Privacy Notice
This Notice by Press & Risk Service Kft. describes the practices followed regarding the processing of personal data in connection with the use of the aicono.hu website (hereinafter: Website) and the services provided on the Website, the organizational and technical measures taken to protect the data, as well as your rights and the possibilities of exercising those rights related to data processing.
During the preparation of this Notice and in the course of data processing, we act in accordance with applicable legislation, with particular regard to the following:
– Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: Regulation)
– Act CXII of 2011 on Informational Self-Determination and Freedom of Information
– Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Ektv.)
– Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activities
2. Basic Concepts Relating to Personal Data and Their Interpretations
personal data: any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
processing: any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3. The Controller
The controller is Press & Risk Service Kft. (hereinafter: Controller, company registration number: 01-09-283090, tax number: 25574724-1-43, registered seat: 1182 Budapest, Somlókert u. 18/B, representative: Anna Jovita Horváth, email: office@aicono.hu).
4. Principles of Data Processing
Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
Personal data must be collected only for specified, explicit, and legitimate purposes. The processed data must be adequate, relevant, and limited to what is necessary for the purposes of the processing.
Processed data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay.
Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures.
5. Categories of Data Subjects
Data subjects include persons visiting the Website operated by the Controller, newsletter subscribers, persons ordering books or courses on the Website, persons expressing interest in the Controller’s services via the Website, and persons registering for courses through the Website.
6. Legal Basis for Data Processing – General
The Controller generally processes personal data based on the following legal bases:
Regulation Article 6(1)(a): certain personal data are processed on the basis of your consent. Below, you will find information regarding which data are processed based on voluntary consent.
Regulation Article 6(1)(b): some personal data are processed because the processing is necessary for the performance of a contract for services ordered via the Website, or in order to take steps at your request prior to entering into such a contract.
Regulation Article 6(1)(c): some personal data must be processed because the law requires it. Such laws include those relating to taxation, the retention of accounting documents, and adult education.
Regulation Article 6(1)(f): in certain cases, personal data may also be processed when necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms requiring protection of personal data.
Ektv. Section 13/A: the Controller may process the following data in connection with information society services provided on the Website:
• personal identification data and address necessary to identify the user for the purpose of creating, defining, modifying, and monitoring the performance of the contract, billing, and enforcing related claims.
• personal identification data, address, and data related to the time, duration, and place of use of the service for the purpose of billing.
• personal data technically essential for the provision of the service.
Details regarding the specific legal basis applicable to each activity are provided under Point 7.
7. Purpose, Legal Basis and Duration of Data Processing
The Data Controller processes personal data for various purposes in the course of its various activities and services on the Website. You will find detailed information on the scope of personal data affected by data processing, the purpose and legal basis of data processing, and data processing in the table below.
|
Érintett |
Kezelt adatok |
Adatkezelés célja |
Adatkezelés jogalapja |
Adatkezelés időtartama |
|
Weboldal látogatója |
IP cím, és a Weboldal működéséhez, ill. a Weboldalon nyújtott szolgáltatásokhoz, funkciók eléréséhez technikailag szükséges sütik által tárolt adatok (részletesen lásd a 9. pontot). |
A Weboldal működésének, a szolgáltatások, funkciók működésének biztosítása. A sütik céljáról szóló részletes tájékoztatást lásd a 9. pontban. |
Ektv. 13/A. §. Rendelet 6. cikk (1) bek. b) pont |
A sütik élettartamáról a 9. pontban található tájékoztatás. |
|
Weboldal látogatója |
A kényelmi, marketing, vagy statisztikai sütik működéséhez szükséges adatok (részletesen lásd a 9. pontot). |
A Weboldalon kényelmi, vagy marketing funkciók ellátása, vagy a Weboldal használatának elemzése, teljesítményének javítása. A sütik céljáról szóló részletes tájékoztatást lásd a 9. pontban. |
Rendelet 6. cikk (1) bek. a) pont (önkéntes hozzájárulás) |
A sütik élettartamáról a 9. pontban található tájékoztatás. |
|
Hírlevél feliratkozó |
Név, e-mail cím, IP cím |
Hírlevél szolgáltatás nyújtása beleértve kedvezményekről, az Adatkezelő szolgáltatásairól való tájékoztatást |
Rendelet 6. cikk (1) bek. a) pont (önkéntes hozzájárulás) Ektv. 13/A. §. az e-mail cím esetén |
A hírlevélről való leiratkozásig vagy az adatok törlésének kérelmezéséig. |
|
Weboldalon szolgáltatás iránt érdeklődő |
név, e-mail cím, telefonszám |
Az érintett tájékoztatása az őt érdeklő szolgáltatásról. |
Rendelet 6. cikk (1) bek. a) pont (önkéntes hozzájárulás) |
Amíg az érdeklődőnek a kért tájékoztatást megadja, de legkésőbb az ezt követő 1 év. |
|
Workshopra, előadásra jelentkező, illetve résztvevő |
családi és utónév, születési családi és utónév, oktatási azonosító, legmagasabb iskolai végzettség, állandó lakcím, telefonszám, e-mail cím, születési hely és idő, anyja születési neve, száma, idegennyelv-ismeret, megrendelt tanfolyam, képzés során történő értékelés |
Felnőttképzési jogviszony létesítése (a tanfolyam típusától függően online vagy helyszíni teljesítéssel), a jogszabályokban előírt adatszolgáltatási kötelezettség teljesítése. |
Rendelet 6. cikk (1) bek. c) pontja |
Jelentkező leiratkozásáig |
|
Workshopra, előadásra jelentkező, illetve résztvevő |
családi és utónév, oktatási azonosító, állandó lakcím, e-mail cím, megrendelt tanfolyam, képzés során történő értékelés, felhasználónév, e-mail cím |
A jelentkezés rögzítése, visszaigazolása, a szerződés teljesítése. |
Rendelet 6. cikk (1) bek. b) pontja, Ektv. 13/A. §. |
Amíg a megrendelés, szerződés teljesítéséhez szükséges, de legkésőbb a teljesítéstől számított 1 év elteltéig, kivéve, ha az adatkezelésnek más jogalapja is fennáll. |
|
Workshopra, előadásra,, szolgáltatásra jelentkező, illetve résztvevő |
számlázási név, cím, adószám (számla adattartalma), PayPalon keresztül történő fizetés esetén a tanfolyam megnevezése és díja, a PayPal szolgáltató által generált tranzakció azonosító Átutalással történő fizetés esetén bankszámla száma, számlatulajdonos neve, a tanfolyam díja, tanfolyami díjról szóló bizonylat száma. Stripe rendszerén keresztül történő bankkártyás fizetés esetén a tranzakciós azonosító, fizetés során használt IP cím, bankkártyaszám, lejárati idő év hónap, CVC kód, kártya típusa |
A szolgáltatás díjának számlázása. Online fizetés teljesítése |
Ektv. 13/A. § Rendelet 6. cikk (1) bek. a) pont (önkéntes teljesítés) Rendelet 6. cikk (1) bek. c) pont |
A számvitelről szóló 2000. évi C. törvény 169. §-a alapján e bizonylatokat 8 évig. Azokat az adatokat, amelyek adózáshoz kapcsolódó iratokon szerepelnek (pl. megrendelésen, szerződésen, az adózás rendjéről szóló 2017. évi CL. törvény 78. § alapján az adó megállapításához való jog elévüléséig, a halasztott adó esetén a halasztott adó esedékessége naptári évének utolsó napjától számított 5 évig. |
|
Weboldalon keresztül üzenetet küldő |
IP-cím, böngésző típusa, név, e-mail cím, üzenet |
Az Adatkezelő részére üzenet küldésének biztosítása |
Rendelet 6. cikk (1) bek. a) pont (önkéntes hozzájárulás) Ektv. 13/A. § |
Az üzenet elküldésétől legfeljebb 5 évig, kivéve ha az adatkezelésnek más jogalapja is fennáll. |
The Controller may also process the data subject’s data if this is necessary for the enforcement of its legitimate interests, except where such interests are overridden by the data subject’s interests or fundamental rights and freedoms requiring the protection of personal data (Regulation Article 6(1)(f)). Such a case may arise, for example, if the Controller has a claim against the data subject (e.g., an outstanding invoice).
8. Categories of Recipients Having Access to the Data
Authorized employees of the Controller, its contracted agents whose tasks require access to personal data, as well as the Controller’s executive officer and deputy, may have access to personal data.
Personal data are transferred to third parties exclusively for data processing purposes. The processor may process the personal data only in accordance with the Controller’s instructions, may not process them for its own purposes, and must store and preserve the personal data according to the Controller’s instructions.
8.1. Newsletter Service Providers
The Controller provides the newsletter service using newsletter management software.
The operator of the newsletter software functions as a processor during the provision of the service, processing the personal data of data subjects (name, email address, IP address).
Processors used by the Controller for the newsletter service:
• MailerLite, Inc., 548 Market St, PMB 98174, San Francisco, CA 94104-5401, USA
8.2. Website Analytics
The Controller uses the Google Analytics service operated by Google, Inc. to analyze the use of the Website. Google Analytics collects information and prepares statistical reports about website usage without identifying individual visitors. This service uses cookies that are placed on the visitor’s computer. The data collected via cookies about the use of the Website are stored on servers operated by Google LLC as processor (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, phone: 650-253-0000, email: data-protection-office@google.com).
8.3. Accounting Services
The Controller is provided with accounting services by:
Vass János ev., 1185 Budapest, Szurmay tábornok utca, 1182 Budapest, Tax number: 65088685-1-43
Invoices issued by the Controller are forwarded to the accounting service provider, who processes their contents as a data processor.
8.6. PayPal Payment Processor
Data processor for the PayPal payment application:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal, L-2449 Luxembourg
Phone: +00353 1 436 9111
Email: service@intl.paypal.com
8.7. Stripe Payment Processor
Data processor for the Stripe payment application:
Stripe, Inc.
510 Townsend Street, San Francisco, CA 94103
Phone: +01 888 963-8955
Email: privacy@stripe.com
9. Cookies Used on the Website
A cookie is a text string of information that the Website transfers to a small file stored on the hard drive of the visitor’s computer or mobile device. A cookie typically contains the domain name from which it originates, its validity period, and a randomly generated number (value).
Cookies used by the Website serve multiple purposes. Some cookies are technically necessary for the operation of the site and its basic functions. Some cookies facilitate the use of the Website by remembering the visitor’s actions and personal settings for a certain period (e.g., language, font size, display settings). Some cookies serve to improve the performance of the Website by collecting information and preparing statistical reports. Some cookies serve advertising purposes by assisting in displaying advertisements that are most relevant to the visitor.
Categories of cookies include:
Session cookies
Temporary cookies that remain in the visitor’s browser cookie file until they leave the Website; deleted automatically at the end of the session or when the browser closes.
Preference cookies
Used so the Website can remember how the user uses the site and what settings they prefer.
Performance / statistical cookies
Used to collect information on how visitors use the Website (pages viewed, session duration, etc.). The Controller uses Google Analytics, which collects anonymous statistical information.
Advertising / marketing cookies
Used to display ads relevant to the visitor and improve the effectiveness of marketing.
Properties of cookies used
(Translated exactly as in the original table.)
Type: Necessary
Name: PHPSESSID
Purpose: Stores and identifies user session ID for managing the user session.
Duration: Duration of browsing.
Type: Necessary
Name: __stripe_mid
Purpose: Set by the Stripe payment gateway to enable payment without storing information on the server.
Duration: 1 year 19 days 23 hours 30 minutes
Type: Necessary
Name: __stripe_sid
Purpose: Set by the Stripe payment gateway to enable payment without storing information on the server.
Duration: 1 year 19 days 14 hours 45 minutes
Type: Performance / statistical
Name: _ga
Purpose: Used to distinguish users.
Duration: 2 years
Type: Performance / statistical
Name: _gid
Purpose: Used to distinguish users.
Duration: 24 hours
Type: Performance / statistical
Name: _gat
Purpose: Used to throttle request rate.
Duration: 1 minute
Type: Performance / statistical
Name: AMP_TOKEN
Purpose: Contains a token that can be used to retrieve the client ID from the AMP Client ID service.
Duration: Between 30 seconds and 1 year
Users may modify cookie settings or delete cookies from their device even after giving consent.
Links to browser-specific information regarding cookie settings and deletion are provided:
Google Chrome, Firefox, Internet Explorer (cookie deletion), Internet Explorer (cookie management).
10. Security of Personal Data
The Controller ensures the security of processed and stored data through measures appropriate to the state of technology (e.g., firewalls), protecting data from unauthorized access, unlawful modification, destruction, or alteration.
The Controller provides the expected level of protection during data processing.
11. Rights of Data Subjects and Remedies
As a data subject, you may request from the Controller access to your personal data, rectification, erasure, or restriction of processing, and you may object to such processing.
You have the right to receive confirmation from the Controller as to whether your personal data are being processed. If so, you have the right to access information about the purposes of processing, the categories of personal data, the categories of recipients, and the planned duration of storage (or the criteria used to determine this duration).
The Controller provides a copy of the personal data undergoing processing. Additional copies may incur a reasonable administrative fee. If the request was submitted electronically, the information must be provided in a commonly used electronic format unless requested otherwise.
Personal data must be erased if:
• the personal data are no longer necessary for the purpose for which they were collected;
• the data subject withdraws consent and there is no other legal basis for processing;
• the data subject objects to processing and there are no overriding legitimate grounds;
• the personal data were processed unlawfully;
• erasure is required by Union or Member State law;
• the data were collected in connection with information society services offered directly to children.
You may request restriction of processing if:
• you contest the accuracy of the data (restriction applies for the period enabling verification);
• the processing is unlawful and you oppose erasure and request restriction instead;
• the Controller no longer needs the data, but you require them for legal claims;
• you have objected to processing and verification is pending.
Data Portability
You have the right to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Object
You may object at any time to processing based on public interest, the exercise of official authority, or legitimate interest.
If you object, the Controller may no longer process the data unless it demonstrates compelling legitimate grounds that override your interests or the processing is for legal claims.
Direct Marketing
If personal data are processed for direct marketing purposes, you may object at any time, including profiling related to such marketing.
Data Breach Notification
If a personal data breach is likely to result in a high risk to your rights and freedoms, the Controller shall notify you without undue delay.
Submitting Requests
You may submit your request to the Controller:
Press & Risk Service Kft.
Company registration number: 01-09-283090
Tax number: 25574724-1-43
Address: 1182 Budapest, Somlókert u. 18/B
Representative: Anna Jovita Horváth
Email: office@aicono.hu
The Controller shall inform you of measures taken within one month of receiving the request. This may be extended by two additional months considering complexity and number of requests; you will be informed of the extension within one month.
If the Controller does not act on your request, it shall inform you within one month of the reasons. You may then lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) or seek judicial remedy.
Authority Contact Information (NAIH):
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf. 5.
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: http://naih.hu
If you have any complaint or issue regarding the processing of your personal data, please write to office@aicono.hu.