001 on certain issues of electronic commerce services and information society services (especially Section 13/A)
- Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers
- Act XLVIII of 2008 on the basic conditions of and certain restrictions on economic advertising activities (especially Section 6)
- Act XC of 2005 on electronic freedom of information
- Act C of 2003 on electronic communications (especially Section 155)
- Opinion 16/2011 on the EASA/IAB recommendation on best practices for behavioural online advertising
- Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information
- Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
For further information, please contact the Data Controller!
Kölesd, 2025.10.22.