The purpose of these Guidelines is to determine the principles in respect of data protection and data processing by Liliom Produkció Művészeti Kft as the operator of the liliomprodukcio.com web site (hereinafter referred to as ‘web site’) (hereinafter referred to as Service Provider), as well as Service Provider’s policy concerning data protection and data processing, a policy accepted by Service Provider to mandatorily be used by Service Provider. In this regard, Service Provider’s purpose is to protect any and all personal data of the users registered at the web site to the most possible extent.
I/ DATA OF SERVICE PROVIDER AS DATA CONTROLLER
Company name of Service Provider: Liliom Produkció Művészeti Kft
Registered office of Service Provider: Batthyány utca 49, 1196 Budapest, Hungary
Tax Authority identification number of Service Provider: 27961771-2-43
E-mail address: email@example.com
Personal data: It shall mean any data relating to the data subject and any data that may be related to the data and, in particular, name and identifier of the data subject, as well as one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that data subject, as well as any conclusions that may, upon the data, be made in respect of the data subject.
Consent: It shall mean any freely given, specific, informed and unambiguous indication of data subject’s wishes, by which she (he), by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to her (him).
Processing: It shall mean any operation or set of operations that is performed on data, regardless of the procedure applied; in particular collecting, recording, registering, organising, storing, modifying, using, retrieving, transferring, disclosing, synchronising or connecting, blocking, erasing and destroying the data, as well as preventing their further use; taking photos and making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples and iris scans).
Data transfer: It shall mean providing any access to the data for a designated third party.
Disclosure: It shall mean making the data accessible to anyone.
Data erasure: It shall mean making the data unrecognisable in such a way that its restoration is no longer possible
Data marking: It shall mean adding an identifier to the data with the aim of making a distinction in respect of that data.
Data blocking: It shall mean adding an identifier to the data with the aim of limiting further processing ultimately or for a definite period of time.
Technical processing: It shall mean performing any technical tasks related to any operations related to data processing, regardless of the methods and equipment used for performing the respective operations, as well as regardless of the place of application provided that the respective technical task is performed on data.
Processor: It shall mean any natural or legal persons or any organisations not having legal personality which, based on the agreement signed with controller, processes any personal data, including the conclusion of any contracts as per stipulated by any laws.
III/ PRINCIPLE OF DATA PROCESSING
IV/ LEGAL BASIS OF PROCESSING
During processing in relation to the operation of the web site and the services provided there, registering and processing any personal data shall be based on the voluntary consent given by the data subject.
User using the web site’s services (upon registration) shall be deemed as that User has given her (his) consent in respect of processing her (his) personal data.
Service Provider may send newsletters or other mailings for advertising purposes to User provided that User, by providing her (his) respective data while registering, in advance, clearly, explicitly and voluntarily gave her (his) consent in this regard. Service Provider shall not examine whether the data provided by User during registration or while otherwise giving her (his) consent, are true or correct.
User may, any time, withdraw her (his) voluntary consent referenced in above paragraph. In this case, Service Provider shall, after the withdrawal, send no more newsletters or other mailings for advertising purposes to User. Also, Service Provider shall erase User’s data in the database of users who have subscribed the newsletter service.
Unless otherwise provided by any laws, Service Provider may, without any additional consent and also after the withdrawal of User’s consent, control any and all personal data recorded for the purpose of meeting any legal obligations applicable to Service Provider (and, in particular, for the purpose of meeting any obligations concerning accounting and any contractual obligations towards User), as well as for the purpose of enforcing any lawful interests of Service Provider herself or of any third parties provided that enforcing such interests are proportionate to the limitation of any rights concerning the protection of any personal data.
V/ SCOPE OF THE DATA CONTROLLED
Service Provider may, during and after delivery of her services, upon voluntary consent by User, control User’s following personal data: company name, tax authority identification number, family name, first name, invoicing address, e-mail address, and telephone number.
The authenticity and the accuracy of any personal data provided shall be User’s exclusive liability.
VI/ PURPOSE OF PROCESSING
The purpose of processing User’s personal data shall be sending newsletters and mailings for advertising purposes as per stipulated in Section IV, as well as meeting Service Provider’s other legal obligations. Service Provider shall disclose User’s no any personal data to any unauthorised third parties.
VII/ DURATION OF PROCESSING, AMENDMENT AND ERASURE OF DATA, OBJECTION CONCERNING PROCESSING
Service Provider may process any personal data controlled in respect of using the services until the purpose of processing met.
User shall, any time upon logging in via the web site, be allowed to amending any of her (his) personal data provided during registration.
User may, via electronic message sent to the e-mail address firstname.lastname@example.org, request Service Provider that she erases her (his) personal data. Service Provider shall erase User’s personal data also without request by data subject in the event of that the processing of that data is unlawful or the purpose of processing has terminated or the period laid down in any laws has elapsed or the data have been ordered by any courts or by the National Authority for Data Protection and Freedom of Information to be erased or in the event of that the processing is incomplete or incorrect and that state cannot lawfully be remedied provided that erasure is not excluded by any laws.
Service Provider shall, instead of erasing, block the personal data in the event of that User requests so or in the event of that it can, based on the available information, be assumed that the erasure of the data would infringe User’s lawful interests. Any personal data so blocked may be controlled by Service Provider as long as only while the purpose of processing in respect of which the erasure of the personal data is excluded exists. Upon the withdrawal of User’s consent, Service Provider may, for the purpose of meeting her obligations as per stipulated by any laws (and, in particular, for the purpose of meeting her obligations concerning accounting) continue controlling data subject’s personal data.
User may complain against processing her (his) personal data via electronic message to be sent to the e-mail address email@example.com
- in the event of that processing or forwarding her (his) personal data is necessary only for meeting Service Provider’s legal obligations or for enforcing any lawful interests of any controllers or any data recipients or any third parties except for the case of so called mandatory processing;
- in the event of that any personal data are used or forwarded for the purpose of direct business, polls or scientific research; and
- in any other cases as per stipulated by any laws.
Controller shall assess the complaint within the shortest possible time from the submission of the request but not later than within fifteen (15) days, shall make a decision whether the request is founded and shall notify the data subject about her decision in writing.
In the event of that the controller finds the data subject’s complaint is founded, the processing, including the recording of any additional data and the forwarding of any data too, shall be terminated, the respective data shall be blocked and the controller shall notify all those to whom any personal data being the subject matter of the complaint were formerly forwarded and who have the obligation to take any measures for enforcing the right of complaint about the complaint, as well as about the measures taken due to the complaint.
In the event of that the data subject disagrees the decision made by the controller or the controller fails to observe the deadline of fifteen (15) days, the data subject may, within thirty (30) days from the communication of the decision or within thirty (30) days from the deadline set, go to the court. The court shall hear such cases as a matter of priority.
In the event of that the data recipient does not receive the data necessary for enforcing her (his) rights due to a complaint by the data subject, she (he) may, within fifteen (15) days from notification, for obtaining the data, file a claim against the controller at the court. The controller may sue the data subject too.
In the event of that the controller fails to sending a notification, the data recipient may request information in respect of the circumstances of the failure of data transfer from the controller and the controller shall provide these information within eight (8) days from the delivery of the data recipient’s request in this regard. In the event of requesting information, the data recipient may file a claim against the controller at the court within fifteen (15) days from the date of providing the respective information but not later than within fifteen (15) days from the deadline available in this regard. The controller may sue the data subject too.
The controller shall not delete data subject’s any data in the event of that any processing has been ruled by any laws. Nevertheless, the respective data shall not be forwarded to the data recipient in the event of that the controller has agreed with the complaint or any courts has ruled the complaint to be justified.
VIII/ REQUESTING INFORMATION
User may, any time, by sending an inquiry to the e-mail address firstname.lastname@example.org, request information on any personal data controlled by Service Provider in the context of Service Provider’s services provided via Service Provider’s web site and concerning User. Service Provider shall, upon User’s request, provide information on the data concerning User and controlled by Service Provider in the context of certain services, their sources, the purpose, the legal title and the duration of processing, the name and address of the technical processor, the legal title and the recipient of data forwarding, as well any and all activities related to processing. Service Provider shall provide the information within the shortest possible time from the submission of the request but within thirty (30) days the latest and in a comprehensible form and upon data subject’s request in this regard and in writing. The information shall be provided free of any charges. Service Provider shall deem any requests received from the e-mail address provided to Service Provider earlier as requests received from User. As to any requests received from any other e-mail addresses or submitted in writing, User may submit any requests if she (he) had duly certified her (his) user status.
Pursuant to the Self-Determination & Freedom of Information Act, as well as to Act IV of Year 1959 (Civil Code), User may enforce her (his) rights in court. Also, User may, in respect of any matters concerning any personal data, seek assistance at the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi and Információszabadság Hatóság, Szilágyi Erzsébet fasor 22/C, 1125 Budapest, Hungary, postal address: Pf 5, 1530 Budapest, Hungary, email@example.com , +36 1 391 1400, www.naih.hu).