GDPR

Privacy notice

Name of data controller: Zsolt Zsóri
E-mail address of the data controller: zsori.zsolt@gmail.com
Controller's telephone number: +36 20 669 6904
/hereinafter referred to as Data Controller/

Purpose of the Privacy Notice

The purpose of this notice is to set out the data protection and data management principles applied by fedo.hu and the Association's data protection and data management policy. It undertakes to ensure that all processing of data relating to its activities complies with the requirements set out in this Policy and in the applicable national legislation and the European Union Regulation (GDPR).

The obligation to inform data subjects in advance is also provided for in Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

The privacy notice is available on the website https://fedo.hu.

The Data Controller reserves the right to change this Privacy Notice at any time, subject to timely notification of the data subjects.

The managers and employees of the company pay particular attention to the protection and security of personal data.

The Hungarian Kuvasz Breed Association (hereinafter referred to as the "Association") treats personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data.

Terms

  • Privacy: a set of principles, rules, procedures, instruments and methods of processing that ensure the lawful processing of personal data and the protection of the individuals concerned.
  • Personal data: any specific data relating to an identified or identifiable natural person (data subject) and any inference that can be drawn from that data concerning that data subject. Personal data shall retain this quality during processing for as long as its link with the data subject can be re-established. The link with the data subject can be re-established if the controller has the technical conditions necessary for the re-establishment of the link.
  • Data subject/reactee: any natural person identified or otherwise identifiable, directly or indirectly, on the basis of specified personal data. In particular, a person is identifiable if he or she can be identified, directly or indirectly, by name, an identifier or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
  • Special Data: Personal data revealing racial or ethnic origin, nationality, political opinions or political party affiliations, religious or philosophical beliefs, membership of an interest group, sex life, health, disability, or criminal offences.
  • Criminal personal data: personal data relating to the criminal offence or criminal proceedings, which are generated during or prior to criminal proceedings, which are held by the authorities responsible for the prosecution or investigation of criminal offences, and by the law enforcement authorities, which can be linked to the data subject, and personal data relating to criminal history.
  • Data processing: any operation performed on data, regardless of the procedure used, such as collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction of data, as well as prevention of their further use, taking of photographs, audio or video recordings, and recording of physical characteristics that can identify a person (finger or palm print, DNA sample, iris image, etc...).
  • Controller: the person or entity that determines the purposes for which the data are processed, takes and implements the decisions concerning the processing (including the means used) or has the processing carried out by a processor on its behalf.
  • Processing: the performance of technical tasks related to processing operations (irrespective of the method and means used to perform the operations and the place of application).
  • Processor: a person or entity which, under a contract with the controller, including a contract entered into pursuant to a legal provision, carries out the processing of data.
  • Rights of the data subject: the data subject must be clearly informed of all the details of the processing before the processing starts and, in addition, at any time at his or her request. The data subject may also request the rectification and, in certain cases, the erasure of his/her data and may object to the processing of his/her personal data in cases provided for by law.
  • Legal basis for processing: as a general rule, the data subject's consent or mandatory processing by law.
  • Consent: a voluntary and explicit indication of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, whether in full or in part, by the controller. For special data, a written form is required.
  • Adequate information:before the processing starts, the data subject must be informed whether the processing is based on his or her consent or whether it is mandatory, and must be informed in a clear and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.
  • Adequate information:before the processing starts, the data subject must be informed whether the processing is based on his or her consent or whether it is mandatory, and must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.
  • Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of processing or the erasure of the data processed.
  • Data security: a system of technical and organisational measures to prevent the unauthorised acquisition, modification and destruction of data.
  • Restriction of processing: the marking of personal data recorded for the purpose of restricting their future storage, use or processing.
  • Third party: a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor of the data or the natural persons who are under the direct authority of the controller or processor and who are authorised to process the data.
  • A data breach: a breach of security of data storage that results in the accidental or intentional destruction, loss, alteration, unlawful disclosure, use or unauthorised access to personal data stored, transmitted or otherwise processed.

The basic concepts are also available on the NAIH website:
https://www.naih.hu/adatvedelmi-szotar.html

How we obtain and store personal data, security of processing in our business

User data

Personal data, which is limited to the user's name and email address, is only required for association members. Association members are entitled to use the various breeding features of fedo.hu. The freely accessible functions of fedo.hu use only the Association's own pedigree database and do not contain any personal data that can be linked to users.

Controlling the data associated with registration

Legal background and legal basis for data processing:

The legal basis for data processing is Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.) and Act V of 2013 on the Civil Code (Civil Code). In accordance with Article 5(1)(a) of the GDPR, your consent

Purpose of the processing:

By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to re-enter his/her data for a new purchase)

Scope of data processed:

The Data Controller processes your unique user identifier, name, encrypted password, home address, billing address, shipping address, telephone number, email address, date of registration, date of last access to our system, languages spoken by the user, the characteristics of the product purchased and the date of purchase.

Duration of processing:

Until your consent is withdrawn.

Other data processing

If the Data Controller intends to carry out further processing, it shall provide prior information on the essential circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing). You are informed that written requests for data from public authorities based on a legal mandate must be complied with by the Data Controller. The Data Controller shall keep records of data transfers in accordance with Article 15 (2) to (3) of the Data Protection Act (to which authority, what personal data, on what legal basis, when the Data Controller transferred the data), the content of which the Data Controller shall provide information on request, unless the provision of information is excluded by law.

Use of data processors and their activities in relation to data processing

Processing for the storage of personal data:

Names of the data processors:

  • MKFE (Hungarian Kuvasz Breeders' Association)

The Processor shall store the personal data on the basis of a written contract with the Controller. It is not entitled to access the personal data.

Security measures

The security of data processed on a paper basis is protected by the Data Controller in such a way that only authorised persons /employees, company directors/ have access to it. We have a confidentiality agreement with them.

The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

Information about the use of Cookies

What is a cookie?

A cookie is a piece of data that is placed on your computer by the websites you visit. Cookies have a number of functions, including the storage of user preferences and information, user habits. Cookies collect information, remember user preferences and thus provide the opportunity to enhance the user experience. You can configure the use of cookies at any time within your browser, which can be found in the Help section of your browser.

Why do we use cookies?

Our website uses cookies for the following purposes:

  • to facilitate site navigation by recording visitor preferences and usage patterns (e.g. time spent on the site) and thus facilitate the use of the site
  • improving our website
  • enhance customer and user experience
  • collecting statistics to personalise the use of the website,
  • placing targeted ads to users.

Information about the use of cookies

The data controller uses so-called cookies when you visit the website. A cookie is a set of information consisting of letters and numbers that our website sends to your browser in order to save certain settings, facilitate the use of our website and help us to collect some relevant, statistical information about our visitors. Cookies do not contain any personal information and are not used to identify an individual user. Cookies often contain a unique identifier - a secret, randomly generated sequence of numbers - that is stored on your device.

Some cookies are deleted after you close the website, and some are stored on your computer for a longer period of time.

Legal background and legal basis for cookies

The background for data processing is provided by Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.) and Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. In accordance with Article 5 (1) (a) of the GDPR, the data processing is based on your consent.

Key features of the cookies used by the website

Session cookies: these cookies store the location of the visitor, the browser language, the currency of the payment, their lifetime is the closing of the browser. The browser uses the language of the transaction, the session type, the session time, the session duration, and the session duration.

Cookie acceptance cookie: when you arrive at the site, the warning window will accept the cookie storage statement. Shelf life 365 days.

Performance cookie: these cookies are used to distinguish between individual users and user sessions as part of the Google Analytics service. They are used to track the number of cookies used by individual users and cookies used to track the number of cookies used by individual users. For more information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please see the links below.

1. Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-managecookies#ie=ie-11
2. Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-yourcomputer
3. Chrome: https://support.google.com/chrome/answer/95647?hl=en

Your rights in relation to data processing

During the period of processing, you have the right to:

  • The right to information,
  • the right to rectification,
  • the right to be informed of the processing of your personal data, to be informed of the right to rectify it, to have it rectified, to have it blocked, to have it blocked or to have it deleted,
  • the right to block data,
  • the right to object.

You may request information from the Controller about the processing of your personal data within the period of processing. The Data Controller shall inform you in writing, in an intelligible form, of the data processed, the purposes, legal basis and duration of the processing, as well as, where the data have been further processed, the persons to whom and for what purposes the data are or have been disclosed, as soon as possible after the request, but not later than 25 days.

You may, within the period of processing, request the Controller to rectify your personal data. The Controller shall comply with your request within 15 days at the latest.

You have the possibility to request the erasure of your personal data, which the Controller will comply with within 15 days at the latest. The right to erasure does not apply if the Controller is legally obliged to store the data further, nor does it apply if the Controller is entitled to further process the personal data in accordance with Article 6(5) of the Infotv.

You may request the Controller to block the personal data if the final deletion of the data would harm the legitimate interests of the data subject. Personal data blocked in this way may be processed only for as long as the purpose which precluded the deletion of the personal data persists.

You may object to the processing of your personal data,

  • if the processing or transfer of the personal data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller, the data importer or a third party, except in the case of mandatory processing and in the case provided for in Article 6(5) of the Information Act;
  • if the personal data are used or transmitted, without your consent, for direct marketing, public opinion polling or scientific research purposes.

The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform you in writing of its decision. If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall, within 25 days of receipt of the request, communicate in writing or, with the data subject's consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure.

Recourse

If you believe that the Data Controller has violated a legal provision applicable to data processing or has failed to comply with a request, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information (postal address: 1530 Budapest, PO Box 5, e-mail: ugyfelszolgalat@naih.hu).

You are also informed that in case of violation of the legal provisions on data processing or if the Data Controller has not complied with any of your requests, you may take legal action against the Data Controller.

Other provisions

Information on processing not listed in this notice will be provided at the time of collection of the data.

We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank or other bodies authorised by law may contact the data controller to provide information, to communicate or transfer data or to make documents available.