Name of data controller: Zsolt Zsóri E-mail address of the data controller: firstname.lastname@example.org Controller's telephone number: +36 20 669 6904 /hereinafter referred to as Data Controller/
Purpose of the Privacy Notice
The purpose of this notice is to set out the data protection and data management principles applied by fedo.hu and the Association's data protection and data management policy. It undertakes to ensure that all processing of data relating to its activities complies with the requirements set out in this Policy and in the applicable national legislation and the European Union Regulation (GDPR). The obligation to inform data subjects in advance is also provided for in Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information. The privacy notice is available on the website https://fedo.hu. The Data Controller reserves the right to change this Privacy Notice at any time, subject to timely notification of the data subjects. The managers and employees of the company pay particular attention to the protection and security of personal data. The Hungarian Kuvasz Breed Association (hereinafter referred to as the "Association") treats personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data.
- Privacy: a set of principles, rules, procedures, instruments and methods of processing that ensure the lawful processing of personal data and the protection of the individuals concerned.
- Personal data: any specific data relating to an identified or identifiable natural person (data subject) and any inference that can be drawn from that data concerning that data subject. Personal data shall retain this quality during processing for as long as its link with the data subject can be re-established. The link with the data subject can be re-established if the controller has the technical conditions necessary for the re-establishment of the link.
- Data subject/reactee: any natural person identified or otherwise identifiable, directly or indirectly, on the basis of specified personal data. In particular, a person is identifiable if he or she can be identified, directly or indirectly, by name, an identifier or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
- Special Data: Personal data revealing racial or ethnic origin, nationality, political opinions or political party affiliations, religious or philosophical beliefs, membership of an interest group, sex life, health, disability, or criminal offences.
- Criminal personal data: personal data relating to the criminal offence or criminal proceedings, which are generated during or prior to criminal proceedings, which are held by the authorities responsible for the prosecution or investigation of criminal offences, and by the law enforcement authorities, which can be linked to the data subject, and personal data relating to criminal history.
- Data processing: any operation performed on data, regardless of the procedure used, such as collection, recording, recording, organisation, storage, alteration, use, consultation, disclosure, transmission, alignment or combination, blocking, erasure and destruction of data, as well as prevention of their further use, taking of photographs, audio or video recordings, and recording of physical characteristics that can identify a person (finger or palm print, DNA sample, iris image, etc...).
- Controller: the person or entity that determines the purposes for which the data are processed, takes and implements the decisions concerning the processing (including the means used) or has the processing carried out by a processor on its behalf.
- Processing: the performance of technical tasks related to processing operations (irrespective of the method and means used to perform the operations and the place of application).
- Processor: a person or entity which, under a contract with the controller, including a contract entered into pursuant to a legal provision, carries out the processing of data.
- Rights of the data subject: the data subject must be clearly informed of all the details of the processing before the processing starts and, in addition, at any time at his or her request. The data subject may also request the rectification and, in certain cases, the erasure of his/her data and may object to the processing of his/her personal data in cases provided for by law.
- Legal basis for processing: as a general rule, the data subject's consent or mandatory processing by law.
- Consent: a voluntary and explicit indication of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, whether in full or in part, by the controller. For special data, a written form is required.
- Adequate information:before the processing starts, the data subject must be informed whether the processing is based on his or her consent or whether it is mandatory, and must be informed in a clear and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.
- Adequate information:before the processing starts, the data subject must be informed whether the processing is based on his or her consent or whether it is mandatory, and must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.
- Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of processing or the erasure of the data processed.
- Data security: a system of technical and organisational measures to prevent the unauthorised acquisition, modification and destruction of data.
- Restriction of processing: the marking of personal data recorded for the purpose of restricting their future storage, use or processing.
- Third party: a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor of the data or the natural persons who are under the direct authority of the controller or processor and who are authorised to process the data.
- A data breach: a breach of security of data storage that results in the accidental or intentional destruction, loss, alteration, unlawful disclosure, use or unauthorised access to personal data stored, transmitted or otherwise processed.
How we obtain and store personal data, security of processing in our business
User dataPersonal data, which is limited to the user's name and email address, is only required for association members. Association members are entitled to use the various breeding features of fedo.hu. The freely accessible functions of fedo.hu use only the Association's own pedigree database and do not contain any personal data that can be linked to users.
Controlling the data associated with registrationLegal background and legal basis for data processing: The legal basis for data processing is Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.) and Act V of 2013 on the Civil Code (Civil Code). In accordance with Article 5(1)(a) of the GDPR, your consent Purpose of the processing: By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to re-enter his/her data for a new purchase) Scope of data processed: The Data Controller processes your unique user identifier, name, encrypted password, home address, billing address, shipping address, telephone number, email address, date of registration, date of last access to our system, languages spoken by the user, the characteristics of the product purchased and the date of purchase. Duration of processing: Until your consent is withdrawn.
Other data processingIf the Data Controller intends to carry out further processing, it shall provide prior information on the essential circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing). You are informed that written requests for data from public authorities based on a legal mandate must be complied with by the Data Controller. The Data Controller shall keep records of data transfers in accordance with Article 15 (2) to (3) of the Data Protection Act (to which authority, what personal data, on what legal basis, when the Data Controller transferred the data), the content of which the Data Controller shall provide information on request, unless the provision of information is excluded by law.
Use of data processors and their activities in relation to data processingProcessing for the storage of personal data: Names of the data processors:
- MKFE (Hungarian Kuvasz Breeders' Association)
Security measuresThe security of data processed on a paper basis is protected by the Data Controller in such a way that only authorised persons /employees, company directors/ have access to it. We have a confidentiality agreement with them. The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.
- to facilitate site navigation by recording visitor preferences and usage patterns (e.g. time spent on the site) and thus facilitate the use of the site
- improving our website
- enhance customer and user experience
- collecting statistics to personalise the use of the website,
- placing targeted ads to users.
Legal background and legal basis for cookiesThe background for data processing is provided by Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.) and Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. In accordance with Article 5 (1) (a) of the GDPR, the data processing is based on your consent.
Your rights in relation to data processingDuring the period of processing, you have the right to:
- The right to information,
- the right to rectification,
- the right to be informed of the processing of your personal data, to be informed of the right to rectify it, to have it rectified, to have it blocked, to have it blocked or to have it deleted,
- the right to block data,
- the right to object.
- if the processing or transfer of the personal data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller, the data importer or a third party, except in the case of mandatory processing and in the case provided for in Article 6(5) of the Information Act;
- if the personal data are used or transmitted, without your consent, for direct marketing, public opinion polling or scientific research purposes.